ClamAV - Reset Defs DB: Difference between revisions
mNo edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
Sometimes ClamAV will download a virus update, and the | Sometimes ClamAV will download a virus update, and the update will not download correctly, causing an error in its checksum. If this happens, then ClamAV usually goes down, and the system suspends delivery. Downloading fresh definition files can correct this problem. | ||
the system suspends delivery. | |||
==Symptoms== | ==Symptoms== | ||
You'll know | You'll know the definitions are corrupt if you go to the '''/var/log/zimbra.log''' and you see that ClamAV isn't running, postfix/qmgr errors out at ''''delivery temporarily suspended'''', messages like ''''malformed database'''' appear in '''/opt/zimbra/log/clamd.log''', and zmclamdctl status shows clamd as down. | ||
Another symptom is, if you stop & restart Zimbra services (zmcontrol stop and zmcontrol start), antivirus may fail to start with the error (among others): | |||
'''clamd failed to start''' | |||
'''WARNING: Your ClamAV installation is OUTDATED!''' may also appear, but this is not indicative of a corrupt clamd database. This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra. Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported. | |||
Zimbra updates the ClamAV engine to latest with every release of ZCS. Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: [[ClamAV - Updating Version]] Out of cycle updates RFE is [http://bugzilla.zimbra.com/show_bug.cgi?id=15137 Bug 15137] | |||
ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute). | ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute). | ||
==Fix== | ==Fix== | ||
Line 18: | Line 17: | ||
su - zimbra | su - zimbra | ||
mkdir /tmp/clamdb | mkdir /tmp/clamdb | ||
(in versions prior to 5.0.3): | |||
mv /opt/zimbra/clamav/db/* /tmp/clamdb | mv /opt/zimbra/clamav/db/* /tmp/clamdb | ||
(in version 5.0.3 or later): | |||
mv /opt/zimbra/data/clamav/db/* /tmp/clamdb | |||
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus | zmprov ms `zmhostname` +zimbraServiceEnabled antivirus | ||
/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf | /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf | ||
Line 24: | Line 27: | ||
zmantivirusctl start | zmantivirusctl start | ||
(zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually) | (zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually) | ||
==Verify== | ==Verify== |
Revision as of 19:12, 26 June 2008
Sometimes ClamAV will download a virus update, and the update will not download correctly, causing an error in its checksum. If this happens, then ClamAV usually goes down, and the system suspends delivery. Downloading fresh definition files can correct this problem.
Symptoms
You'll know the definitions are corrupt if you go to the /var/log/zimbra.log and you see that ClamAV isn't running, postfix/qmgr errors out at 'delivery temporarily suspended', messages like 'malformed database' appear in /opt/zimbra/log/clamd.log, and zmclamdctl status shows clamd as down.
Another symptom is, if you stop & restart Zimbra services (zmcontrol stop and zmcontrol start), antivirus may fail to start with the error (among others):
clamd failed to start
WARNING: Your ClamAV installation is OUTDATED! may also appear, but this is not indicative of a corrupt clamd database. This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra. Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported.
Zimbra updates the ClamAV engine to latest with every release of ZCS. Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: ClamAV - Updating Version Out of cycle updates RFE is Bug 15137
ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).
Fix
To fix this, you can delete the defs and try again:
su - zimbra mkdir /tmp/clamdb
(in versions prior to 5.0.3):
mv /opt/zimbra/clamav/db/* /tmp/clamdb
(in version 5.0.3 or later):
mv /opt/zimbra/data/clamav/db/* /tmp/clamdb
zmprov ms `zmhostname` +zimbraServiceEnabled antivirus /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf zmantivirusctl stop zmantivirusctl start
(zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually)
Verify
Verify by running:
/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/