OMG, is it possible to fix it?
this is what i mean to say there are two entries for Exclude
the second one in corrupted
I used cockpit to remove /boot
[root@srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
Exclude=/boot,/proc,/sys,/usr/share/doc
FilesystemScan=now
FilesystemScanExclude=/proc,/sys,/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=7d
JobHour=2h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=enabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=enabled
status=enabled
[root@srv01 ~]#
I reproduced the bug , after enabling Clamscan this is how the db looks like here:
config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
FilesystemScan=daily
FilesystemScanExclude=/boot
/proc
/sys
/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=0h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=disabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=disabled
status=disabled
Note :
FilesystemScanExclude=/boot
/proc
/sys
/usr/share/doc
I checked within my second server:
config show clamscan
[root@ns-srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=enabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=enabled
DetectBroken=disabled
DetectPua=enabled
DetectStructured=disabled
FilesystemScan=daily
FilesystemScanExclude=/tmp/,/boot,/proc,/sys,/usr/share/doc,/etc/suricata/rules/,/var/lib/clamav-unofficial-sigs/
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=1h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=enabled
PhishingSigs=enabled
Quarantine=disabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=disabled
status=enabled
[root@ns-srv01 ~]#
DANGER ZONE kind of fixed it with:
config delete clamscan
signal-event nethserver-clamscan-update
[root@srv01 ~]# config delete clamscan
[root@srv01 ~]# signal-event nethserver-clamscan-update
[root@srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
FilesystemScan=daily
FilesystemScanExclude=/boot
/proc
/sys
/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=0h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=disabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=disabled
status=disabled
[root@srv01 ~]#
And does it work now?
after this fix Clamscan was disabled. I was able to re-enable ClamScan and the error seems to be gone.
config show clamscan
[root@srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
FilesystemScan=weekly
FilesystemScanExclude=/boot,/proc,/sys,/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=0h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=enabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=enabled
status=enabled
[root@srv01 ~]#
Thank you very much!
@stephdl open an Issue, although not sure my analysis is right
Maybe the migrate script can be of influence too
I changed the default property FilesystemScanExclude
to a comma split, but this does not explain why the db property was corrupted
:-?
The migrate script replaces the separator from \n
to ,
, it doesn’t modify another property, fun