clamav freshclam libclamav....

ajos1 at onion.demon.co.uk ajos1 at onion.demon.co.uk
Sun Dec 9 15:33:18 GMT 2007 

-

clamav freshclam libclamav....

I am absolutely 100% convinced my ClamAv system is 100% working... but "MailScanner --debug" says it is out of date... I am wondering if MailScanner has not caught up with ClamAv changes... or am I doing something majorly wrong... (ie) no doing some kind of update...

=============================
[root at www clamav]# clamscan -V
ClamAV 0.92rc2/5056/Sun Dec  9 10:55:13 2007

=============================
[root at www clamav]# freshclam
ClamAV update process started at Sun Dec  9 13:38:58 2007
main.inc is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
daily.inc is up to date (version: 5056, sigs: 41027, f-level: 21, builder: sven)

=============================
[root at www clamav]# clamscan -debug
......
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: cli_loaddbdir: Acquiring dbdir lock
LibClamAV debug: Loading databases from /var/lib/clamav/daily.inc
LibClamAV debug: /var/lib/clamav/daily.inc/daily.cfg loaded
LibClamAV debug: /var/lib/clamav/daily.inc/daily.ndu skipped
LibClamAV debug: /var/lib/clamav/daily.inc/daily.mdu skipped
LibClamAV debug: /var/lib/clamav/daily.inc/daily.zmd loaded
......

=============================
[root at www clamav]# find /var/lib/clamav -type f -exec /bin/ls -l {} \;

Nov 24 05:08 /var/lib/clamav/daily.inc/daily.ndu
Dec  9 11:10 /var/lib/clamav/daily.inc/daily.info
Dec  9 06:14 /var/lib/clamav/daily.inc/daily.mdu
Nov 24 05:08 /var/lib/clamav/daily.inc/daily.zmd
Dec  8 12:10 /var/lib/clamav/daily.inc/daily.pdb
Dec  3 18:12 /var/lib/clamav/daily.inc/daily.fp
Dec  9 11:10 /var/lib/clamav/daily.inc/daily.ndb
Dec  9 04:16 /var/lib/clamav/daily.inc/daily.wdb
Nov 24 05:08 /var/lib/clamav/daily.inc/COPYING
Dec  6 16:18 /var/lib/clamav/daily.inc/daily.db
Dec  9 00:17 /var/lib/clamav/daily.inc/daily.cfg
Dec  9 07:32 /var/lib/clamav/daily.inc/daily.mdb
Dec  9 06:14 /var/lib/clamav/daily.inc/daily.hdb
Nov 24 05:08 /var/lib/clamav/daily.inc/daily.hdu

Dec  9 13:38 /var/lib/clamav/mirrors.dat

Jul 20 19:07 /var/lib/clamav/main.inc/main.mdb
Jul 20 19:07 /var/lib/clamav/main.inc/main.ndb
Apr 11  2007 /var/lib/clamav/main.inc/main.zmd
Jul 20 19:07 /var/lib/clamav/main.inc/main.info
Apr 11  2007 /var/lib/clamav/main.inc/COPYING
Jul 20 19:07 /var/lib/clamav/main.inc/main.db
Jul 20 19:07 /var/lib/clamav/main.inc/main.fp
Jul 20 19:07 /var/lib/clamav/main.inc/main.hdb

=============================

But... HERE IT STARTS TO GO WRONG ....

=============================
[root at www clamav]# MailScanner  --debug

In Debugging mode, not forking...
Trying to setlogsock(unix)
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
LibClamAV Warning: **************************************************

=============================

A quick scan of MailScanner files suggests... it could be old cvd files...

=============================
[root at www MailScanner]# find -type f -exec grep -H -i cvd {} \;
./MailScanner/ConfigDefs.pl:ClamWatchFiles              /usr/local/share/clamav/*.cvd

=============================
[root at www MailScanner]# la /usr/local/share/clamav/
total 7540
-rw-rw-r-- 1 clamav clamav 6924820 Dec 22  2006 main.cvd
-rw-rw-r-- 1 clamav clamav  752606 Dec 22  2006 daily.cvd

=============================

So I just did...

=============================

/usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/main.cvd
/usr/bin/wget -N -nd -nH -P/usr/local/share/clamav http://db.local.clamav.net/daily.cvd

=============================

And now the message has gone...

=============================
[root at www clamav]# MailScanner --debug
In Debugging mode, not forking...
Trying to setlogsock(unix)
SpamAssassin temp dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp

=============================



I am not sure where these main.cvd and daily.cvd files came from... as far as I know they are not part of my freshclam setup... What process is meant to update these files???

It seems that I have two sets of database files... but both sets are not of the same type... strange...

Have I done something really wrong?  I have daily.inc/main.inc directories in one place... and daily.cvd/main.cvd files in another... and I am not sure how they are related and all tie up to each other!

I have looked at another server... and the date for main.cvd/daily.cvd was March 2007.  Did MailScanner change in December 2006... but on the other server I only did the update 3 months later?

Does anyone have any ideas where I might be going wrong...

Thanks Ajos1

More information about the MailScanner mailing list