Topic: Update your ClamAV Installation now

[Knuddi]

All,

The Clam AV engine has been updated to version 0.8 with new uptimized database download mechanish to limit the bandwidth requirements for clamav.net

If you do not have ClamAV or already have a version installed from sme.swerts-knudsen.dk then just download the latest script as indicated from:

http://sme.swerts-knudsen.dk/howtos/howto_22.htm

Remember to download with the "-N" option to overwrite a potential old version.

# wget -N http://sme.swerts-knudsen.dk/downloads/AntiVirus/antivirus_install.sh

When installed then configure via the server-manager panel the country closests to you for database update and remember to press Save.

If you are running the original version from pagefault.org then the above script will detect that and guide you for upgrade.

Enjoy,
Jesper Knudsen

[Mumm-Ra]

Thanks Jesper,
I did this last week.
It works a treat.

Howard

[ltc6netspec]

previous clam was pagefault.org.  Uninstalled according to sh file.  reran sh file

[root@roe30 root]# sh antivirus_install.sh
========================================================
= Antivirus Installation Script                        =
=                                                      =
= This script will install Antivirus on your system    =
= provide you with a server-manager panel for          =
= configuration.                                       =
=                                                      =
= No express or implied warranties are provided and its=
= usage is at your own risk.                           =
=                                                      =
= If you feel confortable with the above then press    =
= enter if not pres Ctrl+C to abort the installation   =
= script.                                              =
=                                                      =
========================================================
Checking for existing installations.... Please wait!
Installing ClamAntivirus on SME 6.0.....
Downloading RPMs from http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus
--16:03:21--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-libs-0.80-es03.i386.rpm
           => clamav-es-libs-0.80-es03.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 348,042 [application/x-rpm]

100%[====================================>] 348,042      154.99K/s    ETA 00:00

16:03:23 (154.99 KB/s) - clamav-es-libs-0.80-es03.i386.rpm' saved [348042/348042]

--16:03:23--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-0.80-es03.i386.rpm
           => clamav-es-0.80-es03.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,963,310 [application/x-rpm]

100%[====================================>] 1,963,310    150.62K/s    ETA 00:00

16:03:36 (150.62 KB/s) - clamav-es-0.80-es03.i386.rpm' saved [1963310/1963310]

--16:03:36--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-DateManip-5.40-15.i386.rpm
           => perl-DateManip-5.40-15.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 129,366 [application/x-rpm]

100%[====================================>] 129,366      133.12K/s    ETA 00:00

16:03:38 (133.12 KB/s) - perl-DateManip-5.40-15.i386.rpm' saved [129366/129366]

--16:03:38--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-Archive-Tar-1.10-1.noarch.rpm
           => perl-Archive-Tar-1.10-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 38,406 [application/x-rpm]

100%[====================================>] 38,406        99.75K/s    ETA 00:00

16:03:38 (99.75 KB/s) - perl-Archive-Tar-1.10-1.noarch.rpm' saved [38406/38406]

--16:03:38--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-Archive-Zip-1.12-1.noarch.rpm
           => perl-Archive-Zip-1.12-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 137,828 [application/x-rpm]

100%[====================================>] 137,828      144.73K/s    ETA 00:00

16:03:39 (144.73 KB/s) - perl-Archive-Zip-1.12-1.noarch.rpm' saved [137828/137828]

--16:03:39--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-libnet-1.18-8.noarch.rpm
           => perl-libnet-1.18-8.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101,595 [application/x-rpm]

100%[====================================>] 101,595      136.10K/s    ETA 00:00

16:03:40 (136.10 KB/s) - perl-libnet-1.18-8.noarch.rpm' saved [101595/101595]

--16:03:40--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/sme-antivirus-1.1.0-1.noarch.rpm
           => sme-antivirus-1.1.0-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 42,995 [application/x-rpm]

100%[====================================>] 42,995       104.71K/s    ETA 00:00

16:03:41 (104.71 KB/s) - sme-antivirus-1.1.0-1.noarch.rpm' saved [42995/42995]

Preparing...                ########################################### [100%]
package perl-libnet-1.0901-17 (which is newer than perl-libnet-1.18-8) is already installed
Amavis-ng Already patched
ERROR: No templates were found for /etc/freshclam.conf.
 at /sbin/e-smith/expand-template line 49
clamd: unrecognized service
Updating the Clam Virus database - Please wait....
antivirus_install.sh: /usr/bin/freshclam: No such file or directory
Installation of Antivirus has successfully completed.


**********AMAVIS Log file entry

AMAVIS::AV::CLAMD: Cannot connect to /var/lib/clamav/clamd.sock.
Nov 16 16:16:28 roe30 amavis[6224]: Error while scanning for viruses with AMAVIS::AV::CLAMD:
Nov 16 16:16:28 roe30 amavis[6224]: AMAVIS::MTA::Qmail: Freezing message


Need help!!!  Suggestions

[guest22]

Is there a file in /var/lib/clamav/ ? If so remove it and restart clamd. Otherwise I guess there is something wrong with the templates as it says, next to that clamd doesn't seem present on the system.

RequestedDeletion

[ltc6netspec]

There is no directory called clamd located there

Thanks for the reply

[guest22]

hmmm, uninstall the rpm's mentioned in the script and give it the script a new try. It's pretty useless in this state.

RequestedDeletion

[mdo]

perl-libnet-1.0901-17 (which is newer than perl-libnet-1.18-8)

This is something that I have had before and do not understand. Is the newer/larger version number not really a numeric comparison? I though it would so that 1.18 should be larger/newer than 1.0901?

Regards,
Michael

[marsa_matruh]

Hi,

I updated ClamAV yesterday. With the nice panel in the server-manager.   But my antispam, that I updated from the same source few days ago, don't work any more  

Spamd is running. But not analyzing messages.
I tried :
/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

No error message but still no spam filter. Any idea?

[marsa_matruh]

I'm looking more carrefully at my problem. Conclusions :

- emails collected with Fetchmail are not checked by both antispam and antivirus.

- emails coming directly to my server using domain name are checked for spam and virus, as I can see in the headers.

Any idea?

Before updating ClamAV, it was running better but not perfectly for antispam as spams were not moved to junkmail and spam above 15 were not deleted.

And also, in the admin boxe, I get each 15 minuts a message :
Objet:  Cron <root@serveur> /etc/startmail
Body :fetchmail:-:7: parse error at protocol
(same when using startmail with command line)

I don't know if these details are related to my main problem ...

[ltc6netspec]

As above I tried to get the antivirus upgrade to work.  After performing (rpm -Uvh *.rpm) I still could not get clam install correctly, the abouve upgrade looked for directories and files that were not in locations needed.  I had to reinstall pagefault version using YUM, then I updated (-Uvh) the clam & amavis files specifically. Sent a test virus through which were caught.  Everything is now working correctly.  The only file that would not upgrade is the perl-libnet-1.18.  It would say that perl-libnet-1.09 was newer.

[marsa_matruh]

One more detail. Everything started goind bad not after installation but after changing parameters using the panel in the server manager (several hours between)...

[marsa_matruh]

STOP, I found it.

Yesterday, I unchecked the option : Scan outgoing e-mail.

Today, I checked it back. And mails comming through fetchmail are scanned by ClamAV and SpamAssassin.

Strange, isn't it?

[Neririn]

Unfortunately I have a box that still runs 5.6 is there anyway to update the clam AV using this script or another?  Unfortunately this box is out of the country and so easily upgrading to 6.x has not been an option.  And as the box will be phased out within a couple of months, I have hesitated messing with it.  BUT recently I have received several emails a day saying time out to this clamav repository or that etc.  My confidence that it is still scanning email is damaged.  Any suggestions will be appreciated.

[Knuddi]

ltc6netspec,

The installation breaks as your libnet for some strange reason thinks that its newer that the later version in the script. This I have seen if someone compiles a old version as its the build date that RPM looks at (as well). Uninstall libnet manually with rpm -e perl-libnet-1.0901-17 and re-run the script.

There is no new magic in this new version and it should work fine with sme-spamfilter. If you have problems with no spamfilter after install then go into the spamfilter and press save again to ensure all its settings and templates are run again. Both does work with fetchmail as this is what I have on my personal SME gateway.

Also remember to configure the new mirror and PRESS save in the Antivirus panel.

[Henk]

Hi Jesper,

After updating from my pagefault installation, everything seems to work fine. I've only got two email every night from cron deamon. Do you have any idea what's going on?

mail 1 from Cron <root@qs2> run-parts /etc/cron.daily
Content:

/etc/cron.daily/rkhunter:

ClamAV 0.80/588/Mon Nov 15 01:06:21 2004





mail 2 from Cron <root@qs2> /etc/clamscan
Content:

LibClamAV Warning: Unknown machine type in PE header
LibClamAV Warning: Unknown subsystem in PE header
LibClamAV Warning: Unknown machine type in PE header
LibClamAV Warning: Unknown subsystem in PE header
LibClamAV Warning: Unknown machine type in PE header
LibClamAV Warning: Unknown subsystem in PE header
LibClamAV Warning: Unknown encoding type "quoted-printable/4.2.0-dev" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net