https://wiki.zimbra.com/api.php?action=feedcontributions&user=Ryan+Fahey&feedformat=atomZimbra :: Tech Center - User contributions [en]2024-03-29T00:26:13ZUser contributionsMediaWiki 1.39.0https://wiki.zimbra.com/index.php?title=ClamAV_-_Updating_Version&diff=55312ClamAV - Updating Version2014-08-04T18:50:30Z<p>Ryan Fahey: /* Related Articles */</p>
<hr />
<div>{{Unsupported}}<br />
{{Article Infobox|{{admin}}||{{ZCS 5.0}}|}}==Background==<br />
Zimbra updates the ClamAV engine to latest with every release of ZCS.<br />
<br />
ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).<br />
<br />
However, there are times when you may want the latest package.<br />
<br />
==Notes==<br />
Some good tips for troubleshooting can be found in [[ClamAV - Reset Defs DB]]<br />
<br />
Definitions in n ZCS 5.0.3+ were moved to a data directory to keep separate from application data, replace applicable with:<br />
/opt/zimbra/data/clamav/db<br />
<br />
<br />
Out of cycle updates RFE is [http://bugzilla.zimbra.com/show_bug.cgi?id=15137 Bug 15137]<br />
<br />
http://wiki.zimbra.com/wiki/ClamAV_-_Updating_clamd_for_releases_earlier_than_ZCS_5.0.16<br />
<br />
http://wiki.zimbra.com/wiki/ClamAV_-_Updating_from_versions_lower_than_0.90.0<br />
<br />
Original directions courtesy of [http://www.zimbra.com/forums/members/Unilogic.html Unilogic].<br />
<br />
If you have no idea how to upgrade or are a little shaky in doing the upgrade yourself, I recommend that you wait for the Zimbra official release.<br />
<br />
Step 1: Make a backup.<br />
<br />
Note: This was done on Fedora Core 4 minimal install. Also, all the following can be done either as root or as the zimbra user. <br />
If you do it all as 'root', make sure you change ownership for the resulting clamav-0.90.2 folder in /opt/zimbra to zimbra:zimbra.<br />
<br />
This HOWTO also assumes that you are upgrading from 0.90.1 to 0.90.2 <br />
Please substitute the versions above for what you are upgrading from and to.<br />
<br />
If upgrading from anything below 0.90.x, please refer to: [[ClamAV - Updating from versions lower than 0.90.0]]<br />
<br />
==Noticing Out-of-Date==<br />
<br />
When ClamAV releases a new version and gets out of date, it will complain in its log files as such.<br />
<br />
clamd.log shows the following warning:<br />
<br />
LibClamAV Warning: ********************************************************<br />
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***<br />
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html ***<br />
LibClamAV Warning: ********************************************************<br />
<br />
freshclam.log shows the following warning:<br />
<br />
Received signal: wake up<br />
ClamAV update process started at Fri May 4 15:44:46 2007<br />
WARNING: Your ClamAV installation is OUTDATED!<br />
WARNING: Local version: 0.90.1 Recommended version: 0.90.2<br />
DON'T PANIC! Read http://www.clamav.net/faq.html<br />
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)<br />
WARNING: Your ClamAV installation is OUTDATED!<br />
WARNING: Current functionality level = 9, recommended = 10<br />
DON'T PANIC! Read http://www.clamav.net/faq.html<br />
daily.cvd is up to date (version: 2580, sigs: 7879, f-level: 13, builder: ccordes)<br />
WARNING: Your ClamAV installation is OUTDATED!<br />
WARNING: Current functionality level = 9, recommended = 13<br />
DON'T PANIC! Read http://www.clamav.net/faq.html<br />
<br />
==Updating==<br />
<br />
To update, follow the following:<br />
First go grab the latest ClamAV source from http://www.clamav.net/download (Current Stable Version is 0.96 )<br />
Extract it to where ever you please. All this can either be done as root or as the zimbra user. <br />
If you do it all as root make sure you change ownership for the resulting clamav folder in /opt/zimbra to zimbra:zimbra.<br />
<br />
Assuming that the new clamav version is in the directory: /home/snelson ( substitute your username for &amp;#39;snelson&amp;#39; )<br />
<br />
'''tar -xvf clamav-0.96.tar.gz'''<br />
<br />
'''cd clamav-0.96'''<br />
<br />
Next run configure inside of the clamav extract as following:<br />
<br />
'''./configure --prefix=/opt/zimbra/clamav-0.96 --with-user=zimbra --with-group=zimbra'''<br />
<br />
This assumes 'zimbra' is user and group id 'zimbra', change it accordingly to your system to match your zimbra user.<br />
<br />
Note: I had to install gmp-devel and bzip2-devel so the configure could find all its header files. Your mileage may very. If you get an error about GNU MP missing install gmp-devel. &amp;quot;yum install gmp-devel&amp;quot;, and &amp;quot;yum install bzip2-devel&amp;quot; in Fedora and Red Hat. In Ubuntu, you must install libsll-dev by this command: apt-get install libssl-dev.<br />
<br />
<br />
If your 'configure' goes well, and make sure it does as you don't really want ClamAV installed without some of its available testing ability being compiled.<br />
<br />
Run: '''make'''<br />
<br />
The following steps should be run as root.<br />
<br />
Assuming there are no errors,<br />
<br />
Run: '''make check''' and then '''make install'''.<br />
Again assuming no errors, you now have the new version installed into /opt/zimbra/clamav-0.96<br />
<br />
Now we compare then copy your old clamd.conf and freshclam.conf from the previous version to the new version directory:<br />
<br />
'''cd /opt/zimbra/clamav-0.96/etc/'''<br />
<br />
'''diff clamd.conf ../../clamav/etc/clamd.conf'''<br />
<br />
'''diff freshclam.conf ../../clamav/etc/freshclam.conf'''<br />
<br />
Above is just incase you are curious of what we are changing/over writing from the clamav defaults.<br />
<br />
'''mv clamd.conf clamd.conf.org'''<br />
<br />
'''mv freshclam.conf freshclam.conf.org'''<br />
<br />
'''cd /opt/zimbra/conf'''<br />
<br />
'''cp clamd.conf /opt/zimbra/clamav-0.96/etc/'''<br />
<br />
'''cp freshclam.conf /opt/zimbra/clamav-0.96/etc/'''<br />
<br />
<br />
<br />
As zimbra: '''zmcontrol stop''' to stop Zimbra.<br />
<br />
Now need to delete the symbolic link and re-link it to the new install. As root:<br />
<br />
<br />
<br />
'''cd /opt/zimbra'''<br />
<br />
'''ls -la | grep clamav''' ( should see 'clamav -> /path/to/previous_clamAV' )<br />
<br />
if so:<br />
<br />
'''rm -rf clamav''' (or if you want to keep the old install & link around, so you can easily back out, just do '''mv clamav clamav.old''')<br />
<br />
'''ln -s /opt/zimbra/clamav-0.96 /opt/zimbra/clamav'''<br />
<br />
Create directory /opt/zimbra/clamav/db<br />
<br />
'''mkdir /opt/zimbra/clamav/db '''<br />
<br />
Now you should make sure zimbra owns all of clamav.<br />
<br />
'''chown -R zimbra:zimbra /opt/zimbra/clamav-0.96'''<br />
<br />
zimbra also needs access to freshclam.conf<br />
<br />
'''chmod a+r /opt/zimbra/clamav/etc/freshclam.conf'''<br />
<br />
<br />
Next we need to update the virus database.<br />
<br />
'''su zimbra'''<br />
<br />
Run: '''/opt/zimbra/clamav/bin/freshclam'''<br />
<br />
If you get any warnings, just run the command again to confirm that everything was successfully updated.<br />
<br />
NOTE: if you run zimbra behind a proxy, you need to modify /opt/zimbra/clamav/etc/freshclam.conf. Please uncomment these lines:<br />
<br />
HTTPProxyServer myproxyserver.com<br />
HTTPProxyPort 1234<br />
HTTPProxyUsername myusername<br />
HTTPProxyPassword mypass<br />
<br />
<br />
<br />
Need to start Zimbra.<br />
Run '''zmcontrol start'''<br />
<br />
Note: you may not need to stop Zimbra during this update. If you don't stop Zimbra, just do '''zmantivirusctl restart''' at this point.<br />
<br />
Run '''zmcontrol status''' to make sure antivirus is running. If it is, you're good to go.<br />
<br />
You should check /opt/zimbra/log/clamd.log for errors, as well as freshclam in the same directory. Also /var/log/zimbra.log. To test out ClamAV I would suggest http://www.webmail.us/testvirus to send different variations of the EICAR test virus to one of your email addresses. Depending on if you have &amp;quot;Send notice ot recipient&amp;quot; check in Global Settings of the Admin Web UI, the user should receive around 20 email notifications of the emails being quarantined. Don&amp;#39;t worry about the two that got through. Apparently ClamAV doesn&amp;#39;t check for the techniques. There are although no virii included in those two emails, so it doesn&amp;#39;t worry me.<br />
You can delete the previous install of clamav once you make sure everything is working. Delete the /opt/zimbra/clamav-0.90.1 directory and everythnig it contains. Again may want to wait a weelk or two to make sure you have the other version working well first.<br />
<br />
==Scripting==<br />
<br />
Possible Script: (tweaked and tested on a CentOS server as of July 14, 2010)<br />
<pre><br />
#!/bin/bash<br />
#<br />
#<br />
# !!!!!! WARNING !!!!!!!!!!<br />
# This script is absolutely untested. I wrote it after the fact<br />
# as reference, for the next time this happens. I repeat I have<br />
# not actually tested to see if it even runs. You probably want<br />
# to just run through the steps manually to prevent harming your<br />
# system... Again, this script took 2 minutes to write, and has<br />
# never been tested, and there absolutely no error checking.<br />
#<br />
# Otherwise, if you really want to run it, uncomment the exit<br />
# statement.<br />
#<br />
# [http://www.zimbra.com/forums/members/artimus.html artimus]- 20071119 updates by others 20071206<br />
#<br />
##################################################################<br />
#exit<br />
NOW=`date +%Y%m%d%H%M%S`<br />
BUILDDIR=${NOW}_clamav_build<br />
<br />
ClamVer="clamav-0.96.1"<br />
ClamURL="http://easynews.dl.sourceforge.net/sourceforge/clamav/clamav-0.96.1.tar.gz"<br />
<br />
echo "Installing dependencies if necessary"<br />
yum -y install gcc glibc zlib-devel gmp-devel bzip2-devel<br />
# on Debian/Ubuntu use: apt-get build-dep clamav<br />
<br />
# apt-get build-dep clamav<br />
<br />
echo "Preparing Source"<br />
mkdir ${BUILDDIR} && cd ${BUILDDIR}<br />
wget ${ClamURL}<br />
<br />
<br />
<br />
tar -zxvf ${ClamVer}.tar.gz<br />
cd ${ClamVer}<br />
echo "==== Building and Installing ClamAV ===="<br />
./configure --prefix=/opt/zimbra/${ClamVer} --with-user=zimbra --with-group=zimbra<br />
<br />
make && make check && make install<br />
<br />
<br />
chown -R zimbra:zimbra /opt/zimbra/${ClamVer}<br />
<br />
cd /opt/zimbra/${ClamVer}/etc<br />
mv clamd.conf clamd.conf.orig<br />
mv freshclam.conf freshclam.conf.orig<br />
<br />
cp /opt/zimbra/conf/clamd.conf .<br />
cp /opt/zimbra/conf/freshclam.conf .<br />
chown zimbra:zimbra *.conf<br />
<br />
<br />
sudo -u zimbra /opt/zimbra/bin/zmcontrol stop<br />
cd /opt/zimbra<br />
unlink clamav<br />
ln -s ${ClamVer} clamav<br />
<br />
<br />
echo "==== Freshen ========="<br />
sudo -u zimbra /opt/zimbra/clamav/bin/freshclam<br />
<br />
<br />
echo "===== Starting Zimbra ======="<br />
echo " If it doesn't work, try a reboot"<br />
sudo -u zimbra /opt/zimbra/bin/zmcontrol start<br />
</pre><br />
<br />
=Related Articles=<br />
*[[ClamAV - Updating from versions lower than 0.90.0]]<br />
*[http://resources.infosecinstitute.com/open-source-antivirus-clamav/ http://resources.infosecinstitute.com/open-source-antivirus-clamav/]<br />
<br />
<br />
{{Article Footer|unknown|5/6/2007}}<br />
<br />
[[Category:Anti-virus]]<br />
[[Category:ZCS 5.0]]</div>Ryan Fahey