Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th March 2013, 07:57
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 176
Thanks: 36
Thanked 3 Times in 3 Posts
Post ClamAV out of date - The right way to update without crashing ISPconfig3

Hi,

First of all, sorry for posting some threads the wrong place. Thought questions regarding ISPConfig 3 were to be posted at "HOWTO-Related Questions" and/or "Server Operation". Sorry about that

I have an Ubuntu Server 10.04 with ISPConfig3 installed. I am getting a warnings regarding ClamAV. Please look at this:

From FreshClamLog:
Wed Mar 20 07:03:37 2013 -> Received signal: wake up
Wed Mar 20 07:03:37 2013 -> ClamAV update process started at Wed Mar 20 07:03:37 2013
Wed Mar 20 07:03:37 2013 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Mar 20 07:03:37 2013 -> WARNING: Local version: 0.97.6 Recommended version: 0.97.7
Wed Mar 20 07:03:37 2013 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Wed Mar 20 07:03:41 2013 -> --------------------------------------


I read this old thread, answered by Falko http://www.howtoforge.com/forums/arc...p/t-50464.html, regarding just this - but there is some additional warnings which I have inserted below.:

Mail-Error-Log
Data from: 2013-03-20 07:15
Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups
Mar 18 06:28:01 webserver1 amavis[1669]: (01669-01) (!!)WARN: all primary virus scanners failed, considering backups
Mar 18 16:05:18 webserver1 amavis[1668]: (01668-02) (!!)WARN: all primary virus scanners failed, considering backups


So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?

A few other Alarms in the Monitor Area:

ISPConfig Cron - Log
Data from: 2013-03-20 07:35
[...]PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
PHP Warning: mysqli::escape_string(): Couldn't fetch db in /usr/local/ispconfig/server/lib/classes/db_mysql.inc.php on line 215
[...]


and additional warnings in:

RKHunter Log
Fail2Ban Log


Are theese warnings to be taken a little lightly? Not so serious?
How do you "reset" the logs or delete them? And if deleted, will the file self generate?

Looking forward to any kind of response

Kind Regards,
DanHansen@Denmark
Reply With Quote
Sponsored Links
  #2  
Old 20th March 2013, 09:14
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 186
Thanks: 7
Thanked 47 Times in 41 Posts
Default

Hi,

Quote:
Mar 17 06:56:25 webserver1 amavis[1668]: (01668-01) (!!)WARN: all primary virus scanners failed, considering backups

So how do we "Update"? Is the Virus Database being updated still/automatic? And do we get the "Upgrade" with the Ubuntu Release Upgrade?
This has nothing to do with your Clamd-Version or the database-version.

Amavis cant reach clamd as defined in @av_scanners. Make sure that the clamd is running and the socket-file in your amavis-config for the @av_scanners matches the LocalSocket defined in your clamd.conf
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
The Following User Says Thank You to florian030 For This Useful Post:
danhansen@denmark (20th March 2013)
  #3  
Old 20th March 2013, 09:17
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

There is nothing to be updated as your clamav signatures are up to dae:

Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
danhansen@denmark (20th March 2013)
  #4  
Old 20th March 2013, 10:40
danhansen@denmark danhansen@denmark is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Posts: 176
Thanks: 36
Thanked 3 Times in 3 Posts
Default

Hi Florian & Till,

Thanks for your help guys
I will look into the faq of clamav, just wanted confirmation from the pro's

Thanks
Kind Regards,
Dan Hansen
Reply With Quote
  #5  
Old 23rd March 2013, 19:20
Hairy Hairy is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Location: USA
Posts: 57
Thanks: 6
Thanked 27 Times in 16 Posts
Default

Quote:
Originally Posted by till View Post
There is nothing to be updated as your clamav signatures are up to dae:

Wed Mar 20 07:03:37 2013 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Mar 20 07:03:37 2013 -> daily.cld is up to date (version: 16876, sigs: 980232, f-level: 63, builder: guitar)
Wed Mar 20 07:03:37 2013 -> bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

Its described in the faq of clamav and ispconfig that thw Outdated warning can be ignored as it does not mean that your antivirus signatures are not up to date.
It is true that your signatures are up to date. However, your antivirus program IS out of date. Keeping your signatures up to date, does not keep your antivirus program up to date.

To update your antivirus program, ssh to your server as root and type the following:

Code:
freshclam
It will take a little bit of time to show up in the ISPConfig log panel. When it does show up, you will now see a green background around the data that is shown on the 'show overview' screen. YAY!
Reply With Quote
  #6  
Old 23rd March 2013, 20:19
florian030 florian030 is offline
Senior Member
 
Join Date: Oct 2012
Posts: 186
Thanks: 7
Thanked 47 Times in 41 Posts
Default

No. Freshclam updates the signatures and never clamd.
Usually freshclam runs every x hours - depends on your freshclam.conf
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
  #7  
Old 23rd March 2013, 20:30
Hairy Hairy is offline
HowtoForge Supporter
 
Join Date: Mar 2013
Location: USA
Posts: 57
Thanks: 6
Thanked 27 Times in 16 Posts
 
Default

Quote:
Originally Posted by florian030 View Post
No. Freshclam updates the signatures and never clamd.
Usually freshclam runs every x hours - depends on your freshclam.conf
I apologize.

The correct way to update the antivirus program is:
Code:
yum update clamav
Then to update signatures:
Code:
freshclam
The freshclam is usually setup to update the signatures automatically.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
After upgrade ispconfig 3.0.3 to 3.0.5 apache update? papich Installation/Configuration 3 19th March 2013 08:22
apt-get upgrade problem with MySQL francx Installation/Configuration 1 21st June 2012 19:09
Vhosts...conf not synced to changes crypted General 50 24th April 2010 00:54
amavis rejects all inbound emails aclhkaclhk Installation/Configuration 5 28th February 2010 04:24
HotSaNIC domino Tips/Tricks/Mods 23 6th November 2006 05:19


All times are GMT +2. The time now is 05:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.