Saturday, April 17, 2010

ClamAV - Updating clamd for releases earlier than ZCS 5.0.16

Preventative methods

-Update ZCS to a newer version.

-Update just the ClamAV component.

-Set zimbraVirusDefinitionsUpdateFrequency to 0 well in advance of that day to avoid receiving the remote disable code.
Past 2010.04.15 ?

If you already have daily update #10749:

-Turn off ClamAV from your admin console > server > services 'as/av' tab > uncheck av. Via CLI it's zmprov ms `zmhostname` -zimbraServiceEnabled Antivirus. (The minus sign is important, or you'll leave nothing but av running.) Then zmamavisdctl reload. (This may leave you more vulnerable of course.)

-Update just the ClamAV component.
Manual ClamAV component upgrade:

Zimbra includes ClamAV 0.95 as of ZCS 5.0.18+. The clamav-0.95.1 directory from an installed ZCS 5.0.18 or later installation can be copied directly to an earlier ZCS 5.0 server. To upgrade ClamAV, perform the following steps:

Redhat 5.x 32-bit:
Redhat 5.x 64-bit:

Redhat 4.x 32-bit:
Redhat 4.x 64-bit:

SLES 10 32-bit:
SLES 10 64-bit:

Ubuntu 8.04 32-bit:
Ubuntu 8.04 64-bit:

Ubuntu 6.06 32-bit:
Ubuntu 6.06 64-bit:

Mac OS X 10.4:
Mac OS X 10.5:
Other methods to obtain

1. Install a new server with a later release of ZCS or use the above links. The Free Open-Source release of ZCS is available at This document was tested with 5.0.21, but any release starting with 5.0.18 or later will work. 2. After the installation is complete, tar up clamav-0.95.1 on the new server:

cd /opt/zimbra
tar cf /tmp/clamav-0.95.1.tar clamav-0.95.1

The Actual Update Instructions

3. Copy this tar file to your existing ZCS server.

cd /opt/zimbra
scp user@server:/tmp/clamav-0.95.1.tar .

4. Untar the file.

tar xf clamav-0.95.1.tar

5. Stop ZCS services.

zmcontrol stop

6. Change the symbolic link

rm clamav
ln -s clamav-0.95.1 clamav
ls -l clamav

The output line will look similar to:

lrwxrwxrwx 1 root root 25 Apr 9 15:39 clamav -> /opt/zimbra/clamav-0.95.1

7. Start services.

zmcontrol start


You can confirm that the new version of ClamAV is running by checking /opt/zimbra/log/clamd.log. The most recent startup in the log should look similar to:

Fri Apr 9 15:57:16 2010 -> +++ Started at Fri Apr 9 15:57:16 2010
Fri Apr 9 15:57:16 2010 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)

Test send-recieve of mail.

With ClamAV 0.95 in place, updates should continue uninterrupted after April 15, 2010, and your system will remain protected.

This procedure was tested using ZCS 5.0.21 and ZCS 5.0.7.


1 comment:

Anonymous said...

I'm Glad i discovered this web site.Added to my bookmark!