maldet with clamav confusion

jeffschips

Well-Known Member
Jun 5, 2016
261
33
78
new york
cPanel Access Level
Root Administrator
Hello. I hope everyone is safe and healthy.

I've installed and can succesfully run maldet with clamav. But whenever I run clamav independently of maldet, I receive a message that the clamav is outdated and therefore must assume the entire scan just performed with maldet was without merit. I run freshclam to check and see:

Code:
freshclam
ClamAV update process started at Sat Oct 30 22:17:02 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
daily.cld is up to date (version: 26338, sigs: 1940691, f-level: 90, builder: raynman)
bytecode.cld is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Well, if they don't want me to PANIC then provide a more informational message. . . the link provides only information on having the cpanel plugin update signatures, but I prefer more granular control over the scanning process and thus use the command line to run madlet. I believe although not sure, if indeed the plugin is on or off (see screenshots).

I prefer NOT to use the plugin as it doesn't give me granular control and prefer to use a cron job to run maldet together with clamav, which I currently run from command line.

There appears to be no way that I can find to properly update the clamav sigantures from a command line that does not throw the DO NOT PANIC message.

Thank you - still panicking.
 

Attachments

andrew.n

Well-Known Member
Jun 9, 2020
916
342
63
EU
cPanel Access Level
Root Administrator
The reason it shows don't panic is that the ClamAV signatures, the "databases" which are responsible for ClamAV to find even the newest viruses they are up to date but the software itself is not. Have you tried to run "yum update" to see if there is a new version available which can be installed?
 
  • Like
Reactions: cPanelAnthony

andrew.n

Well-Known Member
Jun 9, 2020
916
342
63
EU
cPanel Access Level
Root Administrator
I'm not certain if cPanel always provides the most up to date ClamAV version but probably still a version which is supported and good to use. Maybe @cPRex or @cPanelAnthony could advise here further.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,045
112
118
Houston, TX
cPanel Access Level
Root Administrator
Hello! Currently, cPanel supports ClamAV version 0.101 which we are currently aware becomes end of life in January. Per the following thread, I am inquiring about when we will support 0.103 and will get an update as soon as possible.

 
  • Like
Reactions: cPRex

jeffschips

Well-Known Member
Jun 5, 2016
261
33
78
new york
cPanel Access Level
Root Administrator
I too would like to know about cPanel's support for ClamAV's most recent version. Another odd thing about all the usage posts of Maldet is that they give great and useful per use scenarios on how to run it from the command line. But setting up a repeating daily *custom* scan? I can't find it.

For example, I just re-installed it. It runs like clockwork in the deep A.M. But it only scans the /home/domain/public_html/ directory and not the domains therein. Some posts suggest doing a full public_html scan first then resort to only php files. Great. But again HOW if it's going to be a custom scan? Where are these custom paths built and inserted into the scan?