Unix & Linux Stack Exchange
Q&A for users of Linux, FreeBSD and other Unix-like operating systems
Latest Questions
4
votes
2
answers
7173
views
Not able to update database in ClamAV with freshclam on CentOS7
I'm running a CentOS freash out of Azure, with ClamAV installed on it, by running the following commands: yum install -y epel-release yum install -y clamav When installed, I'm running the following command to update the various databases: `freshclam` I get the following output (Last part of the outp...
I'm running a CentOS freash out of Azure, with ClamAV installed on it, by running the following commands:
yum install -y epel-release
yum install -y clamav
When installed, I'm running the following command to update the various databases:
freshclam
I get the following output (Last part of the output):
Time: 0.1s, ETA: 0.0s [=============================>] 657.84KiB/657.84KiB
Downloading database patch # 25864...
Time: 0.2s, ETA: 0.0s [=============================>] 992.77KiB/992.77KiB
Downloading database patch # 25865...
Time: 0.1s, ETA: 0.0s [=============================>] 903.99KiB/903.99KiB
Testing database: '/var/lib/clamav/tmp.628c5/clamav-a8e48a60b669aa6a0211c18d734f61be.tmp-daily.cld' ...
ERROR: Database load killed by signal 9
ERROR: Database test FAILED.
ERROR: Unexpected error when attempting to update database: daily
WARNING: fc_update_databases: fc_update_database failed: Test failed (8)
ERROR: Database update process failed: Test failed (8)
ERROR: Update failed.
I find it weird that no other has had the same issue using the distro, as I have not any super specific steps, just followed steps from the page.
Hope someone is able to help me...
emilrn
(113 rep)
Jul 7, 2020, 01:14 PM
• Last activity: Jul 28, 2025, 09:00 AM
0
votes
0
answers
58
views
What countermeasures are required for alert /var/lib/clamav/rfxn.yara: Php.Exploit.C99-27 FOUND?
Running ClamAV on my Linux Mint laptop gives /var/lib/clamav/rfxn.yara: Php.Exploit.C99-27 FOUND What does it mean on a laptop (not a server as such)? Is the system infected?
Running ClamAV on my Linux Mint laptop gives
/var/lib/clamav/rfxn.yara: Php.Exploit.C99-27 FOUND
What does it mean on a laptop (not a server as such)?
Is the system infected?
Mark Watney
(101 rep)
Jun 25, 2025, 05:15 AM
• Last activity: Jun 25, 2025, 02:11 PM
1
votes
2
answers
27314
views
Systemd service fails with exit-code 2: Start request repeated too quickly
I created a ClamAV on-access scanning systemd service, to be permanent so that I can enable, start and then leave it, without having to touch it again. I can manually start the service, and it works fine. But it keeps failing to start automatically after login as expected. In both cases, there are n...
I created a ClamAV on-access scanning systemd service, to be permanent so that I can enable, start and then leave it, without having to touch it again.
I can manually start the service, and it works fine. But it keeps failing to start automatically after login as expected. In both cases, there are no active network connections.
I believe the following journal output (found in last ouput section of the post) could be a clue:
rc.local: ERROR: ClamClient: could not connect to remote clam daemon, Couldn't connect to server
rc.local: ERROR: Clamonacc: daemon is local, but a connection could not be established$ uname -a
Linux debian 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64 GNU/Linux$ sudo cat /etc/systemd/system/rc-local.service
[Unit]
Description=ClamAV On-Access Scanner
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
User=root
Require=network.target
RemainAfterExit=yes
ExecStart=/etc/rc.local start
TimeoutSec=200
Restart=on-failure
StartLimitInterval=10
[Install]
WantedBy=multi-user.target$ sudo cat /etc/rc.local
#!/bin/sh -e
/usr/bin/clamonacc --log=/var/log/clamav/clamonacc.log
exit 0● rc-local.service - ClamAV On-Access Scanner
Loaded: loaded (/etc/systemd/system/rc-local.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/rc-local.service.d
└─debian.conf
Active: failed (Result: exit-code) since Wed 2020-10-21 08:06:33 BST; 12min ago
Process: 1483 ExecStart=/etc/rc.local start (code=exited, status=2)
Oct 21 08:06:33 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 08:06:33 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 5.
Oct 21 08:06:33 debian systemd: Stopped ClamAV On-Access Scanner.
Oct 21 08:06:33 debian systemd: rc-local.service: Start request repeated too quickly.
Oct 21 08:06:33 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 08:06:33 debian systemd: Failed to start ClamAV On-Access Scanner.● rc-local.service - ClamAV On-Access Scanner
Loaded: loaded (/etc/systemd/system/rc-local.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/rc-local.service.d
└─debian.conf
Active: active (running) since Wed 2020-10-21 08:23:04 BST; 52s ago
Process: 7171 ExecStart=/etc/rc.local start (code=exited, status=0/SUCCESS)
Main PID: 7173 (clamonacc)
Tasks: 8 (limit: 4915)
Memory: 2.6M
CGroup: /system.slice/rc-local.service
└─7173 /usr/bin/clamonacc --log=/var/log/clamav/clamonacc.log
Oct 21 08:23:04 debian systemd: Starting ClamAV On-Access Scanner...
Oct 21 08:23:04 debian systemd: Started ClamAV On-Access Scanner.$ sudo journalctl | grep rc-local
Oct 21 08:06:22 debian systemd: /etc/systemd/system/rc-local.service:7: Unknown lvalue 'Require' in section 'Service', ignoring
Oct 21 08:06:31 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 08:06:31 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 08:06:31 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 08:06:31 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 1.
Oct 21 08:06:31 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 08:06:31 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 08:06:32 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 08:06:32 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 2.
Oct 21 08:06:32 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 08:06:32 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 08:06:32 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 08:06:32 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 3.
Oct 21 08:06:32 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 08:06:32 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 08:06:32 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 08:06:32 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 4.
