Profile Details

Toggle Sidebar
Recent updates
  • Moving Mail Archive to new install of ClearOS 6.9

    Howdy all,

    Got a compromised box running Clear 6.9 and Zarafa community 7.0.15. We managed to get the box responsive but it is not trusted and I've reloaded another with similar hardware and plan to swap out the hard drives into the untrusted box. I've gotten most everything configured and believe the Zarafa restore should be pretty straight forward of replacing the database with the mysqldump of the existing and copying the attachments over to /var/lib/zarafa.

    My question is for the mail archive. I know I can manually archive for the last couple of weeks and copy the mail archives over to the new box at /var/clearos/mail_archive. Is there anything I need to do or get from the old box before I try to access the archives from the new box?

    Appreciate the thoughts/concerns.

  • Not quite perfect but close enough for to get by. I had increased logging for freshclam.conf and clamd.conf which greatly increased the clamd.log. Also had read about increasing the "TimeoutStartSec" time in clamd.service. Increased this from 120s to 240s and this had a significant impact on it. I still have brief Error connecting to ClamD socket but they are limited in duration to just a couple of minutes and at early morning hours when offices are closed. My guess if where clamd is restarted due to updates or automated system maintenance. Never found much in the verbose logs to be much help but I'm new to the clamav process and have reverted that change to get the log size back down.

    Just wanted to share what is working for us and to give a shout out to Nick for his input. Thanks to the community!

  • Shannon Miller
    Shannon Miller unlocked the badge Bookworm
    Bookworm
    Loves reading the forums.
  • Spoke too soon. Log shows where ClamD was unavailable again for about an hour Friday morning from 3-4am CDT and then failed to start at all Saturday. Service resolved Sunday morning around 4am.

    This morning same "Error connecting to ClamD socket" this morning. Ran the yum clamav* remove and reinstalled Content Filter, CF blacklists, Gateway AntiPhishing/AntiVirus, and Mail AntiVirus from MarketPlace. Install went smoothly, started Content Filtering and can access http websites once again. Permissions appeared correct on databases compared to installation that is working normally.

    Not sure where to look next.

  • It didn't fail this morning. Fleshclam log shows it checking for updates hourly. Last three hours of updates from freshclam log don't show any changes but the daily.cld did change from version 25415 to 25416 at 04:02 this morning.

    ClamAV update process started at Thu Apr 11 07:02:01 2019
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.3 Recommended version: 0.101.2
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cld is up to date (version: 25416, sigs: 1550281, f-level: 63, builder: raynman)
    bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
    --------------------------------------
    ClamAV update process started at Thu Apr 11 08:02:01 2019
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.3 Recommended version: 0.101.2
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cld is up to date (version: 25416, sigs: 1550281, f-level: 63, builder: raynman)
    bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
    --------------------------------------
    ClamAV update process started at Thu Apr 11 09:02:01 2019
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.3 Recommended version: 0.101.2
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cld is up to date (version: 25416, sigs: 1550281, f-level: 63, builder: raynman)
    bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)

    Thanks again, Nick.

  • Compared clamav databases to two other sites with similar setup. The daily and main databases were different and clam was owner both. Stopped clamd, copied the daily and main from other boxes replacing the ones in the troubled box. Had to change owner of main database to clam. Restarted clamav, content filtering, and mail AV. Box is working now. Will watch for any changes with morning updates.

    Thanks for the input Nick!

  • [root@lgedge ~]# freshclam
    ClamAV update process started at Wed Apr 10 08:04:43 2019
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.3 Recommended version: 0.101.2
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 25415, sigs: 1549346, f-level: 63, builder: raynman)
    bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)

    restart of clamd results in clamd not running and content filter unable to connect for scanning again. Had to uninstall the packages, yum remove clamav again and reinstall from Marketplace to get it operational again.

  • ClearOS 7 Clamav/Dansguardia-av issue

    Had two 7.2 boxes that recently has trouble with clamav stopping and not restarting. One box this has happened the last five days.

    Found it by the message log..
    Apr 9 13:40:34 lgedge dansguardian[1022]: scanFile/Memory returned error: -1
    Apr 9 13:40:34 lgedge dansguardian[1022]: Error connecting to ClamD socket

    Tried restarting content filter, clamav, and rebooting. Yum update found nothing new. Clamav will not start and enters failed state. Had similar issue several months ago that affected all our COS 7 boxes but this appears more limited in nature. Where I had to just reinstall a couple of days.

    Only fix found so far is to uninstall Gateway AV, Content Filter, Mail AV, from Marketplace then do a yum remove clamav* to completely uninstall clamav. Then reinstall the components. I get the out of date message in the messages log..

    Apr 9 13:46:18 lgedge clamd: LibClamAV Warning: **************************************************
    Apr 9 13:46:18 lgedge clamd: LibClamAV Warning: *** The virus database is older than 7 days! ***
    Apr 9 13:46:18 lgedge clamd: LibClamAV Warning: *** Please update it as soon as possible. ***
    Apr 9 13:46:18 lgedge clamd: LibClamAV Warning: **************************************************

    ..but clamav starts and can scan unencrypted web traffic once again.

