Resolved Install ClamAV and Web Application Firewall problem

[NITROFOX]

Server operating system version

AlmaLinux 8.10 (Cerulean Leopard)

Plesk version and microupdate number

Plesk Obsidian 18.0.73 Update #1

Hi all,

Recently I had problems installing php modules and when I saw it, I had problems with the yum update, and ended up uninstalling ClamAV from the server.

I meant to reinstall ClamAV, but I don't know how to do it, which command.

On the other hand, it seems that Modsecurity also got into trouble, as my sites all got 502 error and Apache did not start, but I managed to resolve after restoring backups and running repair by plesk commands.

But now I have this problem, the Apache only starts without modsecurity, or with Ngnix ModSecurity 3.0

If I try to activate Apache ModSecurity 2.9 (Comodo Free) in the Plesk panel, I get the following error:

modsecurity_ctl failed: START httpd_modules_ctl --enable security2,unique_idapache_control_adapter[22392]: apache_action(restart): invoke_httpd_action failed, trying second timeINFO: [Sun Oct 5 21:14:49 WEST 2025]: Service: apache, Action: start Trying to start service httpd... activating***** problem report *****Warning: start service httpd failed/usr/local/psa/admin/sbin/pleskrc execution failed:Job for httpd.service failed because the control process exited with error code.See "systemctl status httpd.service" and "journalctl -xe" for details./usr/local/psa/admin/sbin/pleskrc execution failed:Job for httpd.service failed because the control process exited with error code.See "systemctl status httpd.service" and "journalctl -xe" for details.

Please help me.

Thanks all

 

[NITROFOX]

Also try install Plesk Email Security and give this error:

The product installation failed

Installing Amavis
Execution package has failed with exit code 1, stdout: , stderr: Error: Transaction test error:
file /usr/lib64/libclammspack.so.0.8.0 conflicts between attempted installs of clamav-lib-1.4.3-2.el8.x86_64 and clamav-1.0.3-30349.el8.art.x86_64
file /etc/freshclam.conf conflicts between attempted installs of clamav-freshclam-1.4.3-2.el8.x86_64 and clamav-1.0.3-30349.el8.art.x86_64
file /usr/bin/freshclam conflicts between attempted installs of clamav-freshclam-1.4.3-2.el8.x86_64 and clamav-1.0.3-30349.el8.art.x86_64
file /usr/share/man/man1/freshclam.1.gz conflicts between attempted installs of clamav-freshclam-1.4.3-2.el8.x86_64 and clamav-1.0.3-30349.el8.art.x86_64
file /usr/share/man/man5/freshclam.conf.5.gz conflicts between attempted installs of clamav-freshclam-1.4.3-2.el8.x86_64 and clamav-1.0.3-30349.el8.art.x86_64

ERROR:__main__:Command '['yum', '-y', '-q', 'install', '--setopt=*.skip_if_unavailable=1', 'amavis']' returned non-zero exit status 1.
None

 

[mizar]

Hello,

It seems you have Atomic repository, which contains conflicting clamav packages. You can either disable this repository before Email Security installation, or blacklist clamav packages from atomic repository.

 

[NITROFOX]

I managed to resolve it through plesk support with a ticket. You can close the topic.

 

[Kaspar]

I managed to resolve it through plesk support with a ticket. You can close the topic.

Do you want to share what the solution was? So others with the same issue can benefit from it?

 

[NITROFOX]

Do you want to share what the solution was? So others with the same issue can benefit from it?

Yes, no problem!

Further investigation into the reported ModSecurity issue has confirmed that the root cause of the issue with using Apache (ModSecurity 2.9) in combination with the Comodo ruleset is the fact that you have a mod_security package on your server that was installed via the Atomic repository instead of via the Plesk repository, however that package is simply not compatible with the latest version of the Comodo ruleset and thus errors such as the following were being generated:

Oct 06 10:37:10 ns340238.ip-37-187-147.eu httpd[112969]: AH00526: Syntax error on line 6035 of /etc/httpd/conf/modsecurity.d/rules/comodo_free/30_Apps_OtherApps.conf:Oct 06 10:37:10 ip httpd[112969]: Error creating rule: Error compiling pattern (offset 4): invalid range in character classOct 06 10:37:10 ns340238.ip-37-187-147.eu systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILUREOct 06 10:37:10 ip systemd[1]: httpd.service: Failed with result 'exit-code'.Oct 06 10:37:10 ip systemd[1]: Failed to start The Apache HTTP Server.

In order to resolve the issue, I have replaced the active mod_security package that was used on your server with the mod_security package from the Plesk repository by executing the following command:

[root@... ~]# dnf swap mod_security mod_security --enablerepo=PLESK_18_0_73-extras --disablerepo=atomic --skip-brokenLast metadata expiration check: 2:16:31 ago on Tue 07 Oct 2025 10:15:31 AM WEST.Package mod_security-1:2.9.12-37052.el8.art.x86_64 is already installed.Dependencies resolved.=============================================================================================================================================================================================================================================================================================================================Package Architecture Version Repository Size=============================================================================================================================================================================================================================================================================================================================Downgrading:mod_security x86_64 1:2.9.12-2.redhat.8+p18.0.73.0+t250825.1053 PLESK_18_0_73-extras 291 kTransaction Summary=============================================================================================================================================================================================================================================================================================================================Downgrade 1 PackageTotal download size: 291 kIs this ok [y/N]: yDownloading Packages:mod_security-2.9.12-2.redhat.8+p18.0.73.0+t250825.1053.x86_64.rpm 4.1 MB/s | 291 kB 00:00-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Total 4.0 MB/s | 291 kB 00:00Running transaction checkTransaction check succeeded.Running transaction testTransaction test succeeded.Running transaction Preparing : 1/1 Downgrading : mod_security-1:2.9.12-2.redhat.8+p18.0.73.0+t250825.1053.x86_64 1/2 Cleanup : mod_security-1:2.9.12-37052.el8.art.x86_64 2/2warning: /etc/httpd/conf.d/00_mod_security.conf saved as /etc/httpd/conf.d/00_mod_security.conf.rpmsave Running scriptlet: mod_security-1:2.9.12-37052.el8.art.x86_64 2/2 Verifying : mod_security-1:2.9.12-2.redhat.8+p18.0.73.0+t250825.1053.x86_64 1/2 Verifying : mod_security-1:2.9.12-37052.el8.art.x86_64 2/2Downgraded: mod_security-1:2.9.12-2.redhat.8+p18.0.73.0+t250825.1053.x86_64Complete!

Afterwards, I was able to switch to the use of the Apache (ModSecurity 2.9) and Comodo ruleset successfully.

The entire situation, its newly found symptoms and the resolution steps are now also available in the following article.

https://support.plesk.com/hc/en-us/articles/33201537111831-Errors-appear-when-attempting-to-use-Comodo-ruleset-in-Plesk-Web-Application-Firewall-ModSecurity

Best regards,
Plesk