Oct 21 08:06:32 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 08:06:32 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 08:06:33 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 08:06:33 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 5.
Oct 21 08:06:33 debian systemd: rc-local.service: Start request repeated too quickly.
Oct 21 08:06:33 debian systemd: rc-local.service: Failed with result 'exit-code'.$ sudo journalctl | grep rc.local
Oct 21 13:47:57 debian rc.local: ERROR: ClamClient: could not connect to remote clam daemon, Couldn't connect to server
Oct 21 13:47:57 debian rc.local: ERROR: Clamonacc: daemon is local, but a connection could not be established
Oct 21 13:47:57 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 13:47:57 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 13:47:57 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 13:47:57 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 1.
Oct 21 13:47:57 debian rc.local: ERROR: ClamClient: could not connect to remote clam daemon, Couldn't connect to server
Oct 21 13:47:57 debian rc.local: ERROR: Clamonacc: daemon is local, but a connection could not be established
Oct 21 13:47:57 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 13:47:57 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 13:47:58 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 13:47:58 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 2.
Oct 21 13:47:58 debian rc.local: ERROR: ClamClient: could not connect to remote clam daemon, Couldn't connect to server
Oct 21 13:47:58 debian rc.local: ERROR: Clamonacc: daemon is local, but a connection could not be established
Oct 21 13:47:58 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 13:47:58 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 13:47:58 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 13:47:58 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 3.
Oct 21 13:47:58 debian rc.local: ERROR: ClamClient: could not connect to remote clam daemon, Couldn't connect to server
Oct 21 13:47:58 debian rc.local: ERROR: Clamonacc: daemon is local, but a connection could not be established
Oct 21 13:47:58 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 13:47:58 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 13:47:58 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 13:47:58 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 4.
Oct 21 13:47:58 debian rc.local: ERROR: ClamClient: could not connect to remote clam daemon, Couldn't connect to server
Oct 21 13:47:58 debian rc.local: ERROR: Clamonacc: daemon is local, but a connection could not be established
Oct 21 13:47:58 debian systemd: rc-local.service: Control process exited, code=exited, status=2/INVALIDARGUMENT
Oct 21 13:47:58 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 13:47:59 debian systemd: rc-local.service: Service RestartSec=100ms expired, scheduling restart.
Oct 21 13:47:59 debian systemd: rc-local.service: Scheduled restart job, restart counter is at 5.
Oct 21 13:47:59 debian systemd: rc-local.service: Start request repeated too quickly.
Oct 21 13:47:59 debian systemd: rc-local.service: Failed with result 'exit-code'.
Oct 21 13:48:14 debian sudo: squire : TTY=pts/0 ; PWD=/home/squire ; USER=root ; COMMAND=/usr/sbin/service rc-local status
Oct 21 13:54:30 debian sudo: squire : TTY=pts/1 ; PWD=/home/squire ; USER=root ; COMMAND=/usr/sbin/service rc-local status
5am
(333 rep)
Oct 21, 2020, 07:37 AM
• Last activity: Jun 17, 2025, 01:06 PM
0
votes
1
answers
2135
views
How to get only stdout_lines with Ansible using mail module
I'm using ansible to scan hosts with clam antivirus and I'm receiving reports via email. Reports contain everything and I want only to receive stdout lines. Is there any way to accomplish this? I wrote email template according to https://gist.github.com/halberom/0aea275632d2b47af0536e5def01d4d2 alth...
I'm using ansible to scan hosts with clam antivirus and I'm receiving reports via email.
Reports contain everything and I want only to receive stdout lines.
Is there any way to accomplish this?
I wrote email template according to https://gist.github.com/halberom/0aea275632d2b47af0536e5def01d4d2
although only thing that is not the same is that I've piped to nice json:
The {{ host }} says {{ hostvars[host]['result']['stdout'] | to_nice_json }}
The error I get is:
> Unable to convert data using to_nice_json, falling back to to_json: 'dict object' has no attribute 'stdout'. the task includes an option with an undefined variable the error was ansible no_log:false
If I remove
['stdout']
shiva
(3 rep)
Sep 9, 2021, 03:26 PM
• Last activity: May 13, 2025, 04:02 PM
1
votes
2
answers
2489
views
ClamD Service Unable to Start
I am currently following this [guide][1] on setting up `ClamAV` on my `AlmaLinux 9.3` machine however at **Step 11** I cannot start the `clamd@service` and wanted to know if anyone else has also had this issue as I cannot find much from other sources. ``` [root@localhost tester]# sudo systemctl stat...
I am currently following this guide on setting up
ClamAV on my AlmaLinux 9.3 machine however at **Step 11** I cannot start the clamd@service and wanted to know if anyone else has also had this issue as I cannot find much from other sources.
[root@localhost tester]# sudo systemctl status clamd@service
× clamd@service.service - clamd scanner (service) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; disabled; preset: disabled)
Active: failed (Result: exit-code) since Thu 2023-12-28 12:08:15 GMT; 3min 26s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 6728 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/service.conf (code=exited, status=1/FAILURE)
CPU: 3ms
Dec 28 12:08:15 localhost.localdomain systemd[1] : clamd@service.service: Scheduled restart job, restart counter is at 5.
Dec 28 12:08:15 localhost.localdomain systemd[1] : Stopped clamd scanner (service) daemon.
Dec 28 12:08:15 localhost.localdomain systemd[1] : clamd@service.service: Start request repeated too quickly.
Dec 28 12:08:15 localhost.localdomain systemd[1] : clamd@service.service: Failed with result 'exit-code'.
Dec 28 12:08:15 localhost.localdomain systemd[1] : Failed to start clamd scanner (service) daemon.$ journalctl -xeu clamd@service.service
░░ The process' exit code is 'exited' and its exit status is 1.
Dec 28 12:45:18 localhost.localdomain systemd[1] : clamd@service.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit clamd@service.service has entered the 'failed' state with result 'exit-code'.
