ClamAV Alert about new config version

NethServer Version: 7.7.1908
Module: clamav

Hi friends,

since this morning I get Alert messages from clamav:


ALERT: New version : v6.3.0 @ https://github.com/extremeshok/clamav-unofficial-sigs



ALERT: New config version : v81 @ https://github.com/extremeshok/clamav-unofficial-sigs


What to do??

TIA flatspin

6 Likes

I’ve just started getting those as well.
Bob

Same behaviour here

Don’t know if it’s the right procedure (don’t do it in production!) but I just upgraded the files as described here for version 6.1 and below

I had to move a file because it was downloaded to wrong location:

mv /usr/local/sbin/clamav-unofficial-sigs.sh /usr/sbin/clamav-unofficial-sigs.sh

Now after running /usr/sbin/clamav-unofficial-sigs.sh I don’t get the “alerts” anymore.

2 Likes

Something went wrong between the developer and the EPEL package maintainer :slight_smile:

This is the upstream bug: https://bugzilla.redhat.com/show_bug.cgi?id=1794506

To disable the alerts, this should do the job (not tested):

sed -i  's/MAILTO=root/MAILTO=/' /etc/cron.d/clamav-unofficial-sigs

Same here.
I would prefer an “official” fix though.

4 Likes

+1 from me on the “official fix”. I’m paying for the stable update repository (Crostino subscription) so this sort of problem shouldn’t happen.

Regards
Bob

1 Like

Hello,
Same here, getting plenty of emails.

Kind Regards,
Adnan

Sorry but it will happen :frowning: It is upstream code shipped months ago which is now reporting an invalid message.

2 Likes

OK, I accept you can’t control upstream faults. Please publish an official fix as soon as you’re able to - there must be lots of Nethserver users who are experiencing this issue.

Regards
Bob

4 Likes

Yeah!

You can try the autobuild RPM from https://github.com/NethServer/nethserver-antivirus/pull/11

1 Like

I followed upgrade instructions from developerpage (as @mrmarkuz postet) right now and was “downgraded” to version 6.1.0 with config V80 and no errors anymore.

I think the developer has already reacted. The file clamav-unofficial-sigs.sh is only 4 hours old.

See also https://github.com/extremeshok/clamav-unofficial-sigs/issues/281

Hi@All,

after following the upgrade instructions posted by mrmarkuz i received this message vial mail:

/usr/sbin/clamav-unofficial-sigs.sh: line 1945: ir: command not found.

What must i do to solve this problem?

Regards

Uwe

I’m getting the same thing. Not sure what to do though–a quick Google doesn’t find anything that looks relevant.

Hi,

since this morning i received this Mail:

Subject: Cron root@myserver [ -x /usr/sbin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/sbin/clamav-unofficial-sigs.sh
ALERT: New version : v7.0.1 @ https://github.com/extremeshok/clamav-unofficial-sigs

After update to v 7.0.1 i received this message hourly.

Edit: And now i think i have a other problem.

Sun Jan 26 12:38:01 2020

Scanned Folder: //var/lib/clamav/rfxn.yara: Php.Exploit.C99-23 FOUND
/var/lib/clamav-unofficial-sigs/dbs-lmd/sigpack.tgz: Php.Exploit.C99-23 FOUND
/var/lib/clamav-unofficial-sigs/dbs-lmd/rfxn.yara: Php.Exploit.C99-23 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6561649
Engine version: 0.101.5
Scanned directories: 25633
Scanned files: 147284
Infected files: 3
Data scanned: 21793.64 MB
Data read: 16757.90 MB (ratio 1.30:1)
Time: 2059.986 sec (34 m 19 s)

Regards

Uwe

And here is a other new message:

Subject: Cron root@mysererver [ -x /usr/sbin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/sbin/clamav-unofficial-sigs.sh
curl: (3) malformed
curl: (3) malformed
curl: (3) malformed


ALERT: New version : v7.0.1 @ https://github.com/extremeshok/clamav-unofficial-sigs


Friends, who can help me to stop the trouble?

Sorry, i wish I new how to fix this. My NethServer is a production device (runs my home network and email) so I’m waiting for the official fix via the software center. I hope they sort it out soon. It’s not causing me a huge problem, i just delete the junk emails.

Do you have any backups or snapshots you could restore from?
Bob

1 Like

That doesn’t help. I restored V6.1.0 and now I’m getting this every Hour:


ALERT: New version : v7.0.1 @ GitHub - extremeshok/clamav-unofficial-sigs: ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com



ALERT: New config version : v91 @ GitHub - extremeshok/clamav-unofficial-sigs: ClamAV Unofficial Signatures Updater maintained by eXtremeSHOK.com


Followed the update instruction on the devs page for 6.1

Downloaded files to tmp dir. Made clamav-unofficial-sigs.sh executable. Copied files into right directories.
and did a forced update:

sh /usr/sbin/clamav-unofficial-sigs.sh --force
################################################################################
 eXtremeSHOK.com ClamAV Unofficial Signature Updater
 Version: v7.0.1 (2020-01-25)
 Required Configuration Version: v91
 Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
################################################################################
Loading config: /etc/clamav-unofficial-sigs/master.conf
Loading config: /etc/clamav-unofficial-sigs/os.conf
Loading config: /etc/clamav-unofficial-sigs/user.conf
+++++++++++++++++++++++
NOTICE: forcing updates
+++++++++++++++++++++++
===================
Preparing Databases
===================
==================================================
Sanesecurity Database & GPG Signature File Updates
==================================================
Checking for Sanesecurity updates...
Sanesecurity mirror site used:  46.21.115.195
receiving file list ...
58 files to consider
-------------------------------------------
No Sanesecurity database file updates found
-------------------------------------------
========================================
LinuxMalwareDetect Database File Updates
========================================
Checking for LinuxMalwareDetect updates...
========================================
LinuxMalwareDetect Database File Updates
========================================
---
---
Testing updated LinuxMalwareDetect database file: rfxn.yara
Clamscan reports LinuxMalwareDetect rfxn.yara database integrity tested good
Successfully updated LinuxMalwareDetect production database file: rfxn.yara
================================
Yara-Rules Database File Updates
================================
Checking for urlhaus updates...
Checking for updated urlhaus database file: urlhaus.ndb
Testing updated urlhaus database file: urlhaus.ndb
Clamscan reports urlhaus urlhaus.ndb database integrity tested good
Successfully updated urlhaus production database file: urlhaus.ndb
=================================
Setting permissions and ownership
=================================
===========================================================
Database reload has been disabled in the configuration file
===========================================================
----------------------------------------------------------------------------
Issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
----------------------------------------------------------------------------
##############################################
      Powered By https://eXtremeSHOK.com
##############################################
[root@nethserver sbin]# clamav-unofficial-sigs.sh -V
################################################################################
 eXtremeSHOK.com ClamAV Unofficial Signature Updater
 Version: v7.0.1 (2020-01-25)
 Required Configuration Version: v91
 Copyright (c) Adrian Jon Kriel :: admin@extremeshok.com
################################################################################

No errors so far.
Now waiting for cron to execute, if this will generate an error or a message.
Will report at about 09:30 :clock930:

EDIT: Markt this as solution, as for my problem it is. No more errors in the log, no more email-alerts. Everything seems to fine again. It was a upstream issue. Nothing partikular to nethserver.
The spaming was annoying, but not a real issue. So have a nice day all together…

1 Like