SOLVED /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

[Samet Chan]

I just got received of email here,

ERROR: getpatch: Can't download daily-23736.cdiff from database.clamav.net
ERROR: getfile: Unknown response from database.clamav.net (IP: 130.133.110.67)
ERROR: Can't download daily.cvd from database.clamav.net

It's very odd. I never heard this. This is something hacker or others? I saw that IP Address.

 

[Infopro]

What does the full log entry say? Mine says:

 --------------------- clam-update Begin ------------------------

 Last ClamAV update process started at Tue Aug 29 12:27:56 2017

 Last Status:
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    WARNING: getfile: daily-23732.cdiff not found on database.clamav.net (IP: 193.1.193.64)
    WARNING: getpatch: Can't download daily-23732.cdiff from database.clamav.net
    Downloading daily-23732.cdiff [100%]
    Downloading daily-23733.cdiff [100%]
    Downloading daily-23734.cdiff [100%]
    daily.cld updated (version: 23734, sigs: 1742748, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 309, sigs: 69, f-level: 63, builder: bbaker)
    Database updated (6309066 signatures) from database.clamav.net (IP: 81.91.100.173)

 ---------------------- clam-update End -------------------------

 

[Samet Chan]

What does the full log entry say? Mine says:

 --------------------- clam-update Begin ------------------------

 Last ClamAV update process started at Tue Aug 29 12:27:56 2017

 Last Status:
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    WARNING: getfile: daily-23732.cdiff not found on database.clamav.net (IP: 193.1.193.64)
    WARNING: getpatch: Can't download daily-23732.cdiff from database.clamav.net
    Downloading daily-23732.cdiff [100%]
    Downloading daily-23733.cdiff [100%]
    Downloading daily-23734.cdiff [100%]
    daily.cld updated (version: 23734, sigs: 1742748, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 309, sigs: 69, f-level: 63, builder: bbaker)
    Database updated (6309066 signatures) from database.clamav.net (IP: 81.91.100.173)

 ---------------------- clam-update End -------------------------

May I know this command from SSH?

I didn't do update ClamAV, Just received my email it's CSF.

 

[Infopro]

That bit I posted is from logwatch letting me know ClamAV has updated.

 

[Samet Chan]

Oh, It's working now?

 

[Infopro]

Sometimes the daily update will fail to connect for one reason or another. Here's a list of reasons:
ClamavNet

 

[martin MHC]

Hello
I have the same issue: for 5 days running now my ClamAV does not update... with the same email cron output warning. There was previously some issue with the server (hosting providers sorted it) and the server was down and had a hard reboot. Since then clam has not been able to update.

I have tried to locate ClamAV but can't find it on the server. I have accessed to usr/local/cpanel/3rdparty/ but can not run any clam files here (as root).

In all aspects, all locations, I can "see" the files but can't seem to run them, the command line stating that file not recognised.

Thus, I can not find the location of ClamAV on my server. I have read about possibly removing the daily.cvd file but I cant find it to do this. Also there are various files on the server relating to freshclam but they do no run from the command line (from usr/local/cpanel/3rdparty/... and again both with or without sudo )

Can you tell me where the logs are located (referenced in your answer above)? I can't see this log in /var/logs .

I tried to restart clam with scripts/restartsrv_clamd and this also fails to run (file not recognised, although it's there)

What is the method process for resolving this and
- 1) deleting the older daily.cvd to initiate a new fresh download
- 2) checking the install of ClamAV is good and current?
- 3) restarting clamAV?

Cheers

p.s> WHM version 68.0.28

 

[rpvw]

You might be able to repair everything by going to WHM > cPanel > Manage Plugins and Uninstall "ClamAV for cPanel"

Then reinstall it, and see if it works

 

[martin MHC]

You might be able to repair everything by going to WHM > cPanel > Manage Plugins and Uninstall "ClamAV for cPanel"

Then reinstall it, and see if it works

While this may work; I can not see how to install the ClamAV once it's uninstalled.... any clues?

