ClamAV failure

[captainwasabi]

It looks like when maldet updated at midnight as part of my daily scan and backup script it broke ClamAV. As this is on my mail server, and amavis uses clamAV to scan for viruses, this is preventing mail from being sent or delivered.

I've tried running freshclam, maldet -d, maldet -u, restarting clamav-daemon, restarting amavis, etc.

When I try to start ClamAV this is what I get:

service clamav-daemon start

• Starting ClamAV daemon clamd
  LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/lmd.user.hdb
  LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/lmd.user.hdb
  ERROR: Can't open file or directory [fail]

contents of /var/lib/clamav:

drwxr-xr-x 2 clamav clamav 4096 Sep 19 02:15 ./
drwxr-xr-x 59 root root 4096 Aug 26 07:41 ../
-rw-r--r-- 1 clamav clamav 407040 Aug 20 11:45 bytecode.cld
-rw-r--r-- 1 clamav clamav 101435904 Sep 18 13:52 daily.cld
lrwxrwxrwx 1 root root 38 Sep 19 00:01 lmd.user.hdb -> /usr/local/maldetect/sigs/lmd.user.hdb
lrwxrwxrwx 1 root root 38 Sep 19 00:01 lmd.user.ndb -> /usr/local/maldetect/sigs/lmd.user.ndb
-rw-r--r-- 1 clamav clamav 64720632 Sep 17 2013 main.cvd
-rw------- 1 clamav clamav 1196 Sep 19 02:15 mirrors.dat
lrwxrwxrwx 1 root root 34 Sep 19 00:01 rfxn.hdb -> /usr/local/maldetect/sigs/rfxn.hdb
lrwxrwxrwx 1 root root 34 Sep 19 00:01 rfxn.ndb -> /usr/local/maldetect/sigs/rfxn.ndb

contents of /usr/local/maldetect/sigs:

ll /usr/local/maldetect/sigs
total 2584
drwxr-xr-x 3 root root 4096 Sep 19 00:04 ./
drwxr-xr-x 11 root root 4096 Sep 19 02:10 ../
drwxr-xr-x 2 root root 4096 Sep 12 2013 appver/
-rw-r--r-- 1 root root 0 Sep 19 00:01 custom.hex.dat
-rw-r--r-- 1 root root 0 Sep 19 00:01 custom.md5.dat
-rw-r--r-- 1 root root 429904 Sep 18 18:18 hex.dat
lrwxrwxrwx 1 root root 48 Sep 19 00:04 lmd.user.hdb -> /usr/local/maldetect/tmp/.runtime.user.13092.hdb
lrwxrwxrwx 1 root root 48 Sep 19 00:04 lmd.user.ndb -> /usr/local/maldetect/tmp/.runtime.user.13092.ndb
-rw-r--r-- 1 root root 14 Sep 19 00:01 maldet.sigs.ver
-rw-r--r-- 1 root root 551001 Sep 18 18:18 md5.dat
-rw-r--r-- 1 root root 602518 Sep 18 18:18 md5v2.dat
-rw-r--r-- 1 root root 598632 Sep 18 18:18 rfxn.hdb
-rw-r--r-- 1 root root 437560 Sep 18 18:18 rfxn.ndb

contents of /usr/local/maldetect/tmp:

ll /usr/local/maldetect/tmp
total 8
drwxr-x--- 2 root root 4096 Sep 19 00:04 ./
drwxr-xr-x 11 root root 4096 Sep 19 02:10 ../
-rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.alert.hits
-rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.clean.hits
-rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.monitor.alert
-rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.susp.hits

so as you can see the .runtime.user.13092.* files are missing.

The error I'm getting in my /var/log/mail.log is:

Sep 19 02:08:52 pigeon amavis[4089]: (04089-06) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/lmd.user.hdb\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/lmd.user.hdb\nERROR: Can't open file or directory"

relevant lines from /var/log/clamav/clamav.log:

Fri Sep 18 22:17:23 2015 -> SelfCheck: Database status OK.
Fri Sep 18 23:21:25 2015 -> SelfCheck: Database status OK.
Sat Sep 19 00:01:35 2015 -> Reading databases from /var/lib/clamav
Sat Sep 19 00:01:38 2015 -> ERROR: reload db failed: Can't open file or director
y
Sat Sep 19 00:01:38 2015 -> Terminating because of a fatal error.
Sat Sep 19 00:01:38 2015 -> Pid file removed.
Sat Sep 19 00:01:38 2015 -> --- Stopped at Sat Sep 19 00:01:38 2015
Sat Sep 19 00:01:38 2015 -> Socket file removed.

relevant lines from /usr/local/maldetect/logs/event_log

Sep 19 00:01:31 pigeon maldet(11534): {sigup} performing signature update check...
Sep 19 00:01:31 pigeon maldet(11534): {sigup} local signature set is version 2015091828029
Sep 19 00:01:31 pigeon maldet(11534): {sigup} latest signature set already installed
Sep 19 00:01:31 pigeon maldet(11237): {update} completed update v1.4.2 => v1.5, running signature updates...
Sep 19 00:01:31 pigeon maldet(11619): {sigup} performing signature update check...
Sep 19 00:01:31 pigeon maldet(11619): {sigup} local signature set is version 2015091828029
Sep 19 00:01:31 pigeon maldet(11619): {sigup} latest signature set already installed
Sep 19 00:01:31 pigeon maldet(11237): {update} update and config import completed.
Sep 19 00:01:31 pigeon maldet(11237): {sigup} performing signature update check...
Sep 19 00:01:31 pigeon maldet(11237): {sigup} local signature set is version 2015091516329
Sep 19 00:01:31 pigeon maldet(11237): {sigup} new signature set (2015091828029) available
Sep 19 00:01:32 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat
Sep 19 00:01:33 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat
Sep 19 00:01:34 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb
Sep 19 00:01:35 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb
Sep 19 00:01:35 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz
Sep 19 00:01:35 pigeon maldet(11237): {sigup} signature set update completed
Sep 19 00:01:35 pigeon maldet(11237): {sigup} 10822 signatures (8908 MD5 / 1914 HEX)
Sep 19 00:01:36 pigeon maldet(11791): {scan} launching scan of /root changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
Sep 19 00:01:36 pigeon maldet(11791): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER)
Sep 19 00:01:36 pigeon maldet(11791): {scan} building file list for /root of new/modified files from last 1 days, this might take awhile...
Sep 19 00:01:36 pigeon maldet(11791): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
Sep 19 00:01:36 pigeon maldet(11791): {scan} executed /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/find /root /tmp /var/tmp /dev/shm -maxdepth 15 -regextype posix-egrep -type f ( -mtime -1 -o -ctime -1 ) -size +24c -size -6947618c -not -perm 000 -not -regex "" -not -uid 0 -not -gid 0
Sep 19 00:01:37 pigeon maldet(11791): {scan} file list completed in 1s, found 69 files...
Sep 19 00:01:37 pigeon maldet(11791): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...
Sep 19 00:01:37 pigeon maldet(11791): {scan} scan of /root (69 files) in progress...
Sep 19 00:01:38 pigeon maldet(11791): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details!

relevant lines from /usr/local/maldetect/logs/clamscan_log:

Sep 19 00:01:37 pigeon clamscan start
Sep 19 00:01:37 pigeon executed: /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/clamdscan --infected -
-no-summary -f /usr/local/maldetect/tmp/.find.11791
ERROR: Communication error
ERROR: Could not lookup : Servname not supported for ai_socktype
ERROR: Could not lookup : Servname not supported for ai_socktype
ERROR: Could not lookup : Servname not supported for ai_socktype
.
.
.
Sep 19 00:01:42 pigeon clamscan start
Sep 19 00:01:42 pigeon executed: /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/clamdscan --max-filesiz
e=5M --max-scansize=5M -d /usr/local/maldetect/tmp/.runtime.user.12047.hdb -d /usr/local/maldetect/tmp/.runtim
e.user.12047.ndb -r --infected --no-summary -f /usr/local/maldetect/tmp/.find.12047
WARNING: Ignoring unsupported option --max-filesize
WARNING: Ignoring unsupported option --max-scansize
WARNING: Ignoring unsupported option --database (-d)
WARNING: Ignoring unsupported option --database (-d)
WARNING: Ignoring unsupported option --recursive (-r)
ERROR: Could not lookup : Servname not supported for ai_socktype
ERROR: Could not lookup : Servname not supported for ai_socktype
ERROR: Could not lookup : Servname not supported for ai_socktype
.
.
.

This is a MAJOR issue. for now I have disabled anti-virus checking in amavis like this:

Try this on Debian or Ubuntu:

Add a new file /etc/amavis/conf.d/90-custom

with the following content:

Code:

use strict;

@bypass_virus_checks_maps  = (1);

#------------ Do not modify anything below this line -------------
1;  # insure a defined return

and restart amavisd.

[bkw]

Same here, broken symlinks pointing from /usr/local/maldetect/sigs to non-existing files in tmp.

[bkw]

In my case it turned out to be a permission problem, related to both file permissions and apparmor.
Here is what I did to fix it:

chmod o+x /usr/local/maldetect/{,sigs}
chmod o+r /usr/local/maldetect/sigs/*db
echo "/usr/local/maldetect/sigs/* r," >> /etc/apparmor.d/local/usr.sbin.clamd
service apparmor reload
service clamav-daemon restart

The missing lmd.user links where no longer a problem for me after i fixed the permissions.
The next signature update will probably reset the file permissions again, I still have to check whether that was due to my tightened root umask setting or the update script itself.

[bkw]

the file permission problem probably was homegrown. I think the apparmor stuff should be all you need:

echo "/usr/local/maldetect/sigs/* r," >> /etc/apparmor.d/local/usr.sbin.clamd
service apparmor reload && service clamav-daemon restart

[jcarnus]

I had the same issue. I will try fo fiw with previous comment

[jcarnus]

For me, file is missing. Only option is to delete symlink from clamav lib dir until a fix is provided

[lgonzalez-silen]

Running CentOS 6.7.

I ran ./uninstall.sh and then downloaded the current again and ran ./install.sh. That still left the bad symlinks in /var/clamav/ in place

lmd.user.hdb -> /usr/local/maldetect/sigs/lmd.user.hdb
lmd.user.ndb -> /usr/local/maldetect/sigs/lmd.user.ndb

but these ones were not present any longer in sigs

lmd.user.hdb -> /usr/local/maldetect/tmp/.runtime.user.15757.hdb
lmd.user.ndb -> /usr/local/maldetect/tmp/.runtime.user.15757.ndb

I went ahead and deleted the /var/clamav/ lmd symlinks and restarted clamd and it worked ok. If anyone can confirm that the lmd symlinks are not needed in /var/clamav/ that would be great. The following valid symlinks remain there

rfxn.hdb -> /usr/local/maldetect/sigs/rfxn.hdb
rfxn.ndb -> /usr/local/maldetect/sigs/rfxn.ndb

It is likely that just deleting the lmd bad symlinks will allow you to restart clamd.

For reference, my initial symptoms were email subjects prepended with the string

UNCHECKED

and the following in the clamd log

Sat Sep 19 03:24:11 2015 -> Reading databases from /var/clamav
Sat Sep 19 03:24:21 2015 -> ERROR: reload db failed: Can't open file or directory
Sat Sep 19 03:24:21 2015 -> Terminating because of a fatal error.

[jcarnus]

Symlink in /var/lib/clamav to lmd and rfxn has appears back. But lmd symlin still linked to nothing. Clamav 0.98, debian 8

[bkw]

I still have the dangling symlinks pointing from /var/lib/clamav to /usr/local/maldetect/sigs, but no more symlinks pointing from /usr/local/maldetect/sigs to tmp. I do not get errors this way.

[rfxn]

chmod 755 /usr/local/maldetect/tmp

This should fix he issue, it is not so much that the file is empty but that clamav cant lsstat the file due to the parent directories permissions when clamd is running as a non-root user.

I've made an upstream change in the code that I will commit to address this in a few minutes.

[captainwasabi]

tried this and the following still happens when I start clamav

service clamav-daemon start

*Starting ClamAV daemon clamd
LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/rfxn.ndb
LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/rfxn.ndb
ERROR: Can't open file or directory
[fail]

I also get the same errors as reported above in the maillog (because the daemon isn't running)
but it does look like email is being delivered.

BTW, thank you for this great package that I use daily on all my servers. Also thank you for looking at this issue so quickly, it's really appreciated!

[rfxn]

@captainwasabi no problem at all, glad to help. In most sane mail configurations, clamd failing should be a fail-open setup so mail keeps moving.

That being said, can you answer a few questions:
What OS version are you running (cat /etc/redhat-release) ?
What version of clamd (clamd -V) ?
Is there a control panel (e.g cpanel) ?

Thanks

[captainwasabi]

Ubuntu 12.04.5 LTS everything is up to date as of 9/15

Linux version 3.2.0-90-generic (buildd@lgw01-29) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #128-Ubuntu SMP
Fri Aug 14 21:43:58 UTC 2015 (Ubuntu 3.2.0-90.128-generic 3.2.69)

ClamAV 0.98.7/20927/Fri Sep 18 12:41:20 2015

No cpanel, this is a server running on metal.

[nanonettr]

this issue still exists on commit 5ad5452 on Ubuntu 14.04.3 LTS.

root@admin:/var/lib/clamav# ls -la
drwxr-xr-x 2 clamav clamav 4096 Sep 19 18:42 .
drwxr-xr-x 58 root root 4096 Sep 19 17:45 ..
-rw-r--r-- 1 clamav clamav 407040 Aug 20 18:59 bytecode.cld
-rw-r--r-- 1 clamav clamav 101435904 Sep 18 20:23 daily.cld
lrwxrwxrwx 1 root root 38 Sep 19 18:42 lmd.user.hdb -> /usr/local/maldetect/sigs/lmd.user.hdb
lrwxrwxrwx 1 root root 38 Sep 19 18:42 lmd.user.ndb -> /usr/local/maldetect/sigs/lmd.user.ndb
-rw-r--r-- 1 clamav clamav 64720632 May 5 21:14 main.cvd
-rw------- 1 clamav clamav 2236 Sep 19 18:23 mirrors.dat
lrwxrwxrwx 1 root root 34 Sep 19 18:42 rfxn.hdb -> /usr/local/maldetect/sigs/rfxn.hdb
lrwxrwxrwx 1 root root 34 Sep 19 18:42 rfxn.ndb -> /usr/local/maldetect/sigs/rfxn.ndb

root@admin:/var/lib/clamav# ls -la /usr/local/maldetect/sigs/
drwxr-xr-x 2 root root 4096 Sep 19 18:42 .
drwxr-xr-x 12 root root 4096 Sep 19 18:42 ..
-rw-r--r-- 1 root root 0 Sep 19 18:42 custom.hex.dat
-rw-r--r-- 1 root root 0 Sep 19 18:42 custom.md5.dat
-rw-r--r-- 1 root root 429904 Sep 19 18:42 hex.dat
-rw-r--r-- 1 root root 14 Sep 19 18:42 maldet.sigs.ver
-rw-r--r-- 1 root root 551001 Sep 19 18:42 md5.dat
-rw-r--r-- 1 root root 602518 Sep 19 18:42 md5v2.dat
-rw-r--r-- 1 root root 598632 Sep 19 18:42 rfxn.hdb
-rw-r--r-- 1 root root 437560 Sep 19 18:42 rfxn.ndb

root@admin:~# service clamav-daemon restart

• Stopping ClamAV daemon clamd [ OK ]
• Starting ClamAV daemon clamd LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/rfxn.ndb
  LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/rfxn.ndb
  ERROR: Can't open file or directory

root@admin:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty

[rfxn]

I've committed update fa1db0a which should now resolve the clamd startup errors on ubuntu. The changelog entry goes into detail:

[Fix] clamd.conf configurations containing FollowDirectorySymlinks/FollowFileSymlinks set to false results in the rfxn.* and lmd.user.* links causing clamd startup failures; corrected by updating clamav_linksigs() to copy signatures into clamav data paths instead of linking them

[captainwasabi]

issue verified resolved for Ubuntu 12.04.5

Thanks!

[lgonzalez-silen]

For me the lmd.user files or links did not regenerate. I tried uninstall and install and saw this on install as the first few lines:

cp: cannot stat /usr/local/maldetect/sigs/lmd.user.ndb': No such file or directory cp: cannot stat/usr/local/maldetect/sigs/lmd.user.hdb': No such file or directory
cat: /usr/local/maldetect/sess/session.monitor.current: No such file or directory

[nanonettr]

After clean install of lmd clamav-daemon starts correctly.
But as @lgonzalez-silen reported lmd.user link failed to create.

