Mailing List Archive

Any additional logs you can provide?

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com


?On 2/7/20, 7:59 AM, "clamav-users on behalf of Mark Moshe Kaye" <clamav-users-bounces@lists.clamav.net on behalf of moshe@bgaddict.com> wrote:

Hi All,

As of daily.cld update 25717 my clamdmon process no longer works
although clamd still shows an ok status and clamd.log is showing
stream(127.0.0.1@1957): Clamav.Test.File-7 FOUND.

Advise please!

Thank you,

~Moshe



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

from clam-update.log:

--------------------------------------
ClamAV update process started at Fri Feb  7 06:57:01 2020
daily database available for update (local version: 25716, remote
version: 25717)
Testing database:
'/usr/local/share/clamav/tmp.e1a28/clamav-19a0fec778f453c2ae9e9c0a247a66ca.tmp-daily.cld'
...
Database test passed.
daily.cld updated (version: 25717, sigs: 2177826, f-level: 63, builder:
raynman)
main.cld database is up to date (version: 59, sigs: 4564902, f-level:
60, builder: sigmgr)
bytecode.cld database is up to date (version: 331, sigs: 94, f-level:
63, builder: anvilleg)
--------------------------------------
ClamAV update process started at Fri Feb  7 07:22:42 2020
daily.cld database is up to date (version: 25717, sigs: 2177826,
f-level: 63, builder: raynman)
main.cld database is up to date (version: 59, sigs: 4564902, f-level:
60, builder: sigmgr)
bytecode.cld database is up to date (version: 331, sigs: 94, f-level:
63, builder: anvilleg)
--------------------------------------

The problem with clamdmon started as of version 25717.

from clamd.log :

stream(127.0.0.1@1649): Eicar-Test-Signature FOUND
stream(127.0.0.1@1611): Eicar-Test-Signature FOUND
SelfCheck: Database modification detected. Forcing reload.
Reading databases from /usr/local/share/clamav
Database correctly reloaded (6732642 signatures)
stream(127.0.0.1@1072): Clamav.Test.File-7 FOUND
stream(127.0.0.1@1277): Clamav.Test.File-7 FOUND
stream(127.0.0.1@2008): Clamav.Test.File-7 FOUND  < - please note name
change.

from clamdmon:

[12:13:27 root ~]# /usr/local/sbin/clamdmon -p /tmp/clamd
Looks like ClamAV daemon is not OK. Check up database integrity and
restart daemon


I believe that clamdmon will fail unless it detects that name,
Eicar-Test-Signature.

HTH,

~moshe







_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml