The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 82281] issues with clamavconnector

Discussion in 'E-mail Discussions' started by kisonay, Nov 4, 2013.

  1. kisonay

    kisonay Member

    Joined:
    Mar 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm having issues installing clamavconnector and accessing clamd via ssh.

    I have installed it via the plugins area of WHM. Installed and keep updated is checked and the following information is displayed.

    Code:
    Name: clamavconnector 
    Author: cPanel Inc.
    Installed Version: 
    Version: 0.97.8-3.6
    Description: Virus Protection for Email and Filemanager Uploads
    Price: free
    at shell prompt I receive the following:

    Code:
    root@s1 [/]# clamd
    -bash: clamd: command not found
    root@s1 [/]# which clamd
    root@s1 [/]# whereis clamd
    clamd:
    root@s1 [/]# /scripts/restartsrv_clamd --check
    root@s1 [/]# /scripts/restartsrv_clamd --status
    clamd (/usr/local/cpanel/3rdparty/bin/clamd) running as root with PID 7378 (process table check method)
    I have tried to uninstall and reinstall with little luck.

    what am I doing wrong?


    CENTOS 6.4 x86_64 xenpv – s1 WHM 11.40.0 (build 16)
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Does the installation of ClamAV complete successfully when installing it via "WHM Home » cPanel » Manage Plugins"? If not, which stage does it hang or fail at?

    Thank you.
     
  3. kisonay

    kisonay Member

    Joined:
    Mar 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Figured I would just uninstall / install again to give you the exact output. I didn't see any errors but what do I know.

    Code:
    [20131104.204105]   
    [20131104.204105]   Problems were detected with cPanel-provided files which are RPM controlled.
    [20131104.204105]   If you did not make these changes intentionally, you can correct them by running:
    [20131104.204105]   
    [20131104.204105]   > /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    [20131104.204105]   The following RPMs are missing from your system:
    [20131104.204105]   cpanel-clamav-0.97.8-3.cp1140
    [20131104.204105]   cpanel-clamav-virusdefs-0.97.8-3.cp1140
    [20131104.204105]   cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136
    [20131104.204105]   Removing 0 broken rpms: 
    [20131104.204105]   rpm: no packages given for erase
    [20131104.204106]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/rpm.md5
    [20131104.204106]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-clamav-virusdefs-0.97.8-3.cp1140.x86_64.rpm
    [20131104.204113]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136.x86_64.rpm
    [20131104.204113]   Downloading http://httpupdate.cpanel.net/RPM/11.40/centos/6/x86_64/cpanel-clamav-0.97.8-3.cp1140.x86_64.rpm
    [20131104.204116]   Hooks system enabled
    [20131104.204116]   Checking for and running RPM::Versions 'pre' hooks for any RPMs about to be installed
    [20131104.204116]   All required 'pre' hooks have been run
    [20131104.204116]   No RPMS need to be uninstalled
    [20131104.204116]   Installing new rpms: cpanel-clamav-virusdefs-0.97.8-3.cp1140.x86_64.rpm cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136.x86_64.rpm cpanel-clamav-0.97.8-3.cp1140.x86_64.rpm
    [20131104.204117]   Preparing packages for installation...
    [20131104.204117]   cpanel-clamav-virusdefs-0.97.8-3.cp1140
    [20131104.204119]   groupadd: group 'clamav' already exists
    [20131104.204119]   useradd: user 'clamav' already exists
    [20131104.204120]   Locking password for user clamav.
    [20131104.204120]   passwd: Success
    [20131104.204120]   cpanel-clamav-0.97.8-3.cp1140
    [20131104.204120]   warning: /etc/chkserv.d/clamd saved as /etc/chkserv.d/clamd.rpmorig
    [20131104.204123]   clamd: no process killed
    [20131104.204124]   clamd: no process killed
    [20131104.204124]   Configuration file passes test!  New configuration file was installed.
    [20131104.204124]   
    [20131104.204125]   Enabled ACL options in block ACL_MAIL_PRE_BLOCK: default_mail_pre
    [20131104.204125]   Enabled ACL options in block ACL_RECIPIENT_POST_BLOCK: default_recipient_post
    [20131104.204125]   Enabled ACL options in block ACL_SPAM_SCAN_CHECK_BLOCK: default_spam_scan_check
    [20131104.204125]   Enabled ACL options in block ACL_CHECK_MESSAGE_PRE_BLOCK: default_check_message_pre
    [20131104.204125]   Enabled ACL options in block ACL_CONNECT_POST_BLOCK: default_connect_post
    [20131104.204125]   Enabled ACL options in block ACL_OUTGOING_NOTSMTP_CHECKALL_BLOCK: resolve_vhost_owner|end_default_outgoing_notsmtp_checkall
    [20131104.204125]   Enabled ACL options in block ACL_CONNECT_BLOCK: spammerlist
    [20131104.204125]   Enabled ACL options in block ACL_TRUSTEDLIST_BLOCK: trustedmailhosts
    [20131104.204125]   Enabled ACL options in block ACL_IDENTIFY_SENDER_BLOCK: default_identify_sender|default_message_submission
    [20131104.204125]   Enabled ACL options in block ACL_PRE_RECIPIENT_BLOCK: dkim_disable
    [20131104.204125]   Enabled ACL options in block ACL_CHECK_MESSAGE_POST_BLOCK: default_check_message_post
    [20131104.204125]   Enabled ACL options in block ACL_POST_SPAM_SCAN_CHECK_BLOCK: mailproviders
    [20131104.204125]   Enabled ACL options in block ACL_SPAM_SCAN_BLOCK: default_spam_scan
    [20131104.204125]   Enabled ACL options in block ACL_RECP_VERIFY_BLOCK: default_recp_verify
    [20131104.204125]   Enabled ACL options in block ACL_PRE_SPAM_SCAN: mailproviders
    [20131104.204125]   Enabled ACL options in block ACL_RECIPIENT_BLOCK: default_recipient
    [20131104.204125]   Enabled ACL options in block ACL_MAIL_POST_BLOCK: default_mail_post
    [20131104.204125]   Detected spam handling in acls, disabling spamassassin in routers & transports!.
    [20131104.204125]   SpamAssassin method remains unchanged
    [20131104.204125]   Configured options list is: 
    [20131104.204125]   ACL: acl_not_smtp is active
    [20131104.204125]   ACL: acl_smtp_connect is active
    [20131104.204125]   ACL: acl_smtp_data is active
    [20131104.204125]   ACL: acl_smtp_mail is active
    [20131104.204125]   ACL: acl_smtp_rcpt is active
    [20131104.204125]   Provided options list is: deliver_queue_load_max|queue_only_load|daemon_smtp_ports|tls_on_connect_ports|system_filter_user|system_filter_group|tls_require_ciphers|hostlist loopback|hostlist senderverifybypass_hosts|hostlist skipsmtpcheck_hosts|hostlist spammeripblocks|hostlist backupmx_hosts|hostlist trustedmailhosts|hostlist relay_hosts|domainlist user_domains|smtp_accept_queue_per_connection|remote_max_parallel|smtp_receive_timeout|ignore_bounce_errors_after|rfc1413_query_timeout|timeout_frozen_after|auto_thaw|callout_domain_negative_expire|callout_negative_expire|acl_not_smtp|acl_smtp_connect|acl_smtp_data|acl_smtp_mail|acl_smtp_rcpt|message_body_newlines|deliver_queue_load_max|queue_only_load|daemon_smtp_ports|tls_on_connect_ports|system_filter_user|system_filter_group|tls_require_ciphers|spamd_address
    [20131104.204125]   Exim Insert Regex is: virtual_userdelivery|virtual_aliases|democheck|check_mail_permissions|remote_smtp|address_pipe|virtual_user|localuser|virtual_sa_user
    [20131104.204125]   Exim Replace Regex is: virtual_sa_user|sa_localuser|virtual_sa_userdelivery|local_sa_delivery|cpanel_archiver|cpanel_archiver_transport|discover_sender_information|fixed_login|fixed_plain|lookuphost|remote_smtp|secure_login|secure_plain
    [20131104.204125]   Exim Match Insert Regex is: 
    [20131104.204125]   Skipping boxtrapper_autowhitelist entry in check_mail_permissions insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping boxtrapper_verify_dkim_lookuphost entry in lookuphost replace insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping boxtrapper_verify_lookuphost entry in lookuphost replace insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping virtual_boxtrapper_user entry in virtual_user insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping boxtrapper_localuser entry in localuser insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping boxtrapper_autowhitelist entry in virtual_userdelivery insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping local_boxtrapper_delivery entry in virtual_userdelivery insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Skipping virtual_boxtrapper_userdelivery entry in virtual_userdelivery insert as it requires boxtrapper and it is disabled or unavailable.
    [20131104.204125]   Exim version 4.80.1 #2 built 17-Oct-2013 11:04:37
    [20131104.204125]   Copyright (c) University of Cambridge, 1995 - 2012
    [20131104.204125]   (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2012
    [20131104.204125]   Berkeley DB: Berkeley DB 4.7.25: (April  4, 2012)
    [20131104.204125]   Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DKIM Old_Demime Experimental_SPF Experimental_SRS
    [20131104.204125]   Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz dbmnz passwd
    [20131104.204125]   Authenticators: cram_md5 dovecot plaintext spa
    [20131104.204125]   Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    [20131104.204125]   Transports: appendfile/maildir autoreply pipe smtp
    [20131104.204125]   Size of off_t: 8
    [20131104.204125]   
    [20131104.204125]   Exim Perl Load List is: spamkey|mail_permissions|get_relayhosts_domain|checkuserquota|boxtrapper|fast_checkvalias|email_archiver|fast_isdemo|fast_accountfunc|0_mail_permissions_variables|checkpass_cphulkd|spam_acl_support|encode_string_literal|safefile|cpwrap|checkspam|z_preload_modules|email_send_limits|identify_local_connection
    [20131104.204125]   /etc/exim.pl.local installed!
    [20131104.204125]   razor2 is installed, enabled in SpamAssassin!
    [20131104.204125]   pyzor is not installed, disabling it in SpamAssassin to save memory
    [20131104.204125]   SPF is disabled in exim or unavailable, enabling SPF for SpamAssassin
    [20131104.204125]   Refreshing SMTP Mail protection.
    [20131104.204125]   SMTP Mail protection has been disabled.  All users may make outbound smtp connections.
    [20131104.204131]   cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1136
    [20131104.204131]   Prelinking is disabled.
    [20131104.204131]   Checking for and running RPM::Versions 'post' hooks for any RPMs just installed
    [20131104.204131]   All required 'post' hooks have been run
    Done
    
    Process Complete
    I do have spamassassin disabled.
     
    #3 kisonay, Nov 4, 2013
    Last edited: Nov 4, 2013
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. kisonay

    kisonay Member

    Joined:
    Mar 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm trying to use it at the ssh command line, take a look at the first post and you will see it can't be found.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    ClamAV Scanner installs to the /usr/local/cpanel/3rdparty directory in cPanel version 11.40. You can find it at:

    Code:
    /usr/local/cpanel/3rdparty/bin/clamd
    Thank you.
     
  7. kisonay

    kisonay Member

    Joined:
    Mar 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Something still doesn't seem right.

    I uninstall/reinstall with the same results.

    I have ran the following commands:

    Code:
    root@s1 [~]# ps aux  | grep "clamd"
    root      2158  0.6 17.2 529832 330512 ?       Ssl  Nov06  10:03 /usr/local/cpanel/3rdparty/bin/clamd
    root     30138  0.0  0.0 103236   856 pts/0    S+   08:19   0:00 grep clamd
    Code:
    root@s1 [~]# service exim restart
    Shutting down exim:                                        [  OK  ]
    Shutting down spamd:                                       [FAILED]
    Starting exim:                                             [  OK  ]
    0 processes (antirelayd) sent signal 9
    Should the last one be something like the following?

    Code:
    # service exim restart
    Shutting down clamd:                                       [  OK  ]
    Shutting down exim:                                        [  OK  ]
    Shutting down spamd:                                       [FAILED]
    Starting clamd:                                            [  OK  ]
    Starting exim:                                             [  OK  ]
    0 processes (antirelayd) sent signal 9    
    Perhaps is has to do with a missing symlink in /usr/sbin which directs /usr/sbin/clamd -> /usr/local/cpanel/3rdparty/bin/clamd* ?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Per the release notes, if the following binaries are present, the upgrade will append .old to their names and they will be symlinked to the binaries that are installed to the /usr/local/cpanel/3rdparty directory:

    Code:
    /usr/sbin/clamd
    /usr/local/bin/freshclam
    /usr/bin/freshclam
    If the binaries were not already present, then no symbolic links are added, and they should not be required. Have you tried simply using the "Virus Scanner" option in cPanel? This should help verify to you that ClamAV is working as intended. It's important to keep in mind that we changed the way ClamAV is installed, so naturally certain functionality will appear differently. This does not mean it's not working as intended.

    Thank you.
     
  9. kisonay

    kisonay Member

    Joined:
    Mar 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm using a third party ASSP plugin. I let the plugin's author exam the system and he discovered the following. The main issue was that ClamAV was not interacting with EXIM with the normal clam connector install.

     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There is an internal case open to address the issue with /etc/init.d/exim utilizing the wrong path for clamd. For reference, the case number is 82281. A resolution for this case is expected in a future build of cPanel version 11.40 in the near future. Please monitor the change log for the inclusion of this case number:

    cPanel Change Log

    Thank you.
     
Loading...

Share This Page