root@admin:~/linux-malware-detect-master# ./install.sh
cp: cannot stat ‘/usr/local/maldetect/sigs/rfxn.ndb’: No such file or directory
cp: cannot stat ‘/usr/local/maldetect/sigs/rfxn.hdb’: No such file or directory
cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.ndb’: No such file or directory
cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.hdb’: No such file or directory
Removing any system startup links for /etc/init.d/maldet ...
update-rc.d: warning: /etc/init.d/maldet missing LSB information
update-rc.d: see http://wiki.debian.org/LSBInitScripts
Adding system startup for /etc/init.d/maldet ...
/etc/rc0.d/K30maldet -> ../init.d/maldet
/etc/rc1.d/K30maldet -> ../init.d/maldet
/etc/rc6.d/K30maldet -> ../init.d/maldet
/etc/rc2.d/S70maldet -> ../init.d/maldet
/etc/rc3.d/S70maldet -> ../init.d/maldet
/etc/rc4.d/S70maldet -> ../init.d/maldet
/etc/rc5.d/S70maldet -> ../init.d/maldet
cat: /usr/local/maldetect/sess/session.monitor.current: No such file or directory
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks proj@r-fx.org
(C) 2015, Ryan MacDonald ryan@r-fx.org
This program may be freely redistributed under the terms of the GNU GPL

installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(28271): {sigup} performing signature update check...
maldet(28271): {sigup} could not determine signature version
maldet(28271): {sigup} signature files missing or corrupted, forcing update...
maldet(28271): {sigup} new signature set (2015091828029) available
maldet(28271): {sigup} downloading http://cdn.rfxn.com/downloads/maldet-sigpack.tgz
maldet(28271): {sigup} downloading http://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
maldet(28271): {sigup} verified md5sum of maldet-sigpack.tgz
maldet(28271): {sigup} unpacked and installed maldet-sigpack.tgz
cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.ndb’: No such file or directory
cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.hdb’: No such file or directory
maldet(28271): {sigup} verified md5sum of maldet-clean.tgz
maldet(28271): {sigup} unpacked and installed maldet-clean.tgz
maldet(28271): {sigup} signature set update completed
maldet(28271): {sigup} 10822 signatures (8908 MD5 / 1914 HEX / 0 USER)

root@admin:~/linux-malware-detect-master# maldet -d -u
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks proj@rfxn.com
(C) 2015, Ryan MacDonald ryan@rfxn.com
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(28448): {update} checking for available updates...
maldet(28448): {update} hashing install files and checking against server...
maldet(28448): {update} latest version already installed.
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks proj@rfxn.com
(C) 2015, Ryan MacDonald ryan@rfxn.com
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(28448): {sigup} performing signature update check...
maldet(28448): {sigup} local signature set is version 2015091828029
maldet(28448): {sigup} latest signature set already installed

root@admin:~# maldet -u -d -a /var/www/imscp/gui/
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks proj@rfxn.com
(C) 2015, Ryan MacDonald ryan@rfxn.com
This program may be freely redistributed under the terms of the GNU GPL v2

maldet(30475): {sigup} performing signature update check...
maldet(30475): {sigup} local signature set is version 2015091828029
maldet(30475): {sigup} latest signature set already installed
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks proj@rfxn.com
(C) 2015, Ryan MacDonald ryan@rfxn.com
This program may be freely redistributed under the terms of the GNU GPL v2

cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.ndb’: No such file or directory
cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.hdb’: No such file or directory
maldet(30475): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER)
maldet(30475): {scan} building file list for /var/www/imscp/gui/, this might take awhile...
maldet(30475): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(30475): {scan} file list completed in 1s, found 5004 files...
maldet(30475): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...
maldet(30475): {scan} scan of /var/www/imscp/gui/ (5004 files) in progress...
maldet(30475): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details!

maldet(30475): {scan} scan completed on /var/www/imscp/gui/: files 5004, malware hits 0, cleaned hits 0, time 1s
maldet(30475): {scan} scan report saved, to view run: maldet --report 150919-1945.30475

[nanonettr]

also after uninstall the files in /var/lib/clamav did not removed.
root@admin:/var/lib/clamav# ls -la
-rw-r--r-- 1 root root 598632 Sep 19 19:45 rfxn.hdb
-rw-r--r-- 1 root root 437560 Sep 19 19:45 rfxn.ndb

[jcarnus]

update done, but link no recreated in clamav lib folder, how to add it again ?

[rfxn]

@jcarnus the rfxn.* signatures should be copied into the clamav lib folder , not linked. The lmd.user* signatures will now only copy into the clamav lib folder when you have custom signatures defined.

[rfxn]

1c7f626

@lgonzalez-silen
Do you have custom signatures? The lmd.user.* signatures will now only copy into the clamav lib path when you have custom signatures created. The error output should now be suppressed in the latest commit, 'maldet -d' or pull from git and fresh install. Thanks!

@nanonettr
The uninstall.sh has been updated to address this, Thanks!

[lgonzalez-silen]

No custom signatures, so great!

[nanonettr]

@rfxn thanks for your great efforts. Only one problem left..
When using maldet i got an error;
"clamscan returned an error"

$ maldet -u -d -a /var/www/imscp/gui/
maldet(3725): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER)
maldet(3725): {scan} building file list for /var/www/imscp/gui/, this might take awhile...
maldet(3725): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
maldet(3725): {scan} file list completed in 0s, found 5004 files...
maldet(3725): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...
maldet(3725): {scan} scan of /var/www/imscp/gui/ (5004 files) in progress...
maldet(3725): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details!
maldet(3725): {scan} scan completed on /var/www/imscp/gui/: files 5004, malware hits 0, cleaned hits 0, time 1s
maldet(3725): {scan} scan report saved, to view run: maldet --report 150919-2019.3725

$ maldet --report 150919-2019.3725
HOST: admin
SCAN ID: 150919-2019.3725
STARTED: Sep 19 2015 20:19:35 +0300
COMPLETED: Sep 19 2015 20:19:36 +0300
ELAPSED: 1s [find: 0s]

PATH: /var/www/imscp/gui/
TOTAL FILES: 5004
TOTAL HITS: 0
TOTAL CLEANED: 0

Linux Malware Detect v1.5 < proj@rfxn.com >

$ cat /usr/local/maldetect/logs/clamscan_log
Sep 19 20:19:35 admin clamscan start
Sep 19 20:19:35 admin executed: /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/clamdscan --max-filesize=5M --max-scansize=5M -d /usr/local/maldetect/tmp/.runtime.user.3725.hdb -d /usr/local/maldetect/tmp/.runtime.user.3725.ndb -r --infected --no-summary -f /usr/local/maldetect/tmp/.find.3725
WARNING: Ignoring unsupported option --max-filesize
WARNING: Ignoring unsupported option --max-scansize
WARNING: Ignoring unsupported option --database (-d)
WARNING: Ignoring unsupported option --database (-d)
WARNING: Ignoring unsupported option --recursive (-r)
Sep 19 20:19:36 admin clamscan end
Sep 19 20:19:36 admin clamscan end

$ which clamscan
/usr/bin/clamscan

$ dpkg -S /usr/bin/clamscan
clamav: /usr/bin/clamscan

$ aptitude show clamav
Package: clamav
State: installed
Version: 0.98.7+dfsg-0ubuntu0.14.04.1

[nanonettr]

ah sorry. wrong package reported. it did not clamscan, it is "clamdscan"

root@admin:~# which clamdscan
/usr/bin/clamdscan

root@admin:~# dpkg -S clamdscan
clamav-daemon: /usr/share/man/man1/clamdscan.1.gz
clamav-daemon: /usr/bin/clamdscan

root@admin:~# aptitude show clamav-daemon
Package: clamav-daemon
State: installed
Version: 0.98.7+dfsg-0ubuntu0.14.04.1

[jcarnus]

Ok seems to be good so right now
Thanks for all a saturday :)

[captainwasabi]

I just have one more request. From now on when you update, I don't mind the problems at all, but please respect the sanctity of read-only friday ;)

[rfxn]

@captainwasabi totally understand and read-only friday I usually live and die by but at some point I need to find time to work on maldet and that is usually my weekends :D Will make an effort in the future to limit releases to Monday-Thur cycles.

[captainwasabi]

Oh if you just work this on weekends then more power to you! Awesome
stuff, release when you can.

Sent with AquaMail for Android
http://www.aqua-mail.com

On September 19, 2015 6:31:06 PM Ryan MacDonald notifications@github.com
wrote:

@captainwasabi totally understand and read-only friday I usually live and
die by but at some point I need to find time to work on maldet and that is
usually my weekends :D Will make an effort in the future to limit releases
to Monday-Thur cycles.

---

Reply to this email directly or view it on GitHub:
#58 (comment)