ClamAV - Updating clamd for releases earlier than ZCS 8.0.6

ClamAV - Updating clamd for releases earlier than ZCS 8.0.6

   KB 23065        Last updated on 10/25/2016  




0.00
(0 votes)

For those using ZCS 8.0.6 and prior, anti-virus definitions will no longer update from 22 October 2016 AND your ClamAV instance will stop working entirely.

Preventative methods

  • Update ZCS to a newer version.
  • Update just the ClamAV component.

Workaround

Zimbra Collaboration is the open source leader in email and collaboration. That means your company can benefit from the manual upgrade of some third party packages and keep your email server up, running and secure, while planning your upgrade to the latest ZCS Release.

Disable the antivirus

You can follow a workaround by disabling antivirus. This workaround will let your Zimbra Collaboration platform run without antivirus. However, we don’t recommend it.

Turn off ClamAV from your Admin Console

Go to Server > Services 'as/av' tab > uncheck av.

Via CLI

Run the next commands as zimbra user (The minus sign is important, or you'll leave nothing but av running.):

zmprov ms `zmhostname` -zimbraServiceEnabled antivirus
zmamavisdctl reload

Manual ClamAV component upgrade

Zimbra includes ClamAV 0.98.4 as of ZCS 8.0.7+. The clamav-0.98.4 directory from an installed ZCS 8.0.7 or later installation can be copied directly to an earlier ZCS 8.0/7.2.x server. To upgrade ClamAV, perform the following steps:

Downloads

Use the clamav version our team has generated for your Zimbra environments:

Other methods to obtain
  • Install a new server with a later release of ZCS or use the above links. The Free Open-Source release of ZCS is available at http://www.zimbra.com/downloads/os-downloads.html. This document was tested with 8.5.1 (8.0.9 for Ubuntu 10), but any release starting with 8.0.7 or later will work.
  • After the installation is complete, tar up clamav-0.95.1 on the new server:
cd /opt/zimbra
tar czf /tmp/clamav-0.98.4.tar.gz clamav-0.98.4 openssl-1.0.1j

Update Instructions

  • Download the file from one of the previous links.
  • Untar the file.
tar xzvf clamav-0.98.4.tar.gz
  • Stop ZCS services.
zmcontrol stop
  • Change the symbolic link (run as root)
rm clamav
ln -s clamav-0.98.4 clamav
ls -l clamav

The output line will look similar to:

lrwxrwxrwx  1 root root 25 Apr  9 15:39 clamav -> /opt/zimbra/clamav-0.98.4
  • Start services.
zmcontrol start
  • If there are errors regarding libssl.so.1.0.0, make sure you've downloaded the latest version of the binaries. The latest version contains the openssl version used to build clamav, and is approximately 100MB and dated 10/25/2016. The previous version was about 91MB and dated 10/22/2016.

Confirm

You can confirm that the new version of ClamAV is running by checking /opt/zimbra/log/clamd.log. The most recent startup in the log should look similar to:

Sat Oct 22 18:42:31 2016 -> +++ Started at Sat Oct 22 18:42:31 2016
Sat Oct 22 18:42:31 2016 -> clamd daemon 0.98.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Test send-receive of mail.

With ClamAV 0.98 in place, updates should continue uninterrupted after October 22, 2016, and your system will remain protected.

This procedure was tested using ZCS 8.5.1 (and ZCS 8.0.9 for Ubuntu 10).

Verified Against: ZCS 8.0.9 & 8.5.1 Date Created: 10/22/2016
Article ID: https://wiki.zimbra.com/index.php?title=ClamAV_-_Updating_clamd_for_releases_earlier_than_ZCS_8.0.6 Date Modified: 10/25/2016



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search