CentOS ClamAV and Fog 1.2.0.
-
Sorry to bother everyone. I’ve been all over the web looking for help with ClamAV and Fog. Although the fog_1.2.0/installation.txt claims a CentOS ClamAV Wiki page, I can find no such thing. So I am hoping someone here has been successful in getting ClamAV to work with Fog 1.2.0 under CentOS 6.
Whenever I set the ClamAV task in fog manager the machine boots properly into PXE and tries to start the ClamAV program. I get four warnings complaining about the lack of access to DNS and ClamAV update sites. It gives those warnings twice and then an error about an inability to find a file or directory. The messages fly by so fast that I had to restart the task 5 times just to remember what I wrote above.
I would surely appreciate any help with this.
-Craig
-
Is this the error ?
[ATTACH=full]1309[/ATTACH]
I’m also running Centos 6.5 + FOG 1.2.0.
The init.xz [i think its this file] doesn’t have a database in it to use already, and it cant go out and download one hence the error. Need a file for clamav to use in the init.xz, or verify your client has connectivity to the internet, can test this with a debug task.
I’ll look more into it later.
[url=“/_imported_xf_attachments/1/1309_FOGClamAV.png?:”]FOGClamAV.png[/url]
-
Yes this is [quote=“G0dzilla, post: 35743, member: 1692”]Is this the error ?
[ATTACH=full]1309[/ATTACH]
I’m also running Centos 6.5 + FOG 1.2.0.
The init.xz [i think its this file] doesn’t have a database in it to use already, and it cant go out and download one hence the error. Need a file for clamav to use in the init.xz, or verify your client has connectivity to the internet, can test this with a debug task.
I’ll look more into it later.[/quote]
That’s the error alright. I’ve tried installing the latest clamAV using yum, but that didn’t do anything. It probably screwed something up. lol
-
It’s most likely that the DNS isn’t being sent for the clamav task, I’ll see if I can get around to tracking the bug.
-
[quote=“Tom Elliott, post: 35802, member: 7271”]It’s most likely that the DNS isn’t being sent for the clamav task, I’ll see if I can get around to tracking the bug.[/quote]
I guess I was kind of assuming that I didn’t have something setup correctly. I wasn’t at all thinking it was bug. Thanks.
-
Here is some info I have found that I think may be related.
From what I can see, there is no /etc/resolv.conf file in the init.xz, and no default program to add entries to resolv.conf [dhclient, wicd etc, I don’t know what program is currently used to get a DHCP address] .
Inside the init.xz there is a sym link;
/etc/resolv.conf -> /tmp/resolv.conf
/tmp/:
total 1.0K
ldconfig/tmp/resolv.conf does not exist.
Things that may help testing/fixing;
You can edit the init.xz and add the /etc/resolv.conf [or /tmp/resolv.conf].
You can run udhcpc to automatically add DNS servers to resolv.conf -
[quote=“G0dzilla, post: 35840, member: 1692”]Here is some info I have found that I think may be related.
From what I can see, there is no /etc/resolv.conf file in the init.xz, and no default program to add entries to resolv.conf [dhclient, wicd etc, I don’t know what program is currently used to get a DHCP address] .
Inside the init.xz there is a sym link;
/etc/resolv.conf -> /tmp/resolv.conf
/tmp/:
total 1.0K
ldconfig/tmp/resolv.conf does not exist.
Things that may help testing/fixing;
You can edit the init.xz and add the /etc/resolv.conf [or /tmp/resolv.conf].
You can run udhcpc to automatically add DNS servers to resolv.conf[/quote]After finally figuring out how to uncompress and mount the init file I was able to add the resolv.conf. That made no difference. But I also noticed that the error message is telling me there are no database files in /usr/share/clamav. I check that out as well and noticed there are no database files there. When I try to add the files from another install I am met with a “No space left on device” error.
-
[quote=“albion, post: 35863, member: 25750”]After finally figuring out how to uncompress and mount the init file I was able to add the resolv.conf. That made no difference. But I also noticed that the error message is telling me there are no database files in /usr/share/clamav. I check that out as well and noticed there are no database files there. When I try to add the files from another install I am met with a “No space left on device” error.[/quote]
After the resolv.conf file is added to the init.xz it still needs entries in it for DNS to work.
This can be done manually or with a program like udhcpc.
This can all be done in a debug task - followed by the command “freshclam” to see if clamav can update. This may not work still, but should get the DNS working at least.I believe the database files are left out to save space in the init.xz .
The init.xz file is currently limited to 57MB I think.
Here is info on increasing it - [url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url]I think a more ideal solution for Clam with FOG would be for the clients to download the database files from the local fog server instead of going out on the internet for them. It would involve a bit more manual customizing for each server tho. I think virus scanning with FOG is just a cool feature - but isn’t really important.
You can always try Trinity Rescue Kit for scanning, that has 4-5 scanners built in and can be PXE booted.
There is also a script available to run all the scanners.
[url]http://code.remyservices.net/trk_scripts/wiki/Home[/url]remy_virusscan - Offers the ability to update all scanners at once and then scan all attached drives with the updated scanners in a silent mode. Scanners include Avast!, BDE, CHKRootkit, ClamAV, F-Prot, RKHunter and Vexira.
-
[quote=“G0dzilla, post: 35883, member: 1692”]After the resolv.conf file is added to the init.xz it still needs entries in it for DNS to work.
This can be done manually or with a program like udhcpc.
This can all be done in a debug task - followed by the command “freshclam” to see if clamav can update. This may not work still, but should get the DNS working at least.I believe the database files are left out to save space in the init.xz .
The init.xz file is currently limited to 57MB I think.
Here is info on increasing it - [url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url]I think a more ideal solution for Clam with FOG would be for the clients to download the database files from the local fog server instead of going out on the internet for them. It would involve a bit more manual customizing for each server tho. I think virus scanning with FOG is just a cool feature - but isn’t really important.
You can always try Trinity Rescue Kit for scanning, that has 4-5 scanners built in and can be PXE booted.
There is also a script available to run all the scanners.
[url]http://code.remyservices.net/trk_scripts/wiki/Home[/url]remy_virusscan - Offers the ability to update all scanners at once and then scan all attached drives with the updated scanners in a silent mode. Scanners include Avast!, BDE, CHKRootkit, ClamAV, F-Prot, RKHunter and Vexira.[/quote]
I know a little bit about servers.
I set the nameserver entry to 8.8.8.8 (Google name server). I also tried my two internal DNS servers. Neither Google nor my internal servers worked. I didn’t though add search or domain directives to resolv.conf, are they necessary for this implementation?It’s possible to PXE boot from two different systems? i.e. Fog and AV Offline Scan.
-
/etc/resolv.conf should have:
nameserver <IP Of Router Gateway in house, or direct dns entries (208.67.222.222, 8.8.4.4, etc…)Then check that resolving works by:
ping google.comif it doesn’t, maybe there’s a proxy in between?
-
[quote=“Tom Elliott, post: 35910, member: 7271”]/etc/resolv.conf should have:
nameserver <IP Of Router Gateway in house, or direct dns entries (208.67.222.222, 8.8.4.4, etc…)Then check that resolving works by:
ping google.comif it doesn’t, maybe there’s a proxy in between?[/quote]
This is my procedure for changing that file.
- cd /var/www/html/fog/services/ipxe
- xz --decompress init.xz
- mount init ./tmp -o loop -rw
- cd ./tmp/tmp
- touch resolv.conf
- echo “nameserver 8.8.8.8” > resolv.conf
- echo “nameserver 8.8.4.4” >> resolv.conf
- cd …/…
- umount ./tmp
- xz -z -9 -C crc32 init
I then told my test bench to reboot in debug mode through my Fog server. The machine shutdown windows and rebooted me to a Linux command prompt. Although the link for resolv.conf was in /etc, the file I created in /tmp didn’t exist. When I tried to ping google.com I got the response “ping: bad address ‘google.com’”. After I ran though stops 4 to 6 from above while in the debug console my “ping google.com” then ran successfully. Next I tried rebooting the debug console to see if the resolv.conf I created in the debug console was still there… no luck.
-Craig
-
I have similar behaviour on my production FOG server.
My resolv.conf is fine in the init.xz, I have DNS working + internet connectivity, but I can’t run freshclam to update the client.
I also can’t run freshclam on the FOG server.
I don’t have my lab at home running at the moment for more testing.Do you have a firewall ?
Can you run freshclam on the server? -
The firewall was disabled during the FOG install as instructed. I can freshclam once I add /tmp/resolv.conf in debug mode, although the download is rather slow. 5 minutes and only at 3% of the main.cvd download. I have 10meg, so I am assuming the download server is not in the US.
-
I think I know what the problem is with it.
It’s not DNS related, though your DNS may have an issue.
It’s related to the fact that we don’t install ClamAV on Centos/Fedora/Redhat OS’s anymore and I’m thinking the install function had a file that get’s requested. As the clamav isn’t installed, I’m thinking some directories aren’t copied over.
-
The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”
-
[quote=“Tom Elliott, post: 35955, member: 7271”]I think I know what the problem is with it.
It’s not DNS related, though your DNS may have an issue.
It’s related to the fact that we don’t install ClamAV on Centos/Fedora/Redhat OS’s anymore and I’m thinking the install function had a file that get’s requested. As the clamav isn’t installed, I’m thinking some directories aren’t copied over.[/quote]
Basically you’re saying Ubuntu over CentOS.
I suppose, although a neat and possibly useful tool, I can live without it for now. Then again, maybe I’ll try an Ubuntu install.Thanks for all your help.
-Craig -
Nah, I’m not saying Ubuntu over CentOS. What I am saying, is it still seems, to me, that it’s a problem with dns, not a problem with clamav.
-
[quote=“albion, post: 35957, member: 25750”]The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”[/quote]
If you increase the size of the initrd you should be able to download the files.
[url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url][quote=“albion, post: 35915, member: 25750”]
Although the link for resolv.conf was in /etc, the file I created in /tmp didn’t exist. When I tried to ping google.com I got the response “ping: bad address ‘google.com’”.[/quote]Maybe try delete the link for /etc/resolv.conf -> /tmp/resolv.conf, then touch /etc/resolv.conf, add your DNS settings in there to - this got DNS working for me in my testing.
I would think after both of these things it will work for you.
[quote=“albion, post: 35953, member: 25750”]I can freshclam once I add /tmp/resolv.conf in debug mode, although the download is rather slow. 5 minutes and only at 3% of the main.cvd download. I have 10meg, so I am assuming the download server is not in the US.[/quote]
You could change the setting in the initrd of the /etc/freshclam file to use a US mirror to see if that helps.
[SIZE=4][B]Closest mirrors[/B][/SIZE]
The DatabaseMirror directive in the config file specifies the database server freshclam will attempt (up to MaxAttempts times) to download the database from. The default database mirror is [URL=‘http://www.clamav.net/doc/latest/html/database.clamav.net’]database.clamav.net[/URL] but multiple directives are allowed. In order to download the database from the closest mirror you should configure freshclam to use [URL=‘http://www.clamav.net/doc/latest/html/db.xx.clamav.net’]db.xx.clamav.net[/URL] where xx represents your country code. For example, if your server is in “Ascension Island” you should have the following lines included in freshclam.conf:
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.ac.clamav.net
DatabaseMirror database.clamav.netThe second entry acts as a fallback in case the connection to the first mirror fails for some reason. The full list of two-letters country codes is available at [url]http://www.iana.org/cctld/cctld-whois.htm[/url]
-
The way FOG does fog.av, I make /usr/share/clamav a mount point with a size in memory of 100M.
This should be plenty large enough to hold your main.cvd file.
-
[quote=“Tom Elliott, post: 35972, member: 7271”]The way FOG does fog.av, I make /usr/share/clamav a mount point with a size in memory of 100M.
This should be plenty large enough to hold your main.cvd file.[/quote]
Thanks - That’s handy to know.
[quote=“albion, post: 35957, member: 25750”]The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”[/quote]
I do not know why you receive that error then.
Perhaps troubleshoot with another debug task.
You can start a scan task with “avmode=q /bin/fog.av” , this may help troubleshoot further.In my setup, I have switched to client updating the .cvd files from the fog server directly and changed to use a static resolv.conf.
If anyone is interested;Commands:
cd /var/www/html/fog/services/ipxe
xz -d init.xz
mkdir mountdir
mount -o loop init mountdir
cd mountdir
rm etc/resolv.conf [should ask to delete a symbolic link]
touch etc/resolv.conf
echo “nameserver MyInternalDNSServer” > etc/resolv.conf
echo “nameserver MyInternalDNSServer2” >> etc/resolv.conf
vim bin/fog.av [comment out line 8 - #setupDNS ${dns}; ]
echo “DatabaseMirror IPAddressOfFogServer” > etc/freshclam"
echo “DatabaseOwner root” >> etc/freshclam"
cd …
umount mountdir
rmdir mountdir
xz -z -9 -C crc32 initcd /var/www/html
ln -s /var/clamav/bytecode.cvd
ln -s /var/clamav/daily.cvd
ln -s /var/clamav/main.cvdThis assumes the .cvd files are located in /var/clamav
FOG server runs freshclam daily with cron