Dec 28 12:45:18 localhost.localdomain systemd[1] : Failed to start clamd scanner (service) daemon.
░░ Subject: A start job for unit clamd@service.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit clamd@service.service has finished with a failure.
░░
░░ The job identifier is 7444 and the job result is failed.
Dec 28 12:45:18 localhost.localdomain systemd[1] : clamd@service.service: Scheduled restart job, restart counter is at 5.
░░ Subject: Automatic restarting of a unit has been scheduled
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ Automatic restarting of the unit clamd@service.service has been scheduled, as the result for
░░ the configured Restart= setting for the unit.
Dec 28 12:45:18 localhost.localdomain systemd[1] : Stopped clamd scanner (service) daemon.
░░ Subject: A stop job for unit clamd@service.service has finished
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A stop job for unit clamd@service.service has finished.
░░
░░ The job identifier is 7568 and the job result is done.
Dec 28 12:45:18 localhost.localdomain systemd[1] : clamd@service.service: Start request repeated too quickly.
Dec 28 12:45:18 localhost.localdomain systemd[1] : clamd@service.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit clamd@service.service has entered the 'failed' state with result 'exit-code'.
Dec 28 12:45:18 localhost.localdomain systemd[1] : Failed to start clamd scanner (service) daemon.
░░ Subject: A start job for unit clamd@service.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit clamd@service.service has finished with a failure.
░░
░░ The job identifier is 7568 and the job result is failed.
hymcode
(133 rep)
Dec 28, 2023, 12:17 PM
• Last activity: Apr 29, 2025, 01:08 AM
0
votes
1
answers
48
views
Where can I find details of malware found by ClamScan based on the ClamScan malware name?
ClamScan found a Trojan program called Win.Trojan.Rider_4000_B-1. Where can I find more information about how this malware works?
ClamScan found a Trojan program called Win.Trojan.Rider_4000_B-1. Where can I find more information about how this malware works?
Jeff
(283 rep)
Mar 25, 2025, 01:49 AM
• Last activity: Mar 25, 2025, 05:35 AM
1
votes
2
answers
562
views
ClamAV freshly installed on LMDE - failing to open log file (permission denied)
I've just freshly installed Linux Mint Debian Edition "Faye" and then installed ClamAV. The services clamav-freshclam and clamav-daemon don't seem to have a problem opening and writing into their respective log files, I can see that the log files are continuously being filled. But when I try to run...
I've just freshly installed Linux Mint Debian Edition "Faye" and then installed ClamAV.
The services clamav-freshclam and clamav-daemon don't seem to have a problem opening and writing into their respective log files, I can see that the log files are continuously being filled.
But when I try to run freshclam and clamd in the console I get:
$ clamd
ERROR: Failed to open log file /var/log/clamav/clamav.log: Permission denied
ERROR: Can't initialize the internal logger
$ freshclam
ERROR: Failed to open log file /var/log/clamav/freshclam.log: Permission denied
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
When I try the same with sudo:
$ sudo freshclam
ERROR: Failed to lock the log file /var/log/clamav/freshclam.log: Resource temporarily unavailable
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
$ sudo clamd
ERROR: Failed to lock the log file /var/log/clamav/clamav.log: Resource temporarily unavailable
ERROR: Can't initialize the internal logger
The files look like this:
-rw-r----- 1 clamav clamav 19042 9. Mär 20:01 clamav.log
-rw------- 1 clamav clamav 11786 9. Mär 20:01 freshclam.log
I'm a "not daily" Linux user.
What could be wrong?
R0byn
(111 rep)
Mar 9, 2025, 07:14 PM
• Last activity: Mar 11, 2025, 12:26 AM
0
votes
0
answers
205
views
Memory error starting clamav daemon after install
I use Linux Mint 22 x86_64 with 6.8.0-45-generic kernel. I installed the latest version of clamav antivirus (1.4.1), but suddenly a problem appeared after restart clamav-daemon: `LibClamAV Error: Can't load daily.wdb: Can't allocate memory`. Full `systemctl status clamav-daemon` output: ``` clamd[81...
I use Linux Mint 22 x86_64 with 6.8.0-45-generic kernel. I installed the latest version of clamav antivirus (1.4.1), but suddenly a problem appeared after restart clamav-daemon:
LibClamAV Error: Can't load daily.wdb: Can't allocate memory.
Full systemctl status clamav-daemon output:
clamd: LibClamAV Warning: *** Please update it as soon as possible. ***
clamd: LibClamAV Warning: **************************************************
clamd: LibClamAV Error: Can't load daily.wdb: Can't allocate memory
clamd: LibClamAV Error: cli_tgzload: Can't load daily.wdb
clamd: LibClamAV Error: Can't load /var/lib/clamav/daily.cld: Malformed database
clamd: LibClamAV Error: cli_loaddbdir: error loading database /var/lib/clamav/daily.cld
clamd: ERROR: Thu Oct 3 04:19:55 2024 -> Malformed database
systemd: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
systemd: clamav-daemon.service: Failed with result 'exit-code'.
systemd: clamav-daemon.service: Consumed 1.425s CPU time.ulimit -d, -v, -s parameters did not give anything.
2. Set ConcurrentDatabaseReload parameter (clamd.conf) to no didn't help either.
DJNZ
(1 rep)
Oct 6, 2024, 02:03 AM
0
votes
1
answers
1109
views
ClamAV clamscan Warning Gives No File Path
I am running ClamAV on RedHat 9.3 and getting some new output from our daily scan that uses the command `/bin/clamscan -r / --exclude-dir=/sys/ --log=/var/log/clamscan.log --infected --quiet`: > LibClamAV Warning: PNG: Unexpected early end-of-file. > LibClamAV Warning: PNG: Unexpected early end-of-f...
