clamav-users January 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Is there any chance of the 97.8

Re: [clamav-users] Is there any chance of the 97.8 version as shipped by ubuntu 10.04.4 LTS, working?

From: David Raynor <draynor_at_nospam>
Date: Mon Jan 27 2014 - 15:52:46 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

On Mon, Jan 27, 2014 at 10:14 AM, Gene Heskett <gheskett@wdtv.com> wrote:

> On Monday 27 January 2014 09:54:13 Gene Heskett did opine:
>
> > On Monday 27 January 2014 08:29:48 Greg Folkert did opine:
> > > On Mon, 2014-01-27 at 07:16 -0500, Gene Heskett wrote:
> > > > Greetings all;
> > > >
> > > > Been on this list for quite a while, and did use it for a year or 3
> > > > but I had removed clamav in its entirety when a long spell of broken
> > > > freshclam was spamming my logs, and clamscan itself was also
> > > > generating failure msgs for every msg that procmail had it check.
> > > >
> > > > So, is there any hope of making it work again using what the repo's
> > > > for ubuntu 10.04.4 LTS will put back in (version 97.8) using
> > > > synaptic? Or has the data format changed so much its hopeless?
> > > >
> > > > Cheers, Gene
> > >
> > > I'd say that the problem you are seeing is a Distribution issue. Sorry
> > > to say this. If it is LTS, isn't that 3 years support cycle? Seems
> > > that is 4 years old by now (getting really close)
> >
> > Server versions, which the linuxcnc distribution version is based on,
> > are 5 years, and I am still getting regular security fixes ever 2-3
> > days. The linuxcnc crew is furiously working on a new kernel that
> > _will_ run linuxcnc, but its not quite ready for prime time yet. The
> > RTAI patchkit has fallen way behind, and it may be that we'll have to
> > use the xenomai patchset which in tests so far, has not quite met the
> > needs. We need hard realtime performance, with emphasis on a steady
> > heartbeat in the 20 microsecond range with jitter in that heartbeat not
> > more than 2 or 3 microseconds.
> >
> > The stock kernel simply cannot meet the latency requirements of running
> > high speed stepper motors.
> >
> > I am running a much newer kernel on this machine as it isn't actually
> > running machinery.
> >
> > Cheers, Gene
>
> Got rid of most of the install errors, now have exec error. The install
> error started with the user clamav already existing, which gave dpkg a
> tummy ache. Then freshclam complained about no perms in /var/lib/clamav,
> so I did a sudo chown clamav:adm in that directory to fix the uid after
> removing clamav with userdel and re-creating the user. Freshclam now
> happy.
>
> But now it appears my procmail recipe is foobared. None of the options I
> was passing clamdscan were legit according to the man pages.
>
> So where do I find a suitable procmail recipe to use todays versions of
> clamav in a call/return similar to the spamassassin stanza's in my
> .procmailrc?
>
> And in checking clamd for the PING/PONG, it fails because it cannot log.
> Who, and what perms are supposed to own the /var/log/clamav tree?
>
> Thanks.
>
> Cheers, Gene
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Genes Web page <http://geneslinuxbox.net:6309/gene>
>
> NOTICE: Will pay 100 USD for an HP-4815A defective but
> complete probe assembly.
>
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
> A pen in the hand of this president is far more
> dangerous than 200 million guns in the hands of
> law-abiding citizens.
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>

About clamd logging: your clamd is probably configured to switch over and
run as the clamav user (even if started by root), so make sure the clamav
user has write permissions for that folder and that it exists.

I say "probably" because you should confirm that from your clamd.conf file.
LogFile = path to log (default = no file)
User = user to switch to (default = remain as executing user)

So based on what you've said, I'd expect to see these lines in that file:
LogFile /var/log/clamav/clamd.log
User clamav

If those lines are different or you have multiple clamd.conf files then
your specific fix will vary, but these details should point you in the
right direction.

Dave R.

-- --- Dave Raynor Vulnerability Research Team _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml