G.W.,
Hi, thanks for the insights:
> [901 lines of garbage about top-posting trimmed - I'm on the digest.]
Amen. I'm on the newsgroup (see below), but fwiw I LIKE top posting,
I immediately know what is latest... But I digress ... The solution
is to leave the digest and use the newsgroup, details below.
> No point in changing directory unless the value of your PATH variable
> starts with a dot.
Nope:
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin
Did you use DOS once? :)
Blush, yes. :-(
> To be sure which binary you'll be running (unless you're
> sure which binary you'll be running:) you need to give the full path.
Thanks, I have just run the following as root in the root directory:
[EMAIL PROTECTED] /]# /usr/local/bin/clamscan -V
resulting in
ClamAV 0.87.1/1213/Mon Dec 19 09:48:34 2005
So clearly I have the right version?
But, despite the nuking action reported last night, I still get the
nag. Below under the signature is this morning's complaint. It would
seem that clam-update is generating the problem, since clamscan.cron
is in the weekly cron, not the daily.
Hmmm.
[EMAIL PROTECTED] /]# locate clam-update
gives
/etc/log.d/scripts/services/clam-update
/etc/log.d/conf/logfiles/clam-update.conf
/etc/log.d/conf/services/clam-update.conf
Examining the services directory
[EMAIL PROTECTED] /]# cd /etc/log.d/scripts/services/
[EMAIL PROTECTED] services]# ls -l
shows an April 25 version of clamav,
-rwxr-xr-x 1 root root 3375 Apr 25 2005 clamav
-rwxr-xr-x 1 root root 3030 Apr 25 2005 clamav-milter
-rwxr-xr-x 1 root root 7819 Apr 25 2005 clam-update
rather than a December date. My clamscan is a December version; so
perhaps the older clam-update is out of date?
=====
The .conf file states that clam-update "Analyzes the Clam Anti-Virus
update log". It also refers to /var/log/clam-update, which is a
directory on my system.
Hmmm. This contains freshclam.log and a number of backups. And
indeed this file has entries from before my update. In fact, the
latest entry is BEFORE my update.
So perhaps clam-update is reading this file, and if it sees an older
complaint about being outdated simply echoes that complaint, rather
than checking to see if the complaint is any longer valid?
So I will save the log to backup, then clean out all the older
freshclam nags, and see what happens now.
I just ran freshclam:
[EMAIL PROTECTED] services]# freshclam
ClamAV update process started at Tue Dec 20 20:19:28 2005
main.cvd is up to date (version: 34, sigs: 39625, f-level: 5,
builder: tkojm)
daily.cvd is up to date (version: 1213, sigs: 1844, f-level: 6,
builder: diego)
and then checked freshclam.log. IT IS EMPTY!
So it looks like clam-update is simply checking the freshclam log
and echoing any complaints found there.
FWIW, running clam-update in the foreground just hangs... Maybe it's
waiting for a server. So I've just kicked it off in the background,
we'll see if the same nag appears. What's frustrating here is that
cron.daily has no reference to clam-update, but as the above shows,
something is triggering it besides me (I'm asleep at 4AM) and it
ain't cron doing it either.
Very interesting problem...
:-)
> [519 more lines snipped. Sigh.]
:-( I feel your pain...
What I did to resolve this was
1) sign up for the digest, which gives me access to the newsgroup,
but then while not UNsubscribing,
2) still turning off the digest.
So now I can use the newsgroup and not have to worry about snipping.
The process is available, although not highlighted in the digest,
FAQ, etc.
But hey, it's free and it is yet another puzzle to solve, which I
have done, (and can put on my resume :-), so fun:
+ Go to
http://lists.clamav.net/mailman/listinfo/clamav-users
+ Go to the bottom of the page, enter your email address and click
"Unsubscribe or edit options"
This takes you to
http://lists.clamav.net/cgi-bin/mailman/options/clamav-users
+ Go to the section "clamav-users list: member options for user
[EMAIL PROTECTED]" and enter your password and click "Log In"
This takes you to
http://lists.clamav.net/cgi-bin/mailman/options/clamav-users
+ Page down to "mail delivery" and click the "Disabled" option box.
+ Go back to the top and log out.
NOW, use your favorite news client (I'm using Thunderbird; there is
a raft of others) to set up an ordinary nntp news account with
news.gmane.org (Port 119)
and follow the rules for your client to complete the action, then
ask it to subscribe. Then search for the newsgroup
gmane.comp.security.virus.clamav.user
and subscribe to it.
You'll never have to read about top-posting again.
Thanks again.
> 73,
73, WA6VCT
Andy
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Tue Dec 20 04:02:04 2005
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: m60.pilgrim.net
################################################################
--------------------- clam-update Begin ------------------------
daily.cvd updated
**Unmatched Entries**
WARNING: Your ClamAV installation is OUTDATED!: 35 Time(s)
WARNING: Local version: 0.84 Recommended version: 0.85.1: 12 Time(s)
WARNING: Local version: 0.84 Recommended version: 0.85: 5 Time(s)
DON'T PANIC! Read http://www.clamav.net/faq.html: 35 Time(s)
WARNING: Current functionality level = 4, recommended = 5: 18 Time(s)
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
