User Tools

Site Tools


en:clamav-update


Part 1 - ClamAV-Update

1.3. ClamAV / HAVP

Current: ClamAV 0.99.2, especially made for Copfilter and adapted to IPCop versions 1.4.x (V1) and 2.x (V2).

Unless otherwise stated, HAVP and C-ICAP are NOT included anymore.

Important Note!

Source: http://www.copfilter.org/forum/viewtopic.php?f=4&t=224&start=0

This version requires more performance / memory than older versions.
If the 3rd party signatures are enabled, the system requires at least 1GB of RAM!
The signature databases are still growing, new features and techniques for virus detection mean that more power is needed.

Improvements:
New Malware detection and improvements in the Scan Engine.
The bytecode interpreter is new, plus various innovations in the heuristic detection and improvements of the signatures.
Supports new archives, new executable file formats and UPX 3.0.

LLVM (performance improvement) is unfortunately not supported because the libraries are now getting old.

ClamAV-Homepage

HAVP-Homepage

Changelog

ClamAV-Changelog: https://github.com/vrtadmin/clamav-devel/blob/0.99.2/ChangeLog
HAVP-Changelog: http://www.server-side.de/

IMPORTANT:

  • :!: These installation packages are also upgrading the existing HAVP and C-ICAP-version, if necessary.

Download

IPCop 1.4.x ONLY: V1-Logo

V1:clamav_0.98.4_copfilter-v1-package.tgz8.7 MB
MD5SUM: 093B19932A7D9AFC8848B70B71C03769

Since ClamAV version 0.98.3 there exists a problem with HAVP working in library mode (cannot allocate memory). But HAVP is working well in socket mode, which you should change if you see such warnings.

This update performs the necessary adjustment automatically and will also fix a bug in the havp init script, which did not disable the library mode correctly. There will be also added the necessary ssl libraries, which becomes important since ClamAV 0.98.3.

IPCop 1.9.x/2.x ONLY (Copfilter 2.0.91 / no longer supported!): V2-Logo

V2:clamav_0.97.7_copfilter-2.0.91beta1-package.tgz61.9 MB
MD5SUM: 87A07902641C54E030A6A9D9F346C5A9

This update also updates C-ICAP to version 0.2.5!

IPCop 1.9.x/2.x ONLY (Copfilter 2.0.91beta3/4): V2-Logo

V2:clamav_0.98.1_copfilter-2.0.91beta4-package.tgz6.9 MB
MD5SUM: 72B7EE292B2463356574378A47756372

This update also updates C-ICAP to version 0.2.5!

IPCop 2.x ONLY (Copfilter 2.1.92betaX): V2-Logo

V2:clamav_0.98.4_copfilter_2.1.92betax.tgz5.6 MB
MD5SUM: 019BFB52152900E41886C353CB6CC453

This update also updates C-ICAP to version 0.3.3!

Notes for HAVP users: at this moment, HAVP is working only in socket mode (library mode = off), because of a bug!

IPCop 1.4.x ONLY: V1-Logo

V1:clamav_0.98.7_copfilter.tar.gz6.5 MB
MD5SUM: 049F588F295E57292A6C03923B774754

IPCop 2.x ONLY (Copfilter 2.1.93beta1): V2-Logo

V2:clamav_0.98.7_copfilter-v2.tgz4.9 MB
MD5SUM: 066B66339DA55A2C31FBB4777ADC52C0

IPCop 2.x ONLY (Copfilter 2.1.93beta1): V2-Logo

V2:clamav_0.99-pack_copfilter-v2.tgz5.8 MB
MD5SUM: D185D9A2411509F0EBC8E76ECA658C70

This update also updates C-ICAP to version 0.4.2!

Additional info from Forum: If you installed previous clamav-0.99 update package from Kare website, you need to reinstall it! Previous version of clamav 0.99 (02/12/2015 » 06/12/2015) was missing recompiled havp! If you already installed previous clamav update, please enforce reinstall!

IPCop 2.x ONLY (Copfilter 2.1.93beta1): V2-Logo

V2:clamav_0.99.1-pack_copfilter-v2.tgz5.8 MB
MD5SUM: 2F17EC4DF9A76A84ADFDC28993940183

Bugfix-Release. This update also updates C-ICAP to version 0.4.2 and HAVP to version 0.92a!

IPCop 2.x ONLY (Copfilter 2.1.93beta1): V2-Logo

V2:clamav_0.99.2-1-bundle_copfilter-v2.tgz5.8 MB
MD5SUM: 6C647C090CE929D0809C7B1238D0EFC8

Bugfix-Release. This update also updates C-ICAP to version 0.4.4 and HAVP to version 0.92a!

Installation

Installation proceeds - with a slight difference - as described in The installation of the software archives:

Manual deletion of the installation files and previous versions of ClamAV and HAVP is no longer required, they will be deleted on demand.

Notes

  • Following this update you should trigger a ClamAV signature update and a complete restart of all services.
  • Although these updates are also started through the installation script - to put the whole constellation of Copfilter components in a well-defined initial state, a complete restart of all Copfilter services is quite advisable.
  • In file '/var/log/copfilter/default/opt/clamav/etc/freshclam.conf' the relevant country code for the database downloads (using a linux-compatible editor): Database Mirror db.XY.clamav.net
  • Furthermore you should check the contents of various log files on the Copfilter Tests & Logs page (espec.: 'clamd.log', 'havp_error.log', 'icap_server.log').

Downgrade

Note

Sometimes there is a chance, that memory problems can be solved by changing HAVP operating mode from Library- to Unix-(local)-Socket-Scanner mode.

How this can be done, is documented here.


  • In the event that you have installed ClamAV 0.96.x - despite all warnings - on a IPCop with only 512 MB RAM, it could be necessary to downgrade to 0.95.3.
  • Symptoms: Excessive load on RAM and swap, as well as loosing connections to the web interface and other failures and misbehaviors.


To make this somewhat clearer (these are indeed two different cops, but I think it is clear what is meant!):

Services (512 MB) Services (1GB)
Memory Graph (512 MB): Memory Graph (1 GB):
Swap Graph (512 MB): Swap Graph (1 GB)


  • Under normal circumstances a downgrade to version 0.95.3 is noncritical, the EOL-message von ClamAV refers explicitly to “All ClamAV releases older than 0.95 …” ie, version 0.95.3 is still usable!

Method

There are two possibilities:

  1. An upgrade to ClamAV-version 0.96.x was made and the 0.95.3-directories were not deleted.
  2. An upgrade was made and the 0.95.3-directories were deleted.


1.: In this case, a downgrade is relatively simple.

Log in on the console as 'root' using a suitable client (ssh, PuTTY, …) and initiate the following commands:

  • Stop ClamAV-Daemon:
copfilter_stopclamd

[ENTER]

Sample output:

root@DevelCop:~ # copfilter_stopclamd
Sent a HUP signal to monit
<BR>Waiting .
clamd killed  <BR>
clamd is not running <BR>


  • Delete ClamAV-0.96.x-default symlink, create new symlink for version 0.95.3 and adjust file permissions:
rm -R /var/log/copfilter/default/opt/clamav/default

[ENTER]

ln -s /var/log/copfilter/default/opt/clamav/0.95.3 /var/log/copfilter/default/opt/clamav/default

[ENTER]

chown -R clamav:clamav /var/log/copfilter/default/opt/clamav

[ENTER]

  • Delete incompatible bytecode signature file, otherwise starting version 0.95.3 will fail:
rm /var/log/copfilter/default/opt/clamav/virdb/bytecode.*

[ENTER]

  • Start ClamAV-Daemon:
copfilter_startclamd

[ENTER]

Sample output:

root@DevelCop:~ # copfilter_startclamd
ClamAV debug mode is disabled <BR>
Blocking of encrypted archives is disabled <BR>
<BR>
Starting clamd <BR>
wait 1 second(n) <BR>
clamd is running with PID 1083 1082 1081 <BR>


2: If the old directories of the previous version were deleted, the ClamAV version 0.95.3, of course, must be re-installed.

  • Prior to this, you should delete the incompatible bytecode signature file, otherwise launch of version 0.95.3 will fail with a “malformed database” error message!
copfilter_stopclamd
rm /var/log/copfilter/default/opt/clamav/virdb/bytecode.*

[ENTER]

  • Now the new installation can be started:
cd /tmp
wget http://www.it-connect-unix.de/copfilter/clamav_0.95.3_copfilter.tar.gz
tar xzvf clamav_0.95.3_copfilter.tar.gz
md5sum clamav_0.95.3_copfilter.tar.gz
cd clamav_0.95.3_copfilter
./install


Consequences

  • The affected PC should be upgraded to at least 1 GB of RAM - as fast as possible.
  • Until then, you shouldn't wonder about “This version of the ClamAV engine is outdated.”-messages coming during signature-updates, these are unfortunately, quite normal in this case.
    *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
  • After the upgrade, the version 0.96.x can be easily reinstalled.

en/clamav-update.txt · Last modified: 2016/12/04 12:57 by fischerm