Permission on new install trying to run freshclam

[cgakers]

pi-star@pi-star(ro):~$ sudo apt-get update Hit:1 http://archive.raspberrypi.org/debian bullseye InRelease Hit:2 http://httpredir.debian.org/debian bullseye-backports InRelease Hit:3 http://raspbian.raspberrypi.org/raspbian bullseye InRelease Reading package lists... Done pi-star@pi-star(rw):~$ sudo apt-get install clamav Reading package lists... Done Building dependency tree... Done Reading state information... Done Suggested packages: libclamunrar clamav-docs The following NEW packages will be installed: clamav 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/157 kB of archives. After this operation, 585 kB of additional disk space will be used. Selecting previously unselected package clamav. (Reading database ... 46842 files and directories currently installed.) Preparing to unpack .../clamav_0.103.10+dfsg-0+deb11u1_armhf.deb ... Unpacking clamav (0.103.10+dfsg-0+deb11u1) ... Setting up clamav (0.103.10+dfsg-0+deb11u1) ... Processing triggers for man-db (2.9.4-2) ... pi-star@pi-star(rw):~$ sudo freshclam ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). ERROR: initialize: libfreshclam init failed. ERROR: Initialization error!

[ragusaa]

Hi,

Have you verified that the directory /var/log/clamav exists and the user you are running freshclam as can write to it?

[cgakers]

Rob,

Duh… I assumed since the install freshaclam portion ran without error; it was created. Saw freshclam running in process log.

Now clamscan hangs with no output even with -v. Not sure what is happenening. I have removed and reinstalled several times.

-g

From: ragusaa @.> Date: Monday, March 4, 2024 at 12:58 PM To: Cisco-Talos/clamav @.> Cc: Gregory Akers @.>, Author @.> Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)

Hi,

Have you verified that the directory /var/log/clamav exists and the user you are running freshclam as can write to it?

— Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/clamav/issues/1193#issuecomment-1977155555, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APZU6G5FXX7YT75JLMAIKADYWSY2ZAVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGE2TKNJVGU. You are receiving this because you authored the thread.Message ID: @.***>

[ragusaa]

clamscan does take a few minutes to load the signatures, I would expect it to be longer on a raspberry pi. Could you try this

1. Save 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' to a string (no newline).
2. run the command "clamscan -d /bytecode.cvd

The bytecode.cvd signature file is very small and should load really fast.

Also, could you run with '--debug' and upload the output?

Thanks, Andy

[cgakers]

After a reinstall I get this when I now run freshclam ???

sudo freshclam Mon Mar 4 17:34:33 2024 -> ClamAV update process started at Mon Mar 4 17:34:33 2024 Mon Mar 4 17:34:33 2024 -> ^Your ClamAV installation is OUTDATED! Mon Mar 4 17:34:33 2024 -> ^Local version: 0.103.10 Recommended version: 0.103.11 Mon Mar 4 17:34:33 2024 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Mon Mar 4 17:34:33 2024 -> daily.cvd database is up-to-date (version: 27204, sigs: 2054232, f-level: 90, builder: raynman) Mon Mar 4 17:34:33 2024 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Mon Mar 4 17:34:33 2024 -> bytecode.cvd database is up-to-date (version: 335, sigs: 86, f-level: 90, builder: raynman)

-g

From: ragusaa @.> Date: Monday, March 4, 2024 at 5:17 PM To: Cisco-Talos/clamav @.> Cc: Gregory Akers @.>, Author @.> Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)

clamscan does take a few minutes to load the signatures, I would expect it to be longer on a raspberry pi. Could you try this

1. Save @.**https://github.com/ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H' to a string (no newline).
2. run the command "clamscan -d /bytecode.cvd

The bytecode.cvd signature file is very small and should load really fast.

Also, could you run with '--debug' and upload the output?

Thanks, Andy

— Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/clamav/issues/1193#issuecomment-1977564645, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APZU6GYBOXHU6LXFN2L277DYWTXI5AVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGU3DINRUGU. You are receiving this because you authored the thread.Message ID: @.***>

[cgakers]

And this that I get when I try to make the string variable assignment:

$ @.[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H' -bash: @.[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H: command not found

It has been a long time since I have done this sort of thing, so I could be messing it up !

