[CPANEL-20678] ClamAV freshclam and clamscan binaries are different versions.

I have this same message after upcp ran this morning. But, nothing is different that I can find.

 

I just received this same alert overnight.
CENTOS 6.9 standard - v66.0.27

Code:

# rpm -qa|grep clam
cpanel-clamav-0.99.2-2.cp1164.x86_64
cpanel-clamav-virusdefs-0.99.2-2.cp1164.x86_64
# locate freshclam
 /usr/local/cpanel/3rdparty/bin/freshclam
/usr/local/cpanel/3rdparty/etc/freshclam.conf
/usr/local/cpanel/3rdparty/share/man/man1/freshclam.1
/usr/local/cpanel/3rdparty/share/man/man5/freshclam.conf.5

 

Hi,

I'm so sorry. I completely missed this reply @cPanelMichael. Is there any point after this amount of time, and an update to v.68. Is there something I can test? I have not received this notification since. Just the one time.

 

No. Thank you Ticket ID 9011467

 

Only that there were no rogue/extra copies of ClamAV or FreshClam on the system. There had been an update to whm v.68 run on the server since the initial incident, and it's possible that any duplicate was cleaned up then. I suppose it's possible it was just a false positive to begin with as well. I don't know, but it is all good now.

 

I have the same message. It showed up in the 5/53 upcp. In the 5/22 upcp clamav updated to 0.99.4-3 and cPanel upgraded to v70.0.43. So it looks like clamav and cPanel updated at the same time, then the next upcp raised this error. Is this a bug in the update? I see the v70.0.44 just updated last night.

I can run the above checks and do an un/re-install of clamav (then recheck) but I would like to hear the results of more of the tickets that are opened. (The one that reported above seemed to indicate that the above solution was adequate.)

@cPanelMichael, it would be helpful to have an official report on what this is about and why it (apparently) happens. FYI clamav was only installed on this server through WHM and has been maintained via WHM.

-Pete

 

Same alert for me. I installed ClamAV via WHM yesterday on a new server received this message today.

 

Thanks for posting that! I think it's a different scenario (not tied to an update cPanel) that's causing this.

Can you post which cPanel version you are on now, and whether it was the same version when you installed clamav?

-Pete

 

My upcp report for 5/24 reports no issues for /usr/local/cpanel/scripts/check_security_advice_changes.

• 5/22 upcp updated clamav and cPanel v70.0.43, no clamav error, but reported 2 out of date executables running (possibly clamav?) for which I was unable to determine the process (see: Security Advisor notifications should include process name, not just PID), which may explain the lack of a clamav warning
  
• 5/23 upcp reported the clamav error
• 5/23 upcp updated cPanel to v70.0.44 and reported no clamav error

It appears to me that it may be related to cPanel updates.

-Pete

 

We cross posted...

That's what I did, but using the emails from upcp which gives me more detail on the warnings.

-Pete