clamav icon indicating copy to clipboard operation
clamav copied to clipboard

Published 20 hours ago verified publisher icon Cisco-Talos

clamdtop will not launch

Open JTMosaic opened this issue 3 years ago • 8 comments

$ clamdtop

Connecting to: /var/run/clamd.scan/clamd.sock Failed to initialize curses Abnormal program termination

$ clamdtop -V Clam AntiVirus Monitoring Tool 0.104.2

ncurses is installed:

$ rpm -qa | grep ncurses ncurses-libs-5.7-4.20090207.14.amzn1.x86_64 ncurses-base-5.7-4.20090207.14.amzn1.x86_64 ncurses-5.7-4.20090207.14.amzn1.x86_64

It should be noted that clamdtop 0.102.4 worked on this same system prior to the upgrade to 0.104.2

JTMosaic avatar Mar 02 '22 15:03 JTMosaic

How did you install clamav?

Can you please provide the output from clamconf -n? It may help us reproduce the issue so we can understand what is going wrong.

micahsnyder avatar Mar 10 '22 03:03 micahsnyder

Thanks for taking a look at this!

Installed:

wget https://www.clamav.net/downloads/production/clamav-0.104.2.linux.x86_64.rpm --user-agent="Mozilla/5.0" sudo rpm -ivh clamav-0.104.2.linux.x86_64.rpm

clamconf -n

Checking configuration files in /usr/local/etc

Config file: clamd.conf

LogFile = "/var/log/clamd.scan" LogSyslog = "yes" LocalSocket = "/var/run/clamd.scan/clamd.sock" LocalSocketMode = "660" ExcludePath = "^/proc/", "^/sys/" MaxDirectoryRecursion = "25" VirusEvent = "echo Virus found in $CLAM_VIRUSEVENT_FILENAME. See log in /var/log/clamd.scan for further details | mutt -s "VIRUS ALERT - hostname: %v " -- email_address_removed" User = "root" OnAccessMountPath = "/" OnAccessIncludePath = "/" OnAccessExcludeRootUID = "yes" OnAccessPrevention = "yes" OnAccessMaxThreads = "10"

Config file: freshclam.conf

LogSyslog = "yes" DatabaseOwner = "clamscan" DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings

Version: 0.104.2 Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information

Database directory: /usr/local/share/clamav bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 10:21:51 2021 daily.cld: version 26477, sigs: 1975702, built on Thu Mar 10 04:34:39 2022 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021 Total number of signatures: 8623221

Platform information

uname: Linux 4.14.248-129.473.amzn1.x86_64 #1 SMP Mon Sep 27 10:39:55 UTC 2021 x86_64 OS: Linux, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a218e8e0800000000040805

Build information

GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5) sizeof(void*) = 8 Engine flevel: 142, dconf: 142

JTMosaic avatar Mar 10 '22 17:03 JTMosaic

Found the reason. stracing the process shows, that the terminfo is being searched in

/root/.mussels/install/host-static/share/terminfo It actually looks for "xterm-256color" at /root/.mussels/install/host-static/share/terminfo/x/xterm-256color I guess it's a relic from the build environment.

This makes clamd run for me:

mkdirhier /root/.mussels/install/host-static/share/terminfo/x
cp /lib/terminfo/x/xterm-256color /root/.mussels/install/host-static/share/terminfo/x/xterm-256color

hildeb avatar Sep 13 '22 15:09 hildeb

Thanks for the research and possible workaround. We are on Amazon Linux so this worked for me:

As root:

mkdir -p ~/.mussels/install/host-static/share
ln -s /usr/share/terminfo ~/.mussels/install/host-static/share/terminfo

So now the question is: Will this be, or has this been fixed?

JTMosaic avatar Sep 13 '22 15:09 JTMosaic

Nice find @hildeb. That is indeed a relic from the build environment. It seems ncurses installs some terminfo databases under <prefix>/share/terminfo and then looks in that path at runtime to load them.

One kind of lousy option would be to change the ./configure line for building ncurses to this:

          ./configure --prefix={install} --with-default-terminfo-dir=/usr/share --disable-db-install

It may solve the issue for one of you, but unfortunately not for both.

Alternatively, we could abandon using a static lib for this dependency and link with libncurses.so instead. Either way would require you to have ncurses installed for that terminfo stuff... so... that'd at least make it easier for distros where it installs under /lib instead of /usr/share... This would probably be the easiest solution.

I suppose that ideally we'd have the .deb and .rpm packages install the terminfo database along with clamav, and install under /usr/local/share/terminfo. But I'm not sure how to do that.

micahsnyder avatar Sep 13 '22 16:09 micahsnyder

I believe this has been resolved. Going to close this issue, but please re-open if you are still having problems.

ragusaa avatar Apr 01 '24 20:04 ragusaa

This has not been fixed. It is still an issue in ClamAV 1.3.0. The fix above, to create a .mussels folder and symlink terminfo, is still necessary to use clamdtop

JTMosaic avatar Apr 01 '24 20:04 JTMosaic

My apologies, I'll re-open.

ragusaa avatar Apr 01 '24 20:04 ragusaa