WHM 11.40.xx/Logwatch and clam-update

Discussion in 'Linux VPS/Dedicated - General' started by Dave G, Nov 12, 2013.

  1. Dave G

    Dave G Member

    Ah yes another question this AM

    So Friday night WHM/cPanel updated it self my logwatch email arrived on Saturday and in place of the "Last ClamAV update process started at..." there was this:

    --------------------- clam-update Begin ------------------------

    No updates detected in the log for the freshclam daemon (the
    ClamAV update process). If the freshclam daemon is not running,
    you may need to restart it. Other options:

    A. If you no longer wish to run freshclam, deleting the log file
    (default is freshclam.log) will suppress this error message.

    B. If you use a different log file, update the appropriate
    configuration file. For example:
    echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
    where log_file is the filename of the freshclam log file.

    C. If you are logging using syslog, you need to indicate that your
    log file uses the syslog format. For example:
    echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
    echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf

    ---------------------- clam-update End -------------------------

    And now nothing about clam?

    I'm at a loss on how to get my Clam AV update info back into my logwatch email any help on this would be great.
  2. Dan

    Dan Moderator

    Morning Dave,

    It sounds like cPanel dropped freshclam from your crontab. Have you checked to make sure it's in there? In SSH if you do a crontab -l it will list your crontab for you and you should see a line similar to this: 11 4 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

    At least that's what mine is. The numbers at the beginning can be different as they try to stagger the updates but the important thing is that it's running.

    Another thing to check is your log file for it. If you look in /var/log you should see the file clam-update.log and if freshclam is running it would have today's or last night's date on it. If it really isn't then it would have the date for the last time it was ran.

    If you find it's not in your crontab I would say to just add it. It wouldn't do any harm to just add the line I gave you above to the end of your crontab. To edit your crontab just do crontab -e.
  3. Dave G

    Dave G Member

    Hi Dan

    As I don't do SSH well I used csExpoler and could not find a file/folder called "freshclam" I assume there should be one in /usr/local/cpanel/3rdparty/bin/
    I had asked earlier at ConfigServices as I was concerned that the virus info was not being updated they told me that to look here /usr/local/share/clamav/daily.cld and if it had today's date then the virus definitions were in fact being updated and no "clam-update.log" stopped being updated on 11/7
    I'm guessing this wont work as there is no file/folder called "freshclam".

    I also believe my setup is a little different as I had ConfigServices harden my server and install there software + MailScaner. I may need to contract with them to see if they can fix.

  4. Dan

    Dan Moderator

    Hi Dave,

    Prior to version 11.40 freshclam would update the virus definition files in the location they told you to check. But afterwards that location has changed to /usr/local/cpanel/3rdparty/share/clamav. I know this because I now get an email every day telling me that I have altered RPMs in my cPanel installation...well duh they are virus definitions of course they were changed LOL

    It almost sounds like cPanel removed freshclam from your crontab. If ClamAV was installed outside of cPanel then cPanel would not know about it and might just remove it, I'm not really sure about that.

    It's up to you whether you want to get ConfigServices involved again or not. You certainly can't be the only person experiencing this if they just did their standard so I would think they would know exactly what's going on.
    KH-Jonathan likes this.
  5. tones_ie

    tones_ie New Member

    @ Dave, Did you ever get this one figured out ? I too have been having same issues since the 12th.
    The /var/log/clam-update.log shows its updating
    The support ticket i created at the time gave me the following information...

    So while im ok in the knolwedge thats its working and also ok with waiting on knownhost to come out with some "patch" i was curious if you had corrected your issue and if so how ?

  6. Dave G

    Dave G Member

    Hi Tony

    No I haven't other thing's came to the top of the list as I to am happy it was still being updated.
    It's nice to see that KH will be looking into a fix.
  7. tones_ie

    tones_ie New Member

    Seems they might have patched, logwatch reported the following this morning :)

    --------------------- clam-update Begin ------------------------

    Last ClamAV update process started at Mon Dec 2 03:56:33 2013

    Last Status:
    main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
    Downloading daily-18187.cdiff [100%]
    daily.cld updated (version: 18187, sigs: 546132, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 233, sigs: 44, f-level: 63, builder: dgoddard)
    Database updated (2970401 signatures) from database.clamav.net

    ---------------------- clam-update End -------------------------
  8. Dave G

    Dave G Member

    Great though I didn't see it in mine this AM, will check again tomorrow.
  9. Dave G

    Dave G Member

    Alas no joy in Mudvill it may be due to me running MailScanner?
  10. tones_ie

    tones_ie New Member

    Dave, i doubt mailscanner would have any effect, all the logwatch is doing is parsing the different system log files and outputting in a simgle report. Im in the Texas data center, might just be they havent gottent to you yet, but of course, im merly guessing here :)
  11. Dave G

    Dave G Member

    I'm in Texas also. I'll just keep an eye out till the first of the year, then contact support and see what can be done the important thing is the virus definitions are being updated @ /usr/local/share/clamav/daily.cld

Share This Page