Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClamAV restart is not working anymore after Debian 9 update #211

Closed
heutger opened this issue Jul 17, 2018 · 6 comments
Closed

ClamAV restart is not working anymore after Debian 9 update #211

heutger opened this issue Jul 17, 2018 · 6 comments

Comments

@heutger
Copy link

heutger commented Jul 17, 2018

I always get from cron:

/usr/local/sbin/clamav-unofficial-sigs.sh: line 1069: kill: (2498) - No such process
Failed to restart clamav-daemon.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files
See system logs and 'systemctl status clamav-daemon.service' for details.

It seems, that clamav is killed in a "bad way" so it's unable to restart. Seems to encounter with last update a few days ago (Debian 9.5, ClamAV 0.100.0).
@cztk
Copy link
Contributor

cztk commented Jul 18, 2018

I don't think it is an issue related to this.
just wrote this
https://www.howtoforge.com/community/threads/debian-8-9-extremeshok-clamav-unofficial-sigs.79538/
and can say... it works - having the pull 193 applied.

@heutger
Copy link
Author

heutger commented Jul 18, 2018

I performed #203 (comment) as it really seems to be a problem of clamav 0.100.0 with the yara rules. You also referred in your article to problems with a minimum of one yara file. However, I don't apply pull requests, so it looks a bit of unmaintained currently.

@cztk
Copy link
Contributor

cztk commented Jul 18, 2018

I did mention that I apply a patch on this, too
I used a fresh debian setup 9.5
my clamav ClamAV 0.100.0/24761/Wed Jul 18 20:05:06 2018

and forcing a cronrun
su clamav -c "[ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh -F" -s /bin/sh
does work without any issues ( it reloaded the databases )

@heutger
Copy link
Author

heutger commented Jul 18, 2018

Sure, without the patch it's not working. ClamAV crashes because of yara rules broken. The cronjob then sends the mails as above via cron to root.

@thctlo
Copy link

thctlo commented Sep 17, 2018
edited
Loading

I detected in the clamav-unofficial-sigs.log these:
Sep 16 07:32:01 ERROR: clamscan binary (clamscan_bin) not found
Sep 16 08:32:01 ERROR: clamscan binary (clamscan_bin) not found

This now my config for Debian 9 (Stretch) Optimized

clam_user="clamav"
clam_group="clamav"
 
logrotate_group="adm"
 
clam_dbs="/var/lib/clamav"
clamd_pid="/run/clamav/clamd.pid"
 
reload_dbs="yes"
clamd_reload_opt="systemctl reload clamav-daemon.service"
clamd_restart_opt="systemctl restart clamav-daemon.service"
 
logging_enabled="yes"
log_file_path="/var/log/clamav-unofficial-sigs"
log_file_name="clamav-unofficial-sigs.log"
 
# ==================================================
# ==================================================
# A D V A N C E D   O P T I O N S
# ==================================================
# ==================================================
clamscan_bin="/usr/bin/clamdscan"
remove_bad_database="yes"
remove_disabled_databases="yes"

and temperarily i've set in users.conf

# disabled databases
enable_yararules=""

and now it runs great again.

@extremeshok
Copy link
Owner

#203

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@heutger @extremeshok @thctlo @cztk