Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Clam AntiVirus : Multiple vulnerabilities

  1. #1
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default Clam AntiVirus : Multiple vulnerabilities

    Hi,

    Please find enclosed document.
    Last night I got notification regarding Calm AV...Its seems old version having lots of vulnerabilities. I am using clamav-0.94.1 and going to upgrade it to 0.95.2.
    Zimbra people and some other guys must be know this. I am just posting it for people who are not aware about it.

    Please revert if anyone has some more information related to this.

    Thanks
    Attached Files Attached Files
    Last edited by chandu; 09-09-2009 at 10:48 PM.

  2. #2
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    Hi,

    I have upgraded clamav for my zimbra setup as per wiki page and it was properly updating but from last 2 days, its not updating virus definitions after offline backup. When i trying to restart antivirus i am getting below error :


    ################################################## ##

    [zimbra@mail ~]$ zmantivirusctl restart
    Stopping zmmtaconfig...done.
    Starting zmmtaconfig...done.
    Stopping amavisd... done.
    Starting amavisd...done.
    Stopping clamd...done.
    cp: cannot stat `/opt/zimbra/clamav/db/daily.cvd.init': No such file or director y
    cp: cannot stat `/opt/zimbra/clamav/db/main.cvd.init': No such file or directory

    ClamAV update process started at Mon Sep 14 09:30:33 2009
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    Trying host db.us.clamav.net (207.57.106.31)...
    Downloading daily-9802.cdiff [100%]
    daily.cld updated (version: 9802, sigs: 77639, f-level: 43, builder: guitar)
    Database updated (622674 signatures) from db.us.clamav.net (IP: 207.57.106.31)
    connect(): Connection refused
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310
    Starting clamd...done.


    [root@mail db]# ps -ef | grep clam
    root 7310 9312 0 09:58 pts/0 00:00:00 grep clam
    zimbra 12164 1 0 09:30 ? 00:00:00 /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf -d --checks=12
    zimbra 12165 1 0 09:30 ? 00:00:00 /opt/zimbra/clamav/sbin/clamd --config-file=/opt/zimbra/conf/clamd.conf
    [root@mail db]#


    [root@mail db]# ll /opt/zimbra/data/clamav/db/
    total 50712
    -rw-r----- 1 zimbra zimbra 4775936 Sep 14 09:30 daily.cld
    -rw-r----- 1 zimbra zimbra 47079936 Sep 12 00:38 main.cld
    -rw------- 1 zimbra zimbra 624 Sep 14 09:30 mirrors.dat

    [root@mail db]# ll /opt/zimbra/clamav/db/
    total 0
    [root@mail db]#

    [root@mail db]# netstat -plant | grep 3310
    tcp 0 0 0.0.0.0:3310 0.0.0.0:* LISTEN 12165/clamd
    [root@mail db]

    ################################################## ##


    Can anyone please help me in this regards...in clam.log, i am not getting any error and in freshclam.log its showing up to date ..

    [root@mail db]# tail -f /opt/zimbra/log/freshclam.log
    Downloading daily-9802.cdiff [100%]
    daily.cld updated (version: 9802, sigs: 77639, f-level: 43, builder: guitar)
    Database updated (622674 signatures) from db.us.clamav.net (IP: 207.57.106.31)
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310
    --------------------------------------
    freshclam daemon 0.95.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
    ClamAV update process started at Mon Sep 14 09:30:41 2009
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cld is up to date (version: 9802, sigs: 77639, f-level: 43, builder: guitar)
    --------------------------------------



    Please help.

    Thanks

  3. #3
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Code:
    su - zimbra
    /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
    Run it manually and see what happens.

  4. #4
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    Hi uxbod,

    Thanks for your reply.

    Yes I have ran mentioned command this morning and started clamav and it worked..

    Again i ran and output is as below :

    [root@mail ~]# ps -ef | grep clam
    zimbra 12164 1 0 09:30 ? 00:00:00 /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf -d --checks=12
    zimbra 12165 1 0 09:30 ? 00:00:02 /opt/zimbra/clamav/sbin/clamd --config-file=/opt/zimbra/conf/clamd.conf
    root 12977 12945 0 12:11 pts/1 00:00:00 grep clam

    [root@mail ~]# /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
    ClamAV update process started at Mon Sep 14 12:11:40 2009
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cld is up to date (version: 9803, sigs: 77662, f-level: 43, builder: ccordes)

    [root@mail ~]# tail -f /opt/zimbra/log/freshclam.log
    Trying host db.us.clamav.net (207.57.106.31)...
    Downloading daily-9803.cdiff [100%]
    daily.cld updated (version: 9803, sigs: 77662, f-level: 43, builder: ccordes)
    Database updated (622697 signatures) from db.us.clamav.net (IP: 207.57.106.31)
    Clamd successfully notified about the update.
    --------------------------------------
    --------------------------------------
    ClamAV update process started at Mon Sep 14 12:11:40 2009
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cld is up to date (version: 9803, sigs: 77662, f-level: 43, builder: ccordes)



    ################################################

    I am checking the log file and now its updating without error message..but as per my observation from last 2 days ...its not auotmatically updating after our offline backup...

    we have scheduled our offline backup at 12 AM every night and after clamav gets update at 2AM then again it couldnt get any update..

    Now during day time its updating properly ...I will keep watch on logs and ll post updated logs if i get any error message ...


    Please let me know if anything else we need to check..

    Thanks

  5. #5
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    one more thing... /opt/zimbra/clamav/db/ is emtpy and i couldnt find out daily.cvd.init and main.cvd.init in latest version. ..is it ok ???

  6. #6
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Check the data directory path is correct in freshclamf.conf ... You should also have a read through http://www.zimbra.com/forums/adminis...ht=clam+backup.

  7. #7
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    its again started working properly...and updating ontime..

    [root@mail ~]# cat /opt/zimbra/conf/freshclam.conf | grep db
    DatabaseDirectory /opt/zimbra/data/clamav/db


    [root@mail ~]# tail -f /opt/zimbra/log/freshclam.log
    Received signal: wake up
    ClamAV update process started at Mon Sep 14 13:30:47 2009
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cld is up to date (version: 9803, sigs: 77662, f-level: 43, builder: ccordes)
    --------------------------------------
    Received signal: wake up
    ClamAV update process started at Mon Sep 14 15:30:47 2009
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cld is up to date (version: 9803, sigs: 77662, f-level: 43, builder: ccordes)
    --------------------------------------



    Uxbod, directory path is fine and its updating the files there only :

    [root@mail ~]# cd /opt/zimbra/data/clamav/db/
    [root@mail db]# ls
    daily.cld main.cld mirrors.dat
    [root@mail db]# ll
    total 50716
    -rw-r----- 1 zimbra zimbra 4777472 Sep 14 11:30 daily.cld
    -rw-r----- 1 zimbra zimbra 47079936 Sep 12 00:38 main.cld
    -rw------- 1 zimbra zimbra 624 Sep 14 15:30 mirrors.dat
    [root@mail db]#



    Here I have two questions :

    1. Why daily.cvd.init and main.cvd.init are not avalible. what is the use of these files :
    2. in above output only daily.cld is showing latest time stamp...main.cld is not showing latest time stamp...is it ok ??


    Thanks
    Last edited by chandu; 09-14-2009 at 06:00 AM.

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    You should really upgrade to 5.0.18 as the version you are running contains a security issue. I am pretty sure the .init issue was fixed in a later release aswell.

  9. #9
    Join Date
    Dec 2007
    Posts
    445
    Rep Power
    7

    Default

    well, we have planned for upgarde when zcs 6.5 will get release..i know it will take some time but as Mike (mmorse) confirmed this version will include attachment size limit which we is one of our main requirement.

    So is there any special security patch is avalible for zcs 5.0.13 version ?
    and can you pls explain what kind of security issue this version contains ?

    Please suggest.

  10. #10
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

Similar Threads

  1. Multiple Mail Accounts, Folders
    By skwdenyer in forum Users
    Replies: 12
    Last Post: 12-01-2013, 08:52 PM
  2. Replies: 17
    Last Post: 08-30-2010, 12:59 PM
  3. Replies: 5
    Last Post: 05-28-2009, 01:53 AM
  4. antivirus trouble
    By owl700 in forum Administrators
    Replies: 1
    Last Post: 04-08-2008, 02:34 AM
  5. AntiVirus won't run - error accessing mail queues
    By mrambo3501 in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 09:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •