Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: ScottieDog on February 21, 2008, 11:01:42 AM
-
I am running SME Server 7.3. I always install the latest updates within 24 hours of being notified. For the past few weeeks, I have been receiving the following error messages.
This is the first error message;
_______________________________________________________________________________
2008-02-21 20:30:37.337590500 ClamAV update process started at Thu Feb 21 20:30:37 2008
2008-02-21 20:30:37.338174500 WARNING: Your ClamAV installation is OUTDATED!
2008-02-21 20:30:37.338198500 WARNING: Local version: 0.92 Recommended version: 0.92.1
2008-02-21 20:30:37.338202500 DON'T PANIC! Read http://www.clamav.net/support/faq
2008-02-21 20:30:37.338456500 main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven)
2008-02-21 20:30:37.450703500 ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
2008-02-21 20:30:37.450727500 ERROR: getpatch: Can't apply patch
2008-02-21 20:30:37.450799500 WARNING: Incremental update failed, trying to download daily.cvd
2008-02-21 20:30:39.811291500 WARNING: Mirror 193.1.193.64 is not synchronized.
2008-02-21 20:30:39.816544500 Giving up on database.clamav.net...
2008-02-21 20:30:39.816580500 Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.
_____________________________________________________________________________________________
This is the second error message;
_____________________________________________________________________________________________
/etc/cron.daily/01-rkhunter:
Warning: The following processes are using deleted files:
Process: /usr/bin/freshclam PID: 3947 File: /var/clamav/clamav-3ba21ac2c79001b0e9062faa857950de
Warning: Process '/sbin/pppoe' (PID 3392) is listening on the network.
Warning: Process '/sbin/pppoe' (PID 3392) is listening on the network.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
_____________________________________________________________________________________________
Any help would be greatly appreciated.
-
1) I am also experiencing problems with Clamav over past day on all of our servers, they are in NSW.
Are you with TPG?
2) The errors you see with RKH are a result of the latest upgrade to 7.3.
Please fill a bug report at Bugzilla about this, there are already a few but it is best having one report per type of bugs. The error you are seeing have not been reported to date AFAIK. Doing so will ensure this issue is either fixed or documented.
Thanks,
-
I have been receiving the same error messages as well as of Wed 20/2/08. Our servers are currently located in NSW as well, hosted with Exetel!
-
I have been receiving the same error messages as well as of Wed 20/2/08. Our servers are currently located in NSW as well, hosted with Exetel!
Thanks, same here with TPG as of 20/2/08.
Is your connection working through a proxy at exetel?
To find out, go to a browser and type:
http://stuff.daniel15.com/php/testproxy.php
Thanks.
chris
-
We don't have a proxy server. We currently have an IPCop box connecting to our modem which is using PPOE to connect to exetel. The results of your link say:
No proxy server detected!
Your IP address: 220.233.160.205
-
I have also been getting ClamAV errors on the system we have on TPG.
Our other system using Netspeed is not getting the errors.
TPG proxy everything so this is what I get when testing for the proxy.
Proxy server detected!
Proxy server IP Address: 203.26.16.67
Proxy server details:
1. Server HTTP version: 1.1
Server address: cbr-pow-pr2.tpgi.com.au (port: 3128)
Server version: squid
.....
Do you have any ideas as to why this is failing?
-
I'm getting these errors as well .... I'm not with TPG
Server HTTP version: 1.0
Server address: proxy1.bne.dft.com.au (port: 80)
Server version: squid/2.6.STABLE18
-
Thanks, this make me feel better, at least it does not appear to be related to our ISP or proxy issue. (I may live to regret saying this...)
Have posted a bug report, check:
http://bugs.contribs.org/show_bug.cgi?id=3962
Best would be to provide iadditional comments at Bugzilla about this issue from now on, so that all information is found at one place, and one place only.
Thanks
chris
-
My server is connected through aaNet (eftel) in Victoria, Australia.
I know for a fact they use transparent proxy, as I have had issues with my Windows servers as well due to proxy issues.
My proxy testing came back as follows;
Proxy server detected!
Proxy server IP Address: 203.171.70.222
Proxy server details:
Server HTTP version: 1.1
Server address: glasgow.shields.net.au (port: 3128)
Server version: squid/2.5.STABLE14
Server reports IP address as: 10.50.4.100
Server HTTP version: 1.0
Server address: proxy4.mel.dft.com.au (port: 80)
Server version: squid/2.6.STABLE18
Server reports IP address as: 203.171.70.222
Raw HTTP X_Forwarded_For header: 10.50.4.100, 203.171.70.222
Raw HTTP Via header: 1.1 glasgow.shields.net.au:3128 (squid/2.5.STABLE14), 1.0 proxy4.mel.dft.com.au:80 (squid/2.6.STABLE18)
I know, due to the windows problem, that I can request from aaNet to bypass the proxy. I might try that & see what happens.
Chris - maybe it is your ISP.......
-
Scottie,
I know, due to the windows problem, that I can request from aaNet to bypass the proxy. I might try that & see what happens.
Chris - maybe it is your ISP.......
Hmmmm. I have requested proxy to be disabled on one of the affected service from TPG, needs to be in written form, lets see. Please let us know what you find after your proxy is disabled.
Thanks.
-
Hi,
I had the same problem and it reminded me that it had also occurred about 18 months ago (more or less). It was solved then by issuing the following commands (which I found in the forums somewhere).
sv d freshclam
rm -f /var/clamav/mirrors.dat
sv u freshclam
I think the upshot of these is to :
1 stop freshclam service
2. delete the mirrors list (which preseumably has become corrupted somehow)
3. restart freshclam
Anyhoooo... I did this again this afternoon and have had no "freshclam failures" since.
Cheers
Ian
-
Hi,
I had the same problem and it reminded me that it had also occurred about 18 months ago (more or less). It was solved then by issuing the following commands (which I found in the forums somewhere).
sv d freshclam
rm -f /var/clamav/mirrors.dat
sv u freshclam
I think the upshot of these is to :
1 stop freshclam service
2. delete the mirrors list (which preseumably has become corrupted somehow)
3. restart freshclam
Anyhoooo... I did this again this afternoon and have had no "freshclam failures" since.
Cheers
Ian
idp, I have arrived at path. Check: http://bugs.contribs.org/show_bug.cgi?id=3962
-
My server is connected through aaNet (eftel) in Victoria, Australia.
Likewise, aaNet but NSW
I know, due to the windows problem, that I can request from aaNet to bypass the proxy. I might try that & see what happens.
Keep in mind if you have them take you off the proxy you will get a new IP address as part of the procedure, just mentioning it in case you need to keep your IP
I recall last time this happened the proxy took a few days to get the update before the newer version came through, was a while ago though
-
How often does freshclam update?
I'm with Optus cable in NSW and I get one or two failures a day every couple of days.
SME 7.3 fully updated. Actually, just did the smeupdates-testing update of clamav to get rid of the version warning.
-
How often does freshclam update?
Not sure how often it updates but I think it checks for updates daily, occasionally the new version seems to need to be fixed to suit SME and it takes a bit longer to get sorted, this happened a while ago also but has been for ages
-
2008-02-21 20:30:37.338198500 WARNING: Local version: 0.92 Recommended version: 0.92.1
I recieved the same message from 6 seperate servers except some of them where running version 0.91 or earlier. I did a 'yum update clamav' on them and the ones running version 0.91 or earlier updated just fine and are no longer sending emails every hour.
I still have 2 servers which already had 0.92 installed. Neither would do a 'yum update clamav'. I have since done a 'yum update' on each to bring them to sme-server 7.3. They are still sending these emails and I can not update to clamav version 0.92.1 using yum. They tell me clamav was not found.
What is the solution?
-
I recieved the same message from 6 seperate servers except some of them where running version 0.91 or earlier. I did a 'yum update clamav' on them and the ones running version 0.91 or earlier updated just fine and are no longer sending emails every hour.
Did they update to 0.92.1?
-
I'm not getting any emails from those machines so I guess so, how do I tell? clamd -V says 0.92 on all systems. My box is currently doing a full 'yum update' via vpn on a machine with a slow link, 129/285 done so far, so I'm not touching it till it is finished.
-
clamd -V on a good system returns ClamAV 0.92/5936/`date`
clamd -V on a bad system returns ClamAV 0.92/5923/`date`
At least I cut the emails down from 6/hour to 2/hour. I'm sure it will fix itself.
-
What is the solution?
The latest version is sitting in smeupdates-testing.
I don't know the procedure that it takes for it to move into smeupdates.
Maybe install it on a test machine and report back via the bugtracker what your results are.
[root@tiger ~]# clamd -V
ClamAV 0.92.1/5941/Sat Feb 23 09:18:46 2008
-
Well it was a faulse alarm - after 2 days the problem appears to have fixed itself without any need for remedials.
From Buzilla:
------- Comment #7 From Ray Mitchell 2008-02-22 21:50:18 -------
I also saw this on a couple of sme servers located in Sydney using TPG.
The problem is really external to sme as advised by Stephen and also determined
from past experience.
Bug #3962 has been closed INVALID and will remain on the records at Bugzilla for search purposes.
-
I am not sure how everybody else is going with these problems, but I believe I still have problems.
1. re: rkhunter - My server sent me the following email at 4.03am Sunday 24/02/08.
/etc/cron.daily/01-rkhunter:
Warning: The following processes are using deleted files:
Process: /usr/bin/freshclam PID: 3944 File: /var/clamav/daily.cvd
Warning: Process '/sbin/pppoe' (PID 3683) is listening on the network.
Warning: Process '/sbin/pppoe' (PID 3683) is listening on the network.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
* Can anybody confirm this is a known error, or have I got a problem on my server only ?
2. re: clamav - My server sent me this scan summary at 12.35am Sunday 24/02/08 & Update failed report at 8:11pm Saturday 23/02/08.
----------- SCAN SUMMARY -----------
Known viruses: 387632
Engine version: 0.92
Scanned directories: 620
Scanned files: 91539
Infected files: 0
Data scanned: 530.56 MB
Time: 1703.142 sec (28 m 23 s)
2008-02-23 20:11:06.134555500 ClamAV update process started at Sat Feb 23 20:11:06 2008
2008-02-23 20:11:06.135213500 WARNING: Your ClamAV installation is OUTDATED!
2008-02-23 20:11:06.135240500 WARNING: Local version: 0.92 Recommended version: 0.92.1
2008-02-23 20:11:06.135245500 DON'T PANIC! Read http://www.clamav.net/support/faq
2008-02-23 20:11:06.135518500 main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven)
2008-02-23 20:11:06.252991500 ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
2008-02-23 20:11:06.253015500 ERROR: getpatch: Can't apply patch
2008-02-23 20:11:06.253095500 WARNING: Incremental update failed, trying to download daily.cvd
2008-02-23 20:11:08.130273500 WARNING: Mirror 203.16.234.78 is not synchronized.
2008-02-23 20:11:08.135606500 Giving up on database.clamav.net...
2008-02-23 20:11:08.135654500 Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.
Can anybody confirm they still have rkhunter and/or clamav problems ?
-
Can anybody confirm they still have rkhunter and/or clamav problems ?
Yep, still the same
-
ScottieDog
I am not sure how everybody else is going with these problems, but I believe I still have problems.
There are two issues, one is the updated version 0.92.1 which you will have to wait for, and the other issue is the external dbs, which you will also have to wait for. Neither problem is serious, your sme server will continue to work.
The external clamav dbs were broken, and perhaps the fixed versions are still propagating around the world.
The newer 0.92.1 version is subject to release from the testing repository.
Just wait, as both issues will be resolved in time.
-
Just wait, as both issues will be resolved in time.
Personally I'm not too concerned about it, have see this sort of thing previously when updates are pending release, been using SME since version 4.0 so am reasonably familiar with how it all goes.
-
As for rkhunter, I think your suppose to know what your server is doing and whitelist any false positives in /etc/rkhunter.conf