Page 1 of 6 123 ... LastLast
Results 1 to 10 of 54

Thread: ClamAV 0.94 EOL on ZCS 5.0.16 prior (discussion)

  1. #1
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Exclamation ClamAV 0.94 EOL on ZCS 5.0.16 prior (discussion)

    For those using ZCS 5.0.16 and prior, come 15 April 2010 anti-virus definitions will no longer update AND your ClamAV instance will stop working entirely.

    Source: End of Life Announcement: ClamAV 0.94.x
    Quote Originally Posted by ClamAV Team
    Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year. We plan to start releasing signatures which exceed the 980 bytes limit on May 2010.
    We include ClamAV 0.95 as of ZCS 5.0.18+, there are of course other security reasons to upgrade such as the third-party CVE-2009-3555, in addition to other bugs and multiple RFE's. http://www.zimbra.com/forums/announc...3-shipped.html

    If your intent on keeping your old version, you may have trouble with your Amavisd-ClamAV.

    Preventative methods:
    -Upgrade ZCS.
    -Update just the ClamAV component.
    -Set zimbraVirusDefinitionsUpdateFrequency to 0 well in advance of that day to avoid receiving the remote disable code.

    If reading this already past the 15th date options include:
    -Turn off ClamAV from your admin console > server > services 'as/av' tab > uncheck av. Via CLI it's zmprov ms `zmhostname` -zimbraServiceEnabled antivirus. (The minus sign is important, or you'll have nothing but av running.) Then zmamavisdctl reload or zmcontrol stop/start. (This may leave you more vulnerable of course, so schedule a maintenance window as soon as you can.)
    -Update just the ClamAV component.
    -Upgrade ZCS.

    Helpful links:
    ClamAV - Updating Version - Zimbra :: Wiki
    ClamAV - Updating from versions lower than 0.90.0 - Zimbra :: Wiki
    ClamAV - Updating clamd for releases earlier than ZCS 5.0.16 - Zimbra :: Wiki < Freshly written

  2. #2
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Hi Mmorse,

    Will it affect future upgrade of the ZCS version, if we upgrade ClamAV manually as discussed on the wiki page ClamAV - Updating Version - Zimbra :: Wiki. As of now an upgrade of ZCS is not possible, so need to keep the current version for some more time.

    Thanks,
    Premod

  3. #3
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    (Just to bump this up because of all the activity today.)

    ClamAV - Updating clamd for releases earlier than ZCS 5.0.16 - Zimbra :: Wiki

    And there's other reason's to update:

    Bug 45625 - remove OPENWHOIS references from spamassasin config

    Recently the domain open-whois.org, who once provided Relay Blacklist services, expired. Once it expired it was free to be registered by anyone who wished to pay to purchase the domain. It appears that whoever purchased the domain did so with malicious intent. The open-whois.org RBL is now blacklisting every IP on the internet, which means no matter your provider, it's listed on this blacklist and anyone using this blacklist is now likely to be seeing a vast increase in false positive spam.

    Fixed in 5.0.23+ For other versions you may workaround this issue by modifying the following files and removing or commenting references to OPENWHOIS:
    /opt/zimbra/conf/spamassassin/STATISTICS-set1.txt
    /opt/zimbra/conf/spamassassin/STATISTICS-set3.txt
    /opt/zimbra/conf/spamassassin/active.list
    /opt/zimbra/conf/spamassassin/50_scores.cf
    /opt/zimbra/conf/spamassassin/72_active.cf

    Please note this bug does not affect ZCS 6.0.x.

  4. #4
    Join Date
    Dec 2008
    Location
    North Bay, CA
    Posts
    31
    Rep Power
    6

    Default

    The steps below are NOT reccomended for permanent use. Its just a quick way to get production boxes going so that you can upgrade later.

    This problem can be temporarily solved by turning off the antivirus from admin console.

    Admin Console -> Servers -> (Your server name) -> Services tab. Uncheck "Anti-Virus". Click "Save".

    From the command prompt:
    > su - zimbra
    > zmcontrol stop
    > zmcontrol start

    This should get you going until you can upgrade.

  5. #5
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default

    wiki link ( ClamAV - Updating clamd for releases earlier than ZCS 5.0.16 - Zimbra :: Wiki ) is getting updated for many things as i write this..so going back to link may show you more instructions in time.

    if you just want to DISABLE the clamav only and not the AntiSpam then do the following

    To Disable ClamAV or AntiVirus Only till you do the update/upgrdae or fix
    su - zimbra
    zmprov ms `zmhostname` -zimbraServiceEnabled antivirus
    zmcontrol stop
    zmcontrol start
    To Enable ClamAV or AntiVirus Only before you do the fix or updgrade
    su - zimbra
    zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
    zmcontrol stop
    zmcontrol start

    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

  6. #6
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default Script for the fix

    Official WIKI link is ClamAV - Updating clamd for releases earlier than ZCS 5.0.16 - Zimbra :: Wiki
    for complete details you should follow the above link only

    following are the steps which worked for us..we had to patch a lots of machines so this kind of automated the fix for us.

    -----------------------------------------------------------------------------------------
    This fix/instructions only for RHEL 5 32bit or CentOS 5 32bit due to the download link
    if you fix the download link as per WIKI link above for your install then other instructions should work as is

    * following is the edited version..to fix the ArchiveMaxFileSize issue in some clamav.conf.in file which is different in some zimbra versions.
    -----------------------------------------------------------------------------------------
    sed -i 's/ArchiveMaxFileSize/# ArchiveMaxFileSize/g' /opt/zimbra/conf/clamd.conf.in
    cat /opt/zimbra/conf/clamd.conf.in | grep ArchiveMaxFileSize
    cd /tmp
    rm -rf clamav-0.95.1.tar
    rm -rf clamav-0.95.1
    wget http://files2.zimbra.com/downloads/clamav/rhel5/clamav-0.95.1.tar
    tar xf clamav-0.95.1.tar
    cp -r /tmp/clamav-0.95.1 /opt/zimbra
    rm -f /opt/zimbra/clamav
    cd /opt/zimbra
    ln -s clamav-0.95.1 clamav
    ls -l clamav
    chmod -R 755 /opt/zimbra/clamav-0.95.1/db
    su - zimbra
    zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
    zmcontrol stop
    zmcontrol stop
    logout
    cd /opt/zimbra/libexec
    ./zmfixperms
    su - zimbra
    zmcontrol start
    zmcontrol status
    /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
    logout
    -----------------------------------------------------------------------------------------
    check the output of logs to see if everything worked ok
    -----------------------------------------------------------------------------------------
    tail -n 60 /opt/zimbra/log/clamd.log
    tail -n 20 /opt/zimbra/log/freshclam.log

    ** update edit **
    while enableing AV back i had the following command with CAPITAL "A" for Antivirus which is NOT correct it has to be all lower case
    if you did the following BAD command
    zmprov ms `zmhostname` +zimbraServiceEnabled Antivirus
    then you will get the following output
    Starting Antivirus...skipped.
    missing or not executable.



    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

  7. #7
    Join Date
    Jan 2010
    Location
    delhi , india
    Posts
    23
    Rep Power
    5

    Default Antivirus not started & mails not delivering

    I am using zimbra 5.0.7 version. Since today morning i was facing the problem of mail deliverly. When i stop/start zmcontrl service , antivirus showing not started .

    I have disable the Antivirus from zimbra interface & now mail delivery is started. But disable a antivirus is not a good solutions. So Plz provide me a permanent solutions. Logs are as below:

    Apr 16 11:23:52 mail amavis[19203]: (19203-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:52 mail amavis[19194]: (19194-01-13) Checking: uKH1Rg4EiGnS [203.212.64.40] <Wirelesszone@cellnext.com> -> <alerts@cellnext.com>
    Apr 16 11:23:52 mail amavis[19194]: (19194-01-13) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (1)
    Apr 16 11:23:52 mail amavis[19204]: (19204-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:52 mail amavis[19195]: (19195-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:52 mail amavis[19196]: (19196-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:53 mail amavis[19194]: (19194-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)



    o INET socket 127.0.0.1:3310: Connection refused) at (eval 74) line 310. at (eval 74) line 511. (in reply to end of DATA command))
    Apr 16 11:25:32 mail postfix/smtp[21232]: B5F5E1D585BB: to=<prashant.sharma@cellnext.com>, orig_to=<liccn@cellnext.com>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=26, delay=13207, delays=13010/189/0/7.1, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=19203-01-26, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0xa03047c) Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 74) line 310. at (eval 74) line 511. (in reply to end of DATA command))
    Apr 16 11:25:33 mail postfix/smtpd[16169]: connect from unknown[203.212.64.40]
    Apr 16 11:25:33 mail postfix/smtpd[16169]: 7B15E1D58A55: client=unknown[203.212.64.40]
    Apr 16 11:25:33 mail postfix/cleanup[16025]: 7B15E1D58A55: message-id=<20100416-11253300-ad8@wizone>
    Apr 16 11:25:33 mail postfix/smtpd[16169]: disconnect from unknown[203.212.64.40]
    Apr 16 11:25:33 mail postfix/qmgr[14848]: 7B15E1D58A55: from=<Wirelesszone@cellnext.com>, size=435, nrcpt=1 (queue active)


    amavisd already running: pid 24473


    Can't load /opt/zimbra/data/clamav/db/daily.cld: Malformed database

    Regards
    Pradeep Siwach

  8. #8
    Join Date
    Jul 2008
    Posts
    13
    Rep Power
    7

    Default

    Hi,

    Same problem here on 2 Zimbra server.
    I have followed tips on wiki (erase clamd DB and re-running fleshclam but not working .....)

    Please help !

    Thanks,

  9. #9
    Join Date
    Feb 2009
    Location
    Milan
    Posts
    13
    Rep Power
    6

    Default

    Hi there,

    i've the same problem on one Zimbra server.
    zmclamdctl was stopped.

    Trying to restart:
    zmclamdctl start
    ClamAV update process started at Fri Apr 16 10:22:20 2010
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.94.1 Recommended version: 0.96
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Trying host db.us.clamav.net (213.165.80.159)...
    Downloading main-50.cdiff [100%]
    Downloading main-51.cdiff [100%]
    Downloading main-52.cdiff [100%]
    main.cld updated (version: 52, sigs: 704727, f-level: 44, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 44
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 213.165.80.159)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (213.165.80.159)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 213.165.80.159)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (213.165.80.159)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 213.165.80.159)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host db.us.clamav.net (213.165.80.159)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 10751, sigs: 52057, f-level: 51, builder: guitar)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 51
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Database updated (756784 signatures) from db.us.clamav.net (IP: 213.165.80.159)
    connect(): Connection refused
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310
    Starting clamd...


    failed.

    Any ideas?
    Thanks

    Davide

  10. #10
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    6

    Default

    Same for me for tow servers

    Can't load /opt/zimbra/data/clamav/db//daily.cld: Malformed database

    I ran this command
    Code:
    /opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/
    Code:
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
    LibClamAV Warning: ***********************************************************
    LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see  www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)
    LibClamAV Error: Problem parsing database at line 742
    LibClamAV Error: Can't load daily.ndb: Malformed database
    LibClamAV Error: cli_tgzload: Can't load daily.ndb
    LibClamAV Error: Can't load /opt/zimbra/data/clamav/db//daily.cld: Malformed database
    ERROR: Malformed database
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 50364
    Engine version: 0.94.1-broken-compiler
    Scanned directories: 0
    Scanned files: 0
    Infected files: 0
    Data scanned: 0.00 MB
    Time: 0.192 sec (0 m 0 s)
    So what could be the problem? for both servers
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

Similar Threads

  1. ClamAV 0.94 EOL on ZCS 5.0.16 prior
    By mmorse in forum Announcements
    Replies: 1
    Last Post: 04-15-2010, 02:52 PM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  3. Mail is being queued, not delivered!
    By icepick94 in forum Administrators
    Replies: 12
    Last Post: 01-22-2009, 06:03 AM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •