Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

clamav database directory path

Discussion in 'General Discussion' started by manokiss, Oct 26, 2016.

Tags:
  1. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    575
    Likes Received:
    0
    Trophy Points:
    316
    Hi, im trying to create a sigs exception and im not finding the clamav dbase path, looks like is not the default /var/lib/clamav, can someone please provide me this information?

    Thanx in advance!
     
  2. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    604
    Likes Received:
    43
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You can check /usr/local/cpanel/3rdparty/share/clamav/ directory for clamav database
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    575
    Likes Received:
    0
    Trophy Points:
    316
    Thanx very much!
     
  4. SysSachin

    SysSachin Well-Known Member

    Joined:
    Aug 23, 2015
    Messages:
    604
    Likes Received:
    43
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Manokiss,

    You are welcome..
    Please update here if you have any issue with this process.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You can create the following file in order to whitelist virus definitions with ClamAV:

    Code:
    /usr/local/cpanel/3rdparty/share/clamav/local.ign2
    For example, if ClamAV detected a virus on a test.swf file like this:

    Code:
    # /usr/local/cpanel/3rdparty/bin/clamscan /home/123
    /home/123/test.swf: Swf.Exploit.CVE_2016_0968-1 FOUND
    You would run the following commands to whitelist that definition:

    Code:
    echo Swf.Exploit.CVE_2016_0968-1 >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2
    /scripts/restartsrv_clamd
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. dcusimano

    dcusimano Member

    Joined:
    Feb 24, 2008
    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    53
    Location:
    Toronto, Ontario, Canada
    I tried creating a local.ign2 file as indicated above to whitelist a particular signature but clamscan still detects it.

    [root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --version
    ClamAV 0.99.2/23499/Thu Jun 22 21:12:26 2017
    [root@server ~]# echo "BC.Pdf.Exploit.CVE_2017_3033" >> /usr/local/cpanel/3rdparty/share/clamav/local.ign2
    [root@server ~]# /scripts/restartsrv_clamd
    [root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan MYFILE.pdf

    clamd says it restarted successfully.
    clamscan shows the same results with or without the local.ign2 file.
    local.ign2 contains only the one line as created above.

    Even though clamav is not from cPanel, any suggestions?
     
  7. dcusimano

    dcusimano Member

    Joined:
    Feb 24, 2008
    Messages:
    16
    Likes Received:
    5
    Trophy Points:
    53
    Location:
    Toronto, Ontario, Canada
    clamscan debug information shows the following:

    [root@server ~]# /usr/local/cpanel/3rdparty/bin/clamscan --debug MYFILE.pdf 2>&1 | grep -e 'local.ign2' -e 'CVE_2017_3033'
    LibClamAV debug: /usr/local/cpanel/3rdparty/share/clamav/local.ign2 loaded
    LibClamAV debug: Bytecode 6311970.cbc(60) has logical signature: BC.Pdf.Exploit.CVE_2017_3033-6311970-3.{};Engine:76-255,Target:10;0;2f4a50584465636f6465
    LibClamAV debug: Bytecode 6316401.cbc(61) has logical signature: BC.Pdf.Exploit.CVE_2017_3033.{};Engine:76-255,Target:10;0;2f4a50584465636f6465
    LibClamAV debug: Bytecode found virus: BC.Pdf.Exploit.CVE_2017_3033
    LibClamAV debug: BC.Pdf.Exploit.CVE_2017_3033 found
    LibClamAV debug: FP SIGNATURE: a32e841105b6f53a6d85c9d8e57e2cb5:2626574:BC.Pdf.Exploit.CVE_2017_3033
    MYFILE.pdf: BC.Pdf.Exploit.CVE_2017_3033 FOUND

    So the ignore file local.ign2 is loaded but the signature is still being searched for and found.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice