ClamAV - Reset Defs DB: Difference between revisions

Sometimes ClamAV will download a virus update, and the MD5 will be wrong. If it is, then ClamAV usually goes down, and the system suspends delivery. In which case it's time to refresh your defs.

Symptoms

You'll know this is the case if you go to the /var/log/zimbra.log and you see that ClamAV isn't running, postfix/qmgr errors out at 'delivery temporarily suspended', messages like 'malformed database' in /opt/zimbra/log/clamd.log, and by checking zmclamdctl status.

Other symptoms are, if you stop & restart Zimbra services (zmcontrol stop and zmcontrol start), antivirus may fail to start with the errors (among others):

WARNING: Your ClamAV installation is OUTDATED! and clamd failed to start

The above text is part of a much longer set of errors; despite what the Clam errors say, you DON'T necessarily have to update your whole ClamAV.

ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).

Zimbra updates the ClamAV engine to latest with every release of ZCS & does not endorse edorse doing so on your own but you can find directions here: ClamAV - Updating Version Out of cycle updates RFE is Bug 15137

Fix

To fix this, you can delete the defs and try again:

su - zimbra
mkdir /tmp/clamdb
mv /opt/zimbra/clamav/db/* /tmp/clamdb
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf 
zmantivirusctl stop
zmantivirusctl start

(zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually)

ZCS 5.0.3+

In ZCS 5.0.3+ we moved to a data directory to keep separate from application data, replace the above with:

/opt/zimbra/data/clamav/db

Verify

Verify by running:

/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/