Difference between revisions of "ClamAV - Reset Defs DB"

(Fix)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Sometimes ClamAV will download a virus update, and the update will not download correctly, causing an error in its checksum. If this happens, then ClamAV usually goes down, and the system suspends delivery.  Downloading fresh definition files can correct this problem.
+
{{BC|Certified}}
==Symptoms==
+
__FORCETOC__
You'll know the definitions are corrupt if you go to the '''/var/log/zimbra.log''' and you see that ClamAV isn't running, postfix/qmgr errors out at ''''delivery temporarily suspended'''', messages like ''''malformed database'''' appear in '''/opt/zimbra/log/clamd.log''', and zmclamdctl status shows clamd as down.
+
<div class="col-md-12 ibox-content">
 +
=ClamAV - Reset Defs DB=
 +
{{KB|{{ZC}}|{{ZCS 8.5}}|{{ZCS 8.0}}|{{ZCS 7.0}}|}}
  
Another symptom is, if you stop & restart Zimbra services (zmcontrol stop and zmcontrol start), antivirus may fail to start with the error (among others):
+
Sometimes ClamAV will download a virus update, and the update will not download correctly. This causes an error in its checksum. If this happens, ClamAV usually goes down and the system suspends delivery.  Downloading fresh definition files can correct this problem.
  
'''clamd failed to start'''
+
=Symptoms=
 +
You will experience the following symptoms if ClamAV fails to correctly download a virus update:
  
'''WARNING: Your ClamAV installation is OUTDATED!''' may also appear, but this is not indicative of a corrupt clamd database. This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra.  Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported.
+
The definitions are corrupt if in '''/var/log/zimbra.log''':  
 +
*ClamAV isn't running
 +
*'''postfix/qmgr''' errors out at '''delivery temporarily suspended'''  
 +
And in '''/opt/zimbra/log/clamd.log''':
 +
*There are log error messages, like '''malformed database'''
 +
*'''zmclamdctl''' status shows clamd as down.
  
Zimbra updates the ClamAV engine to latest with every release of ZCS.  Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: [[ClamAV - Updating Version]] Out of cycle updates RFE is [http://bugzilla.zimbra.com/show_bug.cgi?id=15137 Bug 15137]
+
The following symptoms may occur if you stop & restart Zimbra services (using zmcontrol stop and zmcontrol start):
 +
*Antivirus may fail to start with the error (among others) '''clamd failed to start'''
  
ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).  
+
'''''Note:''' The '''WARNING: Your ClamAV installation is OUTDATED!''' error may also appear, but this is not indicative of a corrupt clamd database.  This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra.  Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported.  Zimbra updates the ClamAV engine to latest with every release of ZCS.  Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: [[ClamAV - Updating Version]] Out of cycle updates RFE is [http://bugzilla.zimbra.com/show_bug.cgi?id=15137 Bug 15137]''
  
==Fix==
+
'''''Note:''' ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).''
To fix this, you can delete the defs and try again:
 
su - zimbra
 
mkdir /tmp/clamdb
 
(in versions prior to 5.0.3):
 
mv /opt/zimbra/clamav/db/* /tmp/clamdb
 
(in version 5.0.3 or later):
 
mv /opt/zimbra/data/clamav/db/* /tmp/clamdb
 
  
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
+
=Fix=
/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
+
To fix this issue, you can delete the definitions and try again:
zmantivirusctl stop
+
<pre>su - zimbra
zmantivirusctl start
+
mkdir /tmp/clamdb</pre>
(zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually)
 
  
 +
<pre>mv /opt/zimbra/data/clamav/db/* /tmp/clamdb
 +
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus</pre>
  
==Verify==
+
(For 7.x, 8.x and 8.6. Do not run for 8.7.)
 +
<pre>/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf</pre>
 +
 
 +
(8.7 and above)
 +
<pre>/opt/zimbra/common/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf</pre>
 +
 
