Hello,
- It's update daily. I did it mannually now:
ClamAV update process started at Mon Dec 14 16:14:53 2020
daily database available for update (local version: 26016, remote
version: 26017)
Current database is 1 version behind.
- The "long reports" are mails I'm getting when the cronjobs run. It's
the "output to the screen when you run the clamscan"
- clamd daemon it's running. I think it's because run with exim or
anything similar. It's the default installation on Directadmin servers.
I didn't change the socket.
- I didn't check individual files, I just check the /home directories
where viruses could be. If there are possible virus, I preffer to delete
them.
El 14/12/2020 a las 11:36, G.W. Haywood via clamav-users escribió:
Hi there,
On Mon, 14 Dec 2020, Aitor Serra Martín wrote:
El 13/12/2020 a las 12:41, G.W. Haywood via clamav-users escribió:
(a) your version of ClamAV:
Version 0.103.0.
OK.
(b) how and when it was installed:
was installing using custombuild scripts from Directa Admin control
panel.
I do not know what that is, but I guess you did not compile ClamAV
yourself?
(c) exactly which databases you are using:
ClamAV 0.103.0/26016/Sun Dec 13 15:31:03 2020
OK.
(d) how you are keeping the databases up to date:
I think it's done daily by frescam
Check the logs to make sure. You should be doing that routinely.
(e) how long you have been using ClamAV:
2 years in some servers
OK.
(f) whether or not it otherwise behaves as you would expect:
It still clean files but give long reports with the error commented
several times.
Where are these "long reports"? Are they in the log files, or are
they output to your screen when you run the 'clamscan' command?
(g) your ClamAV configuration - the output of 'clamconf -n':
...
Config file: clamd.conf
-----------------------
PidFile = "/var/run/clamd/clamd.pid"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
Is the clamd daemon running?
Are you using it for anything?
Why are you using a TCP socket instead of the default filesystem socket?
Config file: freshclam.conf
---------------------------
LogSyslog = "yes"
PidFile = "/var/run/clamd/freshclam.pid"
DatabaseMirror = "database.clamav.net"
I see nothing in your freshclam.conf which will update the rfxn databases.
Database information
--------------------
Database directory: /usr/local/share/clamav
daily.cld: version 26016, sigs: 4401988, built on Sun Dec 13 15:31:03
2020
bytecode.cvd: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019
OK
[3rd Party] rfxn.hdb: 12926 sigs
[3rd Party] rfxn.yara: 11527 sigs
[3rd Party] rfxn.ndb: 2039 sigs
Are these databases being updated? If so, how? Check the timestamps
on the files in the database directory and the freshclam logs.
(h) exactly what you are scanning - sample(s) which give the error:
/usr/local/bin/clamscan -ri --remove /home2-81/*
This is the answer to my question (i) below. I meant please provide
samples of files which give the error message when scanned. Please do
not try to attach samples to a message sent to the mailing list; place
files somewhere on the Web, and provide links to them in your message.
(i) exactly how you are scanning it - let us see the command line(s)
and/or script.
The same command.
What user runs this command?
The --remove option is dangerous. If there are false positives, it
may remove files which should not have been removed. Are you happy
with that?
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml