Topic: Loosing Bandwidth & ClamAV OUTDATED problem

[Luis Noriega]

Hi!
I'm newby on SME Servers.
A friend of me have an SME Server. He does not know anything about servers, computers, etc, but he needed a solution in his office and a guy installed him an SME Server.
That server was a great solution. It has almost 5 years working (and having no problems) until this week.
The problem started with the bandwidth. Internet became slowspeed and finally unusable.
So my friend asked me for help and i started "diving" in the SME ocean.
First we thougt that the problem was spyware on any of the PC's connected to the server. I've started checking everything until I realized that the problem was not on the PC's: was on the server.
So I started checking the processes of the server on the server-manager interface. I found the following:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Oct 12 12:10:20 server clamd: ****************************************************
Oct 12 12:10:20 server clamd: LibClamAV Warning: ***  This version of ClamAV engine is outdated.  ***
Oct 12 12:10:20 server clamd: LibClamAV Warning: ***         Please update it IMMEDIATELY!        ***
Oct 12 12:10:20 server clamd: LibClamAV Warning: ****************************************************
Oct 12 12:10:20 server pppd[1655]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xeda5e5ac>]
Oct 12 12:10:20 server clamd: LibClamAV Warning:
Oct 12 12:10:20 server clamd: Signature for Worm.Zhelatin-19 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-15 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-16 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-17 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-18 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Trojan.Lmir-548 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-20 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-21 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-22 requires new ClamAV version. Please update!
Oct 12 12:10:20 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-23 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-24 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-25 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-26 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-27 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-28 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-29 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-30 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Worm.Zhelatin-31 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Trojan.Hupigon-18197 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Trojan.Hupigon-18198 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Trojan.Vundo-7442 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Trojan.Vundo-7458 requires new ClamAV version. Please update!
Oct 12 12:10:21 server clamd: LibClamAV Warning: Signature for Trojan.Vundo-7456 requires new ClamAV version. Please update!
... (followed by an unending list of virus, bugs and trojans...)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
So I decided to update clam. I run freshclam and I recieved this message:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
WARNING: your ClamAV installation is OUTDATED - please update immediately!
WARNING: Local version: 0.80 Recommended version:0.94
main.cvd is up to date (version 48...
WARNING: Current functionality level = 3, required = 35
...
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
So I decided now to update the engine version of clamav. The problem is that I don't know how. I've read a lot of post's similar to mine, but they talk about upgrading from version 92 to 92.1 (and I have the version 0.80!!!). So I don't know what to do.
I've thougt: What happened if I disable the Antivirus?
So I moved the S97clamd file from /etc/rc7.d to any other directory... and it works!!!
If I disable the CLAMAV Antivirus, my bandwith works again as it should. But the problem is that I still have a huge zoo of virus inside my server...
So, can anyone help me PLEASE???
Greetings from MEXICO.
Luis.

[Confucius]

very simple, give the command "yum update"

[Luis Noriega]

Thanks Confucius, but remember that I am a LOOSER NEWBIE!
Do you write only "yum update"? or "yum update Clamav"?
What does "yum update" do?
Thanks a lot.
Luis.

[Confucius]

"yum update" will do all available updates and that could be a LOT when I see this server is running about 5 years and abandoned for some time.

Updates are mostly connected so doing only an update on clamav is not logical.

[Stefano]

Hi Luis..

I think that your server should be SME 6.x, isn't it?

please, post here the result of:

Code: [Select]

cat /etc/e-smith-release

BTW, as far I know SME 6.x did not have yum.. so, if you want to update clamav, please read this post http://forums.contribs.org/index.php?topic=40963.0

ciao

Stefano

[Luis Noriega]

Stefano!

the result is:

Code: [Select]

SME Server 6.0.1-01
I will read later the link you gave me. Later I'll tell you the result.

Grazie

[Luis Noriega]

Stefano!
I've read the post http://forums.contribs.org/index.php?topic=40963.0, but -as i can see- it says nothing about how to install (or where to download it).
Could you tell me?
Thanks again.

[Confucius]

Best thing to do is upgrade.

Download the latest ISO file and use that for upgrading. The manual has 'all' the answers.

Keeping this a 6.x server is a severe security risk.

[Luis Noriega]

Confucius:
When you say "Download the latest ISO file"...
1) What ISO file do you mean? The ISO file of the SME server operating system? Do you mean upgrade the version of the server? Or just upgrade the AntiVirus?
2) Where can I found that ISO file?
Thanks

[janet]

Luis Noriega

You do need to upgrade to sme7.3 as the version you are using is unsupported and has severe security issues, and you will have difficulty upgrading just the clamav component.

Having said that, if I recall correctly the sme v 6.0.1-01 release was a highly customised version, and there were many problems upgrading from that to sme7.x series due to the additional contribs that were installed.

You would be very wise to uninstall all additional contribs.

sme 7.3 iso is here

http://wiki.contribs.org/SME_Server:Download

When doing upgrades from sme 6.x there are a few precautions to take.
Please read very carefully this longish thread

http://forums.contribs.org/index.php?topic=30745.0

and also see this wiki article which gives a brief idea of the simple steps to take regarding removal of incompatible templates.

http://wiki.contribs.org/UpgradeDisk

Warning, take a full backup first.

[Stefano]

@Luis: read this http://sme.swerts-knudsen.dk/howtos/howto_22.htm, you'll find an how-to
please check also if there's space on the hd
after your AV is update, please take some time to plan an upgrade


@mary & cunfucius: you are right, the best chioice is to upgrade but.. sometimes it's not an option.. if it's a production server, the first thing to do, IMHO, is to make it work..

futhermore, maybe server's hw is obsolete (5 years old at least)

my 2c

Stefano

[janet]

nenonano & Luis

Knuddi has announced his clamav contrib is likely to be the last upgrade for sme 6.x servers, so any benefit from that approach will only be very short term.
http://forums.contribs.org/index.php?topic=41849.0

I have sme7.3 running on a P333MHz with 256 Mb RAM serving up a couple of web sites, it's obviously only doing light duty, but it still runs adequately. Server manager changes are painfully slow though.
So hardware should not be that much of an issue, especially if the situation hasn't required an update for 5 years (depending on actual usage requirements etc)

At the other end of the spectrum I have sme on a Core2 Duo 2GHz server and it really runs fast.

[Luis Noriega]

mary & Stefano!

Thank you very much!
I think I'm going to upgrade just the ClamAV to put the server working again.
I'm also thinking on making later (maybe in a couple of months) a new server (new hardware, version SME 7.X, ...)
THANKS A LOT!
Luis.

[Luis Noriega]

Stefano!
Right now I've just did what Knudsen says on his page (http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_22.htm)
The screen says:

Code: [Select]

clamav-es-0.80-es02
clamav-es-libs-0.80-es02 being uninstalled to prepare for upgrade....
Shutting down clamd:                        [     [color=green]OK[/color]     ]
warning: /etc/freshclam.conf saved as /etc/freshclam.conf.rpmsave
warning: /etc/clamd.conf saved as /etc/clamd.conf.rpmsave
Uninstall of ClamAV successful...
Downloading RPMs from
/clamav-es-libs-0.92.1-es01.i386.rpm: Unsupported scheme.
/clamav-es-0.92.1-es01.i386.rpm: Unsupported scheme.
/perl-MailTools-1.61-1.i386.rpm: Unsupported scheme.
/amavis-qmail.path: Unsupported scheme.
antivirus_install.sh: amavis-qmail.path: No such file or directory.
/amavis_clamd.path: unsupported scheme.
Antivirus_install.sh: amavis_clamd.path: No such file or directory
Default mirror alredy configured.
MKdir: Cannot create directory '/var/log/clamav': File exists
ERROR: No templates were found for /etc/freshclam.conf.at/sbin/e-smith/expand-template line 49
ERROR: No templates were found for /etc/clamd.conf.at/sbin/e-smith/expand-template line 49
antivirus_install.sh: /etc/init.d/clamd: No such file or directory
updating the Clamd Virus Database - please wait...
Antivirus_install.sh: /usr/bin/freshclam: no such file or directory
updating the automatic update site to new defaults...
Instalation failed, exiting.
All downloaded files are located in /root/antivirus_install

What happened? Did I did something wrong?
What can I do?
Thanks.
Luis.

[Stefano]

Hi Luis

let's try to get it work..

- login as root on your SME

- be sure that clam* has been uninstalled with

Code: [Select]

rpm -qa | grep clam

it should return nothing.. if not, post here the result

- download AV installing script with

Code: [Select]

wget http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/swerts-knudsen/AntiVirus/antivirus_install.sh

then open it with

Code: [Select]

pico antivirus_install.sh

change the line "VERSION=0.92.1-es01" with "VERSION=0.94.1-es01" and save with Ctrl-X, Y

- run the script with

Code: [Select]

sh antivirus_install.sh

it should download some rpms and then install them..

reading your log, it seems that something went wrong in the download.

Let me know and eventually contact me on msn

Ciao
Stefano