I am running ClamAV on RedHat 9.3 and getting some new output from our daily scan that uses the command
> LibClamAV Warning: PNG: Unexpected early end-of-file. ClamAV does not indicate which file is ending unexpectedly early. The log file (25MB) doesn't seem to record any information about these 2 PNG files either. I tried:
/bin/clamscan -r / --exclude-dir=/sys/ --log=/var/log/clamscan.log --infected --quiet:
> LibClamAV Warning: PNG: Unexpected early end-of-file.> LibClamAV Warning: PNG: Unexpected early end-of-file. ClamAV does not indicate which file is ending unexpectedly early. The log file (25MB) doesn't seem to record any information about these 2 PNG files either. I tried:
grep -i Unexpected /var/log/clamscan.loggrep -i "end-of-file" /var/log/clamscan.loggrep -i "end of file" /var/log/clamscan.log
I understand that this is just a warning and not an error, but the message outputs an email every morning, since it is via cron and mailing any output to us and I would like to figure out where this seemingly corrupt PNG file is to remove it. Only thing I can think of is that we installed the nmap package the day before this started showing up so the file might have come from the files installed by that package, but I want a more general understanding of how to handle this problem.
With "--infected" and "--quiet" set, I can't think of any other way to state that I want to receive errors that require intervention/investigation while ignoring warnings such as this.
If I can't get clamscan to give me the location of the problematic files, I may just need to use a script to regex modify the output or use something like sed to get rid of "Unexpected early end-of-file" and echo the rest so we get emailed any errors with the scan executing but can ignore this. That's the plan if I can't get any insight into this specifically.
joeyofblades
(101 rep)
Nov 29, 2023, 03:56 PM
• Last activity: Sep 20, 2024, 01:26 PM
-1
votes
1
answers
98
views
Can ClamAV detect malicious files on a MySQL/MariaDB server?
Can ClamAV help detect malicious files (ie malware, rootkits, etc) for a MySQL/MariaDB server, specifically the /var/lib/mysql data folder? The database server is a single role and locked down both by firewall and MariaDB user host restriction.
Can ClamAV help detect malicious files (ie malware, rootkits, etc) for a MySQL/MariaDB server, specifically the /var/lib/mysql data folder?
The database server is a single role and locked down both by firewall and MariaDB user host restriction.
SkipTripAhead
(1 rep)
Aug 9, 2024, 07:59 AM
• Last activity: Aug 9, 2024, 08:29 AM
0
votes
0
answers
557
views
ClamAV states virus databases are up to date but FreshClam log file says otherwise
I installed ClamAV. The setup was done some time ago, but I've noticed that, apparently, FreshClam hasn't run since September 22nd: ```none [x80486@uplink:~]$ sudo cat /var/log/clamav/freshclam.log -------------------------------------- ClamAV update process started at Fri Jun 30 15:31:00 2023 daily...
I installed ClamAV. The setup was done some time ago, but I've noticed that, apparently, FreshClam hasn't run since September 22nd:
[x80486@uplink:~]$ sudo cat /var/log/clamav/freshclam.log
--------------------------------------
ClamAV update process started at Fri Jun 30 15:31:00 2023
daily database available for download (remote version: 26955)
Testing database: '/var/lib/clamav/tmp.9c82164f10/clamav-cc2397910639c7390c4707d791014939.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26955, sigs: 2037934, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Testing database: '/var/lib/clamav/tmp.9c82164f10/clamav-2ebd9ccfd37f99327a8188293f1c3485.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 334)
Testing database: '/var/lib/clamav/tmp.9c82164f10/clamav-1c6f9beb685cf5d255c0fc2a11405c58.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.ctl: No such file or directory
--------------------------------------
freshclam daemon 1.0.1 (OS: Linux, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Fri Jun 30 15:38:12 2023
daily.cvd database is up-to-date (version: 26955, sigs: 2037934, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
--------------------------------------
...
--------------------------------------
Received signal: wake up
ClamAV update process started at Thu Sep 21 13:02:41 2023
daily database available for update (local version: 27037, remote version: 27038)
Testing database: '/var/lib/clamav/tmp.e048a53c2e/clamav-0dad46f97ba861f4cdc80aebfee2b3dc.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 27038, sigs: 2041081, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Clamd successfully notified about the update.
--------------------------------------
Received signal: wake up
ClamAV update process started at Thu Sep 21 20:15:53 2023
daily.cld database is up-to-date (version: 27038, sigs: 2041081, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
--------------------------------------
Update process terminatedfreshclam.log and its modification timestamp are aligned:
[x80486@uplink:~]$ ll /var/log/clamav/
total 248K
-rw-r----- 1 clamav 130K Dec 29 16:50 clamd.log
-rw-r----- 1 clamav 108K Sep 22 05:57 freshclam.log[x80486@uplink:~]$ clamscan --version
ClamAV 1.2.1/27138/Fri Dec 29 04:39:08 2023[x80486@uplink:~]$ systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; enabled; preset: disabled)
Active: active (running) since Fri 2023-12-29 16:50:52 EST; 4h 16min ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://docs.clamav.net/
Main PID: 1051 (freshclam)
Tasks: 1 (limit: 38104)
Memory: 6.9M (peak: 14.5M zswap: 714.8K)
CPU: 10ms
CGroup: /system.slice/clamav-freshclam.service
└─1051 /usr/bin/freshclam -d --foreground=true
Dec 29 16:50:57 uplink freshclam: ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net .
Dec 29 16:50:57 uplink freshclam: Trying again in 5 secs...
Dec 29 16:51:02 uplink freshclam: Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Dec 29 16:51:02 uplink freshclam: ERROR: remote_cvdhead: Download failed (6) ERROR: Message: Couldn't resolve host name
Dec 29 16:51:02 uplink freshclam: WARNING: Failed to get daily database version information from server: https://database.clamav.net
Dec 29 16:51:02 uplink freshclam: ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net .
Dec 29 16:51:02 uplink freshclam: Giving up on https://database.clamav.net ...
Dec 29 16:51:02 uplink freshclam: ERROR: Update failed for database: daily
Dec 29 16:51:02 uplink freshclam: ERROR: Database update process failed: HTTP GET failed
Dec 29 16:51:02 uplink freshclam: ERROR: Update failed.systemd logs (using journalctl) for freshclam and sometimes those (latest) errors arise, but most of the time the virus databases get updated:
[x80486@uplink:~]$ journalctl --since "2023-12-01" --unit clamav-freshclam.service
Dec 27 10:11:27 uplink freshclam: ClamAV update process started at Wed Dec 27 10:11:27 2023
Dec 27 10:11:27 uplink freshclam: daily database available for update (local version: 27135, remote version: 27136)
Dec 27 10:11:28 uplink freshclam: Testing database: '/var/lib/clamav/tmp.c8cc0017d1/clamav-e36a2a20e61f2ab84e3ae79524c73ae4.tmp-daily.cld' ...
Dec 27 10:11:32 uplink freshclam: Database test passed.
Dec 27 10:11:32 uplink freshclam: daily.cld updated (version: 27136, sigs: 2049596, f-level: 90, builder: raynman)
Dec 27 10:11:32 uplink freshclam: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Dec 27 10:11:32 uplink freshclam: bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Dec 27 10:11:32 uplink freshclam: Clamd successfully notified about the update.
Dec 27 16:11:32 uplink freshclam: Received signal: wake up
Dec 27 16:11:32 uplink freshclam: ClamAV update process started at Wed Dec 27 16:11:32 2023
Dec 27 16:11:32 uplink freshclam: daily.cld database is up-to-date (version: 27136, sigs: 2049596, f-level: 90, builder: raynman)
Dec 27 16:11:32 uplink freshclam: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Dec 27 16:11:32 uplink freshclam: bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Dec 28 09:27:06 uplink freshclam: Received signal: wake up
Dec 28 09:27:06 uplink freshclam: ClamAV update process started at Thu Dec 28 09:27:06 2023
Dec 28 09:27:06 uplink freshclam: daily database available for update (local version: 27136, remote version: 27137)
Dec 28 09:27:07 uplink freshclam: Testing database: '/var/lib/clamav/tmp.c8cc0017d1/clamav-f96d7409ae21590143a85f4d2bc16f4c.tmp-daily.cld' ...
Dec 28 09:27:11 uplink freshclam: Database test passed.
Dec 28 09:27:11 uplink freshclam: daily.cld updated (version: 27137, sigs: 2049636, f-level: 90, builder: raynman)
Dec 28 09:27:11 uplink freshclam: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Dec 28 09:27:11 uplink freshclam: bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Dec 28 09:27:11 uplink freshclam: Clamd successfully notified about the update.
Dec 28 15:27:11 uplink freshclam: Received signal: wake up
Dec 28 15:27:11 uplink freshclam: ClamAV update process started at Thu Dec 28 15:27:11 2023
Dec 28 15:27:11 uplink freshclam: daily.cld database is up-to-date (version: 27137, sigs: 2049636, f-level: 90, builder: raynman)
Dec 28 15:27:11 uplink freshclam: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Dec 28 15:27:11 uplink freshclam: bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Dec 28 21:27:11 uplink freshclam: Received signal: wake up
Dec 28 21:27:11 uplink freshclam: ClamAV update process started at Thu Dec 28 21:27:11 2023
Dec 28 21:27:11 uplink freshclam: daily.cld database is up-to-date (version: 27137, sigs: 2049636, f-level: 90, builder: raynman)
Dec 28 21:27:11 uplink freshclam: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Dec 28 21:27:11 uplink freshclam: bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Dec 29 11:11:45 uplink freshclam: Received signal: wake up
Dec 29 11:11:45 uplink freshclam: ClamAV update process started at Fri Dec 29 11:11:45 2023
Dec 29 11:11:45 uplink freshclam: daily database available for update (local version: 27137, remote version: 27138)
Dec 29 11:11:46 uplink freshclam: Testing database: '/var/lib/clamav/tmp.c8cc0017d1/clamav-136aa724061e4b2bc840a86b67cb13d2.tmp-daily.cld' ...
Dec 29 11:11:50 uplink freshclam: Database test passed.
Dec 29 11:11:50 uplink freshclam: daily.cld updated (version: 27138, sigs: 2049785, f-level: 90, builder: raynman)
Dec 29 11:11:50 uplink freshclam: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Dec 29 11:11:50 uplink freshclam: bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
Dec 29 11:11:50 uplink freshclam: Clamd successfully notified about the update.
Dec 29 16:50:17 uplink freshclam: Update process terminated
Dec 29 16:50:18 uplink systemd: clamav-freshclam.service: Deactivated successfully.
Dec 29 16:50:18 uplink systemd: clamav-freshclam.service: Consumed 1min 10.200s CPU time, 1.3G memory peak.
Dec 29 16:50:52 uplink freshclam: ClamAV update process started at Fri Dec 29 16:50:52 2023
Dec 29 16:50:52 uplink freshclam: WARNING: Can't query current.cvd.clamav.net
Dec 29 16:50:52 uplink freshclam: WARNING: Invalid DNS reply. Falling back to HTTP mode.
Dec 29 16:50:52 uplink freshclam: Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Dec 29 16:50:52 uplink freshclam: WARNING: remote_cvdhead: Download failed (6) WARNING: Message: Couldn't resolve host name
Dec 29 16:50:52 uplink freshclam: WARNING: Failed to get daily database version information from server: https://database.clamav.net
Dec 29 16:50:52 uplink freshclam: ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net .
Dec 29 16:50:52 uplink freshclam: Trying again in 5 secs...
Dec 29 16:50:57 uplink freshclam: Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Dec 29 16:50:57 uplink freshclam: WARNING: remote_cvdhead: Download failed (6) WARNING: Message: Couldn't resolve host name
Dec 29 16:50:57 uplink freshclam: WARNING: Failed to get daily database version information from server: https://database.clamav.net
Dec 29 16:50:57 uplink freshclam: ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net .
Dec 29 16:50:57 uplink freshclam: Trying again in 5 secs...
Dec 29 16:51:02 uplink freshclam: Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Dec 29 16:51:02 uplink freshclam: ERROR: remote_cvdhead: Download failed (6) ERROR: Message: Couldn't resolve host name
Dec 29 16:51:02 uplink freshclam: WARNING: Failed to get daily database version information from server: https://database.clamav.net
Dec 29 16:51:02 uplink freshclam: ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net .
Dec 29 16:51:02 uplink freshclam: Giving up on https://database.clamav.net ...
Dec 29 16:51:02 uplink freshclam: ERROR: Update failed for database: daily
Dec 29 16:51:02 uplink freshclam: ERROR: Database update process failed: HTTP GET failed
Dec 29 16:51:02 uplink freshclam: ERROR: Update failed.freshclam.log and the actual state of the system. It appears to me the virus databases are indeed up to date based on the systemd messages for freshclam, but that's not reflected in freshclam.log.
Is there a way to fix that...or am I missing something?
---
### UPDATES
I went ahead and verified the user and group configured for ClamAV, and they own and have the correct privileges. It all makes sense since /var/log/clamav/clamd.log is updated accordingly — though /var/log/clamav/freshclam.log is not 😑
I stopped clamav-freshclam.service and removed /var/log/clamav/freshclam.log just to verify if UpdateLogFile /var/log/clamav/freshclam.log setting (from /etc/clamav/freshclam.conf) was actually doing something, and the process couldn't start because the file didn't exist:
Dec 29 22:31:57 uplink freshclam: ERROR: lchown to user 'clamav' failed on
Dec 29 22:31:57 uplink freshclam: log file '/var/log/clamav/freshclam.log'.
Dec 29 22:31:57 uplink freshclam: Error was 'No such file or directory'
Dec 29 22:31:57 uplink freshclam: WARNING: lchown to user 'clamav' failed on log file '/var/log/clamav/freshclam.log'. Error was 'No such file or directory'
Dec 29 22:31:57 uplink freshclam: ERROR: Failed to switch to clamav user.
Dec 29 22:31:57 uplink systemd: clamav-freshclam.service: Main process exited, code=exited, status=9/n/a
Dec 29 22:31:57 uplink systemd: clamav-freshclam.service: Failed with result 'exit-code'./var/log/clamav/freshclam.log file the correct privileges and permissions...just to see that clamav-freshclam.service started successfully, but not a single log statement in that file 😡
user280674
Dec 30, 2023, 02:50 AM
• Last activity: Dec 30, 2023, 09:57 AM
0
votes
1
answers
115
views
Notifications stating Trojans found on Fedora 37
I help friends manage systems which feature Fedora OS. They have been reporting that notifications are being highlighted mentioning the presence of Trojans and such and they are alarmed. I generally believe that little if any are serious as I have Selinux Enabled and a Firewall setup on these units....
I help friends manage systems which feature Fedora OS. They have been reporting that notifications are being highlighted mentioning the presence of Trojans and such and they are alarmed. I generally believe that little if any are serious as I have Selinux Enabled and a Firewall setup on these units. All units are behind routers.
I decided to install a few applications such as
clamav, rkhunter and chkrootkit on my own units and gave them a run. Neither rkhunter nor chkrootkit showed anything remarkable but clamav did. I list a few of them for context:
Found 76 possible threats (224741 files scanned).
/home/me/.mozilla/firefox/b9w9hqme.default-1635637832461 /extensions/support@lastpass.com.xpi PUA.Win.Trojan.Xored-1
/home/me/.mozilla/icecat/h2020a74.default/extensions/support@lastpass.com.xpi PUA.Win.Trojan.Xored-1
/home/me/.cache/mozilla/firefox/b9w9hqme.default-1635637832461/cache2/entries/7B869B1E4FEB0079533855B292DEDC9F049750CD PUA.Win.Trojan.Xored-1
/home/me/.cache/mozilla/firefox/b9w9hqme.default-1635637832461/cache2/entries/6BA4FE386CA8001456C08ADCC0D8047E35A2BD77 PUA.Win.Exploit.CVE_2012_1461-1
....................
/home/me/.cache/microsoft-edge-beta/Default/Cache/Cache_Data/c6dd4acd03fcf165_0 PUA.Win.Trojan.Xored-1
/home/me/.cache/microsoft-edge-beta/Default/Cache/Cache_Data/16fb8756c668ad8b_0 PUA.Win.Trojan.Xored-1
......................
/home/me/.config/google-chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.123.0.2_0/oidc-client.min.js PUA.Win.Trojan.Xored-1
/home/me/.config/google-chrome/Default/Extensions/hdokiejnpimakedhajhdlcegeplioahd/4.123.0.2_0/lpfulllib.js PUA.Win.Trojan.Xored-1
Robert D Weir
(127 rep)
Oct 31, 2023, 03:13 PM
• Last activity: Nov 4, 2023, 10:19 AM
0
votes
2
answers
655
views
Show skipped files with ClamAV in Daemon mode
By default, ClamAV ignores files lager than 25M. When I try to scan a big file, 700M, I have this output : ``` ➜ clamscan file.avi /home/dougui/Videos/file.avi: OK ----------- SCAN SUMMARY ----------- Known viruses: 8284573 Engine version: 0.102.4 Scanned directories: 0 Scanned files: 1 Infected fil...
By default, ClamAV ignores files lager than 25M. When I try to scan a big file, 700M, I have this output :
➜ clamscan file.avi
/home/dougui/Videos/file.avi: OK
----------- SCAN SUMMARY -----------
Known viruses: 8284573
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 700.61 MB (ratio 0.00:1)
Time: 13.149 sec (0 m 13 s)--debug, I have this log :
...
LibClamAV debug: Checking realpath of file.avi
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: cli_updatelimits: scansize exceeded (initial: 104857600, consumed: 0, needed: 734642176)
LibClamAV debug: cli_updatelimits: filesize exceeded (allowed: 26214400, needed: 734642176)
LibClamAV debug: emax_reached: marked parents as non cacheable
LibClamAV debug: cli_magic_scandesc: returning 0 at line 3314 (no post, no cache)
/home/dougui/Videos/file.avi: OK
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Freeing phishcheck struct
LibClamAV debug: Phishcheck cleaned up--alert-exceeds-max to display when a find is skipped
The problem is I don't find the same option with clamdscan. I tried to change the config and checked in log file but didn't found anything.
How can I see which files are skipped in Deamon mode ?
Dougui
(241 rep)
Jul 29, 2020, 07:22 PM
• Last activity: Jun 29, 2023, 01:04 AM
9
votes
1
answers
23052
views
Warnings/Errors when running clamav/clamscan, scanning 3TB hard-drive
**What I'm trying to do**: I'm trying to scan my File-Server for malware, and I'm using clamav/clamscan, where the man page say's it can scan files up to 4GB. [This][1] man page states: --max-filesize=#n > Extract and scan at most #n kilobytes from each archive. You may pass > the value in megabytes...
**What I'm trying to do**:
I'm trying to scan my File-Server for malware, and I'm using clamav/clamscan, where the man page say's it can scan files up to 4GB.
This man page states:
--max-filesize=#n
> Extract and scan at most #n kilobytes from each archive. You may pass
> the value in megabytes in format xM or xm, where x is a number. This
> option protects your system against DoS attacks (default: 25 MB, max:
> Extract and scan at most #n kilobytes from each scanned file. You may
> pass the value in megabytes in format xM or xm, where x is a number.
> This option protects your system against DoS attacks (default: 100 MB,
> max: How big is that file? How much RAM (physical and swap separate,
> please) is installed on the scanning machine? Currently, ClamAV has a
> hard file limit of around 2.17GB. Because we're mapping the file into
> memory, if you don't have enough memory available to map the whole
> file, the memory mapping code (as currently implemented) will fail and
> the file won't be scanned.
>
> One of our long-term goals is to investigate being able to properly
> support large files.
**Possible solution**:
Hope the above is the problem(not enough memory), then I can simply extend the systems memory to 8GB, but it's unlikely it is so simple because I tried to run those scans on a system with 12GB ram.
**EDIT #1**
Here is a run on another system with Fedora 21 + 12 GB RAM:
clamscan -r -i --remove --max-filesize=1700M --max-scansize=1700M --exclude=/proc --exclude=/sys --exclude=/dev /
---------------------------------
LibClamAV Warning: [Bytecode JIT]: recovered from error
LibClamAV Warning: [Bytecode JIT]: JITed code intercepted runtime error!
LibClamAV Warning: [Bytecode JIT]: Bytecode run timed out, timeout flag set
LibClamAV Warning: Bytcode 27 failed to run: Time limit reached
LibClamAV Error: cli_scanxz: premature end of compressed stream
LibClamAV Error: cli_scanxz: premature end of compressed stream
-------------------------------
----------- SCAN SUMMARY -----------
Known viruses: 3779101
Engine version: 0.98.6
Scanned directories: 101382
Scanned files: 744103
Infected files: 0
Total errors: 18419
Data scanned: 285743.78 MB
Data read: 394739.73 MB (ratio 0.72:1)
Time: 32171.073 sec (536 m 11 s)
when I ran those same scans on it with sizes set to 2100M-4000M it gave the same errors as mentioned in my original question.
somethingSomething
(6209 rep)
Mar 28, 2015, 06:52 AM
• Last activity: Apr 16, 2023, 08:24 AM
1
votes
1
answers
1377
views
ClamAV antivirus, too big log files
I am working with Debian. And there installed ClamAV antivirus. My problem is that logs of antivirus takes almost all disk space (25 gb from 30 gb) [![enter image description here][1]][1] Could I just delete these logs files? And is there way to configure maximum size of these files? [1]: https://i....
I am working with Debian. And there installed ClamAV antivirus. My problem is that logs of antivirus takes almost all disk space (25 gb from 30 gb) 
Could I just delete these logs files? And is there way to configure maximum size of these files?
Could I just delete these logs files? And is there way to configure maximum size of these files?
Pavlo
(111 rep)
Dec 10, 2016, 08:46 PM
• Last activity: Apr 5, 2023, 03:20 PM
2
votes
1
answers
2347
views
How to configure ClamAV on Debian 11? (Need sample clamd.conf and correct location)
Since upgrading from Debian 9 to Debian10/11 Clamscan now runs the system out of memory immediately - instead of previously completing all scans successfully. But the `/etc/clamav/clamd.conf` file does not exist - nor does any `clamd.conf` file exist on the system. Where does this file belong? Can w...
Since upgrading from Debian 9 to Debian10/11 Clamscan now runs the system out of memory immediately - instead of previously completing all scans successfully.
But the
/etc/clamav/clamd.conf file does not exist - nor does any clamd.conf file exist on the system.
Where does this file belong? Can we create it ourselves? Where can we get an up to date sample conf file?
Slbox
(313 rep)
Feb 2, 2023, 11:05 PM
• Last activity: Feb 3, 2023, 06:00 AM
0
votes
1
answers
476
views
clamscan and cpulimit together runs multiple clamscan processes in ubuntu 18 and 20
I have installed clamav and cpulimit. I want to clamscan all directories in /home which are not owned by root 1 by 1 with a cpu limit of 70%. I use the below command to do that in centos and almalinux: **find /home/ -mindepth 1 -maxdepth 1 -type d ! -user root -exec cpulimit -l 70 -- /usr/bin/clamsc...
I have installed clamav and cpulimit. I want to clamscan all directories in /home which are not owned by root 1 by 1 with a cpu limit of 70%.
