Difference between revisions of "ClamAV - Updating Version"

m (Undo revision 8827 by Scottnelson (Talk))
Line 1: Line 1:
Thanks to "Unilogic" AKA: Ben for most of this writeup. Parts have been updated to reflect lastest revision.
+
Thanks to "Unilogic" AKA: Ben for most of this writeup.  
 
+
Parts have been updated to reflect lastest revision.
 
If you have no idea how to upgrade or are a little shakey in doing the upgrade yourself, I recommend that you wait for the Zimbra official release.
 
If you have no idea how to upgrade or are a little shakey in doing the upgrade yourself, I recommend that you wait for the Zimbra official release.
 
+
Note: This was done on Fedora Core 4 minimal install.  
Note: This was done on Fedora Core 4 minimal install. Also, all the following can be done either as root or as the zimbra user.  
+
Also, all the following can be done either as root or as the zimbra user.  
If you do it all as 'root', make sure you change ownership for the resulting clamav-0.90.2 folder in /opt/zimbra to zimbra:zimbra.
+
If you do it all as 'root', make sure you change ownership for the resulting clamav-0.90.2 folder in /opt/zimbra to zimbra:zimbra.  
This HOWTO also assumes that you are upgrading from 0.90.1 to 0.90.2  
+
This HOWTO also assumes that you are upgrading from 0.90.1 to 0.90.2 Please substitute the versions above for what you are upgrading from and to.
Please substitute the versions above for what you are upgrading from and to.
 
 
 
  
 
When ClamAV releases a new version and gets out of date, it will complain in its log files as such.
 
When ClamAV releases a new version and gets out of date, it will complain in its log files as such.
 
 
clamd.log shows the following warning:
 
clamd.log shows the following warning:
 
 
LibClamAV Warning: ********************************************************
 
LibClamAV Warning: ********************************************************
 
+
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
+
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html ***
 
 
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html ***
 
 
 
 
LibClamAV Warning: ********************************************************
 
LibClamAV Warning: ********************************************************
  
Line 24: Line 17:
  
 
freshclam.log shows the following warning:
 
freshclam.log shows the following warning:
 
+
( Below may be different but will be similer )
( Below may be different but will be similer )
 
 
 
 
Received signal: wake up
 
Received signal: wake up
 
 
ClamAV update process started at Fri May 4 15:44:46 2007
 
ClamAV update process started at Fri May 4 15:44:46 2007
 
 
WARNING: Your ClamAV installation is OUTDATED!
 
WARNING: Your ClamAV installation is OUTDATED!
 
 
WARNING: Local version: 0.90.1 Recommended version: 0.90.2
 
WARNING: Local version: 0.90.1 Recommended version: 0.90.2
 
+
DON'T PANIC! Read http://www.clamav.net/faq.html
DON'T PANIC! Read http://www.clamav.net/faq.html
 
 
 
 
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
 
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)
 
 
WARNING: Your ClamAV installation is OUTDATED!
 
WARNING: Your ClamAV installation is OUTDATED!
 
 
WARNING: Current functionality level = 9, recommended = 10
 
WARNING: Current functionality level = 9, recommended = 10
 
+
DON'T PANIC! Read http://www.clamav.net/faq.html
DON'T PANIC! Read http://www.clamav.net/faq.html
 
 
 
 
daily.cvd is up to date (version: 2580, sigs: 7879, f-level: 13, builder: ccordes)
 
daily.cvd is up to date (version: 2580, sigs: 7879, f-level: 13, builder: ccordes)
 
 
WARNING: Your ClamAV installation is OUTDATED!
 
WARNING: Your ClamAV installation is OUTDATED!
 
 
WARNING: Current functionality level = 9, recommended = 13
 
WARNING: Current functionality level = 9, recommended = 13
 
+
DON'T PANIC! Read http://www.clamav.net/faq.html
DON'T PANIC! Read http://www.clamav.net/faq.html
 
 
 
 
   
 
   
  
 
+
If upgrading from anything below 0.90.x, please refer to: *Updating CLAMAV from version lower than 0.90.0
If upgrading from anything below 0.90.x, please refer to: *[[Updating CLAMAV from version lower than 0.90.0]]
+
To update, follow the following: First go grab the latest ClamAV source from http://www.clamav.net/download  
 
+
Extract it to where ever you please. All this can either be done as root or as the zimbra user. If you do it all as root make sure you change ownership for the resulting clamav folder in /opt/zimbra to zimbra:zimbra.
To update, follow the following:
+
Assuming that the new clamav version is in the directory: /home/snelson ( substitute your username for 'snelson' )
First go grab the latest ClamAV source from http://www.clamav.net/download (Current Stable Version is 0.90.2 )
+
tar -xvf clamav-0.90.2.tar.gz
Extract it to where ever you please. All this can either be done as root or as the zimbra user.  
+
cd clamav-0.90.2
If you do it all as root make sure you change ownership for the resulting clamav folder in /opt/zimbra to zimbra:zimbra.
 
