HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   ClamAV out of date - The right way to update without crashing ISPconfig3 (http://www.howtoforge.com/forums/showthread.php?t=61030)

danhansen@denmark 20th March 2013 07:57

ClamAV out of date - The right way to update without crashing ISPconfig3
 
Hi,

First of all, sorry for posting some threads the wrong place. Thought questions regarding ISPConfig 3 were to be posted at "HOWTO-Related Questions" and/or "Server Operation". Sorry about that :o

I have an Ubuntu Server 10.04 with ISPConfig3 installed. I am getting a warnings regarding ClamAV. Please look at this:

From FreshClamLog:
Wed Mar 20 07:03:37 2013 -> Received signal: wake up
Wed Mar 20 07:03:37 2013 -> ClamAV update process started at Wed Mar 20 07:03:37 2013
Wed Mar 20 07:03:37 2013 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Mar 20 07:03:37 2013 -> WARNING: Local version: 0.97.6 Recommended version: 0.97.7
Wed Mar 20 07:03:37 2013 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Wed Mar 20 07:03:41 2013 -> --------------------------------------


I read this old thread, answered by Falko http://www.howtoforge.com/forums/arc...p/t-50464.html, regarding just this - but there is some additional warnings which I have inserted below.:

Mail-Error-Log
Data from: 2013-03-20 07:15
Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups
Mar 18 06:28:01 webserver1 amavis[1669]: (01669-01) (!!)WARN: all primary virus scanners failed, considering backups
Mar 18 16:05:18 webserver1 amavis[1668]: (01668-02) (!!)WARN: all primary virus scanners failed, considering backups


So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?

A few other Alarms in the Monitor Area:

ISPConfig Cron - Log
Data from: 2013-03-20 07:35
[...]PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
[...]


and additional warnings in:

RKHunter Log
Fail2Ban Log


Are theese warnings to be taken a little lightly? Not so serious?
How do you "reset" the logs or delete them? And if deleted, will the file self generate?

Looking forward to any kind of response

Kind Regards,
DanHansen@Denmark

florian030 20th March 2013 09:14

Hi,

Quote:

Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups

So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?
This has nothing to do with your Clamd-Version or the database-version.

Amavis canīt reach clamd as defined in @av_scanners. Make sure that the clamd is running and the socket-file in your amavis-config for the @av_scanners matches the LocalSocket defined in your clamd.conf

till 20th March 2013 09:17

There is nothing to be updated as your clamav signatures are up to dae:

Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.

danhansen@denmark 20th March 2013 10:40

Hi Florian & Till,

Thanks for your help guys ;)
I will look into the faq of clamav, just wanted confirmation from the pro's

Thanks
Kind Regards,
Dan Hansen

Hairy 23rd March 2013 19:20

Quote:

Originally Posted by till (Post 294309)
There is nothing to be updated as your clamav signatures are up to dae:

Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.

It is true that your signatures are up to date. However, your antivirus program IS out of date. Keeping your signatures up to date, does not keep your antivirus program up to date.

To update your antivirus program, ssh to your server as root and type the following:

Code:

freshclam
It will take a little bit of time to show up in the ISPConfig log panel. When it does show up, you will now see a green background around the data that is shown on the 'show overview' screen. YAY!

florian030 23rd March 2013 20:19

No. Freshclam updates the signatures and never clamd.
Usually freshclam runs every x hours - depends on your freshclam.conf

Hairy 23rd March 2013 20:30

Quote:

Originally Posted by florian030 (Post 294594)
No. Freshclam updates the signatures and never clamd.
Usually freshclam runs every x hours - depends on your freshclam.conf

I apologize. :D

The correct way to update the antivirus program is:
Code:

yum update clamav
Then to update signatures:
Code:

freshclam
The freshclam is usually setup to update the signatures automatically.


All times are GMT +2. The time now is 02:50.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.