Clamav:freshclam update

From SME Server
Revision as of 20:20, 10 March 2013 by Stephdl (talk | contribs)
Jump to navigationJump to search

Sometime you can have clamav errors who ask to download some files as below, The admin account can receive a lot of emails when clamav try to update its database.

2013-03-02 22:57:11.757539500 ClamAV update process started at Sat Mar  2 22:57:11 2013
2013-03-02 22:57:31.922779500 WARNING: Can't query current.cvd.clamav.net
2013-03-02 22:57:31.922783500 WARNING: Invalid DNS reply. Falling back to HTTP mode.
2013-03-02 22:57:31.923493500 Reading CVD header (main.cvd): ERROR: Can't get information about database.clamav.net: Temporary failure in name resolution
2013-03-02 22:58:52.561344500 WARNING: Can't read main.cvd header from database.clamav.net (IP: )
2013-03-02 22:58:52.561855500 Giving up on database.clamav.net...
2013-03-02 22:58:52.561968500 Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

This is a workaround to have a new database without complaints of clamav. use a root terminal to perform these commands.

Shutdown clam so clamd.socket file is removed

service clamd stop

Navigate to clamav folder

cd /var/clamav

Remove ALL files from folder to provide clean slate for update process

rm -f /var/clamav/* (you could skip the -f & confirm every file delete for safety)

Current Clamav version is clamav-0.97.6

rpm -q clamav

clamav-0.97.6-1.el5.rf

Update clamav to latest version if required it will Not downloading clamav-db

yum update clamav

Restart clam

service clamd start

Update sigs

freshclam -v (--no-dns can be used if just -v fails tho I haven't struck this issue)
Check output from freshclam to make sure update completes sucessfully.
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Sun Feb 24 15:14:02 2013
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.97.6
main.cvd version from DNS: 54
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd version from DNS: 16731
daily.cld is up to date (version: 16731, sigs: 829102, f-level: 63, builder: guitar)
bytecode.cvd version from DNS: 214
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

which showed as just 5 files in the /var/clamav folder:

ls -la /var/clamav
-rw-r--r--  1 clamav clamav    60125 Feb 17 12:11 bytecode.cvd
srw-rw-rw-  1 clamav clamav        0 Feb 24 14:27 clamd.socket
-rw-r--r--  1 clamav clamav 52101120 Feb 24 11:46 daily.cld
-rw-r--r--  1 clamav clamav 30750647 Oct 11  2011 main.cvd
-rw-------  1 clamav clamav      104 Feb 24 14:46 mirrors.dat


Important.png Note:
if you are bandwidth poor or on slow connection then don't delete main.cvd


For completeness & to be absolutely sure signal-event post-update; signal-event reboot, then go through the logs post reboot to make sure everything started correctly. This is not necessary for this procedure but doesn't hurt.