[clamav-users] LibClamAV Error

G.W. Haywood clamav at jubileegroup.co.uk
Mon Dec 14 10:36:07 UTC 2020 

Hi there,

On Mon, 14 Dec 2020, Aitor Serra Martín wrote:

> El 13/12/2020 a las 12:41, G.W. Haywood via clamav-users escribió:

>> (a) your version of ClamAV:

> Version 0.103.0.

OK.

>> (b) how and when it was installed:
> was installing using custombuild scripts from Directa Admin control panel.

I do not know what that is, but I guess you did not compile ClamAV yourself?

>> (c) exactly which databases you are using:

> ClamAV 0.103.0/26016/Sun Dec 13 15:31:03 2020

OK.

>> (d) how you are keeping the databases up to date:

> I think it's done daily by frescam

Check the logs to make sure.  You should be doing that routinely.

>> (e) how long you have been using ClamAV:

> 2 years in some servers

OK.

>> (f) whether or not it otherwise behaves as you would expect:

> It still clean files but give long reports with the error commented several times.

Where are these "long reports"?  Are they in the log files, or are
they output to your screen when you run the 'clamscan' command?

>> (g) your ClamAV configuration - the output of 'clamconf -n':

> ...
> Config file: clamd.conf
> -----------------------
> PidFile = "/var/run/clamd/clamd.pid"
> TCPSocket = "3310"
> TCPAddr = "127.0.0.1"

Is the clamd daemon running?
Are you using it for anything?
Why are you using a TCP socket instead of the default filesystem socket?

> Config file: freshclam.conf
> ---------------------------
> LogSyslog = "yes"
> PidFile = "/var/run/clamd/freshclam.pid"
> DatabaseMirror = "database.clamav.net"

I see nothing in your freshclam.conf which will update the rfxn databases.

> Database information
> --------------------
> Database directory: /usr/local/share/clamav
> daily.cld: version 26016, sigs: 4401988, built on Sun Dec 13 15:31:03 2020
> bytecode.cvd: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019
> main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019

OK

> [3rd Party] rfxn.hdb: 12926 sigs
> [3rd Party] rfxn.yara: 11527 sigs
> [3rd Party] rfxn.ndb: 2039 sigs

Are these databases being updated?  If so, how?  Check the timestamps
on the files in the database directory and the freshclam logs.

> (h) exactly what you are scanning - sample(s) which give the error:
>
> /usr/local/bin/clamscan -ri --remove /home2-81/*

This is the answer to my question (i) below.  I meant please provide
samples of files which give the error message when scanned.  Please do
not try to attach samples to a message sent to the mailing list; place
files somewhere on the Web, and provide links to them in your message.

>> (i) exactly how you are scanning it - let us see the command line(s) and/or script.

> The same command.

What user runs this command?

The --remove option is dangerous.  If there are false positives, it
may remove files which should not have been removed.  Are you happy
with that?

-- 

73,
Ged.

More information about the clamav-users mailing list