Results 1 to 9 of 9

Thread: [SOLVED] Clamav expiration notification

  1. #1
    artimus is offline Active Member
    Join Date
    Jul 2007
    Posts
    29
    Rep Power
    8

    Default [SOLVED] Clamav expiration notification

    Several months ago I had quite a success migrating from CommuniGate Pro to Zimbra. We also have an exchange server that will be migrated to zimbra as well. So far we love it, and have very few complaints about it. Pretty much the only complaint I have is that it's not using regular Maildir.

    Anyway, all was fine until this morning when zimbra stopped delivering mail. I didn't see anything in zimbra that would explain what was wrong, but I did find in the postfix logs that there was an issue connecting to clamav. The freshclam log file noted that my clamav engine was out of date.. I had to download the latest stable source from clam, compile install and reboot. The standard zmcontrol stop start didn't take to the change, and I didn't have time to poke around at it. When it came back up, everything was fine. I flushed the postfix queue and all the mail started delivering.

    I happen to be very experienced unix admin, and this problem was pretty easy to resolve. But if I weren't, I could have been out of email for a full day trying to figure out how to fix this. Zimbra (as far as i know) doesn't have any method of telling me what the problem is, and how to fix it.

    Feature Request:
    When logging into the zimbra admin page, it should immediately show you if there are any critical problems. It would have been nice if I logged in and saw: CRITICAL: Your ClamAV engine is out of date. Run somescript to upgrade to the latest clamav.

    Would be even nicer if there was a way to send a message to administrators before there is a problem too.

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    what's your version?
    (zmcontrol -v)

  3. #3
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    ClamAV updates their Engine like every 60 seconds (I'm being sarcastic )

    Unless there's a huge vulnerability in your current ClamAV version, then it's not a big deal. They just like to panic users by saying DON'T PANIC!

    Currently, we upgrade ClamAV with each maintenance release, so we try to keep the version up to date

  4. #4
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    They really do call everything critical...

    The last version that I see from your posts is on 8-27-07:
    Quote Originally Posted by artimus View Post
    Using CentOS 5, with Zimbra 4.5.6_GA_1044.RHEL5-20070706174250
    If you still are on 4.5.6, it would lead me to believe that you had hit the bug:
    [SOLVED] Clamd.pid - no such file
    Bug 18312 - ClamAV: clamd corrupt db
    Last edited by mmorse; 11-19-2007 at 10:14 AM.

  5. #5
    artimus is offline Active Member
    Join Date
    Jul 2007
    Posts
    29
    Rep Power
    8

    Default

    I suppose then that I am mostly to blame. Being held up entirely by other projects, I haven't kept my mail server up to date. Is there a yum repo for zimbra?

    Release 4.5.6_GA_1044.RHEL5_20070706174250 CentOS5{i} FOSS edition


    I know my signatures are kept up to date, but the clam software itself needs updating.. It would still be nice if zimbra told the admin in advance before this happens. Could also show when zimbra update packages are available, or had an option to force clam to run with an out of date engine. It wouldn't have been so bad, if it just used the old anti-virus. The problem was that it wouldn't attache amavisd to port 10024, so postfix had to defer the mail.


    Anyway, if there are others who find themselves in a jam, and need a quick fix. I'll provide a clam upgrade script... Use it at your own risk, or better yet just use it for reference only!

    Code:
    #!/bin/bash
    #
    #
    #   !!!!!! WARNING !!!!!!!!!!
    #   This script is absolutely untested.  I wrote it after the fact
    #   as reference, for the next time this happens.  I repeat I have
    #   not actually tested to see if it even runs.  You probobly want
    #   to just run through the steps manually to prevent harming your
    #   system...  Again, this script took 2 minutes to write, and has
    #   never been tested, and there absolutely no error checking.
    #
    #   Otherwise, if you really want to run it, uncomment the exit
    #   satement.
    #
    #   Anonomous - 20071119
    #
    ##################################################################
    exit
    NOW=date +%Y%m%d%H%M%S
    BUILDDIR=${NOW}_clamav_build
    
    ClamVer="clamav-0.91.2"
    ClamURL="http://easynews.dl.sourceforge.net/sourceforge/clamav/clamav-0.91.2.tar.gz"
    
    echo "Installing dependencies if nessesary"
    yum -y install gcc glibc zlib-devel gmp-devel bzip2-devel
    
    
    echo "Preparing Source"
    mkdir ${BUILDDIR} && cd ${BUILDDIR}
    wget ${ClamURL}
    
    
    
    tar -zxvf ${ClamVer}.tar.gz
    cd ${ClamVer}
    echo "==== Building and Installing ClamAV ===="
    ./configure --prefix=/opt/zimbra/${ClamVer} --with-user=zimbra --with-group=zimbra
    
    make && make check && make install
    
    
    chown -R zimbra:zimbra /opt/zimbra/${ClamVer}
    
    cd /opt/zimbra/${ClamVer}/etc
    mv clamd.conf clamd.conf.orig
    mv freshclam.conf freshclam.conf.orig
    
    cp /opt/zimbra/conf/clamd.conf .
    cp /opt/zimbra/conf/freshclam.conf .
    
    
    sudo -u zmcontrol stop
    cd /opt/zimbra
    unlink clamav
    ln -s ${ClamVer} clamav
    
    
    echo "==== Freshen ========="
    sudo -u zimbra /opt/zimbra/clamav/bin/freshclam
    
    
    echo "===== Starting Zimbra ======="
    echo " If it doesn't work, try a reboot"
    sudo -u zimbra zmcontrol start

  6. #6
    jholder's Avatar
    jholder is offline Former Zimbran
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    20

    Default

    You're amazing
    Send me your shipping info. I'm sending you some Zimbra Gear!

    Yeah, 4.5.6 had a particularly bad Clam Bug that caused long startup times. I totally agree that we should have a notification. Please file it in our bugzilla. There is already a bug open to allow external updating of the ClamD core.

    Once again, great job!

    Extra points if you create a wiki page for this

  7. #7
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  8. #8
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  9. #9
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by artimus View Post
    Feature Request:
    When logging into the zimbra admin page, it should immediately show you if there are any critical problems. It would have been nice if I logged in and saw: CRITICAL: Your ClamAV engine is out of date. Run somescript to upgrade to the latest clamav.
    Bug 7686 - immediate clamav update from admin console
    Quote Originally Posted by artimus View Post
    Would be even nicer if there was a way to send a message to administrators before there is a problem too.
    Could you open a RFE for the admin email notification?
    Of course until the other two are solved we don't want to make the warning too harsh (as it's not as easy to update for some). Infact, I think having the daily email reports also include your clamav version (/kindly tell you if it's out of date) might be the way to go.
    Last edited by mmorse; 11-19-2007 at 10:39 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Howto: Update ClamAV
    By unilogic in forum Administrators
    Replies: 9
    Last Post: 12-12-2007, 05:28 AM
  2. Outdated ClamAV warning in log
    By emx in forum Installation
    Replies: 1
    Last Post: 07-16-2007, 11:07 AM
  3. Replies: 2
    Last Post: 07-13-2007, 06:25 AM
  4. help for clamav outdated
    By newvision in forum Administrators
    Replies: 3
    Last Post: 02-16-2007, 09:14 PM
  5. Replies: 2
    Last Post: 03-15-2006, 09:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •