Virus databae upate

Clam AV upate automatically

Basic guide

Clamav database regular update is very important for the security prepose of the system. So there is a cron job to update it daily. How it works is described in this page.

Clamav can be updated by following command.

freshcalam

Then output will be

root@email:/# freshclam
Wed Jun 19 08:49:45 2019 -> ClamAV update process started at Wed Jun 19 08:49:45 2019
Wed Jun 19 08:49:45 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Jun 19 08:49:45 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.2
Wed Jun 19 08:49:45 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Jun 19 08:52:14 2019 -> Downloading main.cvd [100%]
Wed Jun 19 08:56:03 2019 -> main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Jun 19 08:56:24 2019 -> *Can't query main.58.93.1.0.6810DA54.ping.clamav.net
Wed Jun 19 08:57:19 2019 -> Downloading daily.cvd [100%]
Wed Jun 19 09:02:00 2019 -> daily.cvd updated (version: 25484, sigs: 1596295, f-level: 63, builder: raynman)
Wed Jun 19 09:02:20 2019 -> *Can't query daily.25484.93.1.0.6810DA54.ping.clamav.net
Wed Jun 19 09:02:21 2019 -> Downloading bytecode.cvd [100%]
Wed Jun 19 09:02:31 2019 -> bytecode.cvd updated (version: 328, sigs: 94, f-level: 63, builder: neo)
Wed Jun 19 09:02:51 2019 -> *Can't query bytecode.328.93.1.0.6810DA54.ping.clamav.net
Wed Jun 19 09:03:40 2019 -> Database updated (6162638 signatures) from db.local.clamav.net (IP: 104.16.218.84)
Wed Jun 19 09:03:40 2019 -> ^Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory
root@email:/# 

Check whether clamav virus database updated

Once the process completed you may check the log file in following location.

cd /var/log/clamav

more freshclam

It will be like this.

root@email:/var/log/clamav# more freshclam.log
Wed Jun 19 08:49:45 2019 -> --------------------------------------
Wed Jun 19 08:49:45 2019 -> ClamAV update process started at Wed Jun 19 08:49:45 2019
Wed Jun 19 08:49:45 2019 -> WARNING: Your ClamAV installation is OUTDATED!
Wed Jun 19 08:49:45 2019 -> WARNING: Local version: 0.100.3 Recommended version: 0.101.2
Wed Jun 19 08:49:45 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Jun 19 08:52:14 2019 -> Downloading main.cvd [100%]
Wed Jun 19 08:56:03 2019 -> main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Can't query main.58.93.1.0.6810DA54.ping.clamav.net
Wed Jun 19 08:57:19 2019 -> Downloading daily.cvd [100%]
Wed Jun 19 09:02:00 2019 -> daily.cvd updated (version: 25484, sigs: 1596295, f-level: 63, builder: raynman)
Can't query daily.25484.93.1.0.6810DA54.ping.clamav.net
Wed Jun 19 09:02:21 2019 -> Downloading bytecode.cvd [100%]
Wed Jun 19 09:02:31 2019 -> bytecode.cvd updated (version: 328, sigs: 94, f-level: 63, builder: neo)
Can't query bytecode.328.93.1.0.6810DA54.ping.clamav.net
Wed Jun 19 09:03:40 2019 -> Database updated (6162638 signatures) from db.local.clamav.net (IP: 104.16.218.84)
Wed Jun 19 09:03:40 2019 -> WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory
root@email:/var/log/clamav# 

How to enable virus update to work daily.

Now you need to modify the crontab for the root user.

crontab -e

This opens the root crontab file in the nano text editor. Add the following line

57 08 * * * freshclam

How to do above steps from one command line.

crontab -l | { cat; echo "57 08 * * * freshclam"; } | crontab -

Running a shell script when to run freshclam command every 24 hours

crontab -l | { cat; echo "* * * * * sh /etc/clamav/timer.sh"; } | crontab -

How to start crontab again after edit it in ubuntu

service cron start

Sample shell script to do login also when freshclam run using timer.sh

First you should have create the copper.log file for nano /var/log/copper.log

#!/bin/bash
HOME=/var/log
OUTPUT="${HOME}/copper.log"
ERROR="${HOME}/copper.err"
date >> /var/log/timer.log
freshclam >> $OUTPUT 2>&1
exit 0

exit command in linux is used to exit the shell where it is currently running. It takes one more parameter as [N] and exits the shell with a return of status N. If n is not provided, then it simply returns the status of last command that is executed. After pressing enter, the terminal window will close and return a status of n. Return status is important because sometimes they can be mapped to tell error, warnings and notifications. For example generally, return status – “0” means the program has executed successfully. “1” means the program has minnor errors.

