Virus History is empty after Clamav-Scan

x9rok

Hi,

my question refers to the Advanced Task “Virus Scan with clamav”.

Here some basic information to my installation:

• Installed Operating System: CentOS 6.4 (updated to 6.7)
• CentOS is prepared for FOG-Server like described in the FOG User Guide
• Installed FOG-Version: 1.2.0
• Client machine for test: Windows 7 Professional (physical machine)

Everything works fine. (Imaging, Restoring, Tasks and so on)

So Clamav is installed on FOG and the client downloads the newest virus signatures from a local networkshare of the FOG-Server. The Task works. For testing i’ve put a testvirus (eicar.com, eicar.zip, eicar.tgz) on the client. When clamav is scanning you can see on clients screen, that clamav finds the virus. After the scanning procedure a fog directory was created on C:.

Now to my problem:

After the scan under “Report Management” --> “Virus History” on the FOG-Server there are no results (No result found).

Any someone here with the same problem ?
Or do have to install the FOG-Agent on the client machine to see results in Virus History ?

After a long research i think this is my last possibility to fix this problem.

Thanks.

Richi

Tom Elliott

The fog client, at this point, does not manage a hosts virus reporting. This is only done via the tasking method you have described. I’m not sure why it isn’t reporting it properly, but it doesn’t surprise me either. I never tested the virus reporting so it’s quite likely I forgot to check or add something it the php script that handles this reporting. Can you upgrade to the latest dev version, temporarily, to see if it works in our current version? I’m still not sure if it will work, or even run, but I don’t have the patience, for now, to test/verify for myself. I do understand the hesitation which is why I ask for you to test temporarily. You should create a backup of the current db as it stands though.

x9rok

This post is deleted!

x9rok

Okay, thanks for your answert Tom

“Can you upgrade to the latest dev version”. Do you mean “Upgrade to trunk” for example via wget or svn ?

Thanks.

Richi

Tom Elliott

@x9rok That’s exactly what I mean, upgrade to trunk. As a matter of fact, that is the exact title.

x9rok

@Tom Elliott

So i have done an upgrade via wget like you said.
Now the FOG-Server installation has the version 5209.

Kernel Versions are:

• bzImage Version: 3.15.6
• bzImage32 Version: 3.15.6

To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.

I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)

When i try to delete a task, nothing happens and the task is still in the list.

So Tom do you have another idea ?
Is there a newer Version than 5209 ? If yes, how can i check this ?
Maybe there some other updates available ?

Thanks.

Richi

Wayne Workman

@x9rok said:

Is there a newer Version than 5209 ? If yes, how can i check this ?
Maybe there some other updates available ?

Tom is constantly updating the trunk version… odds are, you’re now 10 versions behind lol. Go to your trunk directory and issue the command svn up to checkout whatever the latest svn revision is.

Wayne Workman

@x9rok said:

To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.

I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)

When i try to delete a task, nothing happens and the task is still in the list.

I think your problem with adding/deleting/canceling tasks partially is related to this bug, so I’ve linked it here: https://forums.fogproject.org/topic/6053/r5207-host-management-bugs

x9rok

@Wayne-Workman

Okay, i will try this. Thanks for your answer.

x9rok

@Wayne-Workman @Tom Elliot

I have installed an upgrade like in the wiki described. Now the version of FOG is 5229.

So still i get the message “Unable to register for following reasons and then --> BLANK”.
I cannot test the clamav functionality cause i have no registered hosts in my database.

I have read the article “(r5207) Host Management bugs” but it doesn’t helped me. Is this an open bug too ? Is there anyone with the same problem ?

My last idea is to go back to FOG 1.2.0 without Trunk and to modify the fog.av-script to upload a virus found and add it to the database. Before i would try this, i hope to find some help or special tips here.

Thanks.

Richi

george1421

I would take a look at the apache log file. It sounds like you came across a bug. tail the contents of /var/log/httpd/error_log and post the last few lines here. That may give us a better idea to the source of the issue.

x9rok

@george1421

Here is the error_log:

error_log

Richi

george1421

These following lines are probably what the @Developers need to look into.

PHP Warning:  array_merge(): Argument #1 is not an array in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 633, referer: http://localhost/fog/management/index.php?node=about
PHP Warning:  preg_grep() expects parameter 2 to be array, null given in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 635, referer: http://localhost/fog/management/index.php?node=about
PHP Warning:  fopen(ftp://...@10.101.1.250): failed to open stream: operation failed in /var/www/html/fog/status/logtoview.php on line 5, referer: http://localhost/fog/management/index.php?node=about&sub=log

Sebastian Roth

I don’t think the error we see in the apache log is related to the registration problem. See Tom’s answer on this here: https://forums.fogproject.org/topic/5678/fog-unable-to-register-host-for-the-following-reasons/4

Are you sure the client has a good connection and get’s an IP after the iPXE menu again?

Tom Elliott

OP, can you revert the db to before the issues began? I added, fairly recently, backing up the db before updating the db occurs. Shortly, and thankfully after, I was trying to fix a bug that essentially injected hosts without creating a valid insert id. During some reading, it was suggested to set the db value to NULL if the value was not set. I attempted this but everything is handled as a string and actually inserted the value as “NULL” instead of the sql value of just NULL. I believe some of the issue you are seeing is due to this. I have since fixed this issue as well as quite a few others, but it will required either fixing your db, or reverting to before those issues started occurring.

Tom Elliott

Once that is done we can look at the fog.av script. While using 1.2.0 is okay, I can’t fix what I am not aware of. I know, now, there is an issue but I’m not apt to go and try to replicate it for myself. Not lazy, just I know you have expected results where I don’t have a clue where to start.

x9rok

@ Tom Elliot

Hi,

to be sure i’ve done a fresh Fog-Server installation again.

1. Prepared CentOS for FOG (disbale iptables, selinux and so on…)
2. Installed FOG 1.2.0 and backup the database
3. Installed GIT and cloned the newest FOG-Trunk version

Now the FOG-Server installation has the version 5565.

Kernel Versions are:

• bzImage Version: 4.2.3
• bzImage32 Version: 4.2.3

Installation runs without errors.
So again i tried to register a host via “Perform full Host registration and Inventory”. This time it runs without an error At the end of this procedure i get the message “Done without imaging”. That’s ok. After this, “Attempting to send inventory” but no reboot will starts like before with the version 1.2.0.
On the Management console i can see a registered Host. Better then before ^^. With the trunk version before, this was not possible.

Then i started to run some Tasks. I tested for example the “Hardware Inventory Task”, this fails and the testclient goes into a loop. I opened the Logviewer to look for some errors --> white screen and nothing hanppens.

FOG 1.2.0

Now i think i really should go back to 1.2.0 without trunk. Everything what i need works fine with this version. Imaging, Restoring, all possible Tasks and Clamav, but only without reporting ^^

In our production environment our machines should have no internet connection. So for the Clamav-Scan i created a directory in /var/www/html/fog/clamav. A crontab-Job runs every day and download the newest virus signatures (main.cvd, daily.cvd, bytecode.cvd) and put it to these directory.

I’ve modifed the fog.av in /var/www/html/fog/service/ipxe.

Added some wget commands to download the virus signatures from the FOG-Server and not from the internet. So this works.

Here is the fog.av script with a comment in line 84.
I compared this script with the newest trunk update. It’s nearly the same. So i’m sure, that the Clamav-Scan with the newest trunk-version also won’t report a virus. You can see it only local on the machine at created directory /fog/log.txt.

I hope you can start something with these information.

@Sebastian Roth

Yes, my dhcp works. Client gets an IP and so on after iPXE.
Have done some tests with FOG 1.2.0 (Imaging, Restoring, Scanning, …) That’s ok.

Thanks. Richi

x9rok

@x9rok fog.av

hillie

I seem to be having the same problem with my fog 1.2.0 install on debian. In the web interface, when I go to Report Management and then Virus History I get nothing after scanning multiple machines. When I look at c:\fog\log\log.txt I see that there is a virus found. Any tips on fixing this would be appreciated.

Tom Elliott

@hillie I have a very hard time fully understanding how you could possibly have c:\fog\log\log.txt AND have it showing that there was a virus found. FOG doesn’t use the FOG Client to track viruses, it’s a tasking that generates these reports.