 

[Infopro]

You install it there, the same place you'd uninstall it as suggested.

Sounds like you may have manually installed it previously, is that correct?

 

[martin MHC]

Hi InfoPro -- No, well, maybe. Clam has been installed on the system since inception before I was running it. I will try uninstalling and reinstalling it. and seeing how that fairs,
THanks, to you both .

 

[martin MHC]

This did not fix the issue, but the issue has changed:


ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: Can't download main.cvd from database.clamav.net

 

[Infopro]

Clam has been installed on the system since inception before I was running it.

It's not installed by default.

Does the plugin show as installed in WebHost Manager properly?

 

[martin MHC]

Yes, It seems to be installed ok. It comes up correctly in the "Service manager" and appears and runs correctly in the CPanel --> Virus Scanner window.

 

[Infopro]

Great.

As previously mentioned earlier in this thread, sometimes it won't be able to connect to the clamav site for whatever reason. This is (as wierd as it seems) normal.

 

[martin MHC]

The thing is, that

1) I never had this issue before the server crash on Sunday.
2) Since reinstalling Clam the error has changed; daily.cvd doesn't raise an error but now it's main.cvd

Is there any info you can share about how to establish if the issue is on the server or is remote or how to etablish at what point in the chain the failures are occurring?

Cheers

Martin

 

[cPWilliamL]

The 'file not recognised' errors are concerning. If you are seeing this on '/scripts/restartsrv_*' files too, there may be a larger issue at hand.

Could you provide the full output(including your prompt) of the following command?:

# /usr/local/cpanel/3rdparty/bin/freshclam --verbose

 

[rpvw]

You should find the clamav data files in /usr/local/cpanel/3rdparty/share/clamav

I believe the cld and dat files should all be chowned to clamav:clamav in a standard cPanel install
You can try and re-download any of the bytecode/daily/main cld files by renaming it and then running
/usr/local/cpanel/3rdparty/bin/freshclam

The output I just got was

ClamAV update process started at Thu Feb  8 15:33:13 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
WARNING: getfile: daily-24296.cdiff not found on database.clamav.net (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-24296.cdiff from database.clamav.net
WARNING: getfile: daily-24296.cdiff not found on database.clamav.net (IP: 78.158.65.73)
WARNING: getpatch: Can't download daily-24296.cdiff from database.clamav.net
Downloading daily-24296.cdiff [100%]
daily.cld updated (version: 24296, sigs: 1847795, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
Database updated (6414119 signatures) from database.clamav.net (IP: 81.91.100.173)

Also check out this post for some additional cool command line tips New Security Advisor notifications with Medium importance

 

[martin MHC]

Could you provide the full output(including your prompt) of the following command?:

[INDENT]Current working dir is /usr/local/cpanel/3rdparty/share/clamav
Max retries == 3
ClamAV update process started at Thu Feb  8 17:58:28 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 95
Software version from DNS: 0.99.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read ClamavNet
main.cvd version from DNS: 58
Retrieving http://database.clamav.net/main-55.cdiff
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 78.96.7.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 78.96.7.8 (due to previous errors)
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
Retrieving http://database.clamav.net/main-55.cdiff
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 78.96.7.8 (due to previous errors)
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
Retrieving http://database.clamav.net/main-55.cdiff
Ignoring mirror 78.96.7.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/main.cvd
Ignoring mirror 130.59.113.36 (due to previous errors)
connect_error: getsockopt(SO_ERROR): fd=3 error=111: Connection refused
Can't connect to port 80 of host database.clamav.net (IP: 78.96.7.8)
Ignoring mirror 78.96.7.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
WARNING: Can't download main.cvd from database.clamav.net
Trying again in 5 secs...

[/INDENT]

 

[martin MHC]

Hello
I have a curious situation whereby I can run freshclam with the full URI but not in the local folder; is this normal?

example images are attached. THe file is there but it's not "found"?(previous command was 'ls')