Too many levels of symlinks for /var/tmp (clamav shows this)

[Hostmavi]

Hi Richard;

I tried this on 1 of the servers, and I can confirm this indeed fixes the problem a far as I can see. No error anymore.

I'm glad that helped!

Great, thank you very much @Hostmavi for all your help and your patience with us!

You're very welcome


dont worry about the .conf files i don't test them on production server
i am testing thing on 2 differents test servers.
both test servers has current version of DA on

one server ./build remove_clamav worked other server not i thought this is bug .
now i find out why one of the server ./build remove_clamav worked
i dont know why not updated, but build file it was from sep 2022

Regards

 

[Hostmavi]

Hi Remco00;

I can confirm running clamd as user root has resolved the issue

I'm glad that helped.

Just a little worried about potential security risks like the daemon being exploited. Have to do some more reading about this.

Yes you are right.

but i thing maldet also running as root ??

 

[Richard G]

i dont know why not updated, but build file it was from sep 2022

That might be the cause that it did not do the removal.
I presume you already did this before:

./build update
./build set clamav no
./build clean
./build remove_clamav

But again, if it's an old versions.txt that could have been the cause. I removed via yum as explained.

but i thing maldet also running as root ??

Yes that is correct.
I don't know if it would also work if you run clamav as clamupdate but probably not I guess.

 

[mean]

My solution update /etc/clamav/freshclam.conf , Work for me.

# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

# DatabaseOwner clamav
# UpdateLogFile /var/log/clamav/freshclam.log
# LogVerbose false
# LogSyslog false
# LogFacility LOG_LOCAL6
# LogFileMaxSize 0
# LogRotate true
# LogTime true
# Foreground false

Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 300
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net


# --------------------------------------------------------------
# https://gist.github.com/alsyundawy/9df58b03506bad8ccd08e06d15a8fa93
# --------------------------------------------------------------

#DatabaseCustomURL http://cdn.malware.expert/malware.expert.ndb
#DatabaseCustomURL http://cdn.malware.expert/malware.expert.hdb
#DatabaseCustomURL http://cdn.malware.expert/malware.expert.ldb
#DatabaseCustomURL http://cdn.malware.expert/malware.expert.fp

DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.yara
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb


# Custom Database Clamav With token
# DatabaseCustomURL https://www.securiteinfo.com/get/si...277644267dbf5b01bf10c0275b16/securiteinfo.hdb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...77644267dbf5b01bf10c0275b16/securiteinfo.ign2
# DatabaseCustomURL https://www.securiteinfo.com/get/si...f2277644267dbf5b01bf10c0275b16/javascript.ndb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...7644267dbf5b01bf10c0275b16/spam_marketing.ndb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...44267dbf5b01bf10c0275b16/securiteinfohtml.hdb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...4267dbf5b01bf10c0275b16/securiteinfoascii.hdb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...67dbf5b01bf10c0275b16/securiteinfoandroid.hdb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...644267dbf5b01bf10c0275b16/securiteinfoold.hdb
# DatabaseCustomURL https://www.securiteinfo.com/get/si...644267dbf5b01bf10c0275b16/securiteinfopdf.hdb

#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfo.hdb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfo.ign2
#DatabaseCustomURL https://103.7.56.73/securiteinfo/javascript.ndb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/spam_marketing.ndb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfohtml.hdb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfoascii.hdb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfoandroid.hdb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfoold.hdb
#DatabaseCustomURL https://103.7.56.73/securiteinfo/securiteinfopdf.hdb



# Sanesecurity + Foxhole
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/junk.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/jurlbl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phish.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/rogue.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sanesecurity.ftm
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/scam.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamimg.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/spamattach.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/blurl.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_generic.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_filename.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_js.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_js.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_all.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/foxhole_mail.cdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/malwarehash.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/hackingteam.hsb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/badmacro.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/shelter.ldb

# winnow
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/winnow_bad_cw.hdb

# bofhland
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/bofhland_malware_attach.hdb

# Porcupine
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/phishtank.ndb
DatabaseCustomURL http://ftp.swin.edu.au/sanesecurity/porcupine.hsb

# WhiteList
#DatabaseCustomURL http://ruweb.net/whitelist_ruweb.ign2


# This option allows you to easily point freshclam to private mirrors.
# If PrivateMirror is set, freshclam does not attempt to use DNS
# to determine whether its databases are out-of-date, instead it will
# use the If-Modified-Since request or directly check the headers of the
# remote database files. For each database, freshclam first attempts
# to download the CLD file. If that fails, it tries to download the
# CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo
# and ScriptedUpdates. It can be used multiple times to provide
# fall-back mirrors.
# Default: disabled
#PrivateMirror mirror1.example.com
#PrivateMirror mirror2.example.com

# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24

# Proxy settings
# The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind
# of proxy is used.
# http:// HTTP Proxy. Default when no scheme or proxy type is specified.
# https:// HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS)
# socks4:// SOCKS4 Proxy.
# socks4a:// SOCKS4a Proxy. Proxy resolves URL hostname.
# socks5:// SOCKS5 Proxy.
# socks5h:// SOCKS5 Proxy. Proxy resolves URL hostname.
# Default: disabled
#HTTPProxyServer https://proxy.example.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# As of ClamAV 0.103.3, this setting may not be used when updating from the
# clamav.net CDN and can only be used when updating from a private mirror.
# Default: clamav/version_number (OS: ..., ARCH: ..., CPU: ..., UUID: ...)
#HTTPUserAgent SomeUserAgentIdString

# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd

# Send the RELOAD command to clamd.
# Default: no
#NotifyClamd /etc/clamd.conf

# Run command after successful database update.
# Use EXIT_1 to return 1 after successful database update.
# Default: disabled
#OnUpdateExecute command

# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command

# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command

# Don't fork into background.
# Default: no
#Foreground yes

# Enable debug messages in libclamav.
# Default: no
#Debug yes

# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60

# Maximum time in seconds for each download operation. 0 means no timeout.
# Default: 0
ReceiveTimeout 500

# With this option enabled, freshclam will attempt to load new databases into
# memory to make sure they are properly handled by libclamav before replacing
# the old ones.
# Tip: This feature uses a lot of RAM. If your system has limited RAM and you
# are actively running ClamD or ClamScan during the update, then you may need
# to set `TestDatabases no`.
# Default: yes
#TestDatabases no

# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: yes
#Bytecode no

# Include an optional signature databases (opt-in).
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2

# Exclude a standard signature database (opt-out).
# This option can be used multiple times.
#ExcludeDatabase dbname1
#ExcludeDatabase dbname2

 

[Richard G]

My solution update /etc/clamav/freshclam.conf , Work for me.

Please don't provide incorrect solution in a year old thread.
The correct solution was already posted in post #19.

The /etc/clamav directory doesn't exist anymore and the config is not clamd.conf anymore but scan.conf.
So it seems you are running ancient version too.