 
 
Assuming that the new clamav version is in the directory: /home/snelson ( substitute your username for 'snelson' )
 
 
 
'''tar -xvf clamav-0.90.2.tar.gz'''
 
 
 
'''cd clamav-0.90.2'''
 
 
 
 
Next run configure inside of the clamav extract as following:
 
Next run configure inside of the clamav extract as following:
 +
./configure --prefix=/opt/zimbra/clamav-0.90.2 --with-user=zimbra --with-group=zimbra
 +
This assumes 'zimbra' is user and group id 'zimbra', change it accordingly to your system to match your zimbra user.
 +
Note: I had to install gmp-devel and bzip2-devel so the configure could find all its header files. Your mileage may very. If you get an error about GNU MP missing install gmp-devel. "yum install gmp-devel", and "yum install bzip2-devel" in Fedora and Red Hat.
  
'''./configure --prefix=/opt/zimbra/clamav-0.90.2 --with-user=zimbra --with-group=zimbra'''
+
If your 'configure' goes well, and make sure it does as you don't really want ClamAV installed without some of its available testing ability being compiled.
 
+
Run: make
This assumes 'zimbra' is user and group id 'zimbra', change it accordingly to your system to match your zimbra user.
 
 
 
Note: I had to install gmp-devel and bzip2-devel so the configure could find all its header files. Your mileage may very. If you get an error about GNU MP missing install gmp-devel. "yum install gmp-devel", and "yum install bzip2-devel" in Fedora and Red Hat.
 
 
 
 
 
If your 'configure' goes well, and make sure it does as you don't really want ClamAV installed without some of its available testing ability being compiled.
 
 
 
Run: '''make'''
 
 
 
 
Assuming there are no errors,
 
Assuming there are no errors,
 
+
Run: make check and then make install. Again assuming no errors, you now have the new version installed into /opt/zimbra/clamav-0.90.2
Run: '''make check''' and then '''make install'''.
+
Now we compare then copy your old clamd.conf and freshclam.conf from the previous version to the new version directory:
Again assuming no errors, you now have the new version installed into /opt/zimbra/clamav-0.90.2
+
cd /opt/zimbra/clamav-0.90.1/etc/
 
+
diff clamd.conf ../../clamav-0.90.2/etc/clamd.conf
Now we compare then copy your old clamd.conf and freshclam.conf from the previous version to the new version directory:
+
diff freshclam.conf ../../clamav-0.90.2/etc/freshclam.conf
 
 
'''cd /opt/zimbra/clamav-0.90.1/etc/'''
 
 
 
'''diff clamd.conf ../../clamav-0.90.2/etc/clamd.conf'''
 
 
 
'''diff freshclam.conf ../../clamav-0.90.2/etc/freshclam.conf'''
 
 
 
 
Above is just incase you are curious of what we are changing/over writing from the clamav defaults.
 
Above is just incase you are curious of what we are changing/over writing from the clamav defaults.
 +
cd /opt/zimbra/clamav-0.90.2/etc/
 +
mv clamd.conf clamd.conf.org
 +
mv freshclam.conf freshclam.conf.org
 +
cd /opt/zimbra/conf
 +
cp clamd.conf /opt/zimbra/clamav-0.90.2/etc/
 +
cp freshclam.conf /opt/zimbra/clamav-0.90.2/etc/
  
'''cd /opt/zimbra/clamav-0.90.2/etc/'''
 
 
'''mv clamd.conf  clamd.conf.org'''
 
 
'''mv freshclam.conf  freshclam.conf.org'''
 
 
'''cd /opt/zimbra/conf'''
 
 
'''cp clamd.conf  /opt/zimbra/clamav-0.90.2/etc/'''
 
 
'''cp freshclam.conf /opt/zimbra/clamav-0.90.2/etc/'''
 
 
 
 
 
Run:  '''zmcontrol stop''' to stop Zimbra.
 
  
 +
Run: zmcontrol stop to stop Zimbra.
 
Now need to delete the symbolic link and re-link it to the new install:
 
Now need to delete the symbolic link and re-link it to the new install:
  
 
+
cd /opt/zimbra
 
+
ls -la 'grep' clamav ( should see 'clamav - /opt/zimbra/clamav-0.90.1' )
'''cd /opt/zimbra'''
 
 
 
'''ls -la 'grep' clamav''' ( should see 'clamav - /opt/zimbra/clamav-0.90.1' )
 
 
 
 
if so:
 
if so:
 
+
rm -rf clamav
'''rm -rf clamav'''
+
ln -s /opt/zimbra/clamav-0.90.2 /opt/zimbra/clamav
 
 
'''ln -s /opt/zimbra/clamav-0.90.2 /opt/zimbra/clamav'''
 
 
 
 
Create directory /opt/zimbra/clamav/db
 
Create directory /opt/zimbra/clamav/db
 
+
mkdir /opt/zimbra/clamav/db
'''mkdir /opt/zimbra/clamav/db'''
 
 
 
 
Now you should make sure zimbra owns all of clamav.
 
Now you should make sure zimbra owns all of clamav.
 
+
chown -R zimbra:zimbra /opt/zimbra/clamav-0.90.2
'''chown -R zimbra:zimbra /opt/zimbra/clamav-0.90.2'''
 
 
 
  
 
Next we need to update the virus database.
 
Next we need to update the virus database.
 +
su zimbra
 +
Run: /opt/zimbra/clamav/bin/freshclam
  
'''su zimbra'''
+
Need to start Zimbra. Run zmcontrol start
 +
Run zmcontrol status to make sure antivirus is running. If it is, you're good to go.
 +
You should check /opt/zimbra/log/clamd.log for errors, as well as freshclam in the same directory. Also /var/log/zimbra.log. To test out ClamAV I would suggest http://www.webmail.us/testvirus to send different variations of the EICAR test virus to one of your email addresses. Depending on if you have "Send notice ot recipient" check in Global Settings of the Admin Web UI, the user should receive around 20 email notifications of the emails being quarantined. Don't worry about the two that got through. Apparently ClamAV doesn't check for the techniques. There are although no virii included in those two emails, so it doesn't worry me. You can delete the previous install of clamav once you make sure everything is working. Delete the /opt/zimbra/clamav-0.90.1 directory and everythnig it contains. Again may want to wait a weelk or two to make sure you have the other version working well first.
  
Run: '''/opt/zimbra/clamav/bin/freshclam'''
 
  
  
Need to start Zimbra.
 
Run '''zmcontrol start'''
 
 
Run '''zmcontrol status''' to make sure antivirus is running. If it is, you're good to go.
 
 
You should check /opt/zimbra/log/clamd.log for errors, as well as freshclam in the same directory. Also /var/log/zimbra.log. To test out ClamAV I would suggest http://www.webmail.us/testvirus to send different variations of the EICAR test virus to one of your email addresses. Depending on if you have "Send notice ot recipient" check in Global Settings of the Admin Web UI, the user should receive around 20 email notifications of the emails being quarantined. Don't worry about the two that got through. Apparently ClamAV doesn't check for the techniques. There are although no virii included in those two emails, so it doesn't worry me.
 
You can delete the previous install of clamav once you make sure everything is working. Delete the /opt/zimbra/clamav-0.90.1 directory and everythnig it contains. Again may want to wait a weelk or two to make sure you have the other version working well first.
 
 
 
----
 
 
----
 
 
Possible Script:
 
Possible Script:
 
 
#!/bin/bash
 
#!/bin/bash
 
#
 
#
Line 179: Line 106:
 
BUILDDIR=${NOW}_clamav_build
 
BUILDDIR=${NOW}_clamav_build
  
ClamVer="clamav-0.91.2"
+
ClamVer="clamav-0.91.2"
ClamURL="http://easynews.dl.sourceforge.net/sourceforge/clamav/clamav-0.91.2.tar.gz"
+
ClamURL="http://easynews.dl.sourceforge.net/sourceforge/clamav/clamav-0.91.2.tar.gz"
  
echo "Installing dependencies if nessesary"
+
echo "Installing dependencies if nessesary"
 
yum -y install gcc glibc zlib-devel gmp-devel bzip2-devel
 
yum -y install gcc glibc zlib-devel gmp-devel bzip2-devel
  
  
echo "Preparing Source"
+
echo "Preparing Source"
mkdir ${BUILDDIR} && cd ${BUILDDIR}
+
mkdir ${BUILDDIR} && cd ${BUILDDIR}
 
wget ${ClamURL}
 
wget ${ClamURL}
  
Line 194: Line 121:
 
tar -zxvf ${ClamVer}.tar.gz
 
tar -zxvf ${ClamVer}.tar.gz
 
cd ${ClamVer}
 
cd ${ClamVer}
echo "==== Building and Installing ClamAV ===="
+
echo "==== Building and Installing ClamAV ===="
 
./configure --prefix=/opt/zimbra/${ClamVer} --with-user=zimbra --with-group=zimbra
 
./configure --prefix=/opt/zimbra/${ClamVer} --with-user=zimbra --with-group=zimbra
  
make && make check && make install
+
make && make check && make install
  
  
Line 217: Line 144:
  
  
echo "==== Freshen ========="
+
echo "==== Freshen ========="
 
sudo -u zimbra /opt/zimbra/clamav/bin/freshclam
 
sudo -u zimbra /opt/zimbra/clamav/bin/freshclam
  
  
echo "===== Starting Zimbra ======="
+
echo "===== Starting Zimbra ======="
echo " If it doesn't work, try a reboot"
+
echo " If it doesn't work, try a reboot"
 
sudo -u zimbra zmcontrol start
 
sudo -u zimbra zmcontrol start
 
 
[[Category:Anti-virus]]
 

Revision as of 13:40, 10 June 2008

Thanks to "Unilogic" AKA: Ben for most of this writeup. Parts have been updated to reflect lastest revision. If you have no idea how to upgrade or are a little shakey in doing the upgrade yourself, I recommend that you wait for the Zimbra official release. Note: This was done on Fedora Core 4 minimal install. Also, all the following can be done either as root or as the zimbra user. If you do it all as 'root', make sure you change ownership for the resulting clamav-0.90.2 folder in /opt/zimbra to zimbra:zimbra. This HOWTO also assumes that you are upgrading from 0.90.1 to 0.90.2 Please substitute the versions above for what you are upgrading from and to.

When ClamAV releases a new version and gets out of date, it will complain in its log files as such. clamd.log shows the following warning: LibClamAV Warning: ******************************************************** LibClamAV Warning: *** This version of the ClamAV engine is outdated. *** LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html *** LibClamAV Warning: ********************************************************

and

freshclam.log shows the following warning: ( Below may be different but will be similer ) Received signal: wake up ClamAV update process started at Fri May 4 15:44:46 2007 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.90.1 Recommended version: 0.90.2 DON'T PANIC! Read http://www.clamav.net/faq.html main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 9, recommended = 10 DON'T PANIC! Read http://www.clamav.net/faq.html daily.cvd is up to date (version: 2580, sigs: 7879, f-level: 13, builder: ccordes) WARNING: Your ClamAV installation is OUTDATED! WARNING: Current functionality level = 9, recommended = 13 DON'T PANIC! Read http://www.clamav.net/faq.html


If upgrading from anything below 0.90.x, please refer to: *Updating CLAMAV from version lower than 0.90.0 To update, follow the following: First go grab the latest ClamAV source from http://www.clamav.net/download Extract it to where ever you please. All this can either be done as root or as the zimbra user. If you do it all as root make sure you change ownership for the resulting clamav folder in /opt/zimbra to zimbra:zimbra. Assuming that the new clamav version is in the directory: /home/snelson ( substitute your username for 'snelson' ) tar -xvf clamav-0.90.2.tar.gz cd clamav-0.90.2 Next run configure inside of the clamav extract as following: ./configure --prefix=/opt/zimbra/clamav-0.90.2 --with-user=zimbra --with-group=zimbra This assumes 'zimbra' is user and group id 'zimbra', change it accordingly to your system to match your zimbra user. Note: I had to install gmp-devel and bzip2-devel so the configure could find all its header files. Your mileage may very. If you get an error about GNU MP missing install gmp-devel. "yum install gmp-devel", and "yum install bzip2-devel" in Fedora and Red Hat.

If your 'configure' goes well, and make sure it does as you don't really want ClamAV installed without some of its available testing ability being compiled. Run: make Assuming there are no errors, Run: make check and then make install. Again assuming no errors, you now have the new version installed into /opt/zimbra/clamav-0.90.2 Now we compare then copy your old clamd.conf and freshclam.conf from the previous version to the new version directory: cd /opt/zimbra/clamav-0.90.1/etc/ diff clamd.conf ../../clamav-0.90.2/etc/clamd.conf diff freshclam.conf ../../clamav-0.90.2/etc/freshclam.conf Above is just incase you are curious of what we are changing/over writing from the clamav defaults. cd /opt/zimbra/clamav-0.90.2/etc/ mv clamd.conf clamd.conf.org mv freshclam.conf freshclam.conf.org cd /opt/zimbra/conf cp clamd.conf /opt/zimbra/clamav-0.90.2/etc/ cp freshclam.conf /opt/zimbra/clamav-0.90.2/etc/


Run: zmcontrol stop to stop Zimbra. Now need to delete the symbolic link and re-link it to the new install:

cd /opt/zimbra ls -la 'grep' clamav ( should see 'clamav - /opt/zimbra/clamav-0.90.1' ) if so: rm -rf clamav ln -s /opt/zimbra/clamav-0.90.2 /opt/zimbra/clamav Create directory /opt/zimbra/clamav/db mkdir /opt/zimbra/clamav/db Now you should make sure zimbra owns all of clamav. chown -R zimbra:zimbra /opt/zimbra/clamav-0.90.2

Next we need to update the virus database. su zimbra Run: /opt/zimbra/clamav/bin/freshclam

Need to start Zimbra. Run zmcontrol start Run zmcontrol status to make sure antivirus is running. If it is, you're good to go. You should check /opt/zimbra/log/clamd.log for errors, as well as freshclam in the same directory. Also /var/log/zimbra.log. To test out ClamAV I would suggest http://www.webmail.us/testvirus to send different variations of the EICAR test virus to one of your email addresses. Depending on if you have "Send notice ot recipient" check in Global Settings of the Admin Web UI, the user should receive around 20 email notifications of the emails being quarantined. Don't worry about the two that got through. Apparently ClamAV doesn't check for the techniques. There are although no virii included in those two emails, so it doesn't worry me. You can delete the previous install of clamav once you make sure everything is working. Delete the /opt/zimbra/clamav-0.90.1 directory and everythnig it contains. Again may want to wait a weelk or two to make sure you have the other version working well first.


Possible Script:

  1. !/bin/bash
  2.  !!!!!! WARNING !!!!!!!!!!
  3. This script is absolutely untested. I wrote it after the fact
  4. as reference, for the next time this happens. I repeat I have
  5. not actually tested to see if it even runs. You probobly want
  6. to just run through the steps manually to prevent harming your
  7. system... Again, this script took 2 minutes to write, and has
  8. never been tested, and there absolutely no error checking.
  9. Otherwise, if you really want to run it, uncomment the exit
  10. satement.
  11. Anonomous - 20071119 updates by others 20071206

exit NOW=`date +%Y%m%d%H%M%S` BUILDDIR=${NOW}_clamav_build

ClamVer="clamav-0.91.2" ClamURL="http://easynews.dl.sourceforge.net/sourceforge/clamav/clamav-0.91.2.tar.gz%22

echo "Installing dependencies if nessesary" yum -y install gcc glibc zlib-devel gmp-devel bzip2-devel


echo "Preparing Source" mkdir ${BUILDDIR} && cd ${BUILDDIR} wget ${ClamURL}


tar -zxvf ${ClamVer}.tar.gz cd ${ClamVer} echo "==== Building and Installing ClamAV ====" ./configure --prefix=/opt/zimbra/${ClamVer} --with-user=zimbra --with-group=zimbra

make && make check && make install


chown -R zimbra:zimbra /opt/zimbra/${ClamVer}

cd /opt/zimbra/${ClamVer}/etc mv clamd.conf clamd.conf.orig mv freshclam.conf freshclam.conf.orig chown zimbra:zimbra *.conf

cp /opt/zimbra/conf/clamd.conf . cp /opt/zimbra/conf/freshclam.conf .


sudo -u zimbra zmcontrol stop cd /opt/zimbra unlink clamav ln -s ${ClamVer} clamav


echo "==== Freshen =========" sudo -u zimbra /opt/zimbra/clamav/bin/freshclam


echo "===== Starting Zimbra =======" echo " If it doesn't work, try a reboot" sudo -u zimbra zmcontrol start

Jump to: navigation, search