Saturday, April 17, 2010

ClamAV - Updating clamd for releases earlier than ZCS 5.0.16

Preventative methods

-Update ZCS to a newer version.

-Update just the ClamAV component.

-Set zimbraVirusDefinitionsUpdateFrequency to 0 well in advance of that day to avoid receiving the remote disable code.
Past 2010.04.15 ?

If you already have daily update #10749:

-Turn off ClamAV from your admin console > server > services 'as/av' tab > uncheck av. Via CLI it's zmprov ms `zmhostname` -zimbraServiceEnabled Antivirus. (The minus sign is important, or you'll leave nothing but av running.) Then zmamavisdctl reload. (This may leave you more vulnerable of course.)

-Update just the ClamAV component.
Manual ClamAV component upgrade:

Zimbra includes ClamAV 0.95 as of ZCS 5.0.18+. The clamav-0.95.1 directory from an installed ZCS 5.0.18 or later installation can be copied directly to an earlier ZCS 5.0 server. To upgrade ClamAV, perform the following steps:
Downloads

Redhat 5.x 32-bit: http://files2.zimbra.com/downloads/clamav/rhel5/clamav-0.95.1.tar
Redhat 5.x 64-bit: http://files2.zimbra.com/downloads/clamav/rhel5_64/clamav-0.95.1.tar

Redhat 4.x 32-bit: http://files2.zimbra.com/downloads/clamav/rhel4/clamav-0.95.1.tar
Redhat 4.x 64-bit: http://files2.zimbra.com/downloads/clamav/rhel4_64/clamav-0.95.1.tar

SLES 10 32-bit: http://files2.zimbra.com/downloads/clamav/susees10/clamav-0.95.1.tgz
SLES 10 64-bit: http://files2.zimbra.com/downloads/clamav/sles10_64/clamav-0.95.1.tgz

Ubuntu 8.04 32-bit: http://files2.zimbra.com/downloads/clamav/ubuntu8/clamav-0.95.1.tgz
Ubuntu 8.04 64-bit: http://files2.zimbra.com/downloads/clamav/ubuntu8_64/clamav-0.95.1.tgz

Ubuntu 6.06 32-bit: http://files2.zimbra.com/downloads/clamav/ubuntu6/clamav-0.95.1.tgz
Ubuntu 6.06 64-bit: http://files2.zimbra.com/downloads/clamav/ubuntu6_64/clamav-0.95.1.tgz

Mac OS X 10.4: http://files2.zimbra.com/downloads/clamav/macosxx86_10.4/clamav-0.95.1.tgz
Mac OS X 10.5: http://files2.zimbra.com/downloads/clamav/macosxx86_10.5/clamav-0.95.1.tgz
Other methods to obtain

1. Install a new server with a later release of ZCS or use the above links. The Free Open-Source release of ZCS is available at http://www.zimbra.com/downloads/os-downloads.html. This document was tested with 5.0.21, but any release starting with 5.0.18 or later will work. 2. After the installation is complete, tar up clamav-0.95.1 on the new server:

cd /opt/zimbra
tar cf /tmp/clamav-0.95.1.tar clamav-0.95.1

The Actual Update Instructions

3. Copy this tar file to your existing ZCS server.

cd /opt/zimbra
scp user@server:/tmp/clamav-0.95.1.tar .

4. Untar the file.

tar xf clamav-0.95.1.tar

5. Stop ZCS services.

zmcontrol stop

6. Change the symbolic link

rm clamav
ln -s clamav-0.95.1 clamav
ls -l clamav

The output line will look similar to:

lrwxrwxrwx 1 root root 25 Apr 9 15:39 clamav -> /opt/zimbra/clamav-0.95.1

7. Start services.

zmcontrol start

Confirm

You can confirm that the new version of ClamAV is running by checking /opt/zimbra/log/clamd.log. The most recent startup in the log should look similar to:

Fri Apr 9 15:57:16 2010 -> +++ Started at Fri Apr 9 15:57:16 2010
Fri Apr 9 15:57:16 2010 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)

Test send-recieve of mail.

With ClamAV 0.95 in place, updates should continue uninterrupted after April 15, 2010, and your system will remain protected.

This procedure was tested using ZCS 5.0.21 and ZCS 5.0.7.


Abhishek

1 comment:

Anonymous said...

I'm Glad i discovered this web site.Added blog.openindiatechnologies.com to my bookmark!