ClamAV version 0.99.2 packages for CentOS 7

9 posts / 0 new
Last post
#1 Sun, 05/22/2016 - 18:12
Joe
Joe's picture

ClamAV version 0.99.2 packages for CentOS 7

Howdy all,

I've just rolled out version 0.99.2 of ClamAV packages for CentOS 7. Nothing particularly new or important about this release, but it'll stop ClamAV from complaining about an old version for a while (a week or two until they roll a new version that'll complain about an old version). There were enough changes in ClamAV to where I wanted to give folks a heads up about the upgrade, just in case it causes problems. I've tested it on our systems, obviously, but there's a pretty wide variety of ways people can be using ClamAV, and there are a couple of things that changed that might effect some of those use cases (I patched it to act like the old version on the command line, but there may be other differences).

Anyway, keep an eye on your anti-virus usage and lemme know if you see any problems.

I'll roll this version out for older CentOS distros soon, as well.

Cheers,

Joe

Mon, 05/23/2016 - 16:13
havfrue
havfrue's picture

Hi,

This broke clamav on our EC2 Centos7. It can't start.

In order to try and start it manually I had to rename the database (main.cvd). Now I can run clamd as /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes and it can start.

I still can't run it from webmin though - I get this in /var/log/messages:

May 23 14:01:20 us systemd: Cannot add dependency job for unit firewalld.service, ignoring: Unit firewalld.service is masked.
May 23 14:01:20 us systemd: Starting Socket for Clam AntiVirus userspace daemon.
May 23 14:01:20 us systemd: Failed to chown socket at step USER: No such process
May 23 14:01:20 us systemd: clamav-daemon.socket control process exited, code=exited status=217
May 23 14:01:20 us systemd: Failed to listen on Socket for Clam AntiVirus userspace daemon.
May 23 14:01:20 us systemd: Dependency failed for Clam AntiVirus userspace daemon.
May 23 14:01:20 us systemd: Job clamav-daemon.service/start failed with result 'dependency'.
May 23 14:01:20 us systemd: Unit clamav-daemon.socket entered failed state.

Looks like a firewall dependancy?

Also - not sure if that's a problem local to our system, but when trying to update with freshclam the "Example" line wasn't commented out in the conf, so that wouldn't run either - commented it out freshclam can run now.

Not sure where to go from here to get clamav to run properly from webmi. :(

Christian

Mon, 05/23/2016 - 17:20 (Reply to #2)
Joe
Joe's picture

Are you sure you haven't had other clamav packages (from sources other than us) installed at some point? freshclam.conf as we distribute it has never had "Example" in it, so it had to come from some other package. Because it is a config file, it's possible for it to not get replaced when upgrading it, so even if you have our package now, you wouldn't necessarily get the freshclam.conf distributed in our package. Our packages have .vm in the version (e.g. clamav-0.99.2-2.el7.centos.vm.x86_64; note the .vm after centos and before x86_64)

If you've enabled the EPEL repository, without being explicit about what packages you want to get from it, you could have gotten their ClamAV package, which is distributed with broken config files all around (all of them have "Example" in them, and the clamd configuration does not enable a socket or port for communication, so it won't start at all). I've filed tickets repeatedly about that package shipping with broken configuration, but they've always been closed without action...so I keep packaging clamav.

In short: Our packages have been tested to work in the general case for Virtualmin (though it's possible uncommon cases might break). But, if you've gotten other packages from other sources along the way, it may have replaced our working configs with broken configs. Check for .rpmnew config files to see if that's what happened.

Edit: There is a bug in our installer, however, recently, where the clamav-scanner and clamav-scanner-systemd packages don't get installed and they need to be for Virtualmin to function with clamd. You need those (but given your command example above, it seems like you do have them).

Edit2: And I guess I wasn't clear about what you should do about it. Copy the .rpmnew config files over the existing ones, or edit them to remove the "Example" line. You'll also need to edit /etc/clamd.d/scan.conf to have LocalSocket set to /var/run/clamd.scan/clamd.sock and LocalSocketGroup set to clamscan). These are the defaults we ship in our packages.

--

Check out the forum guidelines!

Mon, 05/23/2016 - 18:39
havfrue
havfrue's picture
Tue, 05/24/2016 - 04:22 (Reply to #4)
Joe
Joe's picture

Run freshclam. That should get the virus database back in sync.

--

Check out the forum guidelines!

Tue, 05/24/2016 - 10:31 (Reply to #5)
havfrue
havfrue's picture

No joy. Still can't start clamav - same result as before. I'll stick to 0.98 for now.

Wed, 05/25/2016 - 22:12
havfrue
havfrue's picture

Just a small followup - now I had time to check a bit more detailed what was happening, and I got it to work now with some tweaks:

First I removed all clamav from the system and ran a fresh install. It still didn't work, so I had to make a few edits mostly related to the services: /usr/lib/systemd/system/clamav-daemon.socket had these 2 lines:

SocketUser=clamav
SocketGroup=clamav

No such user existed on the system - might be a local issue though. For now I changed it to clamscan, but I'll instead create a clamav user when I have more time to fiddle. This was primarily what prevented clamav from starting I kept getting a Failed to chown socket at step USER: No such process error.

Both of these:

/usr/lib/systemd/system/clamav-daemon.service
/usr/lib/systemd/system/clamav-freshclam.service

Had --foreground=true in the ExecStart line - which was an unknown option according to the logs. So I commented that out.

Finally I had to run freshclam to update the database. Now it starts, runs and works (apparently - since it removes viruses at least when testing...)

Wed, 05/25/2016 - 22:46
Joe
Joe's picture

Ah! I see what's happening now. Those files aren't really needed...they're new in 0.99.2, and I packaged them without realizing what they were doing.

So, the "old" way is to use clamd@scan

The clamav-daemon and clamav-freshclam units are not needed, and apparently configured incorrectly, by default. It's interesting that ClamAV seems to be trying to fix the problem with their configuration files that has been a thorn in my ass for over a decade by shipping config files that actually do something. But, in this case they end up with the wrong configuration, still.

All that said: I know clamd@scan is working. And the old freshclam cronjob should also be working. You shouldn't need clamav-daemon or clamav-freshclam services, at all; those are red herrings in this case.

The foreground=true thing is a command line change. Older versions used "nofork" instead of "foreground", and so I patched it to behave in the old way so people's old configs would keep working. I didn't update those clamav-daemon and clamav-freshclam services because we don't use them.

Anyway, it looks like I need to either delete those from the package or change the configuration to actually work. In the meantime, use the clamd@scan service and the freshclam cronjob (that part should be automatic; no intervention on your part needed).

--

Check out the forum guidelines!

Thu, 05/26/2016 - 00:56
havfrue
havfrue's picture

Alright - that makes sense. I've removed clamav-[service|socket|freshclam] files from the services for now - it seems to be working with the old clamd@scan service without the new files. It seems whenever the new files were present, webmin on our system started up the new ones instead of clamd@scan. Anyhoo - all good I think.

Cheers.

Topic locked