> > > Oct 09 04:15:56 Checking for urlhaus updates... > > Oct 09 04:15:56 Checking for updated urlhaus database file: urlhaus.ndb > > Oct 09 04:15:56 Testing updated urlhaus database file: urlhaus.ndb > > Oct 09 04:15:56 Clamscan reports urlhaus urlhaus.ndb database integrity > tested good > > Oct 09 04:15:56 Successfully updated urlhaus production database file: > urlhaus.ndb > > Oct 09 04:15:56 Update(s) detected, reloading ClamAV databases > > Oct 09 04:15:56 ClamAV databases reloading > > Oct 09 04:15:56 Issue tracker : > https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_extremeshok_clamav-2Dunofficial-2Dsigs_issues&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=WaUuzrJtD_PKZ2pBpU-pfAEoxGBj-_rNdSJwvcK9NiI&s=mMxE841bG6uyKmN8KcULOvoeE948yxFA9Mo2udC0y_U&e= > > Oct 09 04:15:56 Powered By > https://urldefense.proofpoint.com/v2/url?u=https-3A__eXtremeSHOK.com&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=WaUuzrJtD_PKZ2pBpU-pfAEoxGBj-_rNdSJwvcK9NiI&s=7LlLO6tKn_1eYqKp_e8nViWQ6BAjCFkMgYzNFvigtfs&e= > >*Oct 09 05:14:02 ERROR: clam database directory (clam_dbs) not writable > /var/lib/clamav* > > Looks clear that the urlhaus db was updated OK. Does the unofficial > update script normally take an hour to run on your system?! The one > we use usually takes just a few minutes. >
My bad in trying to economize my post here's the entire update-related entry: Oct 09 04:14:01 Preparing Databases Oct 09 04:14:01 Fri 09 Oct 2020 04:14:01 AM EDT - Pausing database file updates for 114 seconds... Oct 09 04:15:55 Fri 09 Oct 2020 04:15:55 AM EDT - Pause complete, checking for new database files... Oct 09 04:15:55 Sanesecurity Database File Updates Oct 09 04:15:55 2 hours have not yet elapsed since the last Sanesecurity update check Oct 09 04:15:55 No update check was performed at this time Oct 09 04:15:55 Next check will be performed in approximately 1 hour(s), 6 minute(s) Oct 09 04:15:55 SecuriteInfo Database File Updates Oct 09 04:15:55 4 hours have not yet elapsed since the last SecuriteInfo update check Oct 09 04:15:55 No update check was performed at this time Oct 09 04:15:55 Next check will be performed in approximately 3 hour(s), 6 minute(s) Oct 09 04:15:55 LinuxMalwareDetect Database File Updates Oct 09 04:15:55 Checking for LinuxMalwareDetect updates... Oct 09 04:15:56 No LinuxMalwareDetect database file updates found Oct 09 04:15:56 MalwarePatrol Database File Updates Oct 09 04:15:56 24 hours have not yet elapsed since the last malwarepatrol update check Oct 09 04:15:56 No update check was performed at this time Oct 09 04:15:56 Next check will be performed in approximately 7 hour(s), 0 minute(s) Oct 09 04:15:56 Yara-Rules Database File Updates Oct 09 04:15:56 Checking for urlhaus updates... Oct 09 04:15:56 Checking for updated urlhaus database file: urlhaus.ndb Oct 09 04:15:56 Testing updated urlhaus database file: urlhaus.ndb Oct 09 04:15:56 Clamscan reports urlhaus urlhaus.ndb database integrity tested good Oct 09 04:15:56 Successfully updated urlhaus production database file: urlhaus.ndb Oct 09 04:15:56 Update(s) detected, reloading ClamAV databases Oct 09 04:15:56 ClamAV databases reloading > > ... perhaps I should contact the ExtremeSHOK contributors ... > > I'd have said so, yes. > well they may have an idea but I'm starting to think it's not related to their script. After all the username clamupdate does not come from their script. > > > perhaps there's some debug option that I'm not aware of? > > It's just a shell script, you could edit it to put debugging things in > there if you're comfortable with hacking shell scripts. Does it give > usage help if run with no arguments? Does it have the '-i' option? > Indeed I see some options here: https://github.com/extremeshok/clamav-unofficial-sigs