Anti Virus / Anti Spam Updation

[palvishal]

HI

How often the Antivirus and Antispam gets updated. I there any way were I can see when was the antivirus and antispam was last updated.

Thanks

VP

[dmorris]

In the report, at the top of the section for each antivirus app, it says when the signatures were last updated.

I think antivirus runs hourly and antispam every six hours, but I'm not positive.

To force an update for spam, run "sa-update" in the shell
To force an anti-virus update (for Virus Blocker), run "/etc/init.d/clamav-freshclam restart"

[JJMurph]

I checked the Reports and noticed that the virus signatures for Virus Blocker are dated 1 March 2007. That tells me that Virus Blocker is not updating its signatures. In the Virus Blocker program, I see no settings regarding the updating of signatures. Also, do any of the other programs such as Intrusion Prevention, Spyware Blocker, etc get updated also?

In addition, how do I access the command shell on the Untangle server?

[Janus]

,

ClamAV appears to be encountering issues in updating.

The logs indicate that the actual 'build' is a little behind (not enough to be the issue, I think) and the following error

ERROR: getpatch: Can't download daily-3932.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Ignoring mirror 193.19.98.136 (too often connection with outdated version)
<repeats above for different IP addresses>
ERROR: Can't dowload daily.cvd from db.local.clamav.net

Suggestions welcomed - an out of date AV is only marginally better than none at all - possibly worse, as it gives an incorrect sense of security !!

Thanks !

[dmorris]

Hey Janus,

agreed.

Do you have a proxy in place that could be blocking it from getting updates?

Can you drop to a shell and run this: freshclam --stdout -v

[Janus]

Thanks !

Nope, no proxy; it's been working before, and the untangle box is the last thing before the outer 'wall' - which hasn't changed.

The output (sorry, can't figure how to cut and paste from xterm to this window) is essentially as above but with the following 'extras':
ClamAV update process started at Thu Aug 16 21:37:15 2007
Querying current.cvd.clamav.net
TTL:9
Software version from DNS: 0.91.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.90.3 Recommeded version 0.91.1
DON'T PANIC! read http://www.clamav.net/support/faq
main.cvd version from DNS: 44
main.inc is up to date (version: 44, sigs 133163, f-level: 20m builder: sven)
daily.cvd version from DNS: 3967
Retrieving http://db.local.clamav.net/daily-3932.cdiff
Ignoring mirror <back to the my last post !>


(a) It worked fine up to and including the update in the early hours of Sunday.
(b) apt-get install clamav reports that the version (from the untangle update server perspective at least) is current (so I presume that Untangle's apt distribution server hasn't yet approved the latest ClamAV engine...)

Hope that's of use...

Oh, and as a workaround, I can download the Daily.CVD from CLAMAV direct - I just can't figure where to put it or how to get clamav to 'recognise it', so I don't see much point in downloading it randomly !


Figured out manual workaround courtesy of ClamAV site.
Warning: This worked for me. Your mileage may vary ! And specifically, I beleive that I've updated the signature files, but I'm not sure if ClamD has 'accepted' them.

1. Download daily.cvd from www.clamav.net
2. Logon to Untangle 'terminal'
3. CD to ~clamav/daily.inc
4. copy the daily.cvd to this directory
5. run sigtool -u daily.cvd
6. delete daily.cvd
7. run freshclam to check that the updates are in the right place !

Like I say, your mileage may vary, I'm no expert on clamav

Main problem remains - I don't know if it will auto-update again.....

[Janus]

Update:
Manual update last night appears to have worked, and automatic updates also appear to have resumed normal operation. However, I've no idea why they stopped working, and the lack of any 'alarm' function for this is reasonably serious.

If I was using SNMP (not at present!), would the out-of-date signatures or the repeated update failures have sent any traps ?

also, do you anticipate any fallout from SourceFire's acquisition of ClamAV as announced today ?