Results 1 to 10 of 10

Thread: [SOLVED] Howto: Update ClamAV

  1. #1
    unilogic is offline Senior Member
    Join Date
    Nov 2005
    Posts
    51
    Rep Power
    9

    Post [SOLVED] Howto: Update ClamAV

    As others have noticed, the ClamAV released with M2 is out of date and it will complain in its log files to such.
    Note: This was done on Fedora Core 4 minimal install. Also, all the following can be done either as root or as the zimbra user. If you do it all as root make sure you change ownership for the resulting clamav-0.87.1 folder in /opt/zimbra to zimbra:zimbra.

    To update, follow the following:
    First go grab the latest ClamAV source from http://www.clamav.net/stable.php#pagestart (Current Stable Version is 0.87.1)
    Extract it to where ever you please. All this can either be done as root or as the zimbra user. If you do it all as root make sure you change ownership for the resulting clamav folder in /opt/zimbra to zimbra:zimbra.

    Next run configure inside of the clamav extract as following:
    Code:
    ./configure --prefix=/opt/zimbra/clamav-0.87.1 --with-user=501 --with-group=501
    This assumes zimbra is user and group id 501, change it accordingly to your system to match your zimbra user.

    Note: I had to install gmp-devel and bzip2-devel so the configure could find all its header files. Your mileage may very. If you get an error about GNU MP missing install gmp-devel. "yum install gmp-devel", and "yum install bzip2-devel" in Fedora and Red Hat.


    If your configure goes well, and make sure it does as you don't really want ClamAV installed without some of its available testing ability being compiled.

    Run: make
    Assume no errors,
    Run: make check, and then make install.
    Again assuming no errors, you now have the new version installed into /opt/zimbra/clamav-0.87.1

    You can do all the following without restart zimbra as a whole if you wish, or you can restart the whole suite.

    Stop Amavis from running, note mail service will be stopped and mail will be potentially lost if amavis isn't running and postfix gets mail.

    Run: zmamavisctl stop or zmcontrol stop to stop amavis.

    Delete the symbolic link /opt/zimbra/clamav

    Re-link it to the new install:
    Code:
    ln -s /opt/zimbra/clamav-0.87.1 /opt/zimbra/clamav
    Now we need to edit clam and freshclam's conf files. I'm not entirely sure if this is actually necessary, but we didn't configure the default paths and options for a few things at build time so I think it is.

    Create directory /opt/zimbra/clamav/db

    In /opt/zimbra/clamav/etc/clamd.conf edit these settings:
    Code:
    ##
    ## Example config file for the Clam AV daemon
    ## Please read the clamd.conf(5) manual before editing this file.
    ##
    
    # Comment or remove the line below.
    #Example
    
    # Uncomment this option to enable logging.
    # LogFile must be writable for the user running daemon.
    # A full path is required.
    # Default: disabled
    LogFile /opt/zimbra/log/clamd.log
    
    # This option allows you to save a process identifier of the listening
    # daemon (main thread).
    # Default: disabled
    PidFile /opt/zimbra/log/clamd.pid
    
    # Path to the database directory.
    # Default: hardcoded (depends on installation options)
    DatabaseDirectory /opt/zimbra/clamav/db
    
    # TCP port address.
    # Default: disabled
    TCPSocket 3310
    
    # TCP address.
    # By default we bind to INADDR_ANY, probably not wise.
    # Enable the following to provide some degree of protection
    # from the outside world.
    # Default: disabled
    TCPAddr 127.0.0.1
    
    # Run as a selected user (clamd must be started by root).
    # Default: disabled
    User zimbra
    Note: These are just the settings I changed and are not continous, but are in order from top to bottom referencing the order of the actual clamd.conf file. There are many other parts to the file, but no other settings were changed.

    In /opt/zimbra/clamav/etc/freshclam.conf edit these settings:
    Code:
    ##
    ## Example config file for freshclam
    ## Please read the freshclam.conf(5) manual before editing this file.
    ## This file may be optionally merged with clamd.conf.
    ##
    
    
    # Comment or remove the line below.
    #Example
    
    # Path to the database directory.
    # WARNING: It must match clamd.conf's directive!
    # Default: hardcoded (depends on installation options)
    DatabaseDirectory /opt/zimbra/clamav/db
    
    # Path to the log file (make sure it has proper permissions)
    # Default: disabled
    UpdateLogFile /opt/zimbra/log/freshclam.log
    
    # This option allows you to save the process identifier of the daemon
    # Default: disabled
    PidFile /opt/zimbra/log/freshclam.pid
    
    # By default when started freshclam drops privileges and switches to the
    # "clamav" user. This directive allows you to change the database owner.
    # Default: clamav (may depend on installation options)
    DatabaseOwner zimbra
    Note: Again this is just a few of the settings in the freshclam.conf file. They are the ones I changed. The rest are left at default.

    Now you should make sure zimbra owns all of clamav.
    Code:
    chown -R zimbra:zimbra /opt/zimbra/clamav-0.87.1
    Next we need to update the virus database.
    Run: /opt/zimbra/clamav/bin/freshclam

    Need to start amavis back up.
    Either run: zmamavisdctl start, or zmcontrol start depending on how you stop before.
    Run zmcontrol status to make sure antivirus is running. If it is your good to go.

    You should check /opt/zimbra/log/clamd.log for errors, as well as freshclam in the same directory. Also /var/log/zimbra.log. To test out ClamAV I would suggest http://www.webmail.us/testvirus to send different variations of the EICAR test virus to one of your email addresses. Depending on if you have "Send notice ot recipient" check in Global Settings of the Admin Web UI, the user should receive around 20 email notifications of the emails being quarantined. Don't worry about the two that got through. Apparently ClamAV doesn't check for the techniques. There are although no virii included in those two emails, so it doesn't worry me. If anyone has any problems let me know.

    -Ben

    Edit: You can delete the previous install of clamav once you make sure everything is working. Delete the /opt/zimbra/clamav-0.85.1 directory and everythnig it contains. Again make sure you have the other version working well first.

    -Ben
    Last edited by unilogic; 12-03-2005 at 09:58 PM.

  2. #2
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default New Version of CLAMAV is out - Ver 0.90

    Are these upgrade docs in the WIKI?

    Anyway,
    New Version of CLAMAV is out today - Ver 0.90

    http://www.clamav.net/

    ver 0.90 has some new features and as such, a couple of new option switches.

    With the above "Howto: Update ClamAV" instructions in mind,

    Also changed the following:

    vi ../conf/clamd.conf.in
    change option: 'LogTime' to 'LogTime yes' ( was just 'LogTime' by itself before )
    change option: 'LogSyslog' to 'LogSyslog yes' ( was just 'LogSyslog' by itself before )

    vi ../conf/freshclam.conf.in
    Add option: ScriptedUpdates yes

    cd /opt/zimbra/clamav-0.90/etc/
    copy: clamd.conf clamd.conf.org
    copy: freshclam.conf freshclam.conf.org

    copy: /opt/zimbra/clamav-0.88.7/etc/clamd.conf ../../clamav-0.90/etc/
    copy: /opt/zimbra/clamav-0.88.7/etc/freshclam.conf ../../clamav-0.90/etc/
    ( Assumes the version you are upgrading from is ver 88.7 )
    (You just don't want to use clamav defaults but use your previous config with zimbra specific config stuff )

    For the curious: cd /opt/zimbra/clamav-0.90/etc/
    diff clamd.conf clamd.conf.org to see changes.


    Modified /opt/zimbra/clamav-0.90/etc/clamd.conf with 'LogTime yes' and 'LogSyslog yes' above.

    For /opt/zimbra/clamav-0.90/etc/freshclam.conf I added the line:
    ScriptedUpdates yes

    ScriptedUpdates means that clamav gets the just the virus DB changes and not the whole file each time.

    Verify owner is zimbra:zimbra again.

    Restart amavis and check the /opt/zimbra/log/clamd.log to see if all is right with the world again.

    Test test test!
    Download test file http://www.eicar.org/anti_virus_test_file.htm

    Scotty
    Last edited by scottnelson; 02-14-2007 at 07:02 PM.

  3. #3
    padraig's Avatar
    padraig is offline Elite Member
    Join Date
    Jul 2006
    Location
    ireland
    Posts
    388
    Rep Power
    9

    Lightbulb 4.5.2

    Hi,
    will upgrading to 4.5.2 update clamav & spamassasins to the latest vers

  4. #4
    preem is offline Active Member
    Join Date
    Jan 2007
    Location
    Slovenia
    Posts
    29
    Rep Power
    8

    Default

    could this thread be a sticky ? it is really useful and i have searched for it many times.

    thanks

  5. #5
    fathianf is offline Intermediate Member
    Join Date
    May 2007
    Location
    Iran
    Posts
    21
    Rep Power
    8

    Default Error in clamav 0.90.2

    I followed your instruction, but I get the following error in clamd.log:
    ERROR: Can't open/parse the config file /opt/zimbra/conf/clamd.conf
    I do have this file and its owner is zimbra, please let me know what should I do to upgrade from 88.7 to 90.2 version

  6. #6
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    Looks like you missed a step somewhere.

    Did you read through the whole thread?

    This part is really important:
    http://www.zimbra.com/forums/showthr...37092#poststop

    Scotty

  7. #7
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    Just as a heads up, we'll be updating clamav with 4.5.5, which should be out soon.

    john
    (PS What would be great is if someone could donate some time, and move this to the wiki )

  8. #8
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    Am doing it now.
    Should be completed in a little bit.

    Scotty
    Last edited by scottnelson; 05-06-2007 at 11:01 AM.

  9. #9
    scottnelson is offline Special Member
    Join Date
    Jun 2006
    Location
    Washington DC
    Posts
    124
    Rep Power
    9

    Default

    OK, put all on WIKI.

    http://wiki.zimbra.com/index.php?tit...cking_Articles

    Off of the main WIKI page, under 'Advanced Hacking Articles'

    Feel free to double check me.

    Scotty

  10. #10
    claytondias is offline Starter Member
    Join Date
    Oct 2007
    Posts
    2
    Rep Power
    7

    Default

    Brilliant, absolutely shining!


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Howto update contacts using REST interface?
    By tigger in forum Administrators
    Replies: 0
    Last Post: 05-23-2007, 03:26 AM
  2. zimbra antivirus update clamav 0.90 failed
    By NIRMESH KUMAR in forum Administrators
    Replies: 3
    Last Post: 02-21-2007, 02:48 AM
  3. can clamav update the virus database automatically?
    By nxzwt in forum Administrators
    Replies: 1
    Last Post: 02-01-2007, 12:11 AM
  4. Replies: 2
    Last Post: 03-15-2006, 09:37 AM
  5. ClamAV update
    By johndevine in forum Administrators
    Replies: 3
    Last Post: 11-29-2005, 02:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •