The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Clamav not catching sober.ag

Discussion in 'General Discussion' started by wkdwich, Nov 30, 2005.

  1. wkdwich

    wkdwich Well-Known Member

    Joined:
    Apr 11, 2005
    Messages:
    105
    Likes Received:
    0
    Trophy Points:
    16
    I am getting swamped, my clients are getting swamped.. in 4 hours I got almost 40 of these nasty buggers and I don't know where to turn so here I am..

    WHM 10.8.0 cPanel 10.8.1-C29
    Fedora i686 - WHM X v3.1.0
    VPS
    Exim 4.52, Spamassassin & Clamav

    SOBER.AG is the only one that seems to be coming through. The host tech tells me if he does a direct scan it catches the worm, but if left to it's normal courses it doesn't.

    The virus definitions are current:
    ClamAV update process started at Wed Nov 30 01:10:53 2005
    daily.cvd updated (version: 1198, sigs: 1667, f-level: 6, builder: diego)
    Database updated (41292 signatures) from database.clamav.net (IP: 64.186.250.53)

    I did some major poking at the Exim forums and many are having the same issue, but none specifically state they are CPanel users so I am leery of using the one suggestion that worked for one guy on a different strain of the SOBER worm

    > http://lurker.clamav.net/message/20051121.222443.3451b99d.en.html
    >
    > Can you go read this and tell me if it apples???


    this thread suggests:
    The key is that "clamscan --detect-broken" is not the default clamd operation
    and probably the same goes for the milter.

    Fix it by editing /etc/clamd.conf, make sure that the following are set:

    DisableDefaultScanOptions {{someone else says NO do not enble this one}}
    DetectBrokenExecutables

    The orginal poster states no change turing either of these on

    the orginal poster says this suggestion did the trick:
    > I would suggest using the following config in your case (it's based on
    > the one you have sent here):
    >
    > LogFileMaxSize 0 {{Defualt is 1 mine is commented out}}
    > LogTime {{commented out}}
    > LogClean {{commented out}}
    > LogSyslog {{commented out}}
    > LogFacility LOG_LOCAL7 {{commneted out default = LOG_LOCAL6}}
    > PidFile /var/clamav/clamd.pid {{commented out}}
    > TemporaryDirectory /tmp {{commented out}}
    > FixStaleSocket {{ACTIVE}}
    > TCPSocket 3310 {{commented out}}
    > TCPAddr 127.0.0.1 <http://127.0.0.1> {{commented out}}
    > MaxConnectionQueueLength 20 {{commented out default 15}}
    > StreamMaxLength 2M {{commented out default 10M}}
    > MaxThreads 30 {{commented out defualt 10}}
    > ReadTimeout 60 {{commented out default 120}}
    > MaxDirectoryRecursion 10 {{commented out default 15}}
    > SelfCheck 1800 {{commented out default 1800}}
    > User clamav {{commented out}}
    > ArchiveMaxFileSize 1M {{commented out default 10M}}
    > ArchiveMaxRecursion 8 {{commented out default 5}}
    > ArchiveMaxFiles 1000 {{commented out default 1000}}
    > ArchiveMaxCompressionRatio 250 {{commented out default 250}}
    >

    The further in the thread:
    The problem was that the signature directory of the FreeBSD port has
    changed from /usr/local/share/clamav to /var/db/clamav, but I didn't
    update the freshclam.conf so freshclam downloaded the sigs to the old
    directory which isn't used anymore. I changed the directory in
    freshclam.conf and it works now.

    root@server [/etc]# whereis clamav
    clamav: /usr/include/clamav.h /usr/local/clamav /usr/share/clamav

    my freshcalm.conf:

    # Path to the database directory.
    # WARNING: It must match clamd.conf's directive!
    # Default: hardcoded (depends on installation options)
    #DatabaseDirectory /var/lib/clamav

    I have had issues in the past with Clamav out of date notices and the only way I could figure out how to correct and update was to uninstall clamavconnector and reinstall it
    Name: clamavconnector
    Author: cPanel Inc.
    Installed Version: 0.87-1.3
    Version: 0.87-1.3


    So the point here is Clam is working just not on all 8 cylinders.. anyone have any suggestions here to help??

    thanks
     
Loading...

Share This Page