Results 1 to 7 of 7
  1. #1
    Newbie
    Join Date
    Jul 2007
    Posts
    4

    Default Anti Virus / Anti Spam Updation

    HI

    How often the Antivirus and Antispam gets updated. I there any way were I can see when was the antivirus and antispam was last updated.

    Thanks

    VP

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    In the report, at the top of the section for each antivirus app, it says when the signatures were last updated.

    I think antivirus runs hourly and antispam every six hours, but I'm not positive.

    To force an update for spam, run "sa-update" in the shell
    To force an anti-virus update (for Virus Blocker), run "/etc/init.d/clamav-freshclam restart"
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Aug 2007
    Posts
    1

    Default Anti-Virus

    I checked the Reports and noticed that the virus signatures for Virus Blocker are dated 1 March 2007. That tells me that Virus Blocker is not updating its signatures. In the Virus Blocker program, I see no settings regarding the updating of signatures. Also, do any of the other programs such as Intrusion Prevention, Spyware Blocker, etc get updated also?

    In addition, how do I access the command shell on the Untangle server?

  4. #4
    Newbie
    Join Date
    Jul 2007
    Posts
    10

    Exclamation clamav Update issues

    ,

    ClamAV appears to be encountering issues in updating.

    The logs indicate that the actual 'build' is a little behind (not enough to be the issue, I think) and the following error

    ERROR: getpatch: Can't download daily-3932.cdiff from db.local.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Ignoring mirror 193.19.98.136 (too often connection with outdated version)
    <repeats above for different IP addresses>
    ERROR: Can't dowload daily.cvd from db.local.clamav.net

    Suggestions welcomed - an out of date AV is only marginally better than none at all - possibly worse, as it gives an incorrect sense of security !!

    Thanks !

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Hey Janus,

    agreed.

    Do you have a proxy in place that could be blocking it from getting updates?

    Can you drop to a shell and run this: freshclam --stdout -v

    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Newbie
    Join Date
    Jul 2007
    Posts
    10

    Default

    Thanks !

    Nope, no proxy; it's been working before, and the untangle box is the last thing before the outer 'wall' - which hasn't changed.

    The output (sorry, can't figure how to cut and paste from xterm to this window) is essentially as above but with the following 'extras':
    ClamAV update process started at Thu Aug 16 21:37:15 2007
    Querying current.cvd.clamav.net
    TTL:9
    Software version from DNS: 0.91.1
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.90.3 Recommeded version 0.91.1
    DON'T PANIC! read http://www.clamav.net/support/faq
    main.cvd version from DNS: 44
    main.inc is up to date (version: 44, sigs 133163, f-level: 20m builder: sven)
    daily.cvd version from DNS: 3967
    Retrieving http://db.local.clamav.net/daily-3932.cdiff
    Ignoring mirror <back to the my last post !>


    (a) It worked fine up to and including the update in the early hours of Sunday.
    (b) apt-get install clamav reports that the version (from the untangle update server perspective at least) is current (so I presume that Untangle's apt distribution server hasn't yet approved the latest ClamAV engine...)

    Hope that's of use...

    Oh, and as a workaround, I can download the Daily.CVD from CLAMAV direct - I just can't figure where to put it or how to get clamav to 'recognise it', so I don't see much point in downloading it randomly !


    Figured out manual workaround courtesy of ClamAV site.
    Warning: This worked for me. Your mileage may vary ! And specifically, I beleive that I've updated the signature files, but I'm not sure if ClamD has 'accepted' them.

    1. Download daily.cvd from www.clamav.net
    2. Logon to Untangle 'terminal'
    3. CD to ~clamav/daily.inc
    4. copy the daily.cvd to this directory
    5. run sigtool -u daily.cvd
    6. delete daily.cvd
    7. run freshclam to check that the updates are in the right place !

    Like I say, your mileage may vary, I'm no expert on clamav

    Main problem remains - I don't know if it will auto-update again.....
    Last edited by Janus; 08-16-2007 at 04:37 PM. Reason: Temporary workaround.

  7. #7
    Newbie
    Join Date
    Jul 2007
    Posts
    10

    Default

    Update:
    Manual update last night appears to have worked, and automatic updates also appear to have resumed normal operation. However, I've no idea why they stopped working, and the lack of any 'alarm' function for this is reasonably serious.

    If I was using SNMP (not at present!), would the out-of-date signatures or the repeated update failures have sent any traps ?

    also, do you anticipate any fallout from SourceFire's acquisition of ClamAV as announced today ?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2