• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Virus History is empty after Clamav-Scan

Scheduled Pinned Locked Moved Solved
FOG Problems
7
22
8.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • X
    x9rok
    last edited by Nov 3, 2015, 9:05 AM

    Hi,

    my question refers to the Advanced Task “Virus Scan with clamav”.

    Here some basic information to my installation:

    • Installed Operating System: CentOS 6.4 (updated to 6.7)
    • CentOS is prepared for FOG-Server like described in the FOG User Guide
    • Installed FOG-Version: 1.2.0
    • Client machine for test: Windows 7 Professional (physical machine)

    Everything works fine. (Imaging, Restoring, Tasks and so on)

    So Clamav is installed on FOG and the client downloads the newest virus signatures from a local networkshare of the FOG-Server. The Task works. For testing i’ve put a testvirus (eicar.com, eicar.zip, eicar.tgz) on the client. When clamav is scanning you can see on clients screen, that clamav finds the virus. After the scanning procedure a fog directory was created on C:.

    Now to my problem:

    After the scan under “Report Management” --> “Virus History” on the FOG-Server there are no results (No result found).

    Any someone here with the same problem ?
    Or do have to install the FOG-Agent on the client machine to see results in Virus History ?

    After a long research i think this is my last possibility to fix this problem.

    Thanks.

    Richi

    X 1 Reply Last reply Nov 22, 2015, 2:40 PM Reply Quote 0
    • T
      Tom Elliott
      last edited by Nov 3, 2015, 10:30 AM

      The fog client, at this point, does not manage a hosts virus reporting. This is only done via the tasking method you have described. I’m not sure why it isn’t reporting it properly, but it doesn’t surprise me either. I never tested the virus reporting so it’s quite likely I forgot to check or add something it the php script that handles this reporting. Can you upgrade to the latest dev version, temporarily, to see if it works in our current version? I’m still not sure if it will work, or even run, but I don’t have the patience, for now, to test/verify for myself. I do understand the hesitation which is why I ask for you to test temporarily. You should create a backup of the current db as it stands though.

      Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

      Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

      Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

      1 Reply Last reply Reply Quote 0
      • X
        x9rok
        last edited by Nov 3, 2015, 11:56 AM

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • X
          x9rok
          last edited by Nov 3, 2015, 11:59 AM

          Okay, thanks for your answert Tom 🙂

          “Can you upgrade to the latest dev version”. Do you mean “Upgrade to trunk” for example via wget or svn ?

          Thanks.

          Richi

          T 1 Reply Last reply Nov 3, 2015, 12:17 PM Reply Quote 0
          • T
            Tom Elliott @x9rok
            last edited by Nov 3, 2015, 12:17 PM

            @x9rok That’s exactly what I mean, upgrade to trunk. As a matter of fact, that is the exact title.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            1 Reply Last reply Reply Quote 0
            • X
              x9rok
              last edited by Nov 3, 2015, 5:35 PM

              @Tom Elliott

              So i have done an upgrade via wget like you said.
              Now the FOG-Server installation has the version 5209.

              Kernel Versions are:

              • bzImage Version: 3.15.6
              • bzImage32 Version: 3.15.6

              To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.

              I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
              I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)

              When i try to delete a task, nothing happens and the task is still in the list.

              So Tom do you have another idea ?
              Is there a newer Version than 5209 ? If yes, how can i check this ?
              Maybe there some other updates available ?

              Thanks.

              Richi

              W 2 Replies Last reply Nov 3, 2015, 9:20 PM Reply Quote 0
              • W
                Wayne Workman @x9rok
                last edited by Nov 3, 2015, 9:20 PM

                @x9rok said:

                Is there a newer Version than 5209 ? If yes, how can i check this ?
                Maybe there some other updates available ?

                Tom is constantly updating the trunk version… odds are, you’re now 10 versions behind lol. Go to your trunk directory and issue the command svn up to checkout whatever the latest svn revision is.

                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                Daily Clean Installation Results:
                https://fogtesting.fogproject.us/
                FOG Reporting:
                https://fog-external-reporting-results.fogproject.us/

                X 2 Replies Last reply Nov 4, 2015, 8:21 AM Reply Quote 0
                • W
                  Wayne Workman @x9rok
                  last edited by Wayne Workman Nov 3, 2015, 4:09 PM Nov 3, 2015, 10:09 PM

                  @x9rok said:

                  To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.