Making Sure the Last Job Finished Running Before Running the Job Again:

For this to work, you can create a temporary file just after the job starts and remove it just before it finishes. Then you can check whether the temporary file exists before starting the job. If it does, you can exit out of the job and run the job only when the temporary file is unavailable.

This simple script does just that.

#!/bin/bash
HOME=/var/log
OUTPUT="${HOME}/copperclamav.log"
ERROR="${HOME}/copper.err"
PID="/bin/init_clamav.pid"

if [ -f "$PID" ]
then
   exit 1
fi
touch $PID
freshclam >> $OUTPUT 2>&1

rm $PID

exit 0

Clamav also has it's own configuration to set daily update times.

vim /etc/clamav/freshclam.conf
Checks 24
##Notify clamd to reload it self
NotifyClamd /etc/clamav/clamd.conf

---

After above mentioned studies it was configured in the copper email solution in following way.

"init_clamav.sh" shell script prepared and copied in to emailserver image "/bin" directory.

#!/bin/bash
HOME="/var/log"
OUTPUT="${HOME}/copperclamav.log"
ERROR="${HOME}/copper.err"
PID="/bin/init_clamav.pid"

if [ -f "$PID" ]
then
   exit 1
fi
touch $PID
freshclam >> $OUTPUT 2>&1

rm $PID

exit 0

In emailserver yaml file command exicuted to run this file as a cronjob.

   lifecycle:
            postStart:
              exec:
                command: ["/bin/sh", "-c", "service rsyslog start 2> /dev/null || true && service postfix start 2> /dev/null || true && service dovecot restart 2> /dev/null || true && service rspamd start 2> /dev/null || true && crontab -l | { cat; echo '*/50 * * * * sh /bin/init_clamav.sh'; } | crontab - 2> /dev/null || true &&  service cron start 2> /dev/null || true"]
                

According to above exec command it will run for each 50 minutes.

crontab -l | { cat; echo '*/50 * * * * sh /bin/init_clamav.sh'; } | crontab -

Further while running log file will be created in the "/var/log/copperclamav.log" . Check it and verify that main.cvd file is up to date.

nano /var/log/copperclamav.log 


Tue Jul  2 04:50:03 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamavilder: sigmgr)
Tue Jul  2 04:50:03 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Tue Jul  2 04:50:04 2019 -> Downloading daily.cvd [100%]d at Tue Jul  2 04:00:03 2019ing-clamavilder: sigmgr)
Tue Jul  2 04:54:53 2019 -> !Database load killed by signal 9ATED!igs: 4566249, f-level: 60, builder: sigmgr)
Tue Jul  2 04:54:53 2019 -> !Failed to load new databasemmended version: 0.101.2 2019ing-clamavilder: sigmgr)
Tue Jul  2 05:00:03 2019 -> ClamAV update process started at Tue Jul  2 05:00:03 2019ing-clamavilder: sigmgr)
Tue Jul  2 05:00:03 2019 -> ^Your ClamAV installation is OUTDATED!igs: 4566249, f-level: 60, builder: sigmgr)
Tue Jul  2 05:00:03 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.2 2019ing-clamavilder: sigmgr)
Tue Jul  2 05:00:03 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamavilder: sigmgr)
Tue Jul  2 05:00:03 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)

If you find that logs are not created then simply execute following command to check and restart the cronjob.

If you want to check the crontab use bellow command.

crontab -e

Crontab content should be

*/50 * * * * sh /bin/init_clamav.sh

Restart the cron jobs.

service cron start

Cron Task : Create Cron task

Cron job pattern

cron tab practice