maldet with clamav confusion

[jeffschips]

Hello. I hope everyone is safe and healthy.

I've installed and can succesfully run maldet with clamav. But whenever I run clamav independently of maldet, I receive a message that the clamav is outdated and therefore must assume the entire scan just performed with maldet was without merit. I run freshclam to check and see:

freshclam
ClamAV update process started at Sat Oct 30 22:17:02 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cld is up to date (version: 26338, sigs: 1940691, f-level: 90, builder: raynman)
bytecode.cld is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

Well, if they don't want me to PANIC then provide a more informational message. . . the link provides only information on having the cpanel plugin update signatures, but I prefer more granular control over the scanning process and thus use the command line to run madlet. I believe although not sure, if indeed the plugin is on or off (see screenshots).

I prefer NOT to use the plugin as it doesn't give me granular control and prefer to use a cron job to run maldet together with clamav, which I currently run from command line.

There appears to be no way that I can find to properly update the clamav sigantures from a command line that does not throw the DO NOT PANIC message.

Thank you - still panicking.

 

[andrew.n]

The reason it shows don't panic is that the ClamAV signatures, the "databases" which are responsible for ClamAV to find even the newest viruses they are up to date but the software itself is not. Have you tried to run "yum update" to see if there is a new version available which can be installed?

 

[tusharthegamer]

This is the most common error when you run freshclam. There is nothing to be worried about as the db itself is updated to latest build.

 

[jeffschips]

Thanks @andrew.n and @tusharthegamer. Yum update shows:

yum update
Loaded plugins: universal-hooks
No packages marked for update

 

[andrew.n]

I'm not certain if cPanel always provides the most up to date ClamAV version but probably still a version which is supported and good to use. Maybe @cPRex or @cPanelAnthony could advise here further.

 

[cPanelAnthony]

Hello! Currently, cPanel supports ClamAV version 0.101 which we are currently aware becomes end of life in January. Per the following thread, I am inquiring about when we will support 0.103 and will get an update as soon as possible.

In Progress - ClamAV 0.101 and 0.102 EOL on January 3rd

This is serious since cPanel is still running ClamAV 0.101 Quoted from ClamAV 0.100 End of Life TODAY and reminder of upcoming 0.101 and 0.102 EOL ClamAV 0.101 and 0.102 releases will reach EOL in a little over two month's time on Jan. 3, 2022. After this date, ClamAV 0.101 and 0.102 and all...

forums.cpanel.net

 

[jeffschips]

I too would like to know about cPanel's support for ClamAV's most recent version. Another odd thing about all the usage posts of Maldet is that they give great and useful per use scenarios on how to run it from the command line. But setting up a repeating daily *custom* scan? I can't find it.

For example, I just re-installed it. It runs like clockwork in the deep A.M. But it only scans the /home/domain/public_html/ directory and not the domains therein. Some posts suggest doing a full public_html scan first then resort to only php files. Great. But again HOW if it's going to be a custom scan? Where are these custom paths built and inserted into the scan?

 

[cPanelAnthony]

Hey guys! Just as an update, our development team is aware of the issue. I don't have any concrete information yet, but am able to verify they are looking into it. I will update the thread here as soon as possible.