SOLVED /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

Samet Chan

Well-Known Member
Jun 24, 2016
369
42
153
cPanel Access Level
Root Administrator
Twitter
I just got received of email here,
Code:
ERROR: getpatch: Can't download daily-23736.cdiff from database.clamav.net
ERROR: getfile: Unknown response from database.clamav.net (IP: 130.133.110.67)
ERROR: Can't download daily.cvd from database.clamav.net
It's very odd. I never heard this. This is something hacker or others? I saw that IP Address.
 
Last edited by a moderator:

Infopro

Well-Known Member
May 20, 2003
17,075
524
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
What does the full log entry say? Mine says:

Code:
 --------------------- clam-update Begin ------------------------

 Last ClamAV update process started at Tue Aug 29 12:27:56 2017

 Last Status:
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    WARNING: getfile: daily-23732.cdiff not found on database.clamav.net (IP: 193.1.193.64)
    WARNING: getpatch: Can't download daily-23732.cdiff from database.clamav.net
    Downloading daily-23732.cdiff [100%]
    Downloading daily-23733.cdiff [100%]
    Downloading daily-23734.cdiff [100%]
    daily.cld updated (version: 23734, sigs: 1742748, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 309, sigs: 69, f-level: 63, builder: bbaker)
    Database updated (6309066 signatures) from database.clamav.net (IP: 81.91.100.173)

 ---------------------- clam-update End -------------------------
 

Samet Chan

Well-Known Member
Jun 24, 2016
369
42
153
cPanel Access Level
Root Administrator
Twitter
What does the full log entry say? Mine says:

Code:
 --------------------- clam-update Begin ------------------------

 Last ClamAV update process started at Tue Aug 29 12:27:56 2017

 Last Status:
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    WARNING: getfile: daily-23732.cdiff not found on database.clamav.net (IP: 193.1.193.64)
    WARNING: getpatch: Can't download daily-23732.cdiff from database.clamav.net
    Downloading daily-23732.cdiff [100%]
    Downloading daily-23733.cdiff [100%]
    Downloading daily-23734.cdiff [100%]
    daily.cld updated (version: 23734, sigs: 1742748, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 309, sigs: 69, f-level: 63, builder: bbaker)
    Database updated (6309066 signatures) from database.clamav.net (IP: 81.91.100.173)

 ---------------------- clam-update End -------------------------
May I know this command from SSH?

I didn't do update ClamAV, Just received my email it's CSF.
 

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
Hello
I have the same issue: for 5 days running now my ClamAV does not update... with the same email cron output warning. There was previously some issue with the server (hosting providers sorted it) and the server was down and had a hard reboot. Since then clam has not been able to update.

I have tried to locate ClamAV but can't find it on the server. I have accessed to usr/local/cpanel/3rdparty/ but can not run any clam files here (as root).

In all aspects, all locations, I can "see" the files but can't seem to run them, the command line stating that file not recognised.

Thus, I can not find the location of ClamAV on my server. I have read about possibly removing the daily.cvd file but I cant find it to do this. Also there are various files on the server relating to freshclam but they do no run from the command line (from usr/local/cpanel/3rdparty/... and again both with or without sudo )

Can you tell me where the logs are located (referenced in your answer above)? I can't see this log in /var/logs .

I tried to restart clam with scripts/restartsrv_clamd and this also fails to run (file not recognised, although it's there)

What is the method process for resolving this and
- 1) deleting the older daily.cvd to initiate a new fresh download
- 2) checking the install of ClamAV is good and current?
- 3) restarting clamAV?

Cheers

p.s> WHM version 68.0.28
 
Last edited:

rpvw

Well-Known Member
Jul 18, 2013
1,101
472
113
UK
cPanel Access Level
Root Administrator
You might be able to repair everything by going to WHM > cPanel > Manage Plugins and Uninstall "ClamAV for cPanel"

Then reinstall it, and see if it works o_O
 

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
You might be able to repair everything by going to WHM > cPanel > Manage Plugins and Uninstall "ClamAV for cPanel"

Then reinstall it, and see if it works o_O
While this may work; I can not see how to install the ClamAV once it's uninstalled.... any clues?
 

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
Hi InfoPro -- No, well, maybe. Clam has been installed on the system since inception before I was running it. I will try uninstalling and reinstalling it. and seeing how that fairs,
THanks, to you both .
 

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
This did not fix the issue, but the issue has changed:


ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: Can't download main.cvd from database.clamav.net
 

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
Yes, It seems to be installed ok. It comes up correctly in the "Service manager" and appears and runs correctly in the CPanel --> Virus Scanner window.
 

Attachments

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
The thing is, that

1) I never had this issue before the server crash on Sunday.
2) Since reinstalling Clam the error has changed; daily.cvd doesn't raise an error but now it's main.cvd

Is there any info you can share about how to establish if the issue is on the server or is remote or how to etablish at what point in the chain the failures are occurring?

Cheers

Martin
 

cPWilliamL

cP Technical Analyst II
Staff member
May 15, 2017
258
30
103
America
cPanel Access Level
Root Administrator
The 'file not recognised' errors are concerning. If you are seeing this on '/scripts/restartsrv_*' files too, there may be a larger issue at hand.

Could you provide the full output(including your prompt) of the following command?:
Code:
# /usr/local/cpanel/3rdparty/bin/freshclam --verbose
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
472
113
UK
cPanel Access Level
Root Administrator
You should find the clamav data files in /usr/local/cpanel/3rdparty/share/clamav

I believe the cld and dat files should all be chowned to clamav:clamav in a standard cPanel install
You can try and re-download any of the bytecode/daily/main cld files by renaming it and then running
/usr/local/cpanel/3rdparty/bin/freshclam

The output I just got was
Code:
ClamAV update process started at Thu Feb  8 15:33:13 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
WARNING: getfile: daily-24296.cdiff not found on database.clamav.net (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-24296.cdiff from database.clamav.net
WARNING: getfile: daily-24296.cdiff not found on database.clamav.net (IP: 78.158.65.73)
WARNING: getpatch: Can't download daily-24296.cdiff from database.clamav.net
Downloading daily-24296.cdiff [100%]
daily.cld updated (version: 24296, sigs: 1847795, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
Database updated (6414119 signatures) from database.clamav.net (IP: 81.91.100.173)
Also check out this post for some additional cool command line tips New Security Advisor notifications with Medium importance
 
Last edited:

martin MHC

Well-Known Member
Sep 14, 2016
317
71
78
UK
cPanel Access Level
Root Administrator
Could you provide the full output(including your prompt) of the following command?:
Code:
[INDENT]Current working dir is /usr/local/cpanel/3rdparty/share/clamav
Max retries == 3
ClamAV update process started at Thu Feb  8 17:58:28 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 95
Software version from DNS: 0.99.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read ClamavNet
main.cvd version from DNS: 58
Retrieving http://database.clamav.net/main-55.cdiff
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 78.96.7.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 78.96.7.8 (due to previous errors)
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
Retrieving http://database.clamav.net/main-55.cdiff
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 78.96.7.8 (due to previous errors)
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
Retrieving http://database.clamav.net/main-55.cdiff
Ignoring mirror 78.96.7.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/main.cvd
Ignoring mirror 130.59.113.36 (due to previous errors)
connect_error: getsockopt(SO_ERROR): fd=3 error=111: Connection refused
Can't connect to port 80 of host database.clamav.net (IP: 78.96.7.8)
Ignoring mirror 78.96.7.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
WARNING: Can't download main.cvd from database.clamav.net
Trying again in 5 secs...
[/INDENT]
 

Attachments

Last edited by a moderator: