Upgrading Clamav

From Kolab Wiki

Jump to: navigation, search


Please try this process in a test server first, you don't want to screw up your mail server do you?

Upgrading to clamav 0.xx.x

This procedure should be useful for all openpkg packages which do not have "kolab" in the name (these are special patched versions and will be available from kolab mirrors):

You may get a warning when running freshclam like

 WARNING: Your ClamAV installation is OUTDATED!
 WARNING: Local version: 0.xx.x Recommended version 0.88.3

I could not find any rpms for clamav 0.88.3, so heres how to make them for openpkg: Get the latest sources from http://prdownloads.sourceforge.net/clamav/ (choose latest version) Get the spec and rc files from OpenPkg

 wget ftp://ftp.openpkg.org/sources/SRC/clamav/clamav.spec
 wget ftp://ftp.openpkg.org/sources/SRC/clamav/rc.clamav

Update 160410. These files dont seem available through openpkg anymore I've just uploaded to my personal website, a copy of the original files from openpkg I used a year ago.

 wget http://www.hummy.org/local--files/files/clamav.tar.bz

They work just fine even with newer versions, just by changing the version number on clamav.spec

Copy the clamav tarball and rc to /kolab/RPM/SRC/clamav/

 cp clamav-0.88.3.tar.gz /kolab/RPM/SRC/clamav/
 cp rc.clamav /kolab/RPM/SRC/clamav/

Edit the spec file to make sure version numbers match (change Version:)

Also chage the release version to today's date, so you can build different packages.

Comment out the lines refering to a patch we won't be using in clamav.spec

 #  Patch0:       clamav.patch
 #  %patch -p0`

Change the owner of the files to kolab

  chown -R kolab:kolab /kolab/RPM/SRC/clamav/

Become kolab user

 su - kolab
 cd /kolab/RPM/SRC/clamav/

Now build an rpm

 /kolab/bin/openpkg rpmbuild -bb ./clamav.spec

Make sure it exits with 0, you should see something like "+ exit 0" right at the end. If so, just install it

Become root again and stop the current clamav process

 /kolab/bin/openpkg rc clamav stop
 ps axf|grep clamav | grep -v grep

Take a backup of the current clamav directory

 cp -a /kolab/etc/clamav /kolab/etc/clamav.`date +%d%m%g`

Proceed with the installation

 /kolab/bin/openpkg rpm -Uvh /kolab/RPM/PKG/clamav-0.xx.x-200xxxxx.xxxxxxxxx-kolab.rpm (xxxxxxxxx will be your version and distro)

Make sure on the test server that clamd is going to work with the new configuration files.

In the test server (you did test this on a test server first, right?) you should also merge any old clamav settings on the new config file template (/kolab/etc/kolab/templates/clamd.conf.template), so we know the restart is going to work beforehand.

Move the rpmsave automatically created files

 mv /kolab/etc/clamav/clamd.conf.rpmsave /kolab/etc/clamav/clamd.conf.BeforeUpgrade.`date +%d%m%g`
 mv /kolab/etc/clamav/freshclam.conf.rpmsave /kolab/etc/clamav/freshclam.conf.BeforeUpgrade.`date +%d%m%g`
 cp /kolab/etc/clamav/clamd.conf /kolab/etc/clamav/clamd.conf.AfterUpgrade.`date +%d%m%g`
 cp /kolab/etc/clamav/freshclam.conf.rpmsave /kolab/etc/clamav/freshclam.conf.AfterUpgrade.`date +%d%m%g`

Copy the clamav configuration template files including the customizations you created on the test server to /kolab/etc/kolab/templates/clamad.conf.template and /kolab/etc/kolab/templates/freshclam.conf.template on your kolab server, taking a backup of the current files first.

 cp /kolab/etc/kolab/templates/clamd.conf.template /kolab/etc/kolab/templates/clamd.conf.template.`date +%d%m%g`
 cp /kolab/etc/kolab/templates/freshclam.conf.template /kolab/etc/kolab/templates/freshclam.conf.template.`date +%d%m%g`
 chown kolab:kolab /kolab/etc/kolab/templates/*.`date +%d%m%g`

Change the group and permissions of the new configuration files

 chown kolab:kolab-r /kolab/etc/clamav/clamd.conf* /kolab/etc/clamav/freshclam.conf*
 chmod o-r /kolab/etc/clamav/clamd.conf* /kolab/etc/clamav/freshclam.conf*

Start clamav:

 /kolab/bin/openpkg rc clamav start

Check that it started correctly

 tail -100 /kolab/var/clamav/clamd.log
 ps axf|grep clamav|grep -v grep
 netstat -l|grep clam

You may get an error like below. This is normal, when you upgrade, your old config files are saved to oldconfigfile.conf.rpmsave

 openpkg:rc:ERROR: package "clamav" has unresolved configuration file conflicts
 openpkg:rc:ERROR: indicated by "*.rpm(new|orig|save)" files in or below the
 openpkg:rc:ERROR: directory "/kolab/etc/clamav". Please resolve first!

Just go into /kolab/etc/clamav and move all files ending in rpmsave or rpmnew or rpmorig as explained earlier, in case we need them later on.

Reconfigure kolab

 /kolab/sbin/kolabconf

Get the latest patterns:

 /kolab/bin/freshclam

Send some viruses to kolab and check that clamd is really working

Last thing you want to have is an antivirus running but not working, so check your installation!!!

Here you can find some inocuous Standard Anti-Virus Test Files

ROLLBACK - DOWNGRADING (TO-DO)

Stop the current clamav process

 /kolab/bin/openpkg rc clamav stop
 ps axf|grep clamav | grep -v grep

Take a backup of the current clamav directory

 cp -a /kolab/etc/clamav /kolab/etc/clamav.`date +%d%m%g%H%M`

Proceed with the uninstallation

 /kolab/bin/openpkg rpm -qa |grep clamav
 /kolab/bin/openpkg rpm -e clamav-0.xx.x

Take backups of the files in /kolab/etc/clamav and /kolab/etc/kolab/templates/freshclam.conf.template (as explained before)

Proceed with the installation of the previous version

 /kolab/bin/openpkg rpm -Uvh /kolab/RPM/PKG/clamav-0.xx.x-200xxxxx.xxxxxxxxx-kolab.rpm (xxxxxxxxx will be your PREVIOUS version and distro)

Start clamav, check the log, process and sockets as described above. Reconfigure kolab

 /kolab/sbin/kolabconf

Check that the antivirus is working sending some eicar viruses.

Upgrading to clamav 0.88.6

When attempting to upgrade to 0.88.6 on Kolab 2.0.3, you may get an error similar to the following:

 error: Failed build dependencies:
       openpkg >= 20060823 is needed by clamav-0.88.6-20061106

I simply edited the clamav.spec file and changed the dependency, as follows (openpkg requirement edited from 20060823):

 BuildPreReq:  OpenPKG, openpkg >= 20040130, gcc, bzip2
 PreReq:       OpenPKG, openpkg >= 20040130

Please note that while this seems to work fine, and I have not had any problems, this method may cause problems or even beat you up and steal your lunch.

Personal tools