The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

clamscan warnings

Discussion in 'Security' started by savago, Aug 30, 2014.

  1. savago

    savago Registered

    Joined:
    Oct 21, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Hello,
    i get some warnings in new clamav versions like:

    Code:
    /home/xxxxxxxxx/public_html/html.txt: PHP.C99-13 FOUND
    /home/xxxxxxxxx/public_html/cgi-bin/lib.php: PHP.Shell-84 FOUND
    LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated
    LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated
    ....
    LibClamAV info: scancws: Error decompressing SWF file
    LibClamAV info: scancws: Error decompressing SWF file
    Then i make some changes and include "--scan-swf=no" but there is missing options :

    Code:
    clamscan: unrecognized option `--scan-swf=no'
    ERROR: Unknown option passed
    ERROR: Can't parse command line options
    clamscan --help show that option is missing
    Code:
     --scan-pe[=yes(*)/no]                Scan PE files
        --scan-elf[=yes(*)/no]               Scan ELF files
        --scan-ole2[=yes(*)/no]              Scan OLE2 containers
        --scan-pdf[=yes(*)/no]               Scan PDF files
        --scan-html[=yes(*)/no]              Scan HTML files
        --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    Please fix it.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Your account appears to have been compromised.
     
  3. savago

    savago Registered

    Joined:
    Oct 21, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Yes,this is not problem.
    Problem is that scan-swf option is missing :)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    We can't assist with cleaning up the actual viruses, but feel free to open a support ticket if you want us to check on the status of ClamAV itself. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. GiviN.G

    GiviN.G Member

    Joined:
    Sep 30, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    I am also receiving emails like

    Code:
    /etc/cron.hourly/manual_clamscan:
    
    /usr/bin/clamscan: illegal option -- r
    ERROR: Unknown option passed
    ERROR: Can't parse command line options
    Full Details::

    Code:
    > From:  (Cron Daemon)
    > Subject: Cron <> run-parts /etc/cron.hourly
    > Date: 
    > To: 
    > 
    > /etc/cron.hourly/manual_clamscan:
    > 
    > LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated
    > LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated
    > LibClamAV info: scancws: Error decompressing SWF file
    > LibClamAV info: scancws: Error decompressing SWF file
    > LibClamAV Warning: cli_scanicon: found 1 invalid icon entries of 2 total
    > LibClamAV Warning: cli_tnef: file truncated, returning CLEAN
    > LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated
    
    Please advise. Thank you.
     
    #5 GiviN.G, Sep 30, 2014
    Last edited by a moderator: Sep 30, 2014
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  7. GiviN.G

    GiviN.G Member

    Joined:
    Sep 30, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello michael,

    Thank you for your reply, I don't remember how it was set. Please find below the contents.

    Code:
    # cat /etc/cron.hourly/manual_clamscan
    #!/bin/bash
     
    # Email alert cron job script for ClamAV
    # Original, unmodified script by: Deven Hillard 
    #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html)
    # Modified to show infected and/or removed files
     
    # Directories to scan
    SCAN_DIR="/home /tmp /var"
     
    # Location of log file
    LOG_FILE="/var/log/clamav/manual_clamscan.log"
     
    # Uncomment to have scan remove files
    #AGGRESSIVE=1
    # Uncomment to have scan not remove files
    AGGRESSIVE=0
     
    # Email Subject
    SUBJECT="Infections detected on `hostname`"
    # Email To
    EMAIL="myname@gmail.com"
    # Email From
    EMAIL_FROM="mail@domain.com"
     
    check_scan () {
        # If there were infected files detected, send email alert
     
        if [ `tail -n 12 ${LOG_FILE}  | grep Infected | grep -v 0 | wc -l` != 0 ]
        then
        # Count number of infections
            SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files')
            INFECTIONS=${SCAN_RESULTS##* }
     
            EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
            echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
            echo "From: ${EMAIL_FROM}" >>  ${EMAILMESSAGE}
            echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
            echo "Importance: High" >> ${EMAILMESSAGE}
            echo "X-Priority: 1" >> ${EMAILMESSAGE}
         
            if [ $AGGRESSIVE = 1 ]
            then
                    echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE}
            else
                    echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE}
            fi
     
            sendmail -t < ${EMAILMESSAGE}
        fi
    }
     
    if [ $AGGRESSIVE = 1 ]
    then
            /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE
    else
            /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE
    fi
    Here are some more informations.

    Code:
    root@vps [~]# run-parts /etc/cron.hourly/
    /etc/cron.hourly//manual_clamscan:
    
    /usr/bin/clamscan: illegal option -- r
    ERROR: Unknown option passed
    ERROR: Can't parse command line options
    
    Code:
    root@vps [~]# /etc/cron.hourly/manual_clamscan 
    /usr/bin/clamscan: illegal option -- r
    ERROR: Unknown option passed
    ERROR: Can't parse command line options
    Thank you once again.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    The results are a separate issue, so I moved that post into it's own thread for you. The cron job you have referenced looks like a third-party script. The "clamscan" utility is now located at:

    Code:
    /usr/local/cpanel/3rdparty/bin/clamscan
    You may want to remove that cron job, or contact it's developer to have it updated to work without error.

    Thank you.
     
  9. GiviN.G

    GiviN.G Member

    Joined:
    Sep 30, 2014
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Okay. Thank you. Sorry for the last reply. I will contact the developer. Thanks again Michael. :)
     
Loading...

Share This Page