• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    CentOS ClamAV and Fog 1.2.0.

    Scheduled Pinned Locked Moved
    Linux Problems
    3
    21
    11.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      albion
      last edited by

      Sorry to bother everyone. I’ve been all over the web looking for help with ClamAV and Fog. Although the fog_1.2.0/installation.txt claims a CentOS ClamAV Wiki page, I can find no such thing. So I am hoping someone here has been successful in getting ClamAV to work with Fog 1.2.0 under CentOS 6.

      Whenever I set the ClamAV task in fog manager the machine boots properly into PXE and tries to start the ClamAV program. I get four warnings complaining about the lack of access to DNS and ClamAV update sites. It gives those warnings twice and then an error about an inability to find a file or directory. The messages fly by so fast that I had to restart the task 5 times just to remember what I wrote above.

      I would surely appreciate any help with this.

      -Craig

      1 Reply Last reply Reply Quote 0
      • G
        G0dzilla
        last edited by

        Is this the error ?

        [ATTACH=full]1309[/ATTACH]

        I’m also running Centos 6.5 + FOG 1.2.0.

        The init.xz [i think its this file] doesn’t have a database in it to use already, and it cant go out and download one hence the error. Need a file for clamav to use in the init.xz, or verify your client has connectivity to the internet, can test this with a debug task.

        I’ll look more into it later.

        [url=“/_imported_xf_attachments/1/1309_FOGClamAV.png?:”]FOGClamAV.png[/url]

        1 Reply Last reply Reply Quote 0
        • A
          albion
          last edited by

          Yes this is [quote=“G0dzilla, post: 35743, member: 1692”]Is this the error ?

          [ATTACH=full]1309[/ATTACH]

          I’m also running Centos 6.5 + FOG 1.2.0.

          The init.xz [i think its this file] doesn’t have a database in it to use already, and it cant go out and download one hence the error. Need a file for clamav to use in the init.xz, or verify your client has connectivity to the internet, can test this with a debug task.

          I’ll look more into it later.[/quote]

          That’s the error alright. I’ve tried installing the latest clamAV using yum, but that didn’t do anything. It probably screwed something up. lol

          1 Reply Last reply Reply Quote 0
          • Tom ElliottT
            Tom Elliott
            last edited by

            It’s most likely that the DNS isn’t being sent for the clamav task, I’ll see if I can get around to tracking the bug.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • A
              albion
              last edited by

              [quote=“Tom Elliott, post: 35802, member: 7271”]It’s most likely that the DNS isn’t being sent for the clamav task, I’ll see if I can get around to tracking the bug.[/quote]

              I guess I was kind of assuming that I didn’t have something setup correctly. I wasn’t at all thinking it was bug. Thanks.

              1 Reply Last reply Reply Quote 0
              • G
                G0dzilla
                last edited by

                Here is some info I have found that I think may be related.

                From what I can see, there is no /etc/resolv.conf file in the init.xz, and no default program to add entries to resolv.conf [dhclient, wicd etc, I don’t know what program is currently used to get a DHCP address] .

                Inside the init.xz there is a sym link;

                /etc/resolv.conf -> /tmp/resolv.conf

                /tmp/:
                total 1.0K
                ldconfig

                /tmp/resolv.conf does not exist.

                Things that may help testing/fixing;

                You can edit the init.xz and add the /etc/resolv.conf [or /tmp/resolv.conf].
                You can run udhcpc to automatically add DNS servers to resolv.conf

                1 Reply Last reply Reply Quote 0
                • A
                  albion
                  last edited by

                  [quote=“G0dzilla, post: 35840, member: 1692”]Here is some info I have found that I think may be related.

                  From what I can see, there is no /etc/resolv.conf file in the init.xz, and no default program to add entries to resolv.conf [dhclient, wicd etc, I don’t know what program is currently used to get a DHCP address] .

                  Inside the init.xz there is a sym link;

                  /etc/resolv.conf -> /tmp/resolv.conf

                  /tmp/:
                  total 1.0K
                  ldconfig

                  /tmp/resolv.conf does not exist.

