Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Antivirus

  1. #1
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Exclamation Antivirus

    Hi all,
    Is there any way to manually update the antivirus, scheduled update some time make the service degraded and MTA stops functioning.

    Regards
    Adeel

  2. #2
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Exclamation

    BTW, difference b/w clamav amavisd.


    ?
    And how should I make my antivirus not to update automatically every after 2 hours.
    I want to update it my self manually.
    How should I make the update frequency change.
    what change I am suppose to make to the following lines.
    # Number of database checks per day.
    # Default: 12 (every two hours)
    Checks %%freq VAR:zimbraVirusDefinitionsUpdateFrequency 24%%



    Any help>?

    Regards
    Adeel
    Last edited by adeelarifbhatti; 07-22-2009 at 11:51 PM.

  3. #3
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Exclamation

    Hi all,
    Please let me know if I am doing the right thing.
    I had the clam db error, that my antivirus is 7 days older and I need to update the antivirus. I was getting the following in freshclam.log
    Trying host database.clamav.net (85.214.115.224)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 85.214.115.224)
    Trying host database.clamav.net (88.198.17.100)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 88.198.17.100)
    WARNING: getpatch: Can't download main-51.cdiff from database.clamav.net
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 193.165.167.2)
    Trying host database.clamav.net (194.228.41.73)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 194.228.41.73)
    Trying host database.clamav.net (195.30.97.3)...
    ERROR: Problem with internal logger (UpdateLogFile = /opt/zimbra/log/freshclam.log).
    ERROR: /opt/zimbra/log/freshclam.log is locked by another process
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 195.30.97.3)
    Trying host database.clamav.net (212.7.0.71)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 212.7.0.71)
    Trying host database.clamav.net (217.173.238.34)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 217.173.238.34)
    Trying host database.clamav.net (188.40.42.237)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 188.40.42.237)
    Trying host database.clamav.net (147.229.3.16)...
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host database.clamav.net (IP: 147.229.3.16)
    Trying host database.clamav.net (62.133.206.90)...
    ##############################
    To get rid of automatic update I did the following.
    mv /opt/zimbra/data/clamav/db/* /tmp/clamdb
    downloading the the main and daily file from Clam AntiVirus

    After that I uploaded these files in /opt/zimbra/data/clamav/db/
    chown zimbra.zimbra /opt/zimbra/data/clamav/db/*
    chmod 555 /opt/zimbra/data/clamav/db/

    ./zmclamdctl restart

    I am still getting the logs in clamd.log as follows
    LibClamAV Warning: **************************************************
    LibClamAV Warning: *** The virus database is older than 7 days! ***
    LibClamAV Warning: *** Please update it as soon as possible. ***
    LibClamAV Warning: **************************************************
    Thu Jul 23 05:16:18 2009 -> Loaded 538745 signatures.
    Thu Jul 23 05:16:18 2009 -> TCP: Bound to port 3310
    Thu Jul 23 05:16:18 2009 -> TCP: Setting connection queue length to 15
    Thu Jul 23 05:16:18 2009 -> Limits: Global size limit set to 10240000 bytes.
    Thu Jul 23 05:16:18 2009 -> Limits: File size limit set to 10240000 bytes.
    Thu Jul 23 05:16:18 2009 -> Limits: Recursion level limit set to 16.
    Thu Jul 23 05:16:18 2009 -> Limits: Files limit set to 10000.
    Thu Jul 23 05:16:18 2009 -> Archive support enabled.
    Thu Jul 23 05:16:18 2009 -> Archive: Blocking encrypted archives.
    Thu Jul 23 05:16:18 2009 -> Algorithmic detection enabled.
    Thu Jul 23 05:16:18 2009 -> Portable Executable support enabled.
    Thu Jul 23 05:16:18 2009 -> ELF support enabled.
    Thu Jul 23 05:16:18 2009 -> Mail files support enabled.
    Thu Jul 23 05:16:18 2009 -> OLE2 support enabled.
    Thu Jul 23 05:16:18 2009 -> PDF support enabled.
    Thu Jul 23 05:16:18 2009 -> HTML support enabled.
    Thu Jul 23 05:16:18 2009 -> Self checking every 600 seconds.

    The size of the files in /opt/zimbra/data/clamav/db/** is different from those I had previously (Increased upto 2 to 3 MB) but in logs the number of signatures are still the same i.e.Loaded 538745 signatures

    Please help me with this .
    Regards
    Adeel

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Well that looks like your firewall is not allowing you out to those hosts If you telnet to port 80 on one of those hosts does it connect ?

  5. #5
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Default

    Well,
    After restart the the whole zimbra I had following logs and the signature also increased, but I am still getting the logs for the outdated version.
    LibClamAV Warning: ************************************************** ****
    LibClamAV Warning: *** Virus database timestamp in the future! ***
    LibClamAV Warning: *** Please check the timezone and clock settings ***
    LibClamAV Warning: ************************************************** ****
    LibClamAV Warning: ************************************************** *********
    LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
    LibClamAV Warning: *** DON'T PANIC! Read Clam AntiVirus ***
    LibClamAV Warning: ************************************************** *********
    Thu Jul 23 05:28:50 2009 -> Loaded 601781 signatures.
    Thu Jul 23 05:28:50 2009 -> TCP: Bound to port 3310



    Regards
    Adeel

  6. #6
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Exclamation

    May be I have DB for some latest version but the clamd comes with zimbra is older version.
    Following are the logs.
    [root@zimbra ~]# tail -f /opt/zimbra/log/freshclam.log
    freshclam daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
    ClamAV update process started at Thu Jul 23 05:32:01 2009
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.95.1 Recommended version: 0.95.2
    DON'T PANIC! Read Clam AntiVirus
    Connecting via 10.201.14.51
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    Connecting via 10.201.14.51
    daily.cvd is up to date (version: 9607, sigs: 57365, f-level: 43, builder: guitar)

    ########

    How should I be updating the clamd comes with zimbra.

    Any suggestions/recommendation regarding the updating of DB/CLAMD
    Regards
    Adeel

  7. #7
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Yes, that is because a new release of ClamAV is available; nothing to do with the signatures. You could manually upgrade if you wish by following .Wiki :: Update ClamAV.

  8. #8
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Exclamation

    Hi all,
    Do any one know difference b/w clamav & amavisd.

    And how could I retrieve the email if considered as virus? Notification is received but what if I want to receive that email, I mean any specific one?
    Regards
    Adeel

  9. #9
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    AmavisD is a wrapper processes to ClamD (or any virus scanner) and SpamAssassin :- amavisd-new

    Any quarantined files are held in /opt/zimbra/data/amavisd/quarantine.

  10. #10
    Join Date
    Feb 2009
    Posts
    188
    Rep Power
    6

    Exclamation

    Please also mention the difference b/w clamav and freshclam?
    regards
    Adeel
    Last edited by adeelarifbhatti; 07-24-2009 at 12:37 AM.

Similar Threads

  1. Replies: 17
    Last Post: 08-30-2010, 12:59 PM
  2. Replies: 5
    Last Post: 05-28-2009, 01:53 AM
  3. antivirus trouble
    By owl700 in forum Administrators
    Replies: 1
    Last Post: 04-08-2008, 02:34 AM
  4. AntiVirus unable to connect to localhost
    By net4home in forum Administrators
    Replies: 15
    Last Post: 07-25-2007, 06:55 PM
  5. AntiVirus won't run - error accessing mail queues
    By mrambo3501 in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 09:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •