Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

Discussion in 'Security' started by Sametto Chan, Aug 30, 2017.

Tags:
  1. Samet Chan

    Samet Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    307
    Likes Received:
    28
    Trophy Points:
    103
    cPanel Access Level:
    Root Administrator
    Twitter:
    I just got received of email here,
    Code:
    ERROR: getpatch: Can't download daily-23736.cdiff from database.clamav.net
    ERROR: getfile: Unknown response from database.clamav.net (IP: 130.133.110.67)
    ERROR: Can't download daily.cvd from database.clamav.net
    
    It's very odd. I never heard this. This is something hacker or others? I saw that IP Address.
     
    #1 Samet Chan, Aug 30, 2017
    Last edited by a moderator: Aug 30, 2017
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What does the full log entry say? Mine says:

    Code:
     --------------------- clam-update Begin ------------------------
    
     Last ClamAV update process started at Tue Aug 29 12:27:56 2017
    
     Last Status:
        main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
        WARNING: getfile: daily-23732.cdiff not found on database.clamav.net (IP: 193.1.193.64)
        WARNING: getpatch: Can't download daily-23732.cdiff from database.clamav.net
        Downloading daily-23732.cdiff [100%]
        Downloading daily-23733.cdiff [100%]
        Downloading daily-23734.cdiff [100%]
        daily.cld updated (version: 23734, sigs: 1742748, f-level: 63, builder: neo)
        bytecode.cld is up to date (version: 309, sigs: 69, f-level: 63, builder: bbaker)
        Database updated (6309066 signatures) from database.clamav.net (IP: 81.91.100.173)
    
     ---------------------- clam-update End -------------------------
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Samet Chan

    Samet Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    307
    Likes Received:
    28
    Trophy Points:
    103
    cPanel Access Level:
    Root Administrator
    Twitter:
    May I know this command from SSH?

    I didn't do update ClamAV, Just received my email it's CSF.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That bit I posted is from logwatch letting me know ClamAV has updated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Samet Chan

    Samet Chan Well-Known Member

    Joined:
    Jun 24, 2016
    Messages:
    307
    Likes Received:
    28
    Trophy Points:
    103
    cPanel Access Level:
    Root Administrator
    Twitter:
    Oh, It's working now?
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Sometimes the daily update will fail to connect for one reason or another. Here's a list of reasons:
    ClamavNet
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello
    I have the same issue: for 5 days running now my ClamAV does not update... with the same email cron output warning. There was previously some issue with the server (hosting providers sorted it) and the server was down and had a hard reboot. Since then clam has not been able to update.

    I have tried to locate ClamAV but can't find it on the server. I have accessed to usr/local/cpanel/3rdparty/ but can not run any clam files here (as root).

    In all aspects, all locations, I can "see" the files but can't seem to run them, the command line stating that file not recognised.

    Thus, I can not find the location of ClamAV on my server. I have read about possibly removing the daily.cvd file but I cant find it to do this. Also there are various files on the server relating to freshclam but they do no run from the command line (from usr/local/cpanel/3rdparty/... and again both with or without sudo )

    Can you tell me where the logs are located (referenced in your answer above)? I can't see this log in /var/logs .

    I tried to restart clam with scripts/restartsrv_clamd and this also fails to run (file not recognised, although it's there)

    What is the method process for resolving this and
    - 1) deleting the older daily.cvd to initiate a new fresh download
    - 2) checking the install of ClamAV is good and current?
    - 3) restarting clamAV?

    Cheers

    p.s> WHM version 68.0.28
     
    #7 martin MHC, Feb 6, 2018
    Last edited: Feb 6, 2018
  8. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    675
    Likes Received:
    224
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    You might be able to repair everything by going to WHM > cPanel > Manage Plugins and Uninstall "ClamAV for cPanel"

    Then reinstall it, and see if it works o_O
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    While this may work; I can not see how to install the ClamAV once it's uninstalled.... any clues?
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    You install it there, the same place you'd uninstall it as suggested.

    Sounds like you may have manually installed it previously, is that correct?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi InfoPro -- No, well, maybe. Clam has been installed on the system since inception before I was running it. I will try uninstalling and reinstalling it. and seeing how that fairs,
    THanks, to you both .
     
  12. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    This did not fix the issue, but the issue has changed:


    ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
    ERROR: Can't download main.cvd from database.clamav.net
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's not installed by default.

    Does the plugin show as installed in WebHost Manager properly?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Yes, It seems to be installed ok. It comes up correctly in the "Service manager" and appears and runs correctly in the CPanel --> Virus Scanner window.
     

    Attached Files:

  15. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,170
    Likes Received:
    370
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Great. :)

    As previously mentioned earlier in this thread, sometimes it won't be able to connect to the clamav site for whatever reason. This is (as wierd as it seems) normal.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    The thing is, that

    1) I never had this issue before the server crash on Sunday.
    2) Since reinstalling Clam the error has changed; daily.cvd doesn't raise an error but now it's main.cvd

    Is there any info you can share about how to establish if the issue is on the server or is remote or how to etablish at what point in the chain the failures are occurring?

    Cheers

    Martin
     
  17. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    The 'file not recognised' errors are concerning. If you are seeing this on '/scripts/restartsrv_*' files too, there may be a larger issue at hand.

    Could you provide the full output(including your prompt) of the following command?:
    Code:
    # /usr/local/cpanel/3rdparty/bin/freshclam --verbose
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    675
    Likes Received:
    224
    Trophy Points:
    43
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    You should find the clamav data files in /usr/local/cpanel/3rdparty/share/clamav

    I believe the cld and dat files should all be chowned to clamav:clamav in a standard cPanel install
    You can try and re-download any of the bytecode/daily/main cld files by renaming it and then running
    /usr/local/cpanel/3rdparty/bin/freshclam

    The output I just got was
    Code:
    ClamAV update process started at Thu Feb  8 15:33:13 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.2 Recommended version: 0.99.3
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    WARNING: getfile: daily-24296.cdiff not found on database.clamav.net (IP: 193.1.193.64)
    WARNING: getpatch: Can't download daily-24296.cdiff from database.clamav.net
    WARNING: getfile: daily-24296.cdiff not found on database.clamav.net (IP: 78.158.65.73)
    WARNING: getpatch: Can't download daily-24296.cdiff from database.clamav.net
    Downloading daily-24296.cdiff [100%]
    daily.cld updated (version: 24296, sigs: 1847795, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
    Database updated (6414119 signatures) from database.clamav.net (IP: 81.91.100.173)
    Also check out this post for some additional cool command line tips New Security Advisor notifications with Medium importance
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #18 rpvw, Feb 8, 2018
    Last edited: Feb 8, 2018
  19. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Code:
    [INDENT]Current working dir is /usr/local/cpanel/3rdparty/share/clamav
    Max retries == 3
    ClamAV update process started at Thu Feb  8 17:58:28 2018
    Using IPv6 aware code
    Querying current.cvd.clamav.net
    TTL: 95
    Software version from DNS: 0.99.3
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.2 Recommended version: 0.99.3
    DON'T PANIC! Read ClamavNet
    main.cvd version from DNS: 58
    Retrieving http://database.clamav.net/main-55.cdiff
    Ignoring mirror 130.59.113.36 (due to previous errors)
    Ignoring mirror 78.96.7.8 (due to previous errors)
    Ignoring mirror 130.59.113.36 (due to previous errors)
    Ignoring mirror 78.96.7.8 (due to previous errors)
    WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
    Retrieving http://database.clamav.net/main-55.cdiff
    Ignoring mirror 130.59.113.36 (due to previous errors)
    Ignoring mirror 78.96.7.8 (due to previous errors)
    WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
    Retrieving http://database.clamav.net/main-55.cdiff
    Ignoring mirror 78.96.7.8 (due to previous errors)
    Ignoring mirror 130.59.113.36 (due to previous errors)
    WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
    WARNING: Incremental update failed, trying to download main.cvd
    Whitelisting short-term blacklisted mirrors
    Retrieving http://database.clamav.net/main.cvd
    Ignoring mirror 130.59.113.36 (due to previous errors)
    connect_error: getsockopt(SO_ERROR): fd=3 error=111: Connection refused
    Can't connect to port 80 of host database.clamav.net (IP: 78.96.7.8)
    Ignoring mirror 78.96.7.8 (due to previous errors)
    Ignoring mirror 130.59.113.36 (due to previous errors)
    WARNING: Can't download main.cvd from database.clamav.net
    Trying again in 5 secs...
    
    [/INDENT]
     

    Attached Files:

    #19 martin MHC, Feb 8, 2018
    Last edited by a moderator: Feb 8, 2018
  20. martin MHC

    martin MHC Well-Known Member

    Joined:
    Sep 14, 2016
    Messages:
    88
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello
    I have a curious situation whereby I can run freshclam with the full URI but not in the local folder; is this normal?

    example images are attached. THe file is there but it's not "found"?(previous command was 'ls')
     

    Attached Files:

Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice