clamav freshclam libclamav....

Julian Field MailScanner at ecs.soton.ac.uk
Sun Dec 9 17:53:19 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



ajos1 at onion.demon.co.uk wrote:
> -
>
> clamav freshclam libclamav....
>
> I am absolutely 100% convinced my ClamAv system is 100% working... but "MailScanner --debug" says it is out of date... I am wondering if MailScanner has not caught up with ClamAv changes... or am I doing something majorly wrong... (ie) no doing some kind of update...
>
> =============================
> [root at www clamav]# clamscan -V
> ClamAV 0.92rc2/5056/Sun Dec  9 10:55:13 2007
>
> =============================
> [root at www clamav]# freshclam
> ClamAV update process started at Sun Dec  9 13:38:58 2007
> main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
> daily.inc is up to date (version: 5056, sigs: 41027, f-level: 21, builder: sven)
>
> =============================
> [root at www clamav]# clamscan -debug
> ......
> LibClamAV debug: Loading databases from /var/lib/clamav
> LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock
> LibClamAV debug: Loading databases from /var/lib/clamav/daily.inc
> LibClamAV debug: /var/lib/clamav/daily.inc/daily.cfg loaded
> LibClamAV debug: /var/lib/clamav/daily.inc/daily.ndu skipped
> LibClamAV debug: /var/lib/clamav/daily.inc/daily.mdu skipped
> LibClamAV debug: /var/lib/clamav/daily.inc/daily.zmd loaded
> ......
>
> =============================
> [root at www clamav]# find /var/lib/clamav -type f -exec /bin/ls -l {} \;
>
> Nov 24 05:08 /var/lib/clamav/daily.inc/daily.ndu
> Dec  9 11:10 /var/lib/clamav/daily.inc/daily.info
> Dec  9 06:14 /var/lib/clamav/daily.inc/daily.mdu
> Nov 24 05:08 /var/lib/clamav/daily.inc/daily.zmd
> Dec  8 12:10 /var/lib/clamav/daily.inc/daily.pdb
> Dec  3 18:12 /var/lib/clamav/daily.inc/daily.fp
> Dec  9 11:10 /var/lib/clamav/daily.inc/daily.ndb
> Dec  9 04:16 /var/lib/clamav/daily.inc/daily.wdb
> Nov 24 05:08 /var/lib/clamav/daily.inc/COPYING
> Dec  6 16:18 /var/lib/clamav/daily.inc/daily.db
> Dec  9 00:17 /var/lib/clamav/daily.inc/daily.cfg
> Dec  9 07:32 /var/lib/clamav/daily.inc/daily.mdb
> Dec  9 06:14 /var/lib/clamav/daily.inc/daily.hdb
> Nov 24 05:08 /var/lib/clamav/daily.inc/daily.hdu
>
> Dec  9 13:38 /var/lib/clamav/mirrors.dat
>
> Jul 20 19:07 /var/lib/clamav/main.inc/main.mdb
> Jul 20 19:07 /var/lib/clamav/main.inc/main.ndb
> Apr 11  2007 /var/lib/clamav/main.inc/main.zmd
> Jul 20 19:07 /var/lib/clamav/main.inc/main.info
> Apr 11  2007 /var/lib/clamav/main.inc/COPYING
> Jul 20 19:07 /var/lib/clamav/main.inc/main.db
> Jul 20 19:07 /var/lib/clamav/main.inc/main.fp
> Jul 20 19:07 /var/lib/clamav/main.inc/main.hdb
>
> =============================
>
> But... HERE IT STARTS TO GO WRONG ....
>
> =============================
> [root at www clamav]# MailScanner  --debug
>
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
> LibClamAV Warning: **************************************************
> LibClamAV Warning: ***  The virus database is older than 7 days.  ***
> LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
> LibClamAV Warning: **************************************************
>
> =============================
>
> A quick scan of MailScanner files suggests... it could be old cvd files...
>
> =============================
> [root at www MailScanner]# find -type f -exec grep -H -i cvd {} \;
> ./MailScanner/ConfigDefs.pl:ClamWatchFiles              /usr/local/share/clamav/*.cvd
>
> =============================
> [root at www MailScanner]# la /usr/local/share/clamav/
> total 7540
> -rw-rw-r-- 1 clamav clamav 6924820 Dec 22  2006 main.cvd
> -rw-rw-r-- 1 clamav clamav  752606 Dec 22  2006 daily.cvd
>
> =============================
>
> So I just did...
>
> =============================
>
> /usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/main.cvd
> /usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/daily.cvd
>
> =============================
>
> And now the message has gone...
>
> =============================
> [root at www clamav]# MailScanner --debug
> In Debugging mode, not forking...
> Trying to setlogsock(unix)
> SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
>
> =============================
>
>
>
> I am not sure where these main.cvd and daily.cvd files came from... as far as I know they are not part of my freshclam setup... What process is meant to update these files???
>
> It seems that I have two sets of database files... but both sets are not of the same type... strange...
>
> Have I done something really wrong?  I have daily.inc/main.inc directories in one place... and daily.cvd/main.cvd files in another... and I am not sure how they are related and all tie up to each other!
>
> I have looked at another server... and the date for main.cvd/daily.cvd was March 2007.  Did MailScanner change in December 2006... but on the other server I only did the update 3 months later?
>
> Does anyone have any ideas where I might be going wrong...
>
> Thanks Ajos1
>   
Go through your system and look for all traces of ClamAV. I would guess 
you have at least 2 different installations of it. Do "locate libclam" 
and see what it produces, I think there are two different sets of them. 
Delete all the ones you don't want and see if it starts picking up the 
right ones. You might need to "ldconfig" after deleting any libclam* files.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 867)
Comment: Use Thunderbird's Enigmail add-on to verify this message
Charset: ISO-8859-1

wj8DBQFHXCuYEfZZRxQVtlQRAkRwAJ9+1xml6GHIuZDOUEKXHkC3iWu8GwCguCtL
Mt3JfrHRMi0HjYextxykD3U=
=b9v8
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list