ClamAV update script and logging issues

sneader

Well-Known Member
Aug 21, 2003
1,195
65
178
La Crosse, WI
cPanel Access Level
Root Administrator
I believe after the v82 update, we started to get daily emails like:

Code:
From: Anacron <[email protected]>
Subject: Anacron job 'cron.daily' on host.example.com

/etc/cron.daily/freshclam:

/etc/cron.daily/freshclam: line 15: /usr/bin/freshclam: No such file or directory
Indeed, if you look at /etc/cron.daily/freshclam, it refers to the freshclam executable being at /usr/bin/freshclam but it is not there.... instead, it is at /usr/local/cpanel/3rdparty/bin/freshclam

But, when I fix /etc/cron.daily/freshclam to point to the correct path for freshclam, I get a new error in the daily cron email:

Code:
/etc/cron.daily/freshclam:

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
The log file is there and, as far as I know, has the right permissions?

Code:
-rw-r--r--  1 clam clam     0 Aug 18 03:22 freshclam.log
Ideas?

- Scott
 

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
Same problem here.

At first I thought it might be related my CSF/LFD/Mailscanner installation from ConfigServer in which case I'd be hesitant to try any solutions found on forums, so I contacted ConfigServer and they informed me:

"When we install MailScanner currently we use cPanel's clamavconnector, and the errors you are receiving do not relate to that. As long as you're on a supported version of cPanel it shouldn't have any impact on our products. "

So that means either finding a solution together here on the forums, or submitting a ticket to cPanel.

I'm subscribing to this thread and hopefully someone who has experienced / resolved this will chime in (fingers crossed) , but if not than in a couple days I'll submit a ticket to cPanel Support and will update the outcome here.

 

wintech2003

Well-Known Member
PartnerNOC
Sep 15, 2010
103
28
78
Greece
cPanel Access Level
DataCenter Provider
The /etc/cron.daily/freshclam should fix any permission issues itself normally
Code:
LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
    chown clam.clam "$LOG_FILE"
fi
Do you by any chance have the epel repo activated?
Could you check your /var/log/yum.log to see if your clamav package got updated recently?
 

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
In my case, grep clam /var/log/yum.log shows:

Aug 16 01:00:37 Installed: clamav-filesystem-0.101.3-1.el6.noarch
Aug 16 01:00:42 Installed: clamav-data-0.101.3-1.el6.noarch
Aug 16 01:00:42 Installed: clamav-lib-0.101.3-1.el6.x86_64
Aug 16 01:00:43 Updated: clamav-0.101.3-1.el6.x86_64

So, it looks like it updated to latest version at 1:00am


However, once again at 3:20am I received:

Anacron job 'cron.daily' on examplehost.example.net
From: Anacron [email protected]
To: [email protected]
Date: Aug 19, 2019, 3:20 AM

/etc/cron.daily/freshclam:

/etc/cron.daily/freshclam: line 15: /usr/bin/freshclam: No such file or directory

Edit - I forgot to mention, I don't see any sign of epel repo in /etc/yum.repos.d
 
Last edited:

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
Hello,


Can you show me the output of the following?

Code:
rpm -qa |grep -i clamav
cpanel-perl-528-File-Scan-ClamAV-1.95-1.cp1178.noarch
cpanel-clamav-0.101.3-1.cp1180.x86_64
clamav-lib-0.101.3-1.el6.x86_64
clamav-db-0.99.4-1.el6.x86_64
clamav-0.101.3-1.el6.x86_64
cpanel-clamav-virusdefs-0.101.3-1.cp1180.x86_64
clamav-filesystem-0.101.3-1.el6.noarch
clamav-data-0.101.3-1.el6.noarch
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
cpanel-perl-528-File-Scan-ClamAV-1.95-1.cp1178.noarch
cpanel-clamav-0.101.3-1.cp1180.x86_64
clamav-lib-0.101.3-1.el6.x86_64
clamav-db-0.99.4-1.el6.x86_64
clamav-0.101.3-1.el6.x86_64
cpanel-clamav-virusdefs-0.101.3-1.cp1180.x86_64
clamav-filesystem-0.101.3-1.el6.noarch
clamav-data-0.101.3-1.el6.noarch
This shows you're running both the standard and cPanel provided version of ClamAV which is what I was initially curious about. There are a couple of reasons why someone would install separate versions one of which is if you're running CloudLinux or Imunify360 both of which install it.

If you're running CloudLinux or Imunify there is indeed an issue in which /usr/bin/freshclam is missing because the clamav-update package is missing. The current workaround from CloudLinux is to remove clamav-db and install clamav-update. They also let us know that they have a case open and are currently working on a resolution.
 
  • Like
Reactions: Metro2

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
@cPanelLauren - thank you, yes indeed I'm running CloudLinux (but not Imunify). Do yo happen to have a link to their work-around instructions? In meantime I'll check CL's site to see if I can find correct steps so that I don't break anything.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hello,

I don't have a link that I'm able to provide you - it was discussed internally. The workaround though is to remove the clamav-db package which is obsolete and install the clamav-update package which you are missing.
 

sneader

Well-Known Member
Aug 21, 2003
1,195
65
178
La Crosse, WI
cPanel Access Level
Root Administrator
We are also running CloudLinux, but are not paying for the full Imunify360 (however, we have the free on-demand scanner version of Imunify360 running, which was installed automatically by CloudLinux).

I'd appreciate any detailed instructions/steps on what the fix is.

- Scott
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hello,

The workaround as it stands right now from CloudLinux is as I mentioned before to remove the clamav-db package and install the clamav-update package.

If the issue is that you're not sure how to add/remove packages you can do the following:

1. Remove the clamav-db package

Code:
rpm -e --nodeps clamav-db
or

Code:
yum remove clamav-db

2. Then install clamav-update
Code:
yum install clamav-update
 
  • Like
Reactions: sneader and Infopro

sneader

Well-Known Member
Aug 21, 2003
1,195
65
178
La Crosse, WI
cPanel Access Level
Root Administrator
After running these...

rpm -e --nodeps clamav-db
yum install clamav-update


Now I get cron these new cron emails:

Cron <[email protected]> /usr/share/clamav/freshclam-sleep

LibClamAV Warning: Cannot resolve: /usr/lib64/libclamunrar_iface.so: undefined symbol: libclamunrar_iface_LTX_unrar_peek_file_header (version mismatch?) - unrar support unavailable


Looking in /usr/lib64/:

lrwxrwxrwx 1 root root 22 Jul 24 2013 libclamunrar.so -> libclamunrar.so.6.1.17*
lrwxrwxrwx 1 root root 22 Jul 24 2013 libclamunrar.so.6 -> libclamunrar.so.6.1.17*
-rwxr-xr-x 1 root root 178442 Jul 24 2013 libclamunrar.so.6.1.17*


So, it exists but, indeed, it's pretty old.

- Scott
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hi @sneader

That's not a known part of this issue. If you purchased your CloudLinux or Immunify license through us please feel free to open a ticket with us. If you purchased it through CL or another means you'd need to open a ticket with CloudLinux directly: CloudLinux - Main | New template

Thanks!
 

Metro2

Well-Known Member
May 24, 2006
530
76
178
USA
cPanel Access Level
Root Administrator
Now that it appears CloudLinux implemented the fix for the original issue in this thread, I now receive these emails daily from each server:

(I've replaced the actual server names / email addresses with "example" obviously)

----------
Cron <[email protected]> /usr/share/clamav/freshclam-sleep
Cron Daemon <[email protected]>
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
----------

----------
Anacron job 'cron.daily' on server.example.com
Anacron <[email protected]>
/etc/cron.daily/logrotate:
error: stat of /var/log/freshclam.log failed: No such file or directory
----------

My CloudLinux license is purchased through cPanel, but I'm hoping to avoid opening a ticket if possible. Open to suggestions here first and would be grateful for any, thank you.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hi @Metro2

Can you provide me the output of the following:

Code:
ls -lah /var/lib/clamav/mirrors.dat
For the log error - this is a second issue CloudLinux is currently addressing which I've discussed in this thread Anacron job 'cron.daily' - freshclam.log

The workaround until it's resolved is as follows:

Remove the logrotate config for clamav
or
Add 'missingok' to /etc/logrotate.d/clamav-update or Update /etc/freshclam.conf by removing # from UpdateLogFile line. Then create the log going by clamav documentation @ https://www.clamav.net/documents/configuration#freshclamconf :

Code:
touch /var/log/freshclam.log
chmod 664 /var/log/freshclam.log
chown root.clamupdate /var/log/freshclam.log
 
  • Like
Reactions: Metro2

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
Hi @Metro2

That user/group is incorrect - this should be as discussed here:

 
  • Like
Reactions: Metro2