Virus History is empty after Clamav-Scan



  • Hi,

    my question refers to the Advanced Task “Virus Scan with clamav”.

    Here some basic information to my installation:

    • Installed Operating System: CentOS 6.4 (updated to 6.7)
    • CentOS is prepared for FOG-Server like described in the FOG User Guide
    • Installed FOG-Version: 1.2.0
    • Client machine for test: Windows 7 Professional (physical machine)

    Everything works fine. (Imaging, Restoring, Tasks and so on)

    So Clamav is installed on FOG and the client downloads the newest virus signatures from a local networkshare of the FOG-Server. The Task works. For testing i’ve put a testvirus (eicar.com, eicar.zip, eicar.tgz) on the client. When clamav is scanning you can see on clients screen, that clamav finds the virus. After the scanning procedure a fog directory was created on C:.

    Now to my problem:

    After the scan under “Report Management” --> “Virus History” on the FOG-Server there are no results (No result found).

    Any someone here with the same problem ?
    Or do have to install the FOG-Agent on the client machine to see results in Virus History ?

    After a long research i think this is my last possibility to fix this problem.

    Thanks.

    Richi



  • @x9rok Is there any way I could get you to help me with the working and installation process involved to get clam av to work…I’ve got it installed on server at this point.



  • @all

    Hi,

    i think we can close this topic to solved.
    I’ve found anouther solution to generate reports after a clamav-virus scan.

    I will publish this when it’s ready.

    Thanks for all answers and support :)

    Richi


  • Senior Developer

    @hillie I have a very hard time fully understanding how you could possibly have c:\fog\log\log.txt AND have it showing that there was a virus found. FOG doesn’t use the FOG Client to track viruses, it’s a tasking that generates these reports.



  • I seem to be having the same problem with my fog 1.2.0 install on debian. In the web interface, when I go to Report Management and then Virus History I get nothing after scanning multiple machines. When I look at c:\fog\log\log.txt I see that there is a virus found. Any tips on fixing this would be appreciated.





  • @ Tom Elliot

    Hi,

    to be sure i’ve done a fresh Fog-Server installation again.

    1. Prepared CentOS for FOG (disbale iptables, selinux and so on…)
    2. Installed FOG 1.2.0 and backup the database
    3. Installed GIT and cloned the newest FOG-Trunk version

    Now the FOG-Server installation has the version 5565.

    Kernel Versions are:

    • bzImage Version: 4.2.3
    • bzImage32 Version: 4.2.3

    Installation runs without errors.
    So again i tried to register a host via “Perform full Host registration and Inventory”. This time it runs without an error :-) At the end of this procedure i get the message “Done without imaging”. That’s ok. After this, “Attempting to send inventory” but no reboot will starts like before with the version 1.2.0.
    On the Management console i can see a registered Host. Better then before ^^. With the trunk version before, this was not possible.

    Then i started to run some Tasks. I tested for example the “Hardware Inventory Task”, this fails and the testclient goes into a loop. I opened the Logviewer to look for some errors --> white screen and nothing hanppens.

    FOG 1.2.0

    Now i think i really should go back to 1.2.0 without trunk. Everything what i need works fine with this version. Imaging, Restoring, all possible Tasks and Clamav, but only without reporting ^^

    In our production environment our machines should have no internet connection. So for the Clamav-Scan i created a directory in /var/www/html/fog/clamav. A crontab-Job runs every day and download the newest virus signatures (main.cvd, daily.cvd, bytecode.cvd) and put it to these directory.

    I’ve modifed the fog.av in /var/www/html/fog/service/ipxe.

    Added some wget commands to download the virus signatures from the FOG-Server and not from the internet. So this works.

    Here is the fog.av script with a comment in line 84.
    I compared this script with the newest trunk update. It’s nearly the same. So i’m sure, that the Clamav-Scan with the newest trunk-version also won’t report a virus. You can see it only local on the machine at created directory /fog/log.txt.

    I hope you can start something with these information.

    @Sebastian Roth

    Yes, my dhcp works. Client gets an IP and so on after iPXE.
    Have done some tests with FOG 1.2.0 (Imaging, Restoring, Scanning, …) That’s ok.

    Thanks. Richi


  • Senior Developer

    Once that is done we can look at the fog.av script. While using 1.2.0 is okay, I can’t fix what I am not aware of. I know, now, there is an issue but I’m not apt to go and try to replicate it for myself. Not lazy, just I know you have expected results where I don’t have a clue where to start.


