store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Sep 02, 2014 12:11 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 32 posts ]  Go to page Previous  1, 2, 3  Next
Author Message
 Post subject:
Unread postPosted: Tue Jan 20, 2009 6:41 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
nope, its all built in


Top
 Profile  
 
 Post subject:
Unread postPosted: Wed Jan 21, 2009 4:26 am 
Offline
Forum User
Forum User

Joined: Tue Dec 07, 2004 1:32 pm
Posts: 93
Will it be built in for gamera to, or should we use the script provided by sanesecurity community?


Top
 Profile  
 
 Post subject:
Unread postPosted: Wed Jan 21, 2009 7:28 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2047
Scott/Mike,

How automatic is automatic?

I only have this in /var/clamav

Code:
-rw-r--r--   1 clamav clamav     7727 Jan 20 12:15 ASL-h.ndb
-rw-r--r--   1 clamav clamav     4079 Jan 20 12:15 ASL.hdb
-rw-r--r--   1 clamav clamav    19474 May 17  2008 MSRBL-Images.hdb
-rw-r--r--   1 clamav clamav   236339 May 16  2008 MSRBL-SPAM.ndb
-rw-r--r--   1 clamav clamav  3560960 Jan 21 03:10 daily.cld
-rw-r--r--   1 clamav clamav 40598016 Oct 23 03:10 main.cld
-rw-r--r--   1 clamav clamav 18462921 Nov 26 18:37 main.cvd
-rw-------   1 clamav clamav      416 Jan 21 11:18 mirrors.dat
-rw-r--r--   1 clamav clamav      229 Dec 17 05:51 phish.ndb
-rw-r--r--   1 clamav clamav      211 Dec 17 05:51 phish.ndb-bak
-rw-r--r--   1 clamav clamav      172 Dec 16 09:34 phish.ndb.gz
-rw-r--r--   1 clamav clamav      229 Dec 17 05:51 scam.ndb
-rw-r--r--   1 clamav clamav      211 Dec 17 05:51 scam.ndb-bak
-rw-r--r--   1 clamav clamav      171 Dec 16 09:34 scam.ndb.gz


Note the dates.

And from the sanesecurity site I note that I should have junk.ndb, spear.ndb, lott.ndb and a few others too.

I have done an asl -u recently and it did supposedly update clamav rules.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 3:00 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2047
Ah! I see the latest clamav from the asl-2 repo has an updated update script.

Just ran it and I see we are back to normal on the "UNOFFICIAL" hits.

Brilliant!

Faris.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 3:16 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
You can run the updater manually too:

/usr/bin/clamav_updater.sh

I ended up rewriting the whole thing after goofing around with the other ones out there.


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 4:21 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 644
I get an invalid user error when I that script

Code:
# /usr/bin/clamav_updater.sh
=================================
SaneSecurity SCAM Database Update
=================================

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   202    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

==================================
SaneSecurity PHISH Database Update
==================================

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0   202    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
==========================
MSRBL SPAM Database Update
==========================

===========================
MSRBL IMAGE Database Update
===========================
chown: `qscand:qscand': invalid user


I dont have the qmail scanner installed so I am guessing that is a normal thing to not have those but shouldnt the update script be able to run without it ?


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 6:32 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
You might have the older clamav, the new one looks like this:

[root@www installer]# /usr/bin/clamav_updater.sh
Updating Securiteinfo Databases: VX Securityinfo Honeynet
Updating malware.com.br Databases: MBL
Updating MSRBL Databases: Images Spam
Updating Sanesecurity Databases: junk lott phish rouge scam spamming spear


Top
 Profile  
 
 Post subject:
Unread postPosted: Thu Jan 22, 2009 6:34 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 644
You are correct, I updated and now I see the output you mentioned - so problem solved (at least for me anyways)


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Jan 23, 2009 7:41 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2047
Oops. there's a buglet in /usr/bin/clamav_updater.sh for Centos4/rhel4

I noticed that my /var/clamav directory and all its contents were myteriously being set to be owned by clamav even after I manually change them to qscand. (I've obviously also set the User and Database owner to be qscand in both /etc/freshclam.conf and /etc/cland.conf).

After looking into /etc/cron.daily/freshclam, which I found was correctly setting /var/clamav to qscand, I discovered the problem was in /usr/bin/clamav_updater.sh

In this section of code.....:

Code:

if [ -f /etc/clamd ]; then
clam_user=$(awk '/^User/ {print $2}' /etc/clamd.conf)
else
clam_user="clamav"
fi



....there's a typo in the first line, which should be

Code:

if [ -f /etc/clamd.conf ]; then



The bug is preventing /usr/bin/freshclam from updating the virus sigs.

I've raised a case in the portal but I thought it would be worth letting people know here too - you don't want out of date virus sigs!.

Faris.

Edited: changed the "/usr/sbin/clamav_updater.sh" in my original post to the correct path of /usr/bin/clamav_updater.sh

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Jan 23, 2009 9:41 am 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 520
Location: United Kingdom
Nice one faris. I noticed a few weird errors and wondered what was causing this... You've saved me a LOT of searching around :D


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Jan 23, 2009 1:28 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Oct 29, 2007 6:51 pm
Posts: 644
Yeah I noticed a bunch of new errors today after updating to the latest clamd yesterday - may just be coincidental

Code:

Jan 23 07:09:45 domain psmon[3508]: Failed to spawn 'clamd' with '/sbin/service clamd restart'

Jan 23 07:08:53 domain clamd[4533]: reload db failed: Malformed database

Jan 23 07:08:53 domain clamd[4533]: Terminating because of a fatal error.


Top
 Profile  
 
 Post subject:
Unread postPosted: Fri Jan 23, 2009 2:30 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
fixed in SVN, should be out later today


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Jan 24, 2009 8:02 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2047
Looks like it is in the repo now.

Errr... cough...this is the kind of thing that needs an Announcement.

Um...I'm a journo. Maybe I could help? You send the bare minimum of detail to me, and I translate into English? Or something?

Faris.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Jan 24, 2009 1:06 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
What needs an announcement here exactly? The fact that a bug in the ClamAV rule updater was fixed? In that case I don't agree. That's what changelogs are for. I'd reserve announcements for bigger issues.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Jan 24, 2009 2:15 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7892
Location: earth
Sure, stick around on #plesk on irc.freenode.net, thats probably the best way to coordinate this.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 32 posts ]  Go to page Previous  1, 2, 3  Next

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group