                  Things that may help testing/fixing;

                  You can edit the init.xz and add the /etc/resolv.conf [or /tmp/resolv.conf].
                  You can run udhcpc to automatically add DNS servers to resolv.conf[/quote]

                  After finally figuring out how to uncompress and mount the init file I was able to add the resolv.conf. That made no difference. But I also noticed that the error message is telling me there are no database files in /usr/share/clamav. I check that out as well and noticed there are no database files there. When I try to add the files from another install I am met with a “No space left on device” error.

                  1 Reply Last reply Reply Quote 0
                  • G
                    G0dzilla
                    last edited by

                    [quote=“albion, post: 35863, member: 25750”]After finally figuring out how to uncompress and mount the init file I was able to add the resolv.conf. That made no difference. But I also noticed that the error message is telling me there are no database files in /usr/share/clamav. I check that out as well and noticed there are no database files there. When I try to add the files from another install I am met with a “No space left on device” error.[/quote]

                    After the resolv.conf file is added to the init.xz it still needs entries in it for DNS to work.
                    This can be done manually or with a program like udhcpc.
                    This can all be done in a debug task - followed by the command “freshclam” to see if clamav can update. This may not work still, but should get the DNS working at least.

                    I believe the database files are left out to save space in the init.xz .
                    The init.xz file is currently limited to 57MB I think.
                    Here is info on increasing it - [url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url]

                    I think a more ideal solution for Clam with FOG would be for the clients to download the database files from the local fog server instead of going out on the internet for them. It would involve a bit more manual customizing for each server tho. I think virus scanning with FOG is just a cool feature - but isn’t really important.

                    You can always try Trinity Rescue Kit for scanning, that has 4-5 scanners built in and can be PXE booted.
                    There is also a script available to run all the scanners.
                    [url]http://code.remyservices.net/trk_scripts/wiki/Home[/url]

                    remy_virusscan - Offers the ability to update all scanners at once and then scan all attached drives with the updated scanners in a silent mode. Scanners include Avast!, BDE, CHKRootkit, ClamAV, F-Prot, RKHunter and Vexira.

                    1 Reply Last reply Reply Quote 0
                    • A
                      albion
                      last edited by

                      [quote=“G0dzilla, post: 35883, member: 1692”]After the resolv.conf file is added to the init.xz it still needs entries in it for DNS to work.
                      This can be done manually or with a program like udhcpc.
                      This can all be done in a debug task - followed by the command “freshclam” to see if clamav can update. This may not work still, but should get the DNS working at least.

                      I believe the database files are left out to save space in the init.xz .
                      The init.xz file is currently limited to 57MB I think.
                      Here is info on increasing it - [url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url]

                      I think a more ideal solution for Clam with FOG would be for the clients to download the database files from the local fog server instead of going out on the internet for them. It would involve a bit more manual customizing for each server tho. I think virus scanning with FOG is just a cool feature - but isn’t really important.

                      You can always try Trinity Rescue Kit for scanning, that has 4-5 scanners built in and can be PXE booted.
                      There is also a script available to run all the scanners.
                      [url]http://code.remyservices.net/trk_scripts/wiki/Home[/url]

                      remy_virusscan - Offers the ability to update all scanners at once and then scan all attached drives with the updated scanners in a silent mode. Scanners include Avast!, BDE, CHKRootkit, ClamAV, F-Prot, RKHunter and Vexira.[/quote]

                      I know a little bit about servers. 🙂 I set the nameserver entry to 8.8.8.8 (Google name server). I also tried my two internal DNS servers. Neither Google nor my internal servers worked. I didn’t though add search or domain directives to resolv.conf, are they necessary for this implementation?

                      It’s possible to PXE boot from two different systems? i.e. Fog and AV Offline Scan.

                      1 Reply Last reply Reply Quote 0
                      • Tom ElliottT
                        Tom Elliott
                        last edited by

                        /etc/resolv.conf should have:
                        nameserver <IP Of Router Gateway in house, or direct dns entries (208.67.222.222, 8.8.4.4, etc…)

                        Then check that resolving works by:
                        ping google.com

                        if it doesn’t, maybe there’s a proxy in between?

