ClamAV - Updating clamd for releases earlier than ZCS 8.0.6
ClamAV - Updating clamd for releases earlier than ZCS 8.0.6
For those using ZCS 8.0.6 and prior, anti-virus definitions will no longer update from 22 October 2016 AND your ClamAV instance will stop working entirely.
Preventative methods
- Update ZCS to a newer version.
- Update just the ClamAV component.
Workaround
Zimbra Collaboration is the open source leader in email and collaboration. That means your company can benefit from the manual upgrade of some third party packages and keep your email server up, running and secure, while planning your upgrade to the latest ZCS Release.
Disable the antivirus
You can follow a workaround by disabling antivirus. This workaround will let your Zimbra Collaboration platform run without antivirus. However, we don’t recommend it.
Turn off ClamAV from your Admin Console
Go to Server > Services 'as/av' tab > uncheck av.
Via CLI
Run the next commands as zimbra user (The minus sign is important, or you'll leave nothing but av running.):
zmprov ms `zmhostname` -zimbraServiceEnabled antivirus zmamavisdctl reload
Manual ClamAV component upgrade
Zimbra includes ClamAV 0.98.4 as of ZCS 8.0.7+. The clamav-0.98.4 directory from an installed ZCS 8.0.7 or later installation can be copied directly to an earlier ZCS 8.0/7.2.x server. To upgrade ClamAV, perform the following steps:
Downloads
Use the clamav version our team has generated for your Zimbra environments:
- Redhat 6.x: clamav-0.98.4.tar.gz md5 sha256
- CentOS 6.x: clamav-0.98.4.tar.gz md5 sha256
- SLES 11 64-bit: clamav-0.98.4.tar.gz md5 sha256
- Ubuntu 10.04 64-bit: clamav-0.98.4.tar.gz md5 sha256
- Ubuntu 12.06 64-bit: clamav-0.98.4.tar.gz md5 sha256
Other methods to obtain
- Install a new server with a later release of ZCS or use the above links. The Free Open-Source release of ZCS is available at http://www.zimbra.com/downloads/os-downloads.html. This document was tested with 8.5.1 (8.0.9 for Ubuntu 10), but any release starting with 8.0.7 or later will work.
- After the installation is complete, tar up clamav-0.95.1 on the new server:
cd /opt/zimbra tar czf /tmp/clamav-0.98.4.tar.gz clamav-0.98.4 openssl-1.0.1j
Update Instructions
- Download the file from one of the previous links.
- Untar the file.
tar xzvf clamav-0.98.4.tar.gz
- Stop ZCS services.
zmcontrol stop
- Change the symbolic link (run as root)
rm clamav ln -s clamav-0.98.4 clamav ls -l clamav
The output line will look similar to:
lrwxrwxrwx 1 root root 25 Apr 9 15:39 clamav -> /opt/zimbra/clamav-0.98.4
- Start services.
zmcontrol start
- If there are errors regarding libssl.so.1.0.0, make sure you've downloaded the latest version of the binaries. The latest version contains the openssl version used to build clamav, and is approximately 100MB and dated 10/25/2016. The previous version was about 91MB and dated 10/22/2016.
Confirm
You can confirm that the new version of ClamAV is running by checking /opt/zimbra/log/clamd.log. The most recent startup in the log should look similar to:
Sat Oct 22 18:42:31 2016 -> +++ Started at Sat Oct 22 18:42:31 2016 Sat Oct 22 18:42:31 2016 -> clamd daemon 0.98.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Test send-receive of mail.
With ClamAV 0.98 in place, updates should continue uninterrupted after October 22, 2016, and your system will remain protected.
This procedure was tested using ZCS 8.5.1 (and ZCS 8.0.9 for Ubuntu 10).