[CentOS] ClamAV help needed - Related problem

Sat Jun 21 08:59:01 UTC 2008
Anne Wilson <cannewilson at googlemail.com>

On Friday 20 June 2008 09:45:16 Anne Wilson wrote:
> On Friday 20 June 2008 06:13, Martin Garcia wrote:
> > Hi Anne, I have many servers running clamav, simply use the dag repos
> > http://dag.wieers.com/rpm/ and install it via yum "yum install clamav
> > clamd" then run freshclam, thats it. I presume your configuration is not
> > properly done.
>
> It turned out to be not exactly a clamav problem, but a clamtk problem.  I
> am using Dag's package, and logwatch has been telling me that everything is
> updating.  The problem showed up when I tried the context menu scan of a
> file, which clamtk provides.  I contacted the clamtk developer who has been
> very helpful.  This morning I have confirmed to him that the problem is
> fixed.
>
> For the sake of the archives, this is what he said:
> <quote>
> Ok, so it dawned on me what the problem likely is... ClamAV has
> several methods for signatures it uses: daily.info folder, daily and
> main.cvd, daily and main.cld. So, I'm thinking you have more than one
> of those in your signatures directory.
>
> If you open up a terminal window and type "ls /var/clamav" (without
> quotes of course), I'm betting you'll see a variety of files and/or
> directories in there. If you're up for it, as root type
> rm /var/clamav/* -rf
> which will remove all the signatures. Don't worry, you'll get them
> back in the next step. As root, type
> freshclam -v
> And that will download all the necessary signatures again.
>
> The problem I have is there are a variety of ways the linux distros
> package ClamAV, and I have to decide which ones to gather the
> information from... I thought I had it right, but your email is making
> me reconsider. :)
> </quote>
>
> I do wonder if something changed in clamav since I first installed it.  I
> remember that an update installed, and I did, for a couple of days, get a
> message that the database could not be notified of updated signatures.  I
> can't remember how that one got resolved.  Perhaps /var/clamav was left
> with an old version and a new version of the database, and was reading the
> old one.
>
This morning I wanted to make a change in the server's BIOS, so I had to 
reboot, and hit problems.  Bootup got to 'self-checking in 1800 seconds' and 
appeared to hang there.  I did leave it for some considerable time, but it 
didn't move on.  Eventually I used ssh to kill clamd and the boot continued.

I will be away from home for several days, so I need to get this sorted.  I 
presume that it is a mis-configuration somewhere that's causing it.  Can 
someone please advise me what to look for?  Thanks

Anne

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080621/96712897/attachment-0005.sig>