Page 1 of 5 123 ... LastLast
Results 1 to 10 of 54

Thread: ClamAV 0.94 EOL on ZCS 5.0.16 prior (discussion)

Hybrid View

  1. #1
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Exclamation ClamAV 0.94 EOL on ZCS 5.0.16 prior (discussion)

    For those using ZCS 5.0.16 and prior, come 15 April 2010 anti-virus definitions will no longer update AND your ClamAV instance will stop working entirely.

    Source: End of Life Announcement: ClamAV 0.94.x
    Quote Originally Posted by ClamAV Team
    Starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 – that is to say older than 1 year. We plan to start releasing signatures which exceed the 980 bytes limit on May 2010.
    We include ClamAV 0.95 as of ZCS 5.0.18+, there are of course other security reasons to upgrade such as the third-party CVE-2009-3555, in addition to other bugs and multiple RFE's. http://www.zimbra.com/forums/announc...3-shipped.html

    If your intent on keeping your old version, you may have trouble with your Amavisd-ClamAV.

    Preventative methods:
    -Upgrade ZCS.
    -Update just the ClamAV component.
    -Set zimbraVirusDefinitionsUpdateFrequency to 0 well in advance of that day to avoid receiving the remote disable code.

    If reading this already past the 15th date options include:
    -Turn off ClamAV from your admin console > server > services 'as/av' tab > uncheck av. Via CLI it's zmprov ms `zmhostname` -zimbraServiceEnabled antivirus. (The minus sign is important, or you'll have nothing but av running.) Then zmamavisdctl reload or zmcontrol stop/start. (This may leave you more vulnerable of course, so schedule a maintenance window as soon as you can.)
    -Update just the ClamAV component.
    -Upgrade ZCS.

    Helpful links:
    ClamAV - Updating Version - Zimbra :: Wiki
    ClamAV - Updating from versions lower than 0.90.0 - Zimbra :: Wiki
    ClamAV - Updating clamd for releases earlier than ZCS 5.0.16 - Zimbra :: Wiki < Freshly written

  2. #2
    Join Date
    Oct 2006
    Location
    Bangalore, India
    Posts
    95
    Rep Power
    9

    Default

    Hi Mmorse,

    Will it affect future upgrade of the ZCS version, if we upgrade ClamAV manually as discussed on the wiki page ClamAV - Updating Version - Zimbra :: Wiki. As of now an upgrade of ZCS is not possible, so need to keep the current version for some more time.

    Thanks,
    Premod

  3. #3
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    (Just to bump this up because of all the activity today.)

    ClamAV - Updating clamd for releases earlier than ZCS 5.0.16 - Zimbra :: Wiki

    And there's other reason's to update:

    Bug 45625 - remove OPENWHOIS references from spamassasin config

    Recently the domain open-whois.org, who once provided Relay Blacklist services, expired. Once it expired it was free to be registered by anyone who wished to pay to purchase the domain. It appears that whoever purchased the domain did so with malicious intent. The open-whois.org RBL is now blacklisting every IP on the internet, which means no matter your provider, it's listed on this blacklist and anyone using this blacklist is now likely to be seeing a vast increase in false positive spam.

    Fixed in 5.0.23+ For other versions you may workaround this issue by modifying the following files and removing or commenting references to OPENWHOIS:
    /opt/zimbra/conf/spamassassin/STATISTICS-set1.txt
    /opt/zimbra/conf/spamassassin/STATISTICS-set3.txt
    /opt/zimbra/conf/spamassassin/active.list
    /opt/zimbra/conf/spamassassin/50_scores.cf
    /opt/zimbra/conf/spamassassin/72_active.cf

    Please note this bug does not affect ZCS 6.0.x.

  4. #4
    Join Date
    Jan 2010
    Location
    delhi , india
    Posts
    23
    Rep Power
    5

    Default Antivirus not started & mails not delivering

    I am using zimbra 5.0.7 version. Since today morning i was facing the problem of mail deliverly. When i stop/start zmcontrl service , antivirus showing not started .

    I have disable the Antivirus from zimbra interface & now mail delivery is started. But disable a antivirus is not a good solutions. So Plz provide me a permanent solutions. Logs are as below:

    Apr 16 11:23:52 mail amavis[19203]: (19203-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:52 mail amavis[19194]: (19194-01-13) Checking: uKH1Rg4EiGnS [203.212.64.40] <Wirelesszone@cellnext.com> -> <alerts@cellnext.com>
    Apr 16 11:23:52 mail amavis[19194]: (19194-01-13) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (1)
    Apr 16 11:23:52 mail amavis[19204]: (19204-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:52 mail amavis[19195]: (19195-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:52 mail amavis[19196]: (19196-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Apr 16 11:23:53 mail amavis[19194]: (19194-01-13) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)



    o INET socket 127.0.0.1:3310: Connection refused) at (eval 74) line 310. at (eval 74) line 511. (in reply to end of DATA command))
    Apr 16 11:25:32 mail postfix/smtp[21232]: B5F5E1D585BB: to=<prashant.sharma@cellnext.com>, orig_to=<liccn@cellnext.com>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=26, delay=13207, delays=13010/189/0/7.1, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=19203-01-26, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0xa03047c) Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 74) line 310. at (eval 74) line 511. (in reply to end of DATA command))
    Apr 16 11:25:33 mail postfix/smtpd[16169]: connect from unknown[203.212.64.40]
    Apr 16 11:25:33 mail postfix/smtpd[16169]: 7B15E1D58A55: client=unknown[203.212.64.40]
    Apr 16 11:25:33 mail postfix/cleanup[16025]: 7B15E1D58A55: message-id=<20100416-11253300-ad8@wizone>
    Apr 16 11:25:33 mail postfix/smtpd[16169]: disconnect from unknown[203.212.64.40]
    Apr 16 11:25:33 mail postfix/qmgr[14848]: 7B15E1D58A55: from=<Wirelesszone@cellnext.com>, size=435, nrcpt=1 (queue active)


    amavisd already running: pid 24473


    Can't load /opt/zimbra/data/clamav/db/daily.cld: Malformed database

    Regards
    Pradeep Siwach

  5. #5
    Join Date
    Jul 2008
    Posts
    13
    Rep Power
    7

    Default

    Hi,

    Same problem here on 2 Zimbra server.
    I have followed tips on wiki (erase clamd DB and re-running fleshclam but not working .....)

    Please help !

    Thanks,

  6. #6
    Join Date
    Feb 2009
    Location
    Milan
    Posts
    13
    Rep Power
    6

    Default

    Hi there,

    i've the same problem on one Zimbra server.
    zmclamdctl was stopped.

    Trying to restart:
    zmclamdctl start
    ClamAV update process started at Fri Apr 16 10:22:20 2010
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.94.1 Recommended version: 0.96
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Trying host db.us.clamav.net (213.165.80.159)...
    Downloading main-50.cdiff [100%]
    Downloading main-51.cdiff [100%]
    Downloading main-52.cdiff [100%]
    main.cld updated (version: 52, sigs: 704727, f-level: 44, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 44
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 213.165.80.159)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (213.165.80.159)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 213.165.80.159)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (213.165.80.159)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 213.165.80.159)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host db.us.clamav.net (213.165.80.159)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 10751, sigs: 52057, f-level: 51, builder: guitar)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 51
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Database updated (756784 signatures) from db.us.clamav.net (IP: 213.165.80.159)
    connect(): Connection refused
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310
    Starting clamd...


    failed.

    Any ideas?
    Thanks

    Davide

  7. #7
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    Same for me for tow servers

    Can't load /opt/zimbra/data/clamav/db//daily.cld: Malformed database

    I ran this command
    Code:
    /opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/
    Code:
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
    LibClamAV Warning: ***********************************************************
    LibClamAV Error: cli_hex2str(): Malformed hexstring: This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later. For more information see  www.clamav.net/eol-clamav-094 and www.clamav.net/download (length: 169)
    LibClamAV Error: Problem parsing database at line 742
    LibClamAV Error: Can't load daily.ndb: Malformed database
    LibClamAV Error: cli_tgzload: Can't load daily.ndb
    LibClamAV Error: Can't load /opt/zimbra/data/clamav/db//daily.cld: Malformed database
    ERROR: Malformed database
    
    ----------- SCAN SUMMARY -----------
    Known viruses: 50364
    Engine version: 0.94.1-broken-compiler
    Scanned directories: 0
    Scanned files: 0
    Infected files: 0
    Data scanned: 0.00 MB
    Time: 0.192 sec (0 m 0 s)
    So what could be the problem? for both servers
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    25

    Default

    Looking at that error it would appear you are running Clam 0.94
    Code:
    0.94.1
    Which is now EOL for which have you read http://www.zimbra.com/forums/announc...tml#post169976

  9. #9
    Join Date
    Nov 2008
    Posts
    237
    Rep Power
    7

    Default

    yes yes I'm reading it now... and updating the clam...
    - In a world without walls and fences who needs windows and gates?
    - I am Running Linux.. Finally, my PC is valid & Reliable Hereafter.

  10. #10
    Join Date
    Feb 2009
    Location
    Milan
    Posts
    13
    Rep Power
    6

    Default

    thanks.

    check this: http://www.zimbra.com/forums/announc...tml#post179734

    I'm updating.
    Dave

Similar Threads

  1. ClamAV 0.94 EOL on ZCS 5.0.16 prior
    By mmorse in forum Announcements
    Replies: 1
    Last Post: 04-15-2010, 03:52 PM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 05:52 AM
  3. Mail is being queued, not delivered!
    By icepick94 in forum Administrators
    Replies: 12
    Last Post: 01-22-2009, 07:03 AM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 04:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •