ClamAV out of date - The right way to update without crashing ISPconfig3

[danhansen@denmark]

Hi,

First of all, sorry for posting some threads the wrong place. Thought questions regarding ISPConfig 3 were to be posted at "HOWTO-Related Questions" and/or "Server Operation". Sorry about that

I have an Ubuntu Server 10.04 with ISPConfig3 installed. I am getting a warnings regarding ClamAV. Please look at this:

From FreshClamLog:
Wed Mar 20 07:03:37 2013 -> Received signal: wake up
Wed Mar 20 07:03:37 2013 -> ClamAV update process started at Wed Mar 20 07:03:37 2013
Wed Mar 20 07:03:37 2013 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Mar 20 07:03:37 2013 -> WARNING: Local version: 0.97.6 Recommended version: 0.97.7
Wed Mar 20 07:03:37 2013 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Wed Mar 20 07:03:41 2013 -> --------------------------------------

I read this old thread, answered by Falko http://www.howtoforge.com/forums/arc...p/t-50464.html, regarding just this - but there is some additional warnings which I have inserted below.:

Mail-Error-Log
Data from: 2013-03-20 07:15
Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups
Mar 18 06:28:01 webserver1 amavis[1669]: (01669-01) (!!)WARN: all primary virus scanners failed, considering backups
Mar 18 16:05:18 webserver1 amavis[1668]: (01668-02) (!!)WARN: all primary virus scanners failed, considering backups

So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?

A few other Alarms in the Monitor Area:

ISPConfig Cron - Log
Data from: 2013-03-20 07:35
[...]PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
[...]

and additional warnings in:

RKHunter Log
Fail2Ban Log

Are theese warnings to be taken a little lightly? Not so serious?
How do you "reset" the logs or delete them? And if deleted, will the file self generate?

Looking forward to any kind of response

Kind Regards,
DanHansen@Denmark

[florian030]

Hi,

Quote:

Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups

So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?

This has nothing to do with your Clamd-Version or the database-version.

Amavis can´t reach clamd as defined in @av_scanners. Make sure that the clamd is running and the socket-file in your amavis-config for the @av_scanners matches the LocalSocket defined in your clamd.conf

[till]

There is nothing to be updated as your clamav signatures are up to dae:

Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.

[danhansen@denmark]

Hi Florian & Till,

Thanks for your help guys
I will look into the faq of clamav, just wanted confirmation from the pro's

Thanks
Kind Regards,
Dan Hansen

[Hairy]

Quote:

Originally Posted by till

There is nothing to be updated as your clamav signatures are up to dae:

Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.

It is true that your signatures are up to date. However, your antivirus program IS out of date. Keeping your signatures up to date, does not keep your antivirus program up to date.

To update your antivirus program, ssh to your server as root and type the following:

Code:

freshclam

It will take a little bit of time to show up in the ISPConfig log panel. When it does show up, you will now see a green background around the data that is shown on the 'show overview' screen. YAY!

[florian030]

No. Freshclam updates the signatures and never clamd.
Usually freshclam runs every x hours - depends on your freshclam.conf

[Hairy]

Quote:

Originally Posted by florian030

No. Freshclam updates the signatures and never clamd.
Usually freshclam runs every x hours - depends on your freshclam.conf

I apologize.

The correct way to update the antivirus program is:

Code:

yum update clamav

Then to update signatures:

Code:

freshclam

The freshclam is usually setup to update the signatures automatically.