Clam AV Scans Not Working
-
I’ll get on my FOG server that does AV updates and see if I can find the missing link. I think it was an apache configuration change that allowed downloading the files from the root of the web server.
-
You must config the FOG_PXE_IMAGE_DNSADDRESS value, if you don’t have configured it, the client doesn’t know how to resolve the direction of the clamAV server.
To rebuit the init.gz with the new version of clamav
[url]http://fogproject.org/forum/threads/clamav-version-update.3926/[/url]
To resize the init.gz
[url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url] -
One thing I did that is not in the wiki article is to make symbolic links:
[CODE]
cd /var/www
sudo ln -s /var/lib/clamav/bytecode.cld
sudo ln -s /var/lib/clamav/daily.cld
sudo ln -s /var/lib/clamav/daily.cvd
sudo ln -s /var/lib/clamav/main.cvd
[/CODE] -
Thank you Fernando Gietz and chad-bisd for input.
I have rebuilt the complete fog server with Ubuntu 12.04.2 LTS 64bit and fog .32 and I am back to the same error that I started with (clamaverror.jpg Monday 2:41PM). I did this because I have tried so many changes that I wanted to make sure that I got back to a safe starting point. So a few questions, if you please.
Do I go back and make all the changes 1-9, yesterday at 11:34 AM or try the rebuild/resize of init.gz?[B] - both[/B]
The server does have 0.97.6 and I see the client does say 0.97.1. Are the definitions truly incompatible?[B] - Fernando Gietz[/B]
Where is the FOG_PXE_IMAGE_DNSADDRESS at? [B]- Fernando Gietz[/B]
I can only find main, daily, and bytecode CVD files. No CLD files. Do I just make the symbolic links to what I have? [B]- chad-bisd[/B]
I have asked other questions above but let’s see how this goes.
I am willing to try almost anything and can rebuild the server when I know exactly the steps to make it work. Hopefully I can create a complete posting that outlines the exact steps to make this work for everyone who wants this task to work correctly. -
Before you go through the effort of resizing the init.gz, just try the steps in the wiki with the slight modifications from this thread.
Try it with the different versions. The compatibility error came from no files in /usr/share/clamav inside the init image, not because the client and server were different versions.
You only need DNS settings if you use the host name of the FOG server and not the IP address.
I believe the .cld files come and go, but make symbolic links to anything you have and try it.
-
These are the only items I changed after the rebuild/install of FOG and [B]ClamAV is now working at the client[/B]. I will now work on getting rid of the OUTDATED AV ENGINE errors.
1 - (6, 7, 8 from above) - [B]modify the init.gz image file[/B]
cd /
cd /tftpboot/fog/images
cp init.gz init-ORIG.gz
gunzip init.gz
mkdir initmountdir
mount -o loop init initmountdir
nano initmountdir/etc/freshclam.conf
add “ScriptedUpdates” to “no” based on above ERROR
change “DatabaseMirror” to “IPAddressOfServer” instead of original “database.clamav.net”
umount initmountdir/
rmdir initmountdir
gzip init2 - [B]create symbolic links[/B]
cd /var/www
ln -s /var/lib/clamav/bytecode.cvd
ln -s /var/lib/clamav/daily.cvd
ln -s /var/lib/clamav/main.cvdBefore I start working on the init.gz do either of you know what I need to change so that the client does not reboot after the AV scan is finished? I want to see what the results are before the computer reboots.
-
You need to edit the av script in the init image and remove the call to reboot the workstation or add a pause or something.
-
I will update the wiki and note the changes.
-
Even after making the changes above and ‘knowing’ that I had the AV scanning working sometimes it would not work. Especially when trying to show staff how good this product was. The culprit - different kernels. I found that ‘Kernel - 2.6.35.7 KS’ would not allow the AV scan to work but the default bzImage would. Thanks for all the help.
-
[quote=“Martin T, post: 10917, member: 3420”]Thank you Fernando Gietz and chad-bisd for input.
I have rebuilt the complete fog server with Ubuntu 12.04.2 LTS 64bit and fog .32 and I am back to the same error that I started with (clamaverror.jpg Monday 2:41PM). I did this because I have tried so many changes that I wanted to make sure that I got back to a safe starting point. So a few questions, if you please.
Do I go back and make all the changes 1-9, yesterday at 11:34 AM or try the rebuild/resize of init.gz?[B] - both[/B]
The server does have 0.97.6 and I see the client does say 0.97.1. Are the definitions truly incompatible?[B] - Fernando Gietz[/B]
Where is the FOG_PXE_IMAGE_DNSADDRESS at? [B]- Fernando Gietz[/B]
I can only find main, daily, and bytecode CVD files. No CLD files. Do I just make the symbolic links to what I have? [B]- chad-bisd[/B]
I have asked other questions above but let’s see how this goes.
I am willing to try almost anything and can rebuild the server when I know exactly the steps to make it work. Hopefully I can create a complete posting that outlines the exact steps to make this work for everyone who wants this task to work correctly.[/quote]Sorry for answer so late.
[I]Where is the FOG_PXE_IMAGE_DNSADDRESS at?[/I]
In webui: About > FOG settings > TFTP Server[I]The server does have 0.97.6 and I see the client does say 0.97.1. Are the definitions truly incompatible?[/I]
I’m not claAV expert
but the capture says that [I]Not supported database files founf in /usr/share/clamav. [/I]Seems the database files are incompatibles. This problem/issue desappears if you upgrade the clamAV version[I] to 0.97.6[/I]I have seen the fog.av script and you don’t must resize the init.gz (sorry, but i’m sure that you have learn a lot of
). The database files from the server are copied in /usr/share/clamav. This folder is a ramdisk:[CODE]mount -t tmpfs none /usr/share/clamav/ -o size=50m;[/CODE]
This ramdisk have 50M size. This size would be little[I], why? [/I]the reason is the database files size grown more and more, daily. For example, in my server those files:
[CODE]-rw-r–r-- 1 clam clam 302K feb 15 03:37 bytecode.cld
-rw-r–r-- 1 clam clam 0 feb 26 20:25 clamd.sock
-rw-r–r-- 1 clam clam 55M mar 12 03:10 daily.cld
-rw-r–r-- 1 clam clam 30M mar 11 14:14 main.cvd
-rw-r–r-- 1 clam clam 572 mar 12 03:10 mirrors.dat[/CODE]86 MB, and daily increases his size
The size of the ramdisk would be dinamic.