> > > On Thu, 15 Jul 2021, Robert Kudyba wrote: > Here we are Aug 24
> >> ... do you have that log? > > > > Uploaded at ... > > Nothing remarkable there. Presumably you're aware of this warning > in that log? > See https://storm.cis.fordham.edu/~rkudyba/aug24 At 5:14 AM the problem started happening and cron has: Aug 24 05:14:01 storm CROND[537748]: (clamav) CMD ([ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh) Aug 24 05:14:03 storm CROND[537718]: (clamav) CMDEND ([ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh) Aug 24 05:15:01 storm CROND[538116]: (root) CMD (/bin/date >> $FILE ; /bin/ls -l /var/lib/clamav >> $FILE) > > If it's the same OS distribution you should be able to compare the > configurations, see what they both put in the logs etc. The command > > clamconf -n > > would be very useful for that but there are other configs as well. > clamconf -n Checking configuration files in /etc Config file: clamd.d/scan.conf ------------------------------ LogFile = "/var/log/clamd.log" TCPSocket = "3310" TCPAddr = "127.0.0.1" User = "clamav" PhishingScanURLs disabled HeuristicScanPrecedence = "yes" AlertBrokenExecutables = "yes" AlertBrokenMedia = "yes" AlertEncrypted = "yes" AlertEncryptedArchive = "yes" AlertEncryptedDoc = "yes" AlertOLE2Macros = "yes" AlertPhishingSSLMismatch = "yes" AlertPartitionIntersection = "yes" MaxScanTime = "350000" MaxScanSize = "157286400" MaxFileSize = "31457280" Config file: freshclam.conf --------------------------- LogFileMaxSize = "262144000" LogRotate = "yes" UpdateLogFile = "/var/log/freshclam.log" DatabaseOwner = "clamav" DatabaseMirror = "database.clamav.net" ConnectTimeout = "60" ReceiveTimeout = "60" Config file: mail/clamav-milter.conf ------------------------------------ LogFile = "/var/log/clamav-milter.log" LogTime = "yes" LogVerbose = "yes" User = "clamilt" ClamdSocket = "tcp:127.0.0.1:3310" MilterSocket = "inet:6666" AddHeader = "Add" Whitelist = "/etc/mail/clamav-milter-whitelist.conf" Software settings ----------------- Version: 0.103.3 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information -------------------- Database directory: /var/lib/clamav [3rd Party] badmacro.ndb: 621 sigs [3rd Party] shelter.ldb: 49 sigs [3rd Party] CVE-2013-0074.yar: 22 sigs [3rd Party] foxhole_js.cdb: 48 sigs [3rd Party] rfxn.yara: 11527 sigs [3rd Party] urlhaus.ndb: 5445 sigs [3rd Party] malware.expert.ndb: 1 sig [3rd Party] sanesecurity.ftm: 170 sigs [3rd Party] CVE-2013-0422.yar: 25 sigs [3rd Party] sigwhitelist.ign2: 12 sigs [3rd Party] junk.ndb: 55801 sigs [3rd Party] jurlbl.ndb: 5650 sigs [3rd Party] phish.ndb: 28047 sigs [3rd Party] rogue.hdb: 1005 sigs [3rd Party] scam.ndb: 12747 sigs [3rd Party] spamimg.hdb: 200 sigs [3rd Party] CVE-2015-1701.yar: 30 sigs [3rd Party] spamattach.hdb: 14 sigs [3rd Party] blurl.ndb: 2194 sigs [3rd Party] CVE-2015-2426.yar: 49 sigs [3rd Party] malwarehash.hsb: 771 sigs [3rd Party] CVE-2015-2545.yar: 76 sigs [3rd Party] foxhole_generic.cdb: 212 sigs [3rd Party] CVE-2015-5119.yar: 22 sigs [3rd Party] foxhole_filename.cdb: 2612 sigs [3rd Party] CVE-2016-5195.yar: 40 sigs [3rd Party] winnow_malware.hdb: 293 sigs [3rd Party] winnow_extended_malware_links.ndb: 1 sig [3rd Party] winnow_malware_links.ndb: 133 sigs [3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs [3rd