                  I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
                  I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)

                  When i try to delete a task, nothing happens and the task is still in the list.

                  I think your problem with adding/deleting/canceling tasks partially is related to this bug, so I’ve linked it here: https://forums.fogproject.org/topic/6053/r5207-host-management-bugs

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                  Daily Clean Installation Results:
                  https://fogtesting.fogproject.us/
                  FOG Reporting:
                  https://fog-external-reporting-results.fogproject.us/

                  1 Reply Last reply Reply Quote 0
                  • X
                    x9rok @Wayne Workman
                    last edited by Nov 4, 2015, 8:21 AM

                    @Wayne-Workman

                    Okay, i will try this. Thanks for your answer.

                    1 Reply Last reply Reply Quote 0
                    • X
                      x9rok @Wayne Workman
                      last edited by Nov 5, 2015, 1:14 PM

                      @Wayne-Workman @Tom Elliot

                      I have installed an upgrade like in the wiki described. Now the version of FOG is 5229.

                      So still i get the message “Unable to register for following reasons and then --> BLANK”.
                      I cannot test the clamav functionality cause i have no registered hosts in my database.

                      I have read the article “(r5207) Host Management bugs” but it doesn’t helped me. Is this an open bug too ? Is there anyone with the same problem ?

                      My last idea is to go back to FOG 1.2.0 without Trunk and to modify the fog.av-script to upload a virus found and add it to the database. Before i would try this, i hope to find some help or special tips here.

                      Thanks.

                      Richi

                      1 Reply Last reply Reply Quote 0
                      • G
                        george1421 Moderator
                        last edited by Nov 5, 2015, 1:59 PM

                        I would take a look at the apache log file. It sounds like you came across a bug. tail the contents of /var/log/httpd/error_log and post the last few lines here. That may give us a better idea to the source of the issue.

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                        X 1 Reply Last reply Nov 5, 2015, 3:17 PM Reply Quote 0
                        • X
                          x9rok @george1421
                          last edited by Nov 5, 2015, 3:17 PM

                          @george1421

                          Here is the error_log:

                          error_log

                          Richi

                          1 Reply Last reply Reply Quote 0
                          • G
                            george1421 Moderator
                            last edited by Nov 5, 2015, 4:34 PM

                            These following lines are probably what the @Developers need to look into.

                            PHP Warning:  array_merge(): Argument #1 is not an array in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 633, referer: http://localhost/fog/management/index.php?node=about
                            PHP Warning:  preg_grep() expects parameter 2 to be array, null given in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 635, referer: http://localhost/fog/management/index.php?node=about
                            PHP Warning:  fopen(ftp://...@10.101.1.250): failed to open stream: operation failed in /var/www/html/fog/status/logtoview.php on line 5, referer: http://localhost/fog/management/index.php?node=about&sub=log
                            

                            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!

                            1 Reply Last reply Reply Quote 0
                            • S
                              Sebastian Roth Moderator
                              last edited by Nov 5, 2015, 5:01 PM

                              I don’t think the error we see in the apache log is related to the registration problem. See Tom’s answer on this here: https://forums.fogproject.org/topic/5678/fog-unable-to-register-host-for-the-following-reasons/4

                              Are you sure the client has a good connection and get’s an IP after the iPXE menu again?

                              Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                              Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                              1 Reply Last reply Reply Quote 0
                              • T
                                Tom Elliott
                                last edited by Nov 5, 2015, 9:14 PM

                                OP, can you revert the db to before the issues began? I added, fairly recently, backing up the db before updating the db occurs. Shortly, and thankfully after, I was trying to fix a bug that essentially injected hosts without creating a valid insert id. During some reading, it was suggested to set the db value to NULL if the value was not set. I attempted this but everything is handled as a string and actually inserted the value as “NULL” instead of the sql value of just NULL. I believe some of the issue you are seeing is due to this. I have since fixed this issue as well as quite a few others, but it will required either fixing your db, or reverting to before those issues started occurring.

                                Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                1 Reply Last reply Reply Quote 0
                                • T
                                  Tom Elliott
                                  last edited by Nov 5, 2015, 9:29 PM

                                  Once that is done we can look at the fog.av script. While using 1.2.0 is okay, I can’t fix what I am not aware of. I know, now, there is an issue but I’m not apt to go and try to replicate it for myself. Not lazy, just I know you have expected results where I don’t have a clue where to start.

                                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                  X 1 Reply Last reply Nov 8, 2015, 4:34 PM Reply Quote 0
                                  • X
                                    x9rok @Tom Elliott
                                    last edited by Nov 8, 2015, 4:34 PM

                                    @ Tom Elliot

                                    Hi,

                                    to be sure i’ve done a fresh Fog-Server installation again.

                                    1. Prepared CentOS for FOG (disbale iptables, selinux and so on…)
                                    2. Installed FOG 1.2.0 and backup the database
                                    3. Installed GIT and cloned the newest FOG-Trunk version

                                    Now the FOG-Server installation has the version 5565.

                                    Kernel Versions are:

                                    • bzImage Version: 4.2.3
                                    • bzImage32 Version: 4.2.3

                                    Installation runs without errors.
                                    So again i tried to register a host via “Perform full Host registration and Inventory”. This time it runs without an error 🙂 At the end of this procedure i get the message “Done without imaging”. That’s ok. After this, “Attempting to send inventory” but no reboot will starts like before with the version 1.2.0.
                                    On the Management console i can see a registered Host. Better then before ^^. With the trunk version before, this was not possible.

                                    Then i started to run some Tasks. I tested for example the “Hardware Inventory Task”, this fails and the testclient goes into a loop. I opened the Logviewer to look for some errors --> white screen and nothing hanppens.

                                    FOG 1.2.0

                                    Now i think i really should go back to 1.2.0 without trunk. Everything what i need works fine with this version. Imaging, Restoring, all possible Tasks and Clamav, but only without reporting ^^

                                    In our production environment our machines should have no internet connection. So for the Clamav-Scan i created a directory in /var/www/html/fog/clamav. A crontab-Job runs every day and download the newest virus signatures (main.cvd, daily.cvd, bytecode.cvd) and put it to these directory.

                                    I’ve modifed the fog.av in /var/www/html/fog/service/ipxe.

                                    Added some wget commands to download the virus signatures from the FOG-Server and not from the internet. So this works.

                                    Here is the fog.av script with a comment in line 84.
                                    I compared this script with the newest trunk update. It’s nearly the same. So i’m sure, that the Clamav-Scan with the newest trunk-version also won’t report a virus. You can see it only local on the machine at created directory /fog/log.txt.

                                    I hope you can start something with these information.

                                    @Sebastian Roth

                                    Yes, my dhcp works. Client gets an IP and so on after iPXE.
                                    Have done some tests with FOG 1.2.0 (Imaging, Restoring, Scanning, …) That’s ok.

                                    Thanks. Richi

                                    X 1 Reply Last reply Nov 8, 2015, 4:37 PM Reply Quote 0
                                    • X
                                      x9rok @x9rok
                                      last edited by Nov 8, 2015, 4:37 PM

                                      @x9rok fog.av

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        hillie
                                        last edited by Nov 13, 2015, 12:52 PM

                                        I seem to be having the same problem with my fog 1.2.0 install on debian. In the web interface, when I go to Report Management and then Virus History I get nothing after scanning multiple machines. When I look at c:\fog\log\log.txt I see that there is a virus found. Any tips on fixing this would be appreciated.

                                        T 1 Reply Last reply Nov 13, 2015, 1:21 PM Reply Quote 0
                                        • T
                                          Tom Elliott @hillie
                                          last edited by Nov 13, 2015, 1:21 PM

                                          @hillie I have a very hard time fully understanding how you could possibly have c:\fog\log\log.txt AND have it showing that there was a virus found. FOG doesn’t use the FOG Client to track viruses, it’s a tasking that generates these reports.

                                          Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                                          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                                          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                                          1 Reply Last reply Reply Quote 0
                                          • 1
                                          • 2
                                          • 1 / 2
                                          1 / 2
                                          • First post
                                            14/22
                                            Last post

                                          191

                                          Online

                                          12.0k

                                          Users

                                          17.3k

                                          Topics

                                          155.2k

                                          Posts
                                          Copyright © 2012-2024 FOG Project