[Case 82549] clamav / freshclam cron errors after 11.40 upgrade

[sneader]

After I received the auto-update to 11.40 Stable, I am getting nightly emails from all upgraded servers that say:

Subject: Cron <[email protected]> /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings
Body: ERROR: Can't create temporary directory /usr/local/cpanel/3rdparty/share/clamav/clamav-f71fc59af56332934ef9ef55768bd6bc.tmp

The /usr/local/cpanel/3rdparty/share/clamav/ directory exists with 755 permissions, owned by root. So, if freshclam is running as clamav, then I can see why it can't create files/folders.

Known issue? Should I open a ticket? Should I just change permissions or ownership to let clamav write?

- Scott

 

[domhandy]

Apparently, this is a known issue which should be fixed at the next update, but in the meantime you can just run this command to solve it.

chown clamav:clamav /usr/local/cpanel/3rdparty/share/clamav

 

[cPanelMichael]

Hello

There is an internal case open to address this issue. For reference, the case number is 82549. The temporary workaround is to update the ownership of the directory via:

chown clamav:clamav /usr/local/cpanel/3rdparty/share/clamav

Please monitor our Change Log for this case number to see when a resolution has been pushed out.

Thank you.

 

[sneader]

Thanks! Always amazes me that these things get through Edge, Release and Current, and make it to my Stable releases.

- Scott

 

[Kent Brockman]

Hi. Same here. It looks like this chown solution reduced the high load in the server.

BTW, I wanted to ask a question regarding clamd services: In the Service Manager I see an entry for clamd, and at the bottom of page, under Additional Services, there is another one: clamd.rpmorig
I checked the options to enable and monitor, both options. Is that ok? should I disable one of them?

I'm also running WHM 11.40.0 (build 26) "STABLE"

Thanks!

 

[cPanelMichael]

BTW, I wanted to ask a question regarding clamd services: In the Service Manager I see an entry for clamd, and at the bottom of page, under Additional Services, there is another one: clamd.rpmorig
I checked the options to enable and monitor, both options. Is that ok? should I disable one of them?

It's better to post separate issues to new threads so they are handled individually. I have copied your last post to a new thread at:

"clamd.rpmorig" and "clamd.rpmsave" service

Thank you.

 

[Frank Broughton]

Thanks Michael... quick search and issue solved. I like it when as issue is easily solved (as we all do eh?).

 

[Trane Francks]

Thanks! Always amazes me that these things get through Edge, Release and Current, and make it to my Stable releases.

- Scott

Yep, gotta agree with that one. You'd think that something as simple as that would be sorted by the time Stable gets updated. Apparently not. (That's kinda the whole idea behind being ON Stable in the first place.)

 

[nibb]

It also amazes me how this things get trough several beta and edge versions before going into stable. Also, cPanel is pretty much standarized now with just supporting a single OS, RHEL/CENTOS so how exactly are this things not popping up in your lab testing?

I´m just curious how some of this bugs are found when versions go live.

 

[manokiss]

We had the same problem, chowned the directory and ran freshclam to update the dbase...but again after it if we try to scan a directory it keeps saying the following at the beginning of the scan:

LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************

Any idea what is going on? we are on 11.40.0 build 31

Thanx in advance!

 

[cPanelMichael]

Any idea what is going on? we are on 11.40.0 build 31

Please update cPanel to the latest version available on your build tier. Currently, all build tiers are at cPanel version 11.40.1.9.

Thank you.

 

[manokiss]

Please update cPanel to the latest version available on your build tier. Currently, all build tiers are at cPanel version 11.40.1.9.

Thank you.

Thanx Michael, but that did not fix the problem. I did open a ticket and looks like on 11.40 update there was a bug with the symlinks. Here is the tech reply/fix in case someone else have the same problem.

---
# which clamscan
/usr/bin/clamscan

# mv /usr/bin/clamscan{,.old}
# ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan
---

Thanx!