ClamAV and Sane Security Signatures RSS Back to forum
Hmmm...I seem to be seeing the same behavior from daily.cvd and main.cvd
Both are being downloaded but neither are being moved into the dB directory.
Wow, what happened to support and the community etc? I remember back in the day when the ORF news server was full of ORF admins and many folks were running the Sane dB's.
From the low amount of traffic I'm starting to wonder if anyone is still using ORF or am I the only one left? :)
Hi Marvin,
No, it's not like the old days but then, it never is and you can never go back ;)
I have not been chiming in re ClamAV since I don't have any good advice for you. I have noticed some things slipping thru my own install of ClamAV (some malware in ZIP attachments for example) so I'm about to give some other options a try.
Sam
@Marvin Miller:
Hello Marvin,
Let me break the ice here :) I have been doing some tests and managed to reproduce the symptoms that you described. Unfortunately I cannot tell which scenario applies to your case, but let me share my findings here:
1. The ClamSup script encounters an error during the signature update process and stops abruptly (Test: Run the ClamSup.bat from the Command Prompt to see the outputs):
This typically happens when the clamsup.ini contains invalid database names (dead URLs) or a newer clamsup.ini is used with Clamsup v1.2.9. According to the ClamSup change logs, this bug was fixed in v1.3.0. To resolve this issue, download the latest 'ClamSup.ini' and 'ClamSup.zip' package from http://sanesecurity.com/usage/windows-scripts/ , extract the contents of the ClamSup.zip into the clamav directory and overwrite the old ClamSup files. Make sure to change the 'LOCALFOLDER= c:\clamav\data' line in the ClamSup.cfg file to point to the correct "db" folder (e.g. c:\clamav\db).
2. Task Scheduler seemingly starts the ClamSup batch file on time, but nothing happens (Test: Delete the SIG_TMP folder to see if it gets recreated when the scheduled task starts):
This happens when the working directory of the script is not specified under the Task Action settings. To fix this, open the Windows Task Scheduler (Start>Run>taskschd.msc), select the Task Scheduler Library, right-click on the "ClamSup" task, select the Actions tab, click Edit and enter the ClamAV folder path in the "Start in (optional)" field without a closing backslash (e.g. c:\clamav ). Click Ok. Run the task manually (or wait) to see if the SIG_TMP folder gets recreated/updated.
Please let me know if this has helped to solve the issue.
@Daniel Novak (Vamsoft):
Hi Daniel;
You nailed it!
There were two issues. Once was that clamsup.ini had dB's that were no longer in use. When you mentioned I could run clamsup from a DOS prompt (never thought of that) it made it very easy to see exactly which definitions were causing problems.
Two definitions had a hyphen on the RSYNC line (causing them to fail) and several of the dB's listed were no longer in service. Once that was cleaned up I watched to see if the updated dB's would be moved into the proper dB directory when completed. They weren't !
So I then looked at the task scheduler entry and sure enough, the working directory had a closing backslash. I changed that and re-tried it and all the dB's came in, and when completed, they moved into the proper directory.
Thanks very much Daniel - you nailed it on all fronts! :) Well done!
@Marvin Miller:
I am glad I was able to help :)
TIP: If you want to spare yourself the trouble of manually maintaining the clamsup.ini file, I suggest installing ClamSup v1.3.0 (or a later version), as it can handle the depreciated databases and the hyphen characters in front of URLs. You can download ClamSup v1.3.1.1 (as of writing this) from http://sanesecurity.com/usage/windows-scripts/
Weird....after doing that it downloaded 34 dB files but only moved 14 of them across to the proper directory...
Got it cased :) Turns out there was no issue. What it does is, if it's downloading the new definitions, and sees that they are already present and up to date, then it does not move them as it assumes they were previously moved when they were first downloaded (makes sense).
So we're good to go!
Just wondering if anyone is having issues with Clamsup ?
What I'm seeing is that the Sane signatures are all being downloaded to the proper location;
C:\ClamAV\dB\SIG_TMP
but they are not being moved into C:\ClamAV\dB when completed.
I'm thinking this may be related to ClamSup.bat ?
As I recall, this functionality was always automatic. Is anyone out there seeing a similar issue or can shed light on the matter?