WHM 11.40.xx/Logwatch and clam-update

Dave G

Dave G

Member
Ah yes another question this AM

So Friday night WHM/cPanel updated it self my logwatch email arrived on Saturday and in place of the "Last ClamAV update process started at..." there was this:

--------------------- clam-update Begin ------------------------

No updates detected in the log for the freshclam daemon (the
ClamAV update process). If the freshclam daemon is not running,
you may need to restart it. Other options:

A. If you no longer wish to run freshclam, deleting the log file
(default is freshclam.log) will suppress this error message.

B. If you use a different log file, update the appropriate
configuration file. For example:
echo "LogFile = log_file" >> /etc/logwatch/conf/logfiles/clam-update.conf
where log_file is the filename of the freshclam log file.

C. If you are logging using syslog, you need to indicate that your
log file uses the syslog format. For example:
echo "*OnlyService = freshclam" >> /etc/logwatch/conf/logfiles/clam-update.conf
echo "*RemoveHeaders" >> /etc/logwatch/conf/logfiles/clam-update.conf

---------------------- clam-update End -------------------------

And now nothing about clam?

I'm at a loss on how to get my Clam AV update info back into my logwatch email any help on this would be great.
 
Morning Dave,

It sounds like cPanel dropped freshclam from your crontab. Have you checked to make sure it's in there? In SSH if you do a crontab -l it will list your crontab for you and you should see a line similar to this: 11 4 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings

At least that's what mine is. The numbers at the beginning can be different as they try to stagger the updates but the important thing is that it's running.

Another thing to check is your log file for it. If you look in /var/log you should see the file clam-update.log and if freshclam is running it would have today's or last night's date on it. If it really isn't then it would have the date for the last time it was ran.

If you find it's not in your crontab I would say to just add it. It wouldn't do any harm to just add the line I gave you above to the end of your crontab. To edit your crontab just do crontab -e.
 
Hi Dan

It sounds like cPanel dropped freshclam from your crontab. Have you checked to make sure it's in there? In SSH if you do a crontab -l it will list your crontab for you and you should see a line similar to this: 11 4 * * * /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings
Click to expand...

As I don't do SSH well I used csExpoler and could not find a file/folder called "freshclam" I assume there should be one in /usr/local/cpanel/3rdparty/bin/
Another thing to check is your log file for it. If you look in /var/log you should see the file clam-update.log and if freshclam is running it would have today's or last night's date on it. If it really isn't then it would have the date for the last time it was ran.
Click to expand...

I had asked earlier at ConfigServices as I was concerned that the virus info was not being updated they told me that to look here /usr/local/share/clamav/daily.cld and if it had today's date then the virus definitions were in fact being updated and no "clam-update.log" stopped being updated on 11/7
If you find it's not in your crontab I would say to just add it. It wouldn't do any harm to just add the line I gave you above to the end of your crontab. To edit your crontab just do crontab -e.
Click to expand...

I'm guessing this wont work as there is no file/folder called "freshclam".

I also believe my setup is a little different as I had ConfigServices harden my server and install there software + MailScaner. I may need to contract with them to see if they can fix.

Thanks
 
Hi Dave,

Prior to version 11.40 freshclam would update the virus definition files in the location they told you to check. But afterwards that location has changed to /usr/local/cpanel/3rdparty/share/clamav. I know this because I now get an email every day telling me that I have altered RPMs in my cPanel installation...well duh they are virus definitions of course they were changed LOL

It almost sounds like cPanel removed freshclam from your crontab. If ClamAV was installed outside of cPanel then cPanel would not know about it and might just remove it, I'm not really sure about that.

It's up to you whether you want to get ConfigServices involved again or not. You certainly can't be the only person experiencing this if they just did their standard so I would think they would know exactly what's going on.
 
@ Dave, Did you ever get this one figured out ? I too have been having same issues since the 12th.
The /var/log/clam-update.log shows its updating
The support ticket i created at the time gave me the following information...

It seems with the newest cPanel update that ClamAV has gone through some changes that are throwing things a little off here and there.
It now lives at a new location- /usr/local/cpanel/3rdparty/bin, and is run a little differently as well.
It also seems to have affected where and how Clam wants to log it's updates- the entire freshclam.conf file is now commented out, and doesn't appear to have any affect on anything.
The cronjob is still in place to perform the freshclam updates, and that's the most important part- so we're good there.
The Senior Administrators have informed me that patches will be forthcoming to sort little bugs out like this, but until then I don't have much to go on.
Click to expand...

So while im ok in the knolwedge thats its working and also ok with waiting on knownhost to come out with some "patch" i was curious if you had corrected your issue and if so how ?

Tony
 
Hi Tony

No I haven't other thing's came to the top of the list as I to am happy it was still being updated.
It's nice to see that KH will be looking into a fix.
 
Dave,
Seems they might have patched, logwatch reported the following this morning :)

--------------------- clam-update Begin ------------------------

Last ClamAV update process started at Mon Dec 2 03:56:33 2013

Last Status:
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-18187.cdiff [100%]
daily.cld updated (version: 18187, sigs: 546132, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 233, sigs: 44, f-level: 63, builder: dgoddard)
Database updated (2970401 signatures) from database.clamav.net

---------------------- clam-update End -------------------------
 
Dave, i doubt mailscanner would have any effect, all the logwatch is doing is parsing the different system log files and outputting in a simgle report. Im in the Texas data center, might just be they havent gottent to you yet, but of course, im merly guessing here :)
 
I'm in Texas also. I'll just keep an eye out till the first of the year, then contact support and see what can be done the important thing is the virus definitions are being updated @ /usr/local/share/clamav/daily.cld
 
You must log in or register to reply here.
Top