Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Aug 2011
    Posts
    7

    Default ClamAV constantly updating itself?

    We're working on ditching our old router/firewall box, in favor of Untangle.

    We downloaded an Untangle 9.02 iso, installed and everything went fine.

    However, every approximately two and a half minutes, clamav decides it needs to check for virus updates (at least, that's what the freshclam.log file says, along with it complaining about running at functionality level 55, not 60, and wanting someone to make sure the tools are linked against the proper version of libclamav). This spikes the cpu to 100% for 5-10 seconds while doing its checking and clamav restarting.

    System Info in Untangle shows "Build: 9.0.2~svn20110815r29485release9.0-1lenny" ... Not being familiar with Untangle (nor am I the person who got the iso in the first place, so I can't say where the iso was downloaded from)... The presence of 'svn' in the string makes me wonder if we got a development instead of stable iso which would then be perfectly fine for people to say "Yeah... dev/preview builds aren't stable."

    If that's not the case, does anyone have any ideas?

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Welcome to the forums.

    Nothing sounds abnormal. Is there an issue?
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Aug 2011
    Posts
    7

    Default

    ClamAV is re-checking its definitions and then restarting every 2-3 minutes. This happens even when the Virus Blocker is turned off via the "power" button on the rack, and also happens when the Virus Blocker is completely removed from the rack.

    This leads to 100% cpu usage on the box for 5-10 seconds (again, this happens every 2-3 minutes). Right now, this is a testbed, so I can't say if it will cause issues in production. But, it just doesn't seem right that it is doing it in the first place.

    The setting in /etc/clamav/freshclam.conf indicates that it checks for a new database 24 times a day. I could live with once an hour (and I would most likely back that off to once a day), but once every 2-3 minutes seems way too frequent.

  4. #4
    Newbie
    Join Date
    Jan 2011
    Posts
    2

    Default

    I am also having this same problem. I constantly see ClamAV in my logs and every 30 seconds I see it restart. How do I stop this from occurring? And am I losing protection every time it restarts?

  5. #5
    Untangler
    Join Date
    Mar 2011
    Posts
    78

    Default

    Mine is doing the same thing.

    Mine was working, and checking every 60 minutes, like it's supposed to, and then at one point, and I have the logs (at the end of the post), where it changed, and from this point on, it's checking for updates every 2 minutes.

    Something is going on, because I have the two conf files in /etc, BUT I cannot look at either one or the contents. When I do a more on the file, it says that they don't exist. When I do a vi on the files, the files are empty, or appear to be new files, but they both have file sizes listed, so it appears that something is in them. I have NOT changed anything about these files before this happened, or after for that matter. Another thing that I have noticed is that i have NOT seen anything in my logs since it's started checking every 2 minutes that indicates that it has been successful at completing.

    Here's the last freshclam.log that was successful on the hour, and the one immediately following is the beginning of the 2 minute update, and everything following this will look just like the last part:

    Sun Sep 25 14:48:07 2011 -> --------------------------------------
    Sun Sep 25 14:48:07 2011 -> ClamAV update process started at Sun Sep 25 14:48:07 2011
    Sun Sep 25 14:48:07 2011 -> main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
    Sun Sep 25 14:48:07 2011 -> daily.cld is up to date (version: 13673, sigs: 198757, f-level: 60, builder: guitar)
    Sun Sep 25 14:48:07 2011 -> WARNING: Current functionality level = 55, recommended = 60
    Sun Sep 25 14:48:07 2011 -> Please check if ClamAV tools are linked against the proper version of libclamav
    Sun Sep 25 14:48:07 2011 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Sun Sep 25 14:48:07 2011 -> bytecode.cvd is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)
    Sun Sep 25 14:48:07 2011 -> WARNING: Current functionality level = 55, recommended = 60
    Sun Sep 25 14:48:07 2011 -> Please check if ClamAV tools are linked against the proper version of libclamav
    Sun Sep 25 14:48:07 2011 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Sun Sep 25 15:06:59 2011 -> Received signal: wake up
    Sun Sep 25 15:06:59 2011 -> ClamAV update process started at Sun Sep 25 15:06:59 2011
    Sun Sep 25 15:06:59 2011 -> main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
    Sun Sep 25 15:06:59 2011 -> daily.cld is up to date (version: 13673, sigs: 198757, f-level: 60, builder: guitar)
    Sun Sep 25 15:06:59 2011 -> WARNING: Current functionality level = 55, recommended = 60
    Sun Sep 25 15:06:59 2011 -> Please check if ClamAV tools are linked against the proper version of libclamav
    Sun Sep 25 15:06:59 2011 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Sun Sep 25 15:06:59 2011 -> bytecode.cvd is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)
    Sun Sep 25 15:06:59 2011 -> WARNING: Current functionality level = 55, recommended = 60
    Sun Sep 25 15:06:59 2011 -> Please check if ClamAV tools are linked against the proper version of libclamav
    Sun Sep 25 15:06:59 2011 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Sun Sep 25 15:06:59 2011 -> --------------------------------------
    Sun Sep 25 15:49:52 2011 -> --------------------------------------
    Sun Sep 25 15:49:52 2011 -> ClamAV update process started at Sun Sep 25 15:49:52 2011
    Sun Sep 25 15:49:52 2011 -> main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
    Sun Sep 25 15:49:52 2011 -> daily.cld is up to date (version: 13673, sigs: 198757, f-level: 60, builder: guitar)
    Sun Sep 25 15:49:52 2011 -> WARNING: Current functionality level = 55, recommended = 60
    Sun Sep 25 15:49:52 2011 -> Please check if ClamAV tools are linked against the proper version of libclamav
    Sun Sep 25 15:49:52 2011 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Sun Sep 25 15:49:52 2011 -> bytecode.cvd is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)
    Sun Sep 25 15:49:52 2011 -> WARNING: Current functionality level = 55, recommended = 60
    Sun Sep 25 15:49:52 2011 -> Please check if ClamAV tools are linked against the proper version of libclamav
    Sun Sep 25 15:49:52 2011 -> DON'T PANIC! Read http://www.clamav.net/support/faq
    Sun Sep 25 15:57:32 2011 -> --------------------------------------

    Here's the same time from clamav.log:

    Sun Sep 25 14:48:07 2011 -> +++ Started at Sun Sep 25 14:48:07 2011
    Sun Sep 25 14:48:07 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
    Sun Sep 25 14:48:07 2011 -> Log file size limit disabled.
    Sun Sep 25 14:48:07 2011 -> Reading databases from /var/lib/clamav
    Sun Sep 25 14:48:07 2011 -> Not loading PUA signatures.
    Sun Sep 25 14:48:14 2011 -> Loaded 1043571 signatures.
    Sun Sep 25 14:48:27 2011 -> TCP: Bound to address 127.0.0.1 on port 3310
    Sun Sep 25 14:48:27 2011 -> TCP: Setting connection queue length to 15
    Sun Sep 25 14:48:27 2011 -> Limits: Global size limit set to 104857600 bytes.
    Sun Sep 25 14:48:27 2011 -> Limits: File size limit set to 104857600 bytes.
    Sun Sep 25 14:48:27 2011 -> Limits: Recursion level limit set to 16.
    Sun Sep 25 14:48:27 2011 -> Limits: Files limit set to 10000.
    Sun Sep 25 14:48:27 2011 -> Archive support enabled.
    Sun Sep 25 14:48:27 2011 -> Algorithmic detection enabled.
    Sun Sep 25 14:48:27 2011 -> Portable Executable support enabled.
    Sun Sep 25 14:48:27 2011 -> ELF support enabled.
    Sun Sep 25 14:48:27 2011 -> Mail files support enabled.
    Sun Sep 25 14:48:27 2011 -> OLE2 support enabled.
    Sun Sep 25 14:48:27 2011 -> PDF support enabled.
    Sun Sep 25 14:48:27 2011 -> HTML support enabled.
    Sun Sep 25 14:48:27 2011 -> Self checking every 3600 seconds.
    Sun Sep 25 15:49:26 2011 -> No stats for Database check - forcing reload
    Sun Sep 25 15:49:26 2011 -> Reading databases from /var/lib/clamav
    Sun Sep 25 15:49:51 2011 -> Database correctly reloaded (1109936 signatures)
    Sun Sep 25 15:49:51 2011 -> Pid file removed.
    Sun Sep 25 15:49:51 2011 -> --- Stopped at Sun Sep 25 15:49:51 2011
    Sun Sep 25 15:49:52 2011 -> +++ Started at Sun Sep 25 15:49:52 2011
    Sun Sep 25 15:49:52 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
    Sun Sep 25 15:49:52 2011 -> Log file size limit disabled.
    Sun Sep 25 15:49:52 2011 -> Reading databases from /var/lib/clamav
    Sun Sep 25 15:49:52 2011 -> Not loading PUA signatures.
    Sun Sep 25 15:50:03 2011 -> Loaded 1109936 signatures.
    Sun Sep 25 15:50:16 2011 -> TCP: Bound to address 127.0.0.1 on port 3310
    Sun Sep 25 15:50:16 2011 -> TCP: Setting connection queue length to 15
    Sun Sep 25 15:50:16 2011 -> Limits: Global size limit set to 104857600 bytes.
    Sun Sep 25 15:50:16 2011 -> Limits: File size limit set to 104857600 bytes.
    Sun Sep 25 15:50:16 2011 -> Limits: Recursion level limit set to 16.
    Sun Sep 25 15:50:16 2011 -> Limits: Files limit set to 10000.
    Sun Sep 25 15:50:16 2011 -> Archive support enabled.
    Sun Sep 25 15:50:16 2011 -> Algorithmic detection enabled.
    Sun Sep 25 15:50:16 2011 -> Portable Executable support enabled.
    Sun Sep 25 15:50:16 2011 -> ELF support enabled.
    Sun Sep 25 15:50:16 2011 -> Mail files support enabled.
    Sun Sep 25 15:50:16 2011 -> OLE2 support enabled.
    Sun Sep 25 15:50:16 2011 -> PDF support enabled.
    Sun Sep 25 15:50:16 2011 -> HTML support enabled.
    Sun Sep 25 15:50:16 2011 -> Self checking every 3600 seconds.
    Sun Sep 25 15:57:31 2011 -> Pid file removed.
    Sun Sep 25 15:57:31 2011 -> --- Stopped at Sun Sep 25 15:57:31 2011

    Notice in the second one that it does NOT say anywhere that database was correctly reloaded. From this point forward in the log, every 2 minutes, it will look exactly the same, and it never mentions that it's loading the database. I'm not convinced at this point that the AV is actually working, or working correctly...

    CADman_ks

  6. #6
    Newbie
    Join Date
    Jul 2011
    Posts
    7

    Default Can't tell, so decided to pay...

    I honestly do not think that ClamAV in community edition works, or stopped working on Release 9 of Untangle.
    Regardless of the "hourly update" it claims to do per log, users are being infected with virus\spyware. (we did a test simply by disabling the AV software on a VM test PC running Windows XP, then access a website via Google search looking for hacks - this always take you to some sort of spyware infested sites).

    Did another test with exact same environment except that this time, we purchase a subscription of Kaspersky. Accessing same site did not infected the test PC...

    Looks like the "free version" of antivirus feature in Untangle is not a protection to depend on.

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by cselement6 View Post
    I honestly do not think that ClamAV in community edition works, or stopped working on Release 9 of Untangle.
    Regardless of the "hourly update" it claims to do per log, users are being infected with virus\spyware. (we did a test simply by disabling the AV software on a VM test PC running Windows XP, then access a website via Google search looking for hacks - this always take you to some sort of spyware infested sites).

    Did another test with exact same environment except that this time, we purchase a subscription of Kaspersky. Accessing same site did not infected the test PC...

    Looks like the "free version" of antivirus feature in Untangle is not a protection to depend on.
    It works fine.
    If it isn't working for you I'd suggest calling support or troubleshooting the issue.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2