 +
Then will start to ClamAV Update
 +
<pre>ClamAV update process started at Wed Oct 22 12:47:55 2014
 +
Downloading main.cvd [100%]
 +
main.cvd updated (version: 55, sigs: 2424225, f-level: 60, builder: neo)
 +
Downloading daily.cvd [100%]
 +
daily.cvd updated (version: 19525, sigs: 1219605, f-level: 63, builder: neo)
 +
Downloading bytecode.cvd [100%]
 +
bytecode.cvd updated (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
 +
Database updated (3643876 signatures) from db.us.clamav.net (IP: 64.22.33.90)
 +
Clamd successfully notified about the update.</pre>
 +
Restart the Antivirus service
 +
<pre>zmantivirusctl stop
 +
zmantivirusctl start</pre>
 +
 
 +
'''''Note:''' '''zmantivirusctl''' incorporates '''zmclamdctl/zmamavidsctl/zmmtaconfigctl''' though you can just restart ClamAV individually.''
 +
 
 +
=Verify=
 
Verify by running:
 
Verify by running:
/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/
+
<pre>/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/</pre>
 
In releases prior to 5.0.3, this command will be:
 
In releases prior to 5.0.3, this command will be:
/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/clamav/db/
+
<pre>/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/clamav/db/</pre>
  
 +
{{Article Footer|ZCS 8.x, 8.0.x, 7.0.x, 6.0.x, 5.0.6|6/23/08}}
  
[[Category:Anti-virus]]
+
[[Category:Troubleshooting Anti-virus]]
[[Category: Pending Certification]]
+
[[Category:Certified]]
 +
[[Category:ZCS 5.0]]
 +
[[Category:ZCS 6.0]]
 +
[[Category:ZCS 7.0]]
 +
[[Category:ZCS 8.0]]
 +
[[Category:ZCS 8.5]]

Latest revision as of 11:23, 22 October 2016

ClamAV - Reset Defs DB

   KB 2464        Last updated on 2016-10-22  




0.00
(0 votes)

Sometimes ClamAV will download a virus update, and the update will not download correctly. This causes an error in its checksum. If this happens, ClamAV usually goes down and the system suspends delivery. Downloading fresh definition files can correct this problem.

Symptoms

You will experience the following symptoms if ClamAV fails to correctly download a virus update:

The definitions are corrupt if in /var/log/zimbra.log:

  • ClamAV isn't running
  • postfix/qmgr errors out at delivery temporarily suspended

And in /opt/zimbra/log/clamd.log:

  • There are log error messages, like malformed database
  • zmclamdctl status shows clamd as down.

The following symptoms may occur if you stop & restart Zimbra services (using zmcontrol stop and zmcontrol start):

  • Antivirus may fail to start with the error (among others) clamd failed to start

Note: The WARNING: Your ClamAV installation is OUTDATED! error may also appear, but this is not indicative of a corrupt clamd database. This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra. Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported. Zimbra updates the ClamAV engine to latest with every release of ZCS. Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: ClamAV - Updating Version Out of cycle updates RFE is Bug 15137

Note: ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).

Fix

To fix this issue, you can delete the definitions and try again:

su - zimbra
mkdir /tmp/clamdb
mv /opt/zimbra/data/clamav/db/* /tmp/clamdb
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus

(For 7.x, 8.x and 8.6. Do not run for 8.7.)

/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf

(8.7 and above)

/opt/zimbra/common/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf

Then will start to ClamAV Update

ClamAV update process started at Wed Oct 22 12:47:55 2014
Downloading main.cvd [100%]
main.cvd updated (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily.cvd [100%]
daily.cvd updated (version: 19525, sigs: 1219605, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 242, sigs: 46, f-level: 63, builder: dgoddard)
Database updated (3643876 signatures) from db.us.clamav.net (IP: 64.22.33.90)
Clamd successfully notified about the update.

Restart the Antivirus service

zmantivirusctl stop
zmantivirusctl start

Note: zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually.

Verify

Verify by running:

/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/

In releases prior to 5.0.3, this command will be:

/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/clamav/db/
Verified Against: ZCS 8.x, 8.0.x, 7.0.x, 6.0.x, 5.0.6 Date Created: 6/23/08
Article ID: https://wiki.zimbra.com/index.php?title=ClamAV_-_Reset_Defs_DB Date Modified: 2016-10-22



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search