So next time it happens I can try some of these: -v, --verbose Be verbose, enabled when not run under cron -i, --information Output system and configuration information for viewing or possible debugging purposes -t, --test-database Clamscan integrity test a specific database file eg: '-t filename.ext' (do not include file path) --check-clamav If ClamD status check is enabled and the socket path is correctly specifiedthen (sic) test to see if clamd is running or not Here's what the -i option returns: su - clamav -s /bin/bash -c '/usr/local/sbin/clamav-unofficial-sigs.sh -i' ################################################################################ eXtremeSHOK.com ClamAV Unofficial Signature Updater Version: v7.0.1 (2020-01-25) Required Configuration Version: v91 Copyright (c) Adrian Jon Kriel :: [email protected] ################################################################################ Loading config: /etc/clamav-unofficial-sigs/master.conf Loading config: /etc/clamav-unofficial-sigs/os.conf Loading config: /etc/clamav-unofficial-sigs/user.conf *** SCRIPT INFORMATION *** clamav-unofficial-sigs.sh 7.0.1 (2020-01-25) Master.conf Version: 91 Minimum required config: 91 *** SYSTEM INFORMATION *** Linux ourserver 5.7.15-200.fc32.x86_64 #1 SMP Tue Aug 11 16:36:14 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux *** CLAMSCAN LOCATION & VERSION *** /usr/bin/clamscan ClamAV 0.103.0/25952/Fri Oct 9 09:52:40 2020 *** RSYNC LOCATION & VERSION *** /usr/bin/rsync rsync version 3.2.3 protocol version 31 *** CURL LOCATION & VERSION *** /usr/bin/curl curl 7.69.1 (x86_64-redhat-linux-gnu) libcurl/7.69.1 OpenSSL/1.1.1g-fips zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0 libpsl/0.21.0 (+libidn2/2.3.0) libssh/0.9.5/openssl/zlib nghttp2/1.41.0 *** GPG LOCATION & VERSION *** /usr/bin/gpg gpg (GnuPG) 2.2.20 *** DIRECTORY INFORMATION *** Working Directory: /var/lib/clamav-unofficial-sigs Clam Database Directory: /var/lib/clamav Configuration Directory: /etc/clamav-unofficial-sigs > > ... I do see: > > systemctl status clam > > clamav-clamonacc.service clamav-unofficial-sigs.service > > clamd.service > > clamav-freshclam.service clamav-unofficial-sigs.timer > > clam-freshclam.service > > clamav-milter.service [email protected] > > clamonacc.service > > I don't use any of that stuff, I like to know what's going on. It > might be worth disabling all the service frippery and starting the > daemons from the command line to see if it behaves any differently. > Well systemd is so ingrained in most Linux distributions and the convenience of starting on reboot is helpful, as all's I need is for our long-time professor who still has his non-Gmail related email address on various lists, have a problem getting to his email box, and contacting me on Xmas eve (like he did last year) as emails are held back as ClamAV isn't running properly. Frippery! Ha another one you made me look up. > > > I see Fangfrisch < > https://urldefense.proofpoint.com/v2/url?u=https-3A__rseichter.github.io_fangfrisch_&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=WaUuzrJtD_PKZ2pBpU-pfAEoxGBj-_rNdSJwvcK9NiI&s=7eiHTwe_wlDQm90JBW-6Fudyd4iyBYqMk6hAJzxCDtM&e= > >is being > > maintained as an alternative. Haven't tried it yet. > > It might not be time to throw out the baby just yet, before swapping > one lot of unknowns for another lot of unknowns I'd definitely try a > bit of investigative work. After all other people use this stuff. If > extra logging, disabling services etc don't lead you anywhere it might > be worth purging and reinstalling all the implicated packages. Might be a good idea to purge if I can't figure this out. Thanks for all you do in this list!
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
