Antivirus

**adeelarifbhatti** · 07-22-2009, 09:41 PM

Hi all,
Is there any way to manually update the antivirus, scheduled update some time make the service degraded and MTA stops functioning.

Regards
Adeel

**adeelarifbhatti** · 07-22-2009, 10:15 PM

BTW, difference b/w clamav amavisd.

?
And how should I make my antivirus not to update automatically every after 2 hours.
I want to update it my self manually.
How should I make the update frequency change.
what change I am suppose to make to the following lines.
# Number of database checks per day.
# Default: 12 (every two hours)
Checks %%freq VAR:zimbraVirusDefinitionsUpdateFrequency 24%%

Any help>?

Regards
Adeel

**adeelarifbhatti** · 07-22-2009, 11:24 PM

Hi all,
Please let me know if I am doing the right thing.
I had the clam db error, that my antivirus is 7 days older and I need to update the antivirus. I was getting the following in freshclam.log
Trying host database.clamav.net (85.214.115.224)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 85.214.115.224)
Trying host database.clamav.net (88.198.17.100)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 88.198.17.100)
WARNING: getpatch: Can't download main-51.cdiff from database.clamav.net
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 193.165.167.2)
Trying host database.clamav.net (194.228.41.73)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 194.228.41.73)
Trying host database.clamav.net (195.30.97.3)...
ERROR: Problem with internal logger (UpdateLogFile = /opt/zimbra/log/freshclam.log).
ERROR: /opt/zimbra/log/freshclam.log is locked by another process
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 195.30.97.3)
Trying host database.clamav.net (212.7.0.71)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 212.7.0.71)
Trying host database.clamav.net (217.173.238.34)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 217.173.238.34)
Trying host database.clamav.net (188.40.42.237)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 188.40.42.237)
Trying host database.clamav.net (147.229.3.16)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 147.229.3.16)
Trying host database.clamav.net (62.133.206.90)...
##############################
To get rid of automatic update I did the following.
mv /opt/zimbra/data/clamav/db/* /tmp/clamdb
downloading the the main and daily file from Clam AntiVirus

After that I uploaded these files in /opt/zimbra/data/clamav/db/
chown zimbra.zimbra /opt/zimbra/data/clamav/db/*
chmod 555 /opt/zimbra/data/clamav/db/

./zmclamdctl restart

I am still getting the logs in clamd.log as follows
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
Thu Jul 23 05:16:18 2009 -> Loaded 538745 signatures.
Thu Jul 23 05:16:18 2009 -> TCP: Bound to port 3310
Thu Jul 23 05:16:18 2009 -> TCP: Setting connection queue length to 15
Thu Jul 23 05:16:18 2009 -> Limits: Global size limit set to 10240000 bytes.
Thu Jul 23 05:16:18 2009 -> Limits: File size limit set to 10240000 bytes.
Thu Jul 23 05:16:18 2009 -> Limits: Recursion level limit set to 16.
Thu Jul 23 05:16:18 2009 -> Limits: Files limit set to 10000.
Thu Jul 23 05:16:18 2009 -> Archive support enabled.
Thu Jul 23 05:16:18 2009 -> Archive: Blocking encrypted archives.
Thu Jul 23 05:16:18 2009 -> Algorithmic detection enabled.
Thu Jul 23 05:16:18 2009 -> Portable Executable support enabled.
Thu Jul 23 05:16:18 2009 -> ELF support enabled.
Thu Jul 23 05:16:18 2009 -> Mail files support enabled.
Thu Jul 23 05:16:18 2009 -> OLE2 support enabled.
Thu Jul 23 05:16:18 2009 -> PDF support enabled.
Thu Jul 23 05:16:18 2009 -> HTML support enabled.
Thu Jul 23 05:16:18 2009 -> Self checking every 600 seconds.

The size of the files in /opt/zimbra/data/clamav/db/** is different from those I had previously (Increased upto 2 to 3 MB) but in logs the number of signatures are still the same i.e.Loaded 538745 signatures

Please help me with this .
Regards
Adeel

**uxbod** · 07-22-2009, 11:27 PM

Well that looks like your firewall is not allowing you out to those hosts

If you telnet to port 80 on one of those hosts does it connect ?

**adeelarifbhatti** · 07-22-2009, 11:30 PM

Well,
After restart the the whole zimbra I had following logs and the signature also increased, but I am still getting the logs for the outdated version.
LibClamAV Warning: ************************************************** ****
LibClamAV Warning: *** Virus database timestamp in the future! ***
LibClamAV Warning: *** Please check the timezone and clock settings ***
LibClamAV Warning: ************************************************** ****
LibClamAV Warning: ************************************************** *********
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read Clam AntiVirus ***
LibClamAV Warning: ************************************************** *********
Thu Jul 23 05:28:50 2009 -> Loaded 601781 signatures.
Thu Jul 23 05:28:50 2009 -> TCP: Bound to port 3310

Regards
Adeel

**adeelarifbhatti** · 07-22-2009, 11:36 PM

May be I have DB for some latest version but the clamd comes with zimbra is older version.
Following are the logs.
[root@zimbra ~]# tail -f /opt/zimbra/log/freshclam.log
freshclam daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Thu Jul 23 05:32:01 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read Clam AntiVirus
Connecting via 10.201.14.51
main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
Connecting via 10.201.14.51
daily.cvd is up to date (version: 9607, sigs: 57365, f-level: 43, builder: guitar)

########

How should I be updating the clamd comes with zimbra.

Any suggestions/recommendation regarding the updating of DB/CLAMD
Regards
Adeel

**uxbod** · 07-22-2009, 11:36 PM

Yes, that is because a new release of ClamAV is available; nothing to do with the signatures. You could manually upgrade if you wish by following .Wiki :: Update ClamAV.

**adeelarifbhatti** · 07-23-2009, 11:22 PM

Hi all,
Do any one know difference b/w clamav & amavisd.

And how could I retrieve the email if considered as virus? Notification is received but what if I want to receive that email, I mean any specific one?
Regards
Adeel

**uxbod** · 07-23-2009, 11:28 PM

AmavisD is a wrapper processes to ClamD (or any virus scanner) and SpamAssassin :- amavisd-new

Any quarantined files are held in /opt/zimbra/data/amavisd/quarantine.

**adeelarifbhatti** · 07-23-2009, 11:34 PM

Please also mention the difference b/w clamav and freshclam?
regards
Adeel

Zimbra

Thread: Antivirus

LinkBack

Thread Tools

Search Thread

Display

Antivirus

Thread Information

Users Browsing this Thread

Similar Threads

postfix stops working under Mac OS X Leopard (proxymap/LDAP issue)

os x 10.5 zimbra 5.0.9: Queue report unavailable - mail system is down

antivirus trouble

AntiVirus unable to connect to localhost

AntiVirus won't run - error accessing mail queues

Posting Permissions