CentOS ClamAV and Fog 1.2.0.
-
I have similar behaviour on my production FOG server.
My resolv.conf is fine in the init.xz, I have DNS working + internet connectivity, but I can’t run freshclam to update the client.
I also can’t run freshclam on the FOG server.
I don’t have my lab at home running at the moment for more testing.Do you have a firewall ?
Can you run freshclam on the server? -
The firewall was disabled during the FOG install as instructed. I can freshclam once I add /tmp/resolv.conf in debug mode, although the download is rather slow. 5 minutes and only at 3% of the main.cvd download. I have 10meg, so I am assuming the download server is not in the US.
-
I think I know what the problem is with it.
It’s not DNS related, though your DNS may have an issue.
It’s related to the fact that we don’t install ClamAV on Centos/Fedora/Redhat OS’s anymore and I’m thinking the install function had a file that get’s requested. As the clamav isn’t installed, I’m thinking some directories aren’t copied over.
-
The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”
-
[quote=“Tom Elliott, post: 35955, member: 7271”]I think I know what the problem is with it.
It’s not DNS related, though your DNS may have an issue.
It’s related to the fact that we don’t install ClamAV on Centos/Fedora/Redhat OS’s anymore and I’m thinking the install function had a file that get’s requested. As the clamav isn’t installed, I’m thinking some directories aren’t copied over.[/quote]
Basically you’re saying Ubuntu over CentOS.
I suppose, although a neat and possibly useful tool, I can live without it for now. Then again, maybe I’ll try an Ubuntu install.Thanks for all your help.
-Craig -
Nah, I’m not saying Ubuntu over CentOS. What I am saying, is it still seems, to me, that it’s a problem with dns, not a problem with clamav.
-
[quote=“albion, post: 35957, member: 25750”]The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”[/quote]
If you increase the size of the initrd you should be able to download the files.
[url]http://fogproject.org/forum/threads/change-initrd-size.3920/[/url][quote=“albion, post: 35915, member: 25750”]
Although the link for resolv.conf was in /etc, the file I created in /tmp didn’t exist. When I tried to ping google.com I got the response “ping: bad address ‘google.com’”.[/quote]Maybe try delete the link for /etc/resolv.conf -> /tmp/resolv.conf, then touch /etc/resolv.conf, add your DNS settings in there to - this got DNS working for me in my testing.
I would think after both of these things it will work for you.
[quote=“albion, post: 35953, member: 25750”]I can freshclam once I add /tmp/resolv.conf in debug mode, although the download is rather slow. 5 minutes and only at 3% of the main.cvd download. I have 10meg, so I am assuming the download server is not in the US.[/quote]
You could change the setting in the initrd of the /etc/freshclam file to use a US mirror to see if that helps.
[SIZE=4][B]Closest mirrors[/B][/SIZE]
The DatabaseMirror directive in the config file specifies the database server freshclam will attempt (up to MaxAttempts times) to download the database from. The default database mirror is [URL=‘http://www.clamav.net/doc/latest/html/database.clamav.net’]database.clamav.net[/URL] but multiple directives are allowed. In order to download the database from the closest mirror you should configure freshclam to use [URL=‘http://www.clamav.net/doc/latest/html/db.xx.clamav.net’]db.xx.clamav.net[/URL] where xx represents your country code. For example, if your server is in “Ascension Island” you should have the following lines included in freshclam.conf:
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.ac.clamav.net
DatabaseMirror database.clamav.netThe second entry acts as a fallback in case the connection to the first mirror fails for some reason. The full list of two-letters country codes is available at [url]http://www.iana.org/cctld/cctld-whois.htm[/url]
-
The way FOG does fog.av, I make /usr/share/clamav a mount point with a size in memory of 100M.
This should be plenty large enough to hold your main.cvd file.
-
[quote=“Tom Elliott, post: 35972, member: 7271”]The way FOG does fog.av, I make /usr/share/clamav a mount point with a size in memory of 100M.
This should be plenty large enough to hold your main.cvd file.[/quote]
Thanks - That’s handy to know.
[quote=“albion, post: 35957, member: 25750”]The main.cvd download got to about 10% then failed on a full disk. “getfile: Can’t write 1440 bytes to /usr/share/clamav/…”[/quote]
I do not know why you receive that error then.
Perhaps troubleshoot with another debug task.
You can start a scan task with “avmode=q /bin/fog.av” , this may help troubleshoot further.In my setup, I have switched to client updating the .cvd files from the fog server directly and changed to use a static resolv.conf.
If anyone is interested;Commands:
cd /var/www/html/fog/services/ipxe
xz -d init.xz
mkdir mountdir
mount -o loop init mountdir
cd mountdir
rm etc/resolv.conf [should ask to delete a symbolic link]
touch etc/resolv.conf
echo “nameserver MyInternalDNSServer” > etc/resolv.conf
echo “nameserver MyInternalDNSServer2” >> etc/resolv.conf
vim bin/fog.av [comment out line 8 - #setupDNS ${dns}; ]
echo “DatabaseMirror IPAddressOfFogServer” > etc/freshclam"
echo “DatabaseOwner root” >> etc/freshclam"
cd …
umount mountdir
rmdir mountdir
xz -z -9 -C crc32 initcd /var/www/html
ln -s /var/clamav/bytecode.cvd
ln -s /var/clamav/daily.cvd
ln -s /var/clamav/main.cvdThis assumes the .cvd files are located in /var/clamav
FOG server runs freshclam daily with cron -
I’m currently working a different system to this.
I have built a clamav system from source.
Stored the source in /opt/fog/clamav.
Gave it 777 permissions throughout.
Added it to nfs mounts.
Making the mount point happen at boot, along with a checkin to let the system know it’s in progress.
Use those binaries to load the data. Freshclam can be run, and it will update the database files on the fog server as well.
Hopefully this will help us out. If you need the files right away, you can update the freshclam from the fog server using:
[code]/opt/fog/clamav/bin/freshclam[/code]This is in testing and there may be bugs to work out, but for right now I’m hoping this will help.
It has the added benefit that the init can be that much smaller as it won’t require building the init with clamav built into it. So when clamav updates, you can update on the fog server. I’ll see about building a "zip’ to keep this updated autonomously, but that can wait. I hope this will help everybody out.