-g

From: ragusaa @.> Date: Monday, March 4, 2024 at 5:17 PM To: Cisco-Talos/clamav @.> Cc: Gregory Akers @.>, Author @.> Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)

clamscan does take a few minutes to load the signatures, I would expect it to be longer on a raspberry pi. Could you try this

1. Save @.**https://github.com/ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H' to a string (no newline).
2. run the command "clamscan -d /bytecode.cvd

The bytecode.cvd signature file is very small and should load really fast.

Also, could you run with '--debug' and upload the output?

Thanks, Andy

— Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/clamav/issues/1193#issuecomment-1977564645, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APZU6GYBOXHU6LXFN2L277DYWTXI5AVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGU3DINRUGU. You are receiving this because you authored the thread.Message ID: @.***>

[ragusaa]

You don't want to try and run that, the eicar string is used to test antivirus products. It should signature, but won't cause any damage. For a better explanation, check out https://www.eicar.org/download-anti-malware-testfile/

In your case, freshclam is not able to download signatures because your version of freshclam is too old. Our supported versions are on our downloads page here https://www.clamav.net/downloads. If there isn't a version there for your platform, your best bet is to contact your package maintainer or build from source.

[ragusaa]

If you are going to download from our downloads page, I would suggest going with 1.3 (latest), because 0.103 will be EOL'd later this year.

[cgakers]

Thanks !

-g

Get Outlook for iOShttps://aka.ms/o0ukef

---

From: ragusaa @.> Sent: Monday, March 4, 2024 5:50:47 PM To: Cisco-Talos/clamav @.> Cc: Gregory Akers @.>; Author @.> Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)

You don't want to try and run that, the eicar string is used to test antivirus products. It should signature, but won't cause any damage. For a better explanation, check out https://www.eicar.org/download-anti-malware-testfile/

In your case, freshclam is not able to download signatures because your version of freshclam is too old. Our supported versions are on our downloads page here https://www.clamav.net/downloads. If there isn't a version there for your platform, your best bet is to contact your package maintainer or build from source.

— Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/clamav/issues/1193#issuecomment-1977606047, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APZU6G4UP4PCX4KKHSUYSULYWT3EPAVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZXGYYDMMBUG4. You are receiving this because you authored the thread.Message ID: @.***>

[ragusaa]

No problem. I am going to close this issue, but let us know if you have any other issues getting set up.

Thanks, Andy

[ragusaa]

It just occurred to me that you could also try our docker image. https://hub.docker.com/u/clamav Documentation is here https://docs.clamav.net/manual/Installing/Docker.html

[cgakers]

Thanks !

-g

From: ragusaa @.> Date: Tuesday, March 5, 2024 at 5:31 PM To: Cisco-Talos/clamav @.> Cc: Gregory Akers @.>, Author @.> Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)

It just occurred to me that you could also try our docker image. https://hub.docker.com/u/clamav Documentation is here https://docs.clamav.net/manual/Installing/Docker.html

— Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/clamav/issues/1193#issuecomment-1979747400, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APZU6G2XQP75RBYVXZ4FGZLYWZBTLAVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZZG42DONBQGA. You are receiving this because you authored the thread.Message ID: @.***>

[val-ms]

@cgakers okay to close this ticket?

[cgakers]

yes

From: Micah Snyder @.> Date: Tuesday, May 14, 2024 at 10:14 AM To: Cisco-Talos/clamav @.> Cc: Gregory Akers @.>, Mention @.> Subject: Re: [Cisco-Talos/clamav] Permission on new install trying to run freshclam (Issue #1193)

@cgakershttps://github.com/cgakers okay to close this ticket?

— Reply to this email directly, view it on GitHubhttps://github.com/Cisco-Talos/clamav/issues/1193#issuecomment-2110354540, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APZU6G6GAELAA7IYGH7ITKTZCIL23AVCNFSM6AAAAABEDM56DCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJQGM2TINJUGA. You are receiving this because you were mentioned.Message ID: @.***>