    Wondered if it were due to a rogue repo but it seems to be the same version of clamav as other boxes.

    yum list clamav* --showduplicates

    Loaded plugins: clearcenter-marketplace, fastestmirror
    ClearCenter Marketplace: fetching repositories...
    Loading mirror speeds from cached hostfile
    * clearos: mirror1-newyork.clearos.com
    * clearos-centos-sclo-rh: download1.clearsdn.com
    * clearos-centos-verified: mirror1-newyork.clearos.com
    * clearos-contribs: mirror1-newyork.clearos.com
    * clearos-epel-verified: mirror1-newyork.clearos.com
    * clearos-fast-updates: download1.clearsdn.com
    * clearos-infra: mirror1-newyork.clearos.com
    * clearos-verified: mirror1-newyork.clearos.com
    * private-clearcenter-ad: download4.clearsdn.com:80
    * private-clearcenter-antimalware: download2.clearsdn.com:80
    * private-clearcenter-antispam: download1.clearsdn.com:80
    * private-clearcenter-business: download2.clearsdn.com:80
    * private-clearcenter-content-filter: download2.clearsdn.com:80
    * private-clearcenter-dyndns: download4.clearsdn.com:80
    * private-clearcenter-dynvpn: download3.clearsdn.com:80
    * private-clearcenter-ids: download3.clearsdn.com:80
    * private-clearcenter-master-slave: download1.clearsdn.com:80
    * private-clearcenter-rbs: download4.clearsdn.com:80
    * private-clearcenter-security-audit: download1.clearsdn.com:80
    * private-clearcenter-static-vpn: download1.clearsdn.com:80
    * private-clearcenter-verified-updates: download2.clearsdn.com:80
    Installed Packages
    clamav.x86_64 0.99.3-1.v7 @clearos-verified
    clamav-data.x86_64 0.99.3-1.v7 @clearos-verified
    clamav-filesystem.x86_64 0.99.3-1.v7 @clearos-verified
    clamav-lib.x86_64 0.99.3-1.v7 @clearos-verified
    clamav-server.x86_64 0.99.3-1.v7 @clearos-verified
    Available Packages
    clamav.x86_64 0.99.3-1.v7 clearos-verified
    clamav.x86_64 0.99.3-1.v7 private-clearcenter-verified-updates
    clamav-data.x86_64 0.99.3-1.v7 clearos-verified
    clamav-data.x86_64 0.99.3-1.v7 private-clearcenter-verified-updates
    clamav-devel.x86_64 0.99.3-1.v7 clearos-verified
    clamav-devel.x86_64 0.99.3-1.v7 private-clearcenter-verified-updates
    clamav-filesystem.x86_64 0.99.3-1.v7 clearos-verified
    clamav-filesystem.x86_64 0.99.3-1.v7 private-clearcenter-verified-updates
    clamav-lib.x86_64 0.99.3-1.v7 clearos-verified
    clamav-lib.x86_64 0.99.3-1.v7 private-clearcenter-verified-updates
    clamav-server.x86_64 0.99.3-1.v7 clearos-verified
    clamav-server.x86_64 0.99.3-1.v7 private-clearcenter-verified-updates

    I suspect I'll be dealing with it again in the morning. Looking for wisdom.

  • [quote]Ben Chambers wrote:

    Try running:



    If that doesn't pull any other packages for removal, then it's safe to do........


    Thanks, Ben! Your advice was spot on once again. Was able to remove and update it this morning. Wish you all a peace-filled weekend!

  • Ben asked: What package is pulling in gperftools-libs as a dependency?

    Looks like gperftools-devel requires it..
    ---> Package gperftools-devel.x86_64 0:2.6.1-1.el7 will be installed
    --> Processing Dependency: gperftools-libs(x86-64) = 2.6.1-1.el7 for package: gperftools-devel-2.6.1-1.el7.x86_64
    --> Processing Dependency: libprofiler.so.0()(64bit) for package: gperftools-devel-2.6.1-1.el7.x86_64

    Which is a dependency of gperftools itself..
    ---> Package gperftools.x86_64 0:2.4-31.1 will be updated
    ---> Package gperftools.x86_64 0:2.6.1-1.el7 will be an update
    --> Processing Dependency: pprof = 2.6.1-1.el7 for package: gperftools-2.6.1-1.el7.x86_64
    --> Processing Dependency: gperftools-devel = 2.6.1-1.el7 for package: gperftools-2.6.1-1.el7.x86_64

    They are coming from this repository...
    gperftools x86_64 2.6.1-1.el7 clearos-centos-verified

    Installing for dependencies:
    gperftools-devel x86_64 2.6.1-1.el7 clearos-centos-verified
    gperftools-libs x86_64 2.6.1-1.el7 clearos-centos-verified
    pprof noarch 2.6.1-1.el7 clearos-centos-verified


    This box gave us fits when upgrading from Zarafa Community on 5.2 to Zarafa Community on 7.2. Do you see any problem updating excluding gperftools or perhaps excluding the 2.6 package and see if it will complete with the 2.4 package?

    ClearOS release 7.4.0 (Final)
    Zarafa Community 7.2.1-51838