[ZendTo] ClamAV error

HILLENBRAND Marita m.hillenbrand at montgeron.fr
Mon Oct 18 13:44:04 BST 2021 

Dear all,

I retried the update of our Ubuntu 18.04.5 LTS and at one point there was this message (sorry, it’s a french version) :
….
Fichier de configuration « /etc/apparmor.d/usr.sbin.clamd »
==> Modifié (par vous ou par un script) depuis l'installation.
==> Le distributeur du paquet a fourni une version mise à jour.
   Que voulez-vous faire ? Vos options sont les suivantes :
    Y ou I  : installer la version du responsable du paquet
    N ou O  : garder votre version actuellement installée
      D     : afficher les différences entre les versions
      Z     : suspendre ce processus pour examiner la situation
L'action par défaut garde votre version actuelle.
*** usr.sbin.clamd (Y/I/N/O/D/Z) [défaut=N] ?

This time, I said « Y » and now clamav works fine after the update.

The only thing that I didn’t get right, was the update of the version of clamav :

root at sv-ctm-zendto:/home/zendto# freshclam
WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22
Mon Oct 18 14:33:03 2021 -> ClamAV update process started at Mon Oct 18 14:33:03 2021
Mon Oct 18 14:33:03 2021 -> ^Your ClamAV installation is OUTDATED!
Mon Oct 18 14:33:03 2021 -> ^Local version: 0.103.2 Recommended version: 0.103.3
Mon Oct 18 14:33:03 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Mon Oct 18 14:33:03 2021 -> daily.cld database is up-to-date (version: 26326, sigs: 1938868, f-level: 90, builder: raynman)
Mon Oct 18 14:33:03 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Mon Oct 18 14:33:03 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

I had a look on there website, but that didn’t help me much. I guess I’ll wait and see.

Best regards,
Marita HILLENBRAND
Service Informatique
Centre Administratif et Technique
130, avenue Charles de Gaulle - 91230 Montgeron
Tél : 01 70 58 93 40  Port : 06 24 04 43 58
www.montgeron.fr<https://www.montgeron.fr/>

[cid:image001.jpg at 01D7C42E.98285A00]
Participez, vous aussi, à la protection de l'environnement en n'imprimant ce courriel que si nécessaire.
Le présent courriel peut contenir des renseignements confidentiels et ne s’adresse qu’au(x) destinataire(s) indiqué(s) ci-dessus. Si ce courriel vous est parvenu par erreur, veuillez le supprimer et nous en aviser aussitôt. Merci.

De : ZendTo <zendto-bounces at zend.to> De la part de HILLENBRAND Marita via ZendTo
Envoyé : lundi 18 octobre 2021 12:20
À : ZendTo Users <zendto at zend.to>
Cc : HILLENBRAND Marita <m.hillenbrand at montgeron.fr>
Objet : Re: [ZendTo] ClamAV error

Dear all,

I have also the problem, I updated our Ubuntu 18.04.5 LTS (en root)  with the commands below and got the upload error “The attempt to virus-scan your drop-off failed. Please notify the system administrator.”
apt update
apt upgrade zendto

# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.service.d
           └─extend.conf
   Active: failed (Result: exit-code) since Mon 2021-10-18 11:32:57 CEST; 28min ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://www.clamav.net/documents/
Main PID: 11391 (code=exited, status=1/FAILURE)

oct. 18 11:32:56 sv-ctm-zendto systemd[1]: Stopped Clam AntiVirus userspace daemon.
oct. 18 11:32:56 sv-ctm-zendto systemd[1]: Starting Clam AntiVirus userspace daemon...
oct. 18 11:32:56 sv-ctm-zendto systemd[1]: Started Clam AntiVirus userspace daemon.
oct. 18 11:32:57 sv-ctm-zendto clamd[11391]: ERROR: lchown to user 'clamav' failed on
oct. 18 11:32:57 sv-ctm-zendto clamd[11391]: log file '/var/log/clamav/clamav.log'.
oct. 18 11:32:57 sv-ctm-zendto clamd[11391]: Error was 'Operation not permitted'
oct. 18 11:32:57 sv-ctm-zendto clamd[11391]: Mon Oct 18 11:32:57 2021 -> ^lchown to user 'clamav' failed on log file '/var/log/clamav/clamav.log'.  Erro
oct. 18 11:32:57 sv-ctm-zendto systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
oct. 18 11:32:57 sv-ctm-zendto systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.

I got back to the old version for now, but I suspect, I need to update the system to make the let’s encrypt certificate function.

Best regards,

Marita HILLENBRAND
Service Informatique
Centre Administratif et Technique
130, avenue Charles de Gaulle - 91230 Montgeron
Tél : 01 70 58 93 40  Port : 06 24 04 43 58
www.montgeron.fr<https://www.montgeron.fr/>

[cid:image004.jpg at 01D7C42D.F444C900]
Participez, vous aussi, à la protection de l'environnement en n'imprimant ce courriel que si nécessaire.
Le présent courriel peut contenir des renseignements confidentiels et ne s’adresse qu’au(x) destinataire(s) indiqué(s) ci-dessus. Si ce courriel vous est parvenu par erreur, veuillez le supprimer et nous en aviser aussitôt. Merci.

De : ZendTo <zendto-bounces at zend.to<mailto:zendto-bounces at zend.to>> De la part de Dean Sherwood via ZendTo
Envoyé : lundi 18 octobre 2021 09:42
À : zendto at zend.to<mailto:zendto at zend.to>
Cc : Dean Sherwood <Dean at tropmedres.ac<mailto:Dean at tropmedres.ac>>
Objet : [ZendTo] ClamAV error

Dear all

We updated our Ubuntu 18.04.6 LTS server with below commands and now have the upload error “The attempt to virus-scan your drop-off failed. Please notify the system administrator.”
sudo apt update
sudo apt upgrade

---

Checking the clamav service we see
systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.service.d
           └─extend.conf
   Active: failed (Result: exit-code) since Mon 2021-09-27 11:33:58 +07; 3min 59s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)

  Process: 1323 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE)
  Process: 1317 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
  Process: 1097 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
Main PID: 1323 (code=exited, status=1/FAILURE)

Sep 27 11:33:51 zend2 systemd[1]: Starting Clam AntiVirus userspace daemon...
Sep 27 11:33:53 zend2 systemd[1]: Started Clam AntiVirus userspace daemon.
Sep 27 11:33:58 zend2 systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
Sep 27 11:33:58 zend2 clamd[1323]: ERROR: lchown to user 'clamav' failed on
Sep 27 11:33:58 zend2 clamd[1323]: log file '/var/log/clamav/clamav.log'.
Sep 27 11:33:58 zend2 clamd[1323]: Error was 'Operation not permitted'
Sep 27 11:33:58 zend2 clamd[1323]: Mon Sep 27 11:33:58 2021 -> ^lchown to user 'clamav' failed on log file '/var/log/clamav/clamav.log'.  Error was 'Operation not permitted'
Sep 27 11:33:58 zend2 systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.

---

Reinstalled and skipped all parts except for “Install and configure virus scanner, including SELinux and AppArmor support for it.”
Become root with "su -" if using CentOS, RedHat, Debian or SuSE, or "sudo su -" if using Ubuntu.
Download the installer:
curl -O zend.to path
Unpack it and cd into it:
tar xzf install.ZendTo.tgz
cd install.ZendTo
Run the installer:
./install.sh
=================================================================

Install and configure ClamAV

=================================================================

Installing ClamAV packages
Reading package lists... Done
Building dependency tree
Reading state information... Done
clamav is already the newest version (0.103.2+dfsg-0ubuntu0.18.04.2).
clamav-daemon is already the newest version (0.103.2+dfsg-0ubuntu0.18.04.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Making clamd notice new signatures much faster
Stop freshclam daemon so we can update signatures
Updating signatures
1. Ignore errors about not being able to notify clamd
2. Expect a delay after downloading main.cvd
3. Expect a long delay after downloading daily.cvd
WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:22
Mon Sep 27 11:32:42 2021 -> ClamAV update process started at Mon Sep 27 11:32:42 2021
Mon Sep 27 11:32:42 2021 -> ^Your ClamAV installation is OUTDATED!
Mon Sep 27 11:32:42 2021 -> ^Local version: 0.103.2 Recommended version: 0.103.3
Mon Sep 27 11:32:42 2021 -> DON'T PANIC! Read
Mon Sep 27 11:32:42 2021 -> daily.cld database is up-to-date (version: 26304, sigs: 1936445, f-level: 90, builder: raynman)
Mon Sep 27 11:32:42 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Mon Sep 27 11:32:42 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Allowing ClamAV to read Apache files
Allowing ClamAV through AppArmor to read ZendTo uploads
No need, already done.
Ubuntu 18: may need to work around a bug in the clamd AppArmor profile
Good, they have fixed it. No change needed
* Unloading AppArmor profiles                                                                                                                                                                              [ OK ]
[ ok ] Starting apparmor (via systemctl): apparmor.service.
[ ok ] Reloading apparmor configuration (via systemctl): apparmor.service.
I am going to have to override the systemd definition for
apache2 so it starts up with PrivateTmp=false.
I am creating /etc/systemd/system/apache2.service.d/PrivateTmp_zendto.conf
And tell systemd about the change
Starting ClamAV and freshclam daemons

ClamAV has been setup for you to work with ZendTo.

---

However we still have the upload error “The attempt to virus-scan your drop-off failed. Please notify the system administrator.”


Best regards,

Dean

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20211018/f88188dc/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 2631 bytes
Desc: image004.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20211018/f88188dc/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2631 bytes
Desc: image001.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20211018/f88188dc/attachment-0003.jpg>

More information about the ZendTo mailing list