Virus History is empty after Clamav-Scan
-
Hi,
my question refers to the Advanced Task “Virus Scan with clamav”.
Here some basic information to my installation:
- Installed Operating System: CentOS 6.4 (updated to 6.7)
- CentOS is prepared for FOG-Server like described in the FOG User Guide
- Installed FOG-Version: 1.2.0
- Client machine for test: Windows 7 Professional (physical machine)
Everything works fine. (Imaging, Restoring, Tasks and so on)
So Clamav is installed on FOG and the client downloads the newest virus signatures from a local networkshare of the FOG-Server. The Task works. For testing i’ve put a testvirus (eicar.com, eicar.zip, eicar.tgz) on the client. When clamav is scanning you can see on clients screen, that clamav finds the virus. After the scanning procedure a fog directory was created on C:.
Now to my problem:
After the scan under “Report Management” --> “Virus History” on the FOG-Server there are no results (No result found).
Any someone here with the same problem ?
Or do have to install the FOG-Agent on the client machine to see results in Virus History ?After a long research i think this is my last possibility to fix this problem.
Thanks.
Richi
-
The fog client, at this point, does not manage a hosts virus reporting. This is only done via the tasking method you have described. I’m not sure why it isn’t reporting it properly, but it doesn’t surprise me either. I never tested the virus reporting so it’s quite likely I forgot to check or add something it the php script that handles this reporting. Can you upgrade to the latest dev version, temporarily, to see if it works in our current version? I’m still not sure if it will work, or even run, but I don’t have the patience, for now, to test/verify for myself. I do understand the hesitation which is why I ask for you to test temporarily. You should create a backup of the current db as it stands though.
-
This post is deleted! -
Okay, thanks for your answert Tom
“Can you upgrade to the latest dev version”. Do you mean “Upgrade to trunk” for example via wget or svn ?
Thanks.
Richi
-
@x9rok That’s exactly what I mean, upgrade to trunk. As a matter of fact, that is the exact title.
-
@Tom Elliott
So i have done an upgrade via wget like you said.
Now the FOG-Server installation has the version 5209.Kernel Versions are:
- bzImage Version: 3.15.6
- bzImage32 Version: 3.15.6
To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.
I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)When i try to delete a task, nothing happens and the task is still in the list.
So Tom do you have another idea ?
Is there a newer Version than 5209 ? If yes, how can i check this ?
Maybe there some other updates available ?Thanks.
Richi
-
@x9rok said:
Is there a newer Version than 5209 ? If yes, how can i check this ?
Maybe there some other updates available ?Tom is constantly updating the trunk version… odds are, you’re now 10 versions behind lol. Go to your trunk directory and issue the command
svn upto checkout whatever the latest svn revision is. -
@x9rok said:
To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.
I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)When i try to delete a task, nothing happens and the task is still in the list.
I think your problem with adding/deleting/canceling tasks partially is related to this bug, so I’ve linked it here: https://forums.fogproject.org/topic/6053/r5207-host-management-bugs
-
Okay, i will try this. Thanks for your answer.
-
@Wayne-Workman @Tom Elliot
I have installed an upgrade like in the wiki described. Now the version of FOG is 5229.
So still i get the message “Unable to register for following reasons and then --> BLANK”.
I cannot test the clamav functionality cause i have no registered hosts in my database.I have read the article “(r5207) Host Management bugs” but it doesn’t helped me. Is this an open bug too ? Is there anyone with the same problem ?
My last idea is to go back to FOG 1.2.0 without Trunk and to modify the fog.av-script to upload a virus found and add it to the database. Before i would try this, i hope to find some help or special tips here.
Thanks.
Richi
-
I would take a look at the apache log file. It sounds like you came across a bug. tail the contents of /var/log/httpd/error_log and post the last few lines here. That may give us a better idea to the source of the issue.
-
-
These following lines are probably what the @Developers need to look into.
