ClamAV - Reset Defs DB
ClamAV - Reset Defs DB
Sometimes ClamAV will download a virus update, and the update will not download correctly. This causes an error in its checksum. If this happens, ClamAV usually goes down and the system suspends delivery. Downloading fresh definition files can correct this problem.
Symptoms
You will experience the following symptoms if ClamAV fails to correctly download a virus update:
The definitions are corrupt if in /var/log/zimbra.log:
- ClamAV isn't running
- postfix/qmgr errors out at delivery temporarily suspended
And in /opt/zimbra/log/clamd.log:
- There are log error messages, like malformed database
- zmclamdctl status shows clamd as down.
The following symptoms may occur if you stop & restart Zimbra services (using zmcontrol stop and zmcontrol start):
- Antivirus may fail to start with the error (among others) clamd failed to start
Note: The WARNING: Your ClamAV installation is OUTDATED! error may also appear, but this is not indicative of a corrupt clamd database. This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra. Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported. Zimbra updates the ClamAV engine to latest with every release of ZCS. Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: ClamAV - Updating Version Out of cycle updates RFE is Bug 15137
Note: ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).
Fix
To fix this issue, you can delete the definitions and try again:
su - zimbra mkdir /tmp/clamdb
mv /opt/zimbra/data/clamav/db/* /tmp/clamdb zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
(For 7.x, 8.x and 8.6. Do not run for 8.7.)
/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
(8.7 and above)
/opt/zimbra/common/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
Then will start to ClamAV Update
ClamAV update process started at Wed Oct 22 12:47:55 2014 Downloading main.cvd [100%] main.cvd updated (version: 55, sigs: 2424225, f-level: 60, builder: neo) Downloading daily.cvd [100%] daily.cvd updated (version: 19525, sigs: 1219605, f-level: 63, builder: neo) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 242, sigs: 46, f-level: 63, builder: dgoddard) Database updated (3643876 signatures) from db.us.clamav.net (IP: 64.22.33.90) Clamd successfully notified about the update.
Restart the Antivirus service
zmantivirusctl stop zmantivirusctl start
Note: zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually.
Verify
Verify by running:
/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/
In releases prior to 5.0.3, this command will be:
/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/clamav/db/