Party] winnow_extended_malware.hdb: 245 sigs [3rd Party] safebrowsing.gdb: 49126 sigs [3rd Party] winnow.attachments.hdb: 182 sigs [3rd Party] CVE-2017-11882.yar: 66 sigs [3rd Party] winnow_bad_cw.hdb: 1 sig [3rd Party] EK_BleedingLife.yar: 112 sigs [3rd Party] bofhland_cracked_URL.ndb: 40 sigs [3rd Party] WShell_ASPXSpy.yar: 21 sigs [3rd Party] bofhland_malware_URL.ndb: 4 sigs [3rd Party] WShell_Drupalgeddon2_icos.yar: 26 sigs [3rd Party] bofhland_phishing_URL.ndb: 72 sigs [3rd Party] CVE-2010-0805.yar: 19 sigs [3rd Party] bofhland_malware_attach.hdb: 1836 sigs [3rd Party] CVE-2018-20250.yar: 22 sigs [3rd Party] hackingteam.hsb: 435 sigs [3rd Party] CVE-2018-4878.yar: 39 sigs [3rd Party] porcupine.ndb: 6622 sigs [3rd Party] bank_rule.yar: 11 sigs [3rd Party] phishtank.ndb: 9388 sigs [3rd Party] EMAIL_Cryptowall.yar: 52 sigs [3rd Party] porcupine.hsb: 208 sigs [3rd Party] scam.yar: 35 sigs [3rd Party] securiteinfo.ign2: 86 sigs [3rd Party] JJencode.yar: 19 sigs [3rd Party] securiteinfo.hdb: 159918 sigs [3rd Party] interserver256.hdb: 3626 sigs [3rd Party] securiteinfoold.hdb: 3525608 sigs [3rd Party] interservertopline.db: 161 sigs [3rd Party] javascript.ndb: 43708 sigs main.cvd: version 61, sigs: 6607162, built on Wed Jul 14 22:39:10 2021 [3rd Party] securiteinfohtml.hdb: 55106 sigs [3rd Party] CVE-2010-0887.yar: 22 sigs [3rd Party] securiteinfoascii.hdb: 98410 sigs daily.cld: version 26272, sigs: 1968128, built on Mon Aug 23 04:21:13 2021 [3rd Party] securiteinfopdf.hdb: 3408 sigs [3rd Party] CVE-2010-1297.yar: 20 sigs [3rd Party] securiteinfoandroid.hdb: 84401 sigs [3rd Party] rfxn.ndb: 2039 sigs [3rd Party] rfxn.hdb: 12932 sigs daily.cvd: version 26209, sigs: 3992031, built on Tue Jun 22 07:07:55 2021 [3rd Party] malware.expert.hdb: 1 sig [3rd Party] malware.expert.ldb: 1 sig [3rd Party] foxhole_js.ndb: 4 sigs [3rd Party] CVE-2012-0158.yar: 27 sigs [3rd Party] winnow_spam_complete.ndb: 26 sigs [3rd Party] whitelist.fp: 3081 sigs [3rd Party] winnow.complex.patterns.ldb: 3 sigs [3rd Party] Sanesecurity_spam.yara: 46 sigs [3rd Party] jurlbla.ndb: 1388 sigs [3rd Party] lott.ndb: 2335 sigs [3rd Party] spam.ldb: 2 sigs [3rd Party] spear.ndb: 1 sig [3rd Party] spearl.ndb: 1 sig [3rd Party] malware.expert.fp: 1 sig [3rd Party] scamnailer.ndb: 1 sig bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 10:21:51 2021 [3rd Party] winnow_phish_complete_url.ndb: 54 sigs [3rd Party] malwarepatrol.db: 9180 sigs [3rd Party] Sanesecurity_sigtest.yara: 54 sigs [3rd Party] email_Ukraine_BE_powerattack.yar: 33 sigs [3rd Party] Email_fake_it_maintenance_bulletin.yar: 29 sigs [3rd Party] Email_quota_limit_warning.yar: 31 sigs Total number of signatures: 16770754 Platform information -------------------- uname: Linux 5.12.14-300.fc34.x86_64 #1 SMP Wed Jun 30 18:30:21 UTC 2021 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a217c7c08000000020b0201 Build information ----------------- GNU C: 11.2.1 20210728 (Red Hat 11.2.1-1) (11.2.1) CPPFLAGS: -I/usr/include/libprelude CFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection LDFLAGS: -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -lprelude Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXX=g++' 'CXXFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 124, dconf: 124 > >
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
