Topic: Update your ClamAV Installation now

[Knuddi]

All,

The Clam AV engine has been updated to version 0.8 with new uptimized database download mechanish to limit the bandwidth requirements for clamav.net

If you do not have ClamAV or already have a version installed from sme.swerts-knudsen.dk then just download the latest script as indicated from:

http://sme.swerts-knudsen.dk/howtos/howto_22.htm

Remember to download with the "-N" option to overwrite a potential old version.

# wget -N http://sme.swerts-knudsen.dk/downloads/AntiVirus/antivirus_install.sh

When installed then configure via the server-manager panel the country closests to you for database update and remember to press Save.

If you are running the original version from pagefault.org then the above script will detect that and guide you for upgrade.

Enjoy,
Jesper Knudsen

[Mumm-Ra]

Thanks Jesper,
I did this last week.
It works a treat.

Howard

[ltc6netspec]

previous clam was pagefault.org.  Uninstalled according to sh file.  reran sh file

[root@roe30 root]# sh antivirus_install.sh
========================================================
= Antivirus Installation Script                        =
=                                                      =
= This script will install Antivirus on your system    =
= provide you with a server-manager panel for          =
= configuration.                                       =
=                                                      =
= No express or implied warranties are provided and its=
= usage is at your own risk.                           =
=                                                      =
= If you feel confortable with the above then press    =
= enter if not pres Ctrl+C to abort the installation   =
= script.                                              =
=                                                      =
========================================================
Checking for existing installations.... Please wait!
Installing ClamAntivirus on SME 6.0.....
Downloading RPMs from http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus
--16:03:21--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-libs-0.80-es03.i386.rpm
           => clamav-es-libs-0.80-es03.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 348,042 [application/x-rpm]

100%[====================================>] 348,042      154.99K/s    ETA 00:00

16:03:23 (154.99 KB/s) - clamav-es-libs-0.80-es03.i386.rpm' saved [348042/348042]

--16:03:23--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-0.80-es03.i386.rpm
           => clamav-es-0.80-es03.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,963,310 [application/x-rpm]

100%[====================================>] 1,963,310    150.62K/s    ETA 00:00

16:03:36 (150.62 KB/s) - clamav-es-0.80-es03.i386.rpm' saved [1963310/1963310]

--16:03:36--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-DateManip-5.40-15.i386.rpm
           => perl-DateManip-5.40-15.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 129,366 [application/x-rpm]

100%[====================================>] 129,366      133.12K/s    ETA 00:00

16:03:38 (133.12 KB/s) - perl-DateManip-5.40-15.i386.rpm' saved [129366/129366]

--16:03:38--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-Archive-Tar-1.10-1.noarch.rpm
           => perl-Archive-Tar-1.10-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 38,406 [application/x-rpm]

100%[====================================>] 38,406        99.75K/s    ETA 00:00

16:03:38 (99.75 KB/s) - perl-Archive-Tar-1.10-1.noarch.rpm' saved [38406/38406]

--16:03:38--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-Archive-Zip-1.12-1.noarch.rpm
           => perl-Archive-Zip-1.12-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 137,828 [application/x-rpm]

100%[====================================>] 137,828      144.73K/s    ETA 00:00

16:03:39 (144.73 KB/s) - perl-Archive-Zip-1.12-1.noarch.rpm' saved [137828/137828]

--16:03:39--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/perl-libnet-1.18-8.noarch.rpm
           => perl-libnet-1.18-8.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 101,595 [application/x-rpm]

100%[====================================>] 101,595      136.10K/s    ETA 00:00

16:03:40 (136.10 KB/s) - perl-libnet-1.18-8.noarch.rpm' saved [101595/101595]

--16:03:40--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/sme-antivirus-1.1.0-1.noarch.rpm
           => sme-antivirus-1.1.0-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[66.249.6.130]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 42,995 [application/x-rpm]

100%[====================================>] 42,995       104.71K/s    ETA 00:00

16:03:41 (104.71 KB/s) - sme-antivirus-1.1.0-1.noarch.rpm' saved [42995/42995]

Preparing...                ########################################### [100%]
package perl-libnet-1.0901-17 (which is newer than perl-libnet-1.18-8) is already installed
Amavis-ng Already patched
ERROR: No templates were found for /etc/freshclam.conf.
 at /sbin/e-smith/expand-template line 49
clamd: unrecognized service
Updating the Clam Virus database - Please wait....
antivirus_install.sh: /usr/bin/freshclam: No such file or directory
Installation of Antivirus has successfully completed.


**********AMAVIS Log file entry

AMAVIS::AV::CLAMD: Cannot connect to /var/lib/clamav/clamd.sock.
Nov 16 16:16:28 roe30 amavis[6224]: Error while scanning for viruses with AMAVIS::AV::CLAMD:
Nov 16 16:16:28 roe30 amavis[6224]: AMAVIS::MTA::Qmail: Freezing message


Need help!!!  Suggestions

[guest22]

Is there a file in /var/lib/clamav/ ? If so remove it and restart clamd. Otherwise I guess there is something wrong with the templates as it says, next to that clamd doesn't seem present on the system.

RequestedDeletion

[ltc6netspec]

There is no directory called clamd located there

Thanks for the reply

[guest22]

hmmm, uninstall the rpm's mentioned in the script and give it the script a new try. It's pretty useless in this state.

RequestedDeletion

[mdo]

perl-libnet-1.0901-17 (which is newer than perl-libnet-1.18-8)

This is something that I have had before and do not understand. Is the newer/larger version number not really a numeric comparison? I though it would so that 1.18 should be larger/newer than 1.0901?

Regards,
Michael

[marsa_matruh]

Hi,

I updated ClamAV yesterday. With the nice panel in the server-manager.   But my antispam, that I updated from the same source few days ago, don't work any more  

Spamd is running. But not analyzing messages.
I tried :
/sbin/e-smith/db configuration setprop amavis-ng qmail-queue /var/qmail/bin/qmail-spamc
/sbin/e-smith/signal-event email-update

No error message but still no spam filter. Any idea?

[marsa_matruh]

I'm looking more carrefully at my problem. Conclusions :

- emails collected with Fetchmail are not checked by both antispam and antivirus.

- emails coming directly to my server using domain name are checked for spam and virus, as I can see in the headers.

Any idea?

Before updating ClamAV, it was running better but not perfectly for antispam as spams were not moved to junkmail and spam above 15 were not deleted.

And also, in the admin boxe, I get each 15 minuts a message :
Objet:  Cron <root@serveur> /etc/startmail
Body :fetchmail:-:7: parse error at protocol
(same when using startmail with command line)

I don't know if these details are related to my main problem ...

[ltc6netspec]

As above I tried to get the antivirus upgrade to work.  After performing (rpm -Uvh *.rpm) I still could not get clam install correctly, the abouve upgrade looked for directories and files that were not in locations needed.  I had to reinstall pagefault version using YUM, then I updated (-Uvh) the clam & amavis files specifically. Sent a test virus through which were caught.  Everything is now working correctly.  The only file that would not upgrade is the perl-libnet-1.18.  It would say that perl-libnet-1.09 was newer.

[marsa_matruh]

One more detail. Everything started goind bad not after installation but after changing parameters using the panel in the server manager (several hours between)...

[marsa_matruh]

STOP, I found it.

Yesterday, I unchecked the option : Scan outgoing e-mail.

Today, I checked it back. And mails comming through fetchmail are scanned by ClamAV and SpamAssassin.

Strange, isn't it?

[Neririn]

Unfortunately I have a box that still runs 5.6 is there anyway to update the clam AV using this script or another?  Unfortunately this box is out of the country and so easily upgrading to 6.x has not been an option.  And as the box will be phased out within a couple of months, I have hesitated messing with it.  BUT recently I have received several emails a day saying time out to this clamav repository or that etc.  My confidence that it is still scanning email is damaged.  Any suggestions will be appreciated.

[Knuddi]

ltc6netspec,

The installation breaks as your libnet for some strange reason thinks that its newer that the later version in the script. This I have seen if someone compiles a old version as its the build date that RPM looks at (as well). Uninstall libnet manually with rpm -e perl-libnet-1.0901-17 and re-run the script.

There is no new magic in this new version and it should work fine with sme-spamfilter. If you have problems with no spamfilter after install then go into the spamfilter and press save again to ensure all its settings and templates are run again. Both does work with fetchmail as this is what I have on my personal SME gateway.

Also remember to configure the new mirror and PRESS save in the Antivirus panel.

[Henk]

Hi Jesper,

After updating from my pagefault installation, everything seems to work fine. I've only got two email every night from cron deamon. Do you have any idea what's going on?

mail 1 from Cron <root@qs2> run-parts /etc/cron.daily
Content:

/etc/cron.daily/rkhunter:

ClamAV 0.80/588/Mon Nov 15 01:06:21 2004





mail 2 from Cron <root@qs2> /etc/clamscan
Content:

LibClamAV Warning: Unknown machine type in PE header
LibClamAV Warning: Unknown subsystem in PE header
LibClamAV Warning: Unknown machine type in PE header
LibClamAV Warning: Unknown subsystem in PE header
LibClamAV Warning: Unknown machine type in PE header
LibClamAV Warning: Unknown subsystem in PE header
LibClamAV Warning: Unknown encoding type "quoted-printable/4.2.0-dev" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net
LibClamAV Warning: Unknown encoding type "8bit;" - report to bugs@clamav.net

[Knuddi]

Henk,

The first is from rkhunter since they haven't updated their database and indicated this new version of clamav is secure.

The second message is a bit more strange. Did you configure the server to scan all disks every night? Clamscan is the "disk" scan engine.

[Henk]

Henk,

The first is from rkhunter since they haven't updated their database and indicated this new version of clamav is secure.

The second message is a bit more strange. Did you configure the server to scan all disks every night? Clamscan is the "disk" scan engine.

I configured the server to scan all users every night. I also get these message when I start Clamscan using the console (clamscan -v -i). Not by email, but in the console of course.

If I don't use the disk scanning option, I don't get the second message.

As far as I can find the message is harmless, and caused by this: PE is the header on dos/windows executables (exe
files). Clam's scanner probably only knows regular dos/windows PE
headers and WindowsCE apparently has a slightly different header (since
it's another architecture).

This gives some more info, and maybe Knuddi understands what to do with it:

http://www.mail-archive.com/clamav-users@lists.clamav.net/msg13989.html

[len_chan]

Hi.

I just did this upgrade. A few notes, that might help others:  I previously had whatever was installed in the 6.01 Custom distribution that was floating around these forums.  

The upgrade seems to have worked well.  I had to manually uninstall one RPM, but the install script told me exactly what to do.

After the install, I had to manually start ClamD. (/etc/init.d clamd start).  

This seems to work WAY better than what I had before.  It also caught the antivirus test message service from here:
http://www.gfi.com/emailsecuritytest/

So far so good!

[del]

Hi All,
I have the server manager virus panel from dungog.net, anyone know if this script will work or will it replace Stephen Knoble's panel with the Knuddi one?
Regards,
Del

[irule]

I also have the dungog version and the upgrade didn't work.....
How can I uninstall the dungog version and install the knuddie version?

[Knuddi]

The latest script will now also detect the dungog.net version of ClamAV (dungog-antivirus.RPM) and suggest how to uninstall. You should be able to do the suggested rpm -e dungog-antivirus-version.rpm manually and then run the script again.

I do not have the dungog-antivirus package myself so if above works please let me know for the benefit of the rest.

Rgds,
Jesper

[irule]

I did a manual uninstall (rpm -e dungog-antivirus-version (without the .rpm!)) and installed your version. everything seems to work like a charm!


Only at the end of the installation something couldn't be found....

patching file AMAVIS/MTA/Qmail.pm
patching file AMAVIS.pm
Starting clamd:                                            [   OK   ]
Updating the Clam Virus database - Please wait....
ClamAV update process started at Wed Nov 24 09:49:35 2004
ERROR: main.cvd not found on remote server
ERROR: Can't download main.cvd from 67.159.6.26
Update of Antivirus has successfully completed.

[Knuddi]

By default the install script tries to download the latest database from db.ud.clamav.net which is a round-robin DNS with the following servers:

Name:   db.us.clamav.net
Address: 206.58.251.131
Name:   db.us.clamav.net
Address: 207.201.202.73
Name:   db.us.clamav.net
Address: 209.8.40.140
Name:   db.us.clamav.net
Address: 209.200.146.2
Name:   db.us.clamav.net
Address: 209.204.175.217
Name:   db.us.clamav.net
Address: 216.24.174.245
Name:   db.us.clamav.net
Address: 38.136.139.7
Name:   db.us.clamav.net
Address: 64.246.44.108
Name:   db.us.clamav.net
Address: 65.77.42.207
Name:   db.us.clamav.net
Address: 67.19.5.178
Name:   db.us.clamav.net
Address: 67.159.6.26
Name:   db.us.clamav.net
Address: 69.44.153.29
Name:   db.us.clamav.net
Address: 69.93.108.98
Name:   db.us.clamav.net

You were very unlucky that the servers that was resolved when you installed was down (and still is).

Rgds,
Jesper

[funkusmunkus]

hi all and Knuddi,

the script is fantastic but i seem to be getting this error on both machines i installed it on:

Code: [Select]


Can't open /var/log/amavis-ng/amavis-ng.log: No such file or directory


seeing as i'm a noob i won't try and solve it my self  
cheers

[irian]

Can't open /var/log/amavis-ng/amavis-ng.log: No such file or directory

Creat the file:

touch /var/log/amavis-ng/amavis-ng.log

That solved it for me.
MDV