PHP Warning: array_merge(): Argument #1 is not an array in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 633, referer: http://localhost/fog/management/index.php?node=about PHP Warning: preg_grep() expects parameter 2 to be array, null given in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 635, referer: http://localhost/fog/management/index.php?node=about PHP Warning: fopen(ftp://...@10.101.1.250): failed to open stream: operation failed in /var/www/html/fog/status/logtoview.php on line 5, referer: http://localhost/fog/management/index.php?node=about&sub=log -
I don’t think the error we see in the apache log is related to the registration problem. See Tom’s answer on this here: https://forums.fogproject.org/topic/5678/fog-unable-to-register-host-for-the-following-reasons/4
Are you sure the client has a good connection and get’s an IP after the iPXE menu again?
-
OP, can you revert the db to before the issues began? I added, fairly recently, backing up the db before updating the db occurs. Shortly, and thankfully after, I was trying to fix a bug that essentially injected hosts without creating a valid insert id. During some reading, it was suggested to set the db value to NULL if the value was not set. I attempted this but everything is handled as a string and actually inserted the value as “NULL” instead of the sql value of just NULL. I believe some of the issue you are seeing is due to this. I have since fixed this issue as well as quite a few others, but it will required either fixing your db, or reverting to before those issues started occurring.
-
Once that is done we can look at the fog.av script. While using 1.2.0 is okay, I can’t fix what I am not aware of. I know, now, there is an issue but I’m not apt to go and try to replicate it for myself. Not lazy, just I know you have expected results where I don’t have a clue where to start.
-
@ Tom Elliot
Hi,
to be sure i’ve done a fresh Fog-Server installation again.
- Prepared CentOS for FOG (disbale iptables, selinux and so on…)
- Installed FOG 1.2.0 and backup the database
- Installed GIT and cloned the newest FOG-Trunk version
Now the FOG-Server installation has the version 5565.
Kernel Versions are:
- bzImage Version: 4.2.3
- bzImage32 Version: 4.2.3
Installation runs without errors.
So again i tried to register a host via “Perform full Host registration and Inventory”. This time it runs without an error At the end of this procedure i get the message “Done without imaging”. That’s ok. After this, “Attempting to send inventory” but no reboot will starts like before with the version 1.2.0.
On the Management console i can see a registered Host. Better then before ^^. With the trunk version before, this was not possible.Then i started to run some Tasks. I tested for example the “Hardware Inventory Task”, this fails and the testclient goes into a loop. I opened the Logviewer to look for some errors --> white screen and nothing hanppens.
FOG 1.2.0
Now i think i really should go back to 1.2.0 without trunk. Everything what i need works fine with this version. Imaging, Restoring, all possible Tasks and Clamav, but only without reporting ^^
In our production environment our machines should have no internet connection. So for the Clamav-Scan i created a directory in /var/www/html/fog/clamav. A crontab-Job runs every day and download the newest virus signatures (main.cvd, daily.cvd, bytecode.cvd) and put it to these directory.
I’ve modifed the fog.av in /var/www/html/fog/service/ipxe.
Added some wget commands to download the virus signatures from the FOG-Server and not from the internet. So this works.
Here is the fog.av script with a comment in line 84.
I compared this script with the newest trunk update. It’s nearly the same. So i’m sure, that the Clamav-Scan with the newest trunk-version also won’t report a virus. You can see it only local on the machine at created directory /fog/log.txt.I hope you can start something with these information.
@Sebastian Roth
Yes, my dhcp works. Client gets an IP and so on after iPXE.
Have done some tests with FOG 1.2.0 (Imaging, Restoring, Scanning, …) That’s ok.Thanks. Richi
-
-
I seem to be having the same problem with my fog 1.2.0 install on debian. In the web interface, when I go to Report Management and then Virus History I get nothing after scanning multiple machines. When I look at c:\fog\log\log.txt I see that there is a virus found. Any tips on fixing this would be appreciated.
-
@hillie I have a very hard time fully understanding how you could possibly have c:\fog\log\log.txt AND have it showing that there was a virus found. FOG doesn’t use the FOG Client to track viruses, it’s a tasking that generates these reports.