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                        1 Reply Last reply Reply Quote 0
                        • A
                          albion
                          last edited by

                          [quote=“Tom Elliott, post: 35910, member: 7271”]/etc/resolv.conf should have:
                          nameserver <IP Of Router Gateway in house, or direct dns entries (208.67.222.222, 8.8.4.4, etc…)

                          Then check that resolving works by:
                          ping google.com

                          if it doesn’t, maybe there’s a proxy in between?[/quote]

                          This is my procedure for changing that file.

                          1. cd /var/www/html/fog/services/ipxe
                          2. xz --decompress init.xz
                          3. mount init ./tmp -o loop -rw
                          4. cd ./tmp/tmp
                          5. touch resolv.conf
                          6. echo “nameserver 8.8.8.8” > resolv.conf
                          7. echo “nameserver 8.8.4.4” >> resolv.conf
                          8. cd …/…
                          9. umount ./tmp
                          10. xz -z -9 -C crc32 init

                          I then told my test bench to reboot in debug mode through my Fog server. The machine shutdown windows and rebooted me to a Linux command prompt. Although the link for resolv.conf was in /etc, the file I created in /tmp didn’t exist. When I tried to ping google.com I got the response “ping: bad address ‘google.com’”. After I ran though stops 4 to 6 from above while in the debug console my “ping google.com” then ran successfully. Next I tried rebooting the debug console to see if the resolv.conf I created in the debug console was still there… no luck. 😞

                          -Craig

                          1 Reply Last reply Reply Quote 0
                          • G
                            G0dzilla
                            last edited by

                            I have similar behaviour on my production FOG server.
                            My resolv.conf is fine in the init.xz, I have DNS working + internet connectivity, but I can’t run freshclam to update the client.
                            I also can’t run freshclam on the FOG server.
                            I don’t have my lab at home running at the moment for more testing.

                            Do you have a firewall ?
                            Can you run freshclam on the server?

                            1 Reply Last reply Reply Quote 0
                            • A
                              albion
                              last edited by

                              The firewall was disabled during the FOG install as instructed. I can freshclam once I add /tmp/resolv.conf in debug mode, although the download is rather slow. 5 minutes and only at 3% of the main.cvd download. I have 10meg, so I am assuming the download server is not in the US.

                              1 Reply Last reply Reply Quote 0
                              • Tom ElliottT
                                Tom Elliott
                                last edited by

                                I think I know what the problem is with it.

                                It’s not DNS related, though your DNS may have an issue.

                                It’s related to the fact that we don’t install ClamAV on Centos/Fedora/Redhat OS’s anymore and I’m thinking the install function had a file that get’s requested. As the clamav isn’t installed, I’m thinking some directories aren’t copied over.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                1 Reply Last reply Reply Quote 0
                                • A
                                  albion
                                  last edited by

                                  The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”

                                  1 Reply Last reply Reply Quote 0
                                  • A
                                    albion
                                    last edited by

                                    [quote=“Tom Elliott, post: 35955, member: 7271”]I think I know what the problem is with it.

                                    It’s not DNS related, though your DNS may have an issue.

                                    It’s related to the fact that we don’t install ClamAV on Centos/Fedora/Redhat OS’s anymore and I’m thinking the install function had a file that get’s requested. As the clamav isn’t installed, I’m thinking some directories aren’t copied over.[/quote]

                                    Basically you’re saying Ubuntu over CentOS. 🙂 I suppose, although a neat and possibly useful tool, I can live without it for now. Then again, maybe I’ll try an Ubuntu install.

                                    Thanks for all your help.
                                    -Craig

                                    1 Reply Last reply Reply Quote 0
                                    • Tom ElliottT
                                      Tom Elliott
                                      last edited by

                                      Nah, I’m not saying Ubuntu over CentOS. What I am saying, is it still seems, to me, that it’s a problem with dns, not a problem with clamav.

                                      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                      1 Reply Last reply Reply Quote 0
                                      • G
                                        G0dzilla
                                        last edited by

                                        [quote=“albion, post: 35957, member: 25750”]The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”[/quote]

                                        If you increase the size of the initrd you should be able to download the files.
                                        [url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url]

                                        [quote=“albion, post: 35915, member: 25750”]
                                        Although the link for resolv.conf was in /etc, the file I created in /tmp didn’t exist. When I tried to ping google.com I got the response “ping: bad address ‘google.com’”.[/quote]

                                        Maybe try delete the link for /etc/resolv.conf -> /tmp/resolv.conf, then touch /etc/resolv.conf, add your DNS settings in there to - this got DNS working for me in my testing.

                                        I would think after both of these things it will work for you.

                                        [quote=“albion, post: 35953, member: 25750”]I can freshclam once I add /tmp/resolv.conf in debug mode, although the download is rather slow. 5 minutes and only at 3% of the main.cvd download. I have 10meg, so I am assuming the download server is not in the US.[/quote]

                                        You could change the setting in the initrd of the /etc/freshclam file to use a US mirror to see if that helps.

                                        [SIZE=4][B]Closest mirrors[/B][/SIZE]

                                        The DatabaseMirror directive in the config file specifies the database server freshclam will attempt (up to MaxAttempts times) to download the database from. The default database mirror is [URL=‘http://www.clamav.net/doc/latest/html/database.clamav.net’]database.clamav.net[/URL] but multiple directives are allowed. In order to download the database from the closest mirror you should configure freshclam to use [URL=‘http://www.clamav.net/doc/latest/html/db.xx.clamav.net’]db.xx.clamav.net[/URL] where xx represents your country code. For example, if your server is in “Ascension Island” you should have the following lines included in freshclam.conf:
                                        DNSDatabaseInfo current.cvd.clamav.net
                                        DatabaseMirror db.ac.clamav.net
                                        DatabaseMirror database.clamav.net

                                        The second entry acts as a fallback in case the connection to the first mirror fails for some reason. The full list of two-letters country codes is available at [url]http://www.iana.org/cctld/cctld-whois.htm[/url]

                                        1 Reply Last reply Reply Quote 0
                                        • Tom ElliottT
                                          Tom Elliott
                                          last edited by

                                          The way FOG does fog.av, I make /usr/share/clamav a mount point with a size in memory of 100M.

                                          This should be plenty large enough to hold your main.cvd file.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                          1 Reply Last reply Reply Quote 0
                                          • G
                                            G0dzilla
                                            last edited by

                                            [quote=“Tom Elliott, post: 35972, member: 7271”]The way FOG does fog.av, I make /usr/share/clamav a mount point with a size in memory of 100M.

                                            This should be plenty large enough to hold your main.cvd file.[/quote]

                                            Thanks - That’s handy to know.

                                            [quote=“albion, post: 35957, member: 25750”]The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”[/quote]

                                            I do not know why you receive that error then.
                                            Perhaps troubleshoot with another debug task.
                                            You can start a scan task with “avmode=q /bin/fog.av” , this may help troubleshoot further.

                                            In my setup, I have switched to client updating the .cvd files from the fog server directly and changed to use a static resolv.conf.
                                            If anyone is interested;

                                            Commands:

                                            cd /var/www/html/fog/services/ipxe
                                            xz -d init.xz
                                            mkdir mountdir
                                            mount -o loop init mountdir
                                            cd mountdir
                                            rm etc/resolv.conf [should ask to delete a symbolic link]
                                            touch etc/resolv.conf
                                            echo “nameserver MyInternalDNSServer” > etc/resolv.conf
                                            echo “nameserver MyInternalDNSServer2” >> etc/resolv.conf
                                            vim bin/fog.av [comment out line 8 - #setupDNS ${dns}; ]
                                            echo “DatabaseMirror IPAddressOfFogServer” > etc/freshclam"
                                            echo “DatabaseOwner root” >> etc/freshclam"
                                            cd …
                                            umount mountdir
                                            rmdir mountdir
                                            xz -z -9 -C crc32 init

                                            cd /var/www/html
                                            ln -s /var/clamav/bytecode.cvd
                                            ln -s /var/clamav/daily.cvd
                                            ln -s /var/clamav/main.cvd

                                            This assumes the .cvd files are located in /var/clamav
                                            FOG server runs freshclam daily with cron

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post

                                            205

                                            Online

                                            12.0k

                                            Users

                                            17.3k

                                            Topics

                                            155.2k

                                            Posts
                                            Copyright © 2012-2024 FOG Project