Permission on new install trying to run freshclam
cgakers opened this issue · comments
pi-star@pi-star(ro):~$ sudo apt-get update
Hit:1 http://archive.raspberrypi.org/debian bullseye InRelease
Hit:2 http://httpredir.debian.org/debian bullseye-backports InRelease
Hit:3 http://raspbian.raspberrypi.org/raspbian bullseye InRelease
Reading package lists... Done
pi-star@pi-star(rw):~$ sudo apt-get install clamav
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
libclamunrar clamav-docs
The following NEW packages will be installed:
clamav
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/157 kB of archives.
After this operation, 585 kB of additional disk space will be used.
Selecting previously unselected package clamav.
(Reading database ... 46842 files and directories currently installed.)
Preparing to unpack .../clamav_0.103.10+dfsg-0+deb11u1_armhf.deb ...
Unpacking clamav (0.103.10+dfsg-0+deb11u1) ...
Setting up clamav (0.103.10+dfsg-0+deb11u1) ...
Processing triggers for man-db (2.9.4-2) ...
pi-star@pi-star(rw):~$ sudo freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
Hi,
Have you verified that the directory /var/log/clamav exists and the user you are running freshclam as can write to it?
Rob,
Duh… I assumed since the install freshaclam portion ran without error; it was created. Saw freshclam running in process log.
Now clamscan hangs with no output even with -v. Not sure what is happenening. I have removed and reinstalled several times.
…-g
From: ragusaa ***@***.***>
Date: Monday, March 4, 2024 at 12:58 PM
To: Cisco-Talos/clamav ***@***.***>
Cc: Gregory Akers ***@***.***>, Author ***@***.***>
Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)
Hi,
Have you verified that the directory /var/log/clamav exists and the user you are running freshclam as can write to it?
—
Reply to this email directly, view it on GitHub<#1193 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APZU6G5FXX7YT75JLMAIKADYWSY2ZAVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGE2TKNJVGU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
clamscan does take a few minutes to load the signatures, I would expect it to be longer on a raspberry pi. Could you try this
- Save
'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'to a string (no newline). - run the command "clamscan -d /bytecode.cvd
The bytecode.cvd signature file is very small and should load really fast.
Also, could you run with '--debug' and upload the output?
Thanks,
Andy
After a reinstall I get this when I now run freshclam ???
sudo freshclam
Mon Mar 4 17:34:33 2024 -> ClamAV update process started at Mon Mar 4 17:34:33 2024
Mon Mar 4 17:34:33 2024 -> ^Your ClamAV installation is OUTDATED!
Mon Mar 4 17:34:33 2024 -> ^Local version: 0.103.10 Recommended version: 0.103.11
Mon Mar 4 17:34:33 2024 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Mon Mar 4 17:34:33 2024 -> daily.cvd database is up-to-date (version: 27204, sigs: 2054232, f-level: 90, builder: raynman)
Mon Mar 4 17:34:33 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Mon Mar 4 17:34:33 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)
…-g
From: ragusaa ***@***.***>
Date: Monday, March 4, 2024 at 5:17 PM
To: Cisco-Talos/clamav ***@***.***>
Cc: Gregory Akers ***@***.***>, Author ***@***.***>
Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)
clamscan does take a few minutes to load the signatures, I would expect it to be longer on a raspberry pi. Could you try this
1. Save ***@***.***<https://github.com/ap>[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' to a string (no newline).
2. run the command "clamscan -d /bytecode.cvd
The bytecode.cvd signature file is very small and should load really fast.
Also, could you run with '--debug' and upload the output?
Thanks,
Andy
—
Reply to this email directly, view it on GitHub<#1193 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APZU6GYBOXHU6LXFN2L277DYWTXI5AVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGU3DINRUGU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
And this that I get when I try to make the string variable assignment:
$ ***@***.***[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
-bash: ***@***.***[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*: command not found
It has been a long time since I have done this sort of thing, so I could be messing it up !
…-g
From: ragusaa ***@***.***>
Date: Monday, March 4, 2024 at 5:17 PM
To: Cisco-Talos/clamav ***@***.***>
Cc: Gregory Akers ***@***.***>, Author ***@***.***>
Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)
clamscan does take a few minutes to load the signatures, I would expect it to be longer on a raspberry pi. Could you try this
1. Save ***@***.***<https://github.com/ap>[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' to a string (no newline).
2. run the command "clamscan -d /bytecode.cvd
The bytecode.cvd signature file is very small and should load really fast.
Also, could you run with '--debug' and upload the output?
Thanks,
Andy
—
Reply to this email directly, view it on GitHub<#1193 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APZU6GYBOXHU6LXFN2L277DYWTXI5AVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGU3DINRUGU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
You don't want to try and run that, the eicar string is used to test antivirus products. It should signature, but won't cause any damage. For a better explanation, check out https://www.eicar.org/download-anti-malware-testfile/
In your case, freshclam is not able to download signatures because your version of freshclam is too old. Our supported versions are on our downloads page here https://www.clamav.net/downloads. If there isn't a version there for your platform, your best bet is to contact your package maintainer or build from source.
If you are going to download from our downloads page, I would suggest going with 1.3 (latest), because 0.103 will be EOL'd later this year.
Thanks !
…-g
Get Outlook for iOS<https://aka.ms/o0ukef>
________________________________
From: ragusaa ***@***.***>
Sent: Monday, March 4, 2024 5:50:47 PM
To: Cisco-Talos/clamav ***@***.***>
Cc: Gregory Akers ***@***.***>; Author ***@***.***>
Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)
You don't want to try and run that, the eicar string is used to test antivirus products. It should signature, but won't cause any damage. For a better explanation, check out https://www.eicar.org/download-anti-malware-testfile/
In your case, freshclam is not able to download signatures because your version of freshclam is too old. Our supported versions are on our downloads page here https://www.clamav.net/downloads. If there isn't a version there for your platform, your best bet is to contact your package maintainer or build from source.
—
Reply to this email directly, view it on GitHub<#1193 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APZU6G4UP4PCX4KKHSUYSULYWT3EPAVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGYYDMMBUG4>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
No problem. I am going to close this issue, but let us know if you have any other issues getting set up.
Thanks,
Andy
It just occurred to me that you could also try our docker image.
https://hub.docker.com/u/clamav
Documentation is here https://docs.clamav.net/manual/Installing/Docker.html
Thanks !
…-g
From: ragusaa ***@***.***>
Date: Tuesday, March 5, 2024 at 5:31 PM
To: Cisco-Talos/clamav ***@***.***>
Cc: Gregory Akers ***@***.***>, Author ***@***.***>
Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)
It just occurred to me that you could also try our docker image.
https://hub.docker.com/u/clamav
Documentation is here https://docs.clamav.net/manual/Installing/Docker.html
—
Reply to this email directly, view it on GitHub<#1193 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APZU6G2XQP75RBYVXZ4FGZLYWZBTLAVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZZG42DONBQGA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
@cgakers okay to close this ticket?
yes
From: Micah Snyder ***@***.***>
Date: Tuesday, May 14, 2024 at 10:14 AM
To: Cisco-Talos/clamav ***@***.***>
Cc: Gregory Akers ***@***.***>, Mention ***@***.***>
Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)
@cgakers<https://github.com/cgakers> okay to close this ticket?
—
Reply to this email directly, view it on GitHub<#1193 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/APZU6G6GAELAA7IYGH7ITKTZCIL23AVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJQGM2TINJUGA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>