  • Senior Developer

    OP, can you revert the db to before the issues began? I added, fairly recently, backing up the db before updating the db occurs. Shortly, and thankfully after, I was trying to fix a bug that essentially injected hosts without creating a valid insert id. During some reading, it was suggested to set the db value to NULL if the value was not set. I attempted this but everything is handled as a string and actually inserted the value as “NULL” instead of the sql value of just NULL. I believe some of the issue you are seeing is due to this. I have since fixed this issue as well as quite a few others, but it will required either fixing your db, or reverting to before those issues started occurring.


  • Developer

    I don’t think the error we see in the apache log is related to the registration problem. See Tom’s answer on this here: https://forums.fogproject.org/topic/5678/fog-unable-to-register-host-for-the-following-reasons/4

    Are you sure the client has a good connection and get’s an IP after the iPXE menu again?


  • Moderator

    These following lines are probably what the @Developers need to look into.

    PHP Warning:  array_merge(): Argument #1 is not an array in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 633, referer: http://localhost/fog/management/index.php?node=about
    PHP Warning:  preg_grep() expects parameter 2 to be array, null given in /var/www/html/fog/lib/pages/FOGConfigurationPage.class.php on line 635, referer: http://localhost/fog/management/index.php?node=about
    PHP Warning:  fopen(ftp://...@10.101.1.250): failed to open stream: operation failed in /var/www/html/fog/status/logtoview.php on line 5, referer: http://localhost/fog/management/index.php?node=about&sub=log
    


  • @george1421

    Here is the error_log:

    error_log

    Richi


  • Moderator

    I would take a look at the apache log file. It sounds like you came across a bug. tail the contents of /var/log/httpd/error_log and post the last few lines here. That may give us a better idea to the source of the issue.



  • @Wayne-Workman @Tom Elliot

    I have installed an upgrade like in the wiki described. Now the version of FOG is 5229.

    So still i get the message “Unable to register for following reasons and then --> BLANK”.
    I cannot test the clamav functionality cause i have no registered hosts in my database.

    I have read the article “(r5207) Host Management bugs” but it doesn’t helped me. Is this an open bug too ? Is there anyone with the same problem ?

    My last idea is to go back to FOG 1.2.0 without Trunk and to modify the fog.av-script to upload a virus found and add it to the database. Before i would try this, i hope to find some help or special tips here.

    Thanks.

    Richi



  • @Wayne-Workman

    Okay, i will try this. Thanks for your answer.


  • Moderator

    @x9rok said:

    To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.

    I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
    I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)

    When i try to delete a task, nothing happens and the task is still in the list.

    I think your problem with adding/deleting/canceling tasks partially is related to this bug, so I’ve linked it here: https://forums.fogproject.org/topic/6053/r5207-host-management-bugs


  • Moderator

    @x9rok said:

    Is there a newer Version than 5209 ? If yes, how can i check this ?
    Maybe there some other updates available ?

    Tom is constantly updating the trunk version… odds are, you’re now 10 versions behind lol. Go to your trunk directory and issue the command svn up to checkout whatever the latest svn revision is.



  • @Tom Elliott

    So i have done an upgrade via wget like you said.
    Now the FOG-Server installation has the version 5209.

    Kernel Versions are:

    • bzImage Version: 3.15.6
    • bzImage32 Version: 3.15.6

    To be sure i removed the testclient from the hostlist and tried to add it again via “Perform full Host registration and inventory”. This procedure fails with following message: “Unable to register for the following reasons: and then --> BLANK…”.

    I tried to use an existing host from the Hostlist and create a task (Clamav Virusscan). The task doesn’t run.
    I started the testclient and you could see the FOG-Boot-Menu (Boot from local hard disk, Memtest and so on…)

    When i try to delete a task, nothing happens and the task is still in the list.

    So Tom do you have another idea ?
    Is there a newer Version than 5209 ? If yes, how can i check this ?
    Maybe there some other updates available ?

    Thanks.

    Richi


  • Senior Developer

    @x9rok That’s exactly what I mean, upgrade to trunk. As a matter of fact, that is the exact title.



  • Okay, thanks for your answert Tom :-)

    “Can you upgrade to the latest dev version”. Do you mean “Upgrade to trunk” for example via wget or svn ?

    Thanks.

    Richi


Log in to reply
 

740
Online

38983
Users

10712
Topics

101680
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.