I use the below command to do that in centos and almalinux:
**find /home/ -mindepth 1 -maxdepth 1 -type d ! -user root -exec cpulimit -l 70 -- /usr/bin/clamscan -i -r {} ; > /root/scan_results.txt**
The above command works fine in centos. But in ubuntu 18 and 20, it creates multiple clamscan processes for each directory which are in /home and all the processes consume 70% cpu usage thereby overloading my server. I checked that using 'top' command. 'ps aux | grep clamscan' command also shows multiple clamscan processes running simultaneously.
**find /home/ -mindepth 1 -maxdepth 1 -type d ! -user root -exec /usr/bin/clamscan -i -r {} ; > /root/scan_results.txt**
When I remove cpulimit from the command like shown above, it scans 1 by 1 but clamscan process consumes 100% cpu usage which I dont want.
I tried some other commands which didnt work as well:
1) **find /home/ -mindepth 1 -maxdepth 1 -type d ! -user root | xargs -I {} cpulimit -l 70 -- /usr/bin/clamscan -i -r {} > /root/scan_results.txt**
2) **find /home/ -mindepth 1 -maxdepth 1 -type d ! -user root | xargs -P 1 -I {} cpulimit -l 70 -- /usr/bin/clamscan -i -r {} > /root/scan_results.txt**
I want a command which scans all the /home directories which are not owned by root one at a time with cpulimit of 50% and not simultaneously.
jay
(41 rep)
Jan 30, 2023, 05:58 AM
• Last activity: Jan 30, 2023, 12:48 PM
0
votes
1
answers
52
views
clamtk does not redirect stdout for its cron job
I have noticed that `clamtk` only redirects `stderr` to `/dev/null` and not `stdout`. if I change the `cronjob` it creates to also redirect `stdout`, will that effect the log file it creates? I want to use the `cronjob` as a template for using `clamscan` and need to be sure this will not affect the...
I have noticed that
clamtk only redirects stderr to /dev/null and not stdout.
if I change the cronjob it creates to also redirect stdout, will that effect the log file it creates?
I want to use the cronjob as a template for using clamscan and need to be sure this will not affect the logging feature.
I would test this myself but I have no virus on hand and I am not skilled enough to risk getting one off of the internet.
below is the cronjob in question:
/usr/bin/clamscan --database=/home/myhome/.clamtk/db -i -r /home/myhome --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" 2>/dev/null
below is the cronjob I want to know if it will affect logging function:
/usr/bin/clamscan --database=/home/myhome/.clamtk/db -i -r /home/myhome --log="$HOME/.clamtk/history/$(date +\%b-\%d-\%Y).log" > /dev/null 2>&1
EDIT: had a false positive and logging was fine in both ways.
stacking and exchanging woohoo
(63 rep)
Jan 1, 2023, 10:40 AM
• Last activity: Jan 1, 2023, 04:23 PM
2
votes
0
answers
1289
views
ClamAV's main.cld file is too large - can it be removed or compressed?
The main.cld file in `/var/lib/clamav/` is over 400 MB in size and daily.cld is over 150 MB. Are these filesizes normal and can these files be made smaller somehow? For example, by deleting them and retrieving them again, via some update or by using compression. I'm using Debian11/KDE. ---- From [th...
The main.cld file in
/var/lib/clamav/ is over 400 MB in size and daily.cld is over 150 MB.
Are these filesizes normal and can these files be made smaller somehow? For example, by deleting them and retrieving them again, via some update or by using compression.
I'm using Debian11/KDE.
----
From the docs :
>A CLD is the uncompressed ClamAV signature database archive. CLD files are created by FreshClam when a CVD or CLD database archive is updated with a CDIFF patch file.
Is moving it to another partition and creating a symbolic link the only way?
So far, I'm using that as a workaround, but people shouldn't be required to do this, especially not newcomers. I created the symbolic links like so (replace dir and username):
sudo mv /var/lib/clamav/main.cld /home/username/dir/main.cld
sudo mv /var/lib/clamav/daily.cld /home/username/dir/daily.cld
sudo ln -s /home/username/dir/daily.cld /var/lib/clamav/daily.cld
sudo ln -s /home/username/dir/main.cld /var/lib/clamav/main.cld
mYnDstrEAm
(4708 rep)
Oct 6, 2022, 12:18 PM
• Last activity: Oct 6, 2022, 02:21 PM
1
votes
0
answers
2624
views
How to use Clamscan to scan for files larger than 4GB
I need to scan files larger than 4GB, I tried the following solutions: 1- I tried to edit the clamd.conf and set the MaxScanSize 100000M MaxFileSize 100000M (Just any arbitrary size that's larger than 4GB.) 2- And used `clamscan` with --max-filesize=20000M --max-scansize=20000M And this one worked f...
I need to scan files larger than 4GB, I tried the following solutions:
1- I tried to edit the clamd.conf and set the
MaxScanSize 100000M
MaxFileSize 100000M
(Just any arbitrary size that's larger than 4GB.)
2- And used
clamscan with --max-filesize=20000M --max-scansize=20000M
And this one worked for a large amount of files but not files larger than 4GB
I read somewhere that you can use the split command to split larger files and then direct them to clamscan.
But i didn't understand what does it do exactly and how to use with the clamscan command that worked for the most part.
Here is the clamscan command that worked.
For 101GB of files
It successfully scanned 95GB out of them and left the rest.
clamscan --max-filesize=20000M --max-scansize=20000M -r --bell -v -i --move=/home/username/Documents/infected /home/username/Documents/
It gave the warning that the maximum size is 4GB and it was reset back to 4GB and then started.
Please let me know what does the split command does exactly and how to use it if i am scanning a large directory.
Also, should I ever use sudo clamscan / for the whole system ? or is the home folder (or what ever directory that don't require root privileges) enough?
Thanks in advance.
guest456782
(11 rep)
Aug 12, 2022, 01:37 PM
Showing page 1 of 20 total questions