zimbra启动服务时clamav杀毒软无法启动 显示zmclamdctl is not running [适用于zcs5.0]

官方的说明：链接地址：http://wiki.zimbra.com/index.php?title=ClamAV_-_Reset_Defs_DB

============================================================================================================================

Sometimes ClamAV will download a virus update, and the update will not download correctly. This causes an error in its checksum. If this happens, ClamAV usually goes down and the system suspends delivery. Downloading fresh definition files can correct this problem.

Symptoms

You will experience the following symptoms if ClamAV fails to correctly download a virus update:

The definitions are corrupt if in /var/log/zimbra.log:

• ClamAV isn't running
• postfix/qmgr errors out at delivery temporarily suspended

And in /opt/zimbra/log/clamd.log:

• There are log error messages, like malformed database
• zmclamdctl status shows clamd as down.

The following symptoms may occur if you stop & restart Zimbra services (using zmcontrol stop and zmcontrol start):

• Antivirus may fail to start with the error (among others) clamd failed to start

Note: The WARNING: Your ClamAV installation is OUTDATED! error may also appear, but this is not indicative of a corrupt clamd database. This error simply occurs because ClamAV has a more recent release available than the one that ships with Zimbra. Updating your ClamAV installation to a version not included with a released ZCS product is not recommended and is not supported. Zimbra updates the ClamAV engine to latest with every release of ZCS. Users who wish to upgrade ClamAV independently from ZCS at their own risk can find directions here: ClamAV - Updating Version Out of cycle updates RFE is Bug 15137

Note: ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).

Fix

To fix this issue, you can delete the definitions and try again:

su - zimbramkdir /tmp/clamdb

(in versions prior to 5.0.3)

mv /opt/zimbra/clamav/db/* /tmp/clamdb

(in version 5.0.3 or later)

mv /opt/zimbra/data/clamav/db/* /tmp/clamdb

zmprov ms `zmhostname` +zimbraServiceEnabled antivirus/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf zmantivirusctl stopzmantivirusctl start

Note: zmantivirusctl incorporates zmclamdctl/zmamavidsctl/zmmtaconfigctl though you can just restart ClamAV individually.

Verify

Verify by running:

/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/

In releases prior to 5.0.3, this command will be:

/opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/clamav/db/

Verified Against: ZCS 5.0.6Date Created: 6/23/08Article ID: http://wiki.zimbra.com/index.php?title=ClamAV_-_Reset_Defs_DBDate Modified: 4/15/2010

Retrieved from "http://wiki.zimbra.com/wiki/ClamAV_-_Reset_Defs_DB"

Categories:Certified |Administration |ZCS 5.0 |Troubleshooting Anti-virus

=============================================================================================================================

基本意思就是clamav的病毒库过期了，需要更新病毒库

我安装的事zcs5.016，更新病毒库步骤如下

su - zimbra

mkdir /tmp/clamdbmv /opt/zimbra/data/clamav/db/* /tmp/clamdbzmprov ms `zmhostname` +zimbraServiceEnabled antivirus

/opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf

zmantivirusctl stop

zmantivirusctl start

但是更新完病毒库又报新的错误Your ClamAV installation is OUTDATED!

说明clamAV的程序已经过期了，需要按装新版

于是官方说明如下

链接地址：http://wiki.zimbra.com/wiki/ClamAV_-_Updating_Version

==================================================================================================================

Background

Zimbra updates the ClamAV engine to latest with every release of ZCS.

ClamAV Virus definitions update automatically every 2h by default (zimbraVirusDefinitionsUpdateFrequency attribute).

However, there are times when you may want the latest package.

Notes

Some good tips for troubleshooting can be found in ClamAV - Reset Defs DB

Definitions in n ZCS 5.0.3+ were moved to a data directory to keep separate from application data, replace applicable with:

/opt/zimbra/data/clamav/db

Out of cycle updates RFE is Bug 15137

http://wiki.zimbra.com/wiki/ClamAV_-_Updating_clamd_for_releases_earlier_than_ZCS_5.0.16

http://wiki.zimbra.com/wiki/ClamAV_-_Updating_from_versions_lower_than_0.90.0

Original directions courtesy of Unilogic.

If you have no idea how to upgrade or are a little shaky in doing the upgrade yourself, I recommend that you wait for the Zimbra official release.

Step 1: Make a backup.

Note: This was done on Fedora Core 4 minimal install. Also, all the following can be done either as root or as the zimbra user. If you do it all as 'root', make sure you change ownership for the resulting clamav-0.90.2 folder in /opt/zimbra to zimbra:zimbra.

This HOWTO also assumes that you are upgrading from 0.90.1 to 0.90.2 Please substitute the versions above for what you are upgrading from and to.

If upgrading from anything below 0.90.x, please refer to: ClamAV - Updating from versions lower than 0.90.0

Noticing Out-of-Date

When ClamAV releases a new version and gets out of date, it will complain in its log files as such.

clamd.log shows the following warning:

LibClamAV Warning: ********************************************************LibClamAV Warning: ***  This version of the ClamAV engine is outdated.  ***LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/faq.html ***LibClamAV Warning: ********************************************************

freshclam.log shows the following warning:

Received signal: wake upClamAV update process started at Fri May 4 15:44:46 2007WARNING: Your ClamAV installation is OUTDATED!WARNING: Local version: 0.90.1 Recommended version: 0.90.2DON'T PANIC! Read http://www.clamav.net/faq.htmlmain.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm)WARNING: Your ClamAV installation is OUTDATED!WARNING: Current functionality level = 9, recommended = 10DON'T PANIC! Read http://www.clamav.net/faq.htmldaily.cvd is up to date (version: 2580, sigs: 7879, f-level: 13, builder: ccordes)WARNING: Your ClamAV installation is OUTDATED!WARNING: Current functionality level = 9, recommended = 13DON'T PANIC! Read http://www.clamav.net/faq.html

Updating

To update, follow the following: First go grab the latest ClamAV source from http://www.clamav.net/download (Current Stable Version is 0.96 ) Extract it to where ever you please. All this can either be done as root or as the zimbra user. If you do it all as root make sure you change ownership for the resulting clamav folder in /opt/zimbra to zimbra:zimbra.

Assuming that the new clamav version is in the directory: /home/snelson ( substitute your username for 'snelson' )

tar -xvf clamav-0.96.tar.gz

cd clamav-0.96

Next run configure inside of the clamav extract as following:

./configure --prefix=/opt/zimbra/clamav-0.96 --with-user=zimbra --with-group=zimbra

This assumes 'zimbra' is user and group id 'zimbra', change it accordingly to your system to match your zimbra user.

Note: I had to install gmp-devel and bzip2-devel so the configure could find all its header files. Your mileage may very. If you get an error about GNU MP missing install gmp-devel. "yum install gmp-devel", and "yum install bzip2-devel" in Fedora and Red Hat.

If your 'configure' goes well, and make sure it does as you don't really want ClamAV installed without some of its available testing ability being compiled.

Run: make

The following steps should be run as root.

Assuming there are no errors,

Run: make check and then make install. Again assuming no errors, you now have the new version installed into /opt/zimbra/clamav-0.96

Now we compare then copy your old clamd.conf and freshclam.conf from the previous version to the new version directory:

cd /opt/zimbra/clamav-0.96/etc/

diff clamd.conf ../../clamav/etc/clamd.conf

diff freshclam.conf ../../clamav/etc/freshclam.conf

Above is just incase you are curious of what we are changing/over writing from the clamav defaults.

mv clamd.conf clamd.conf.org

mv freshclam.conf freshclam.conf.org

cd /opt/zimbra/conf

cp clamd.conf /opt/zimbra/clamav-0.96/etc/

cp freshclam.conf /opt/zimbra/clamav-0.96/etc/

As zimbra: zmcontrol stop to stop Zimbra.

Now need to delete the symbolic link and re-link it to the new install. As root:

cd /opt/zimbra

ls -la | grep clamav ( should see 'clamav -> /path/to/previous_clamAV' )

if so:

rm -rf clamav (or if you want to keep the old install & link around, so you can easily back out, just domv clamav clamav.old)

ln -s /opt/zimbra/clamav-0.96 /opt/zimbra/clamav

Create directory /opt/zimbra/clamav/db

mkdir /opt/zimbra/clamav/db

Now you should make sure zimbra owns all of clamav.

chown -R zimbra:zimbra /opt/zimbra/clamav-0.96

zimbra also needs access to freshclam.conf

chmod a+r /opt/zimbra/clamav/etc/freshclam.conf

Next we need to update the virus database.

su zimbra

Run: /opt/zimbra/clamav/bin/freshclam

If you get any warnings, just run the command again to confirm that everything was successfully updated.

Need to start Zimbra. Run zmcontrol start

Note: you may not need to stop Zimbra during this update. If you don't stop Zimbra, just dozmantivirusctl restart at this point.

Run zmcontrol status to make sure antivirus is running. If it is, you're good to go.

You should check /opt/zimbra/log/clamd.log for errors, as well as freshclam in the same directory. Also /var/log/zimbra.log. To test out ClamAV I would suggesthttp://www.webmail.us/testvirus to send different variations of the EICAR test virus to one of your email addresses. Depending on if you have "Send notice ot recipient" check in Global Settings of the Admin Web UI, the user should receive around 20 email notifications of the emails being quarantined. Don't worry about the two that got through. Apparently ClamAV doesn't check for the techniques. There are although no virii included in those two emails, so it doesn't worry me. You can delete the previous install of clamav once you make sure everything is working. Delete the /opt/zimbra/clamav-0.90.1 directory and everythnig it contains. Again may want to wait a weelk or two to make sure you have the other version working well first.

Scripting

Possible Script: (tweaked and tested on a CentOS server as of July 14, 2010)

#!/bin/bash###   !!!!!! WARNING !!!!!!!!!!#   This script is absolutely untested.  I wrote it after the fact#   as reference, for the next time this happens.  I repeat I have#   not actually tested to see if it even runs.  You probably want#   to just run through the steps manually to prevent harming your#   system...  Again, this script took 2 minutes to write, and has#   never been tested, and there absolutely no error checking.##   Otherwise, if you really want to run it, uncomment the exit#   statement.##   [http://www.zimbra.com/forums/members/artimus.html artimus]- 20071119 updates by others 20071206####################################################################exitNOW=`date +%Y%m%d%H%M%S`BUILDDIR=${NOW}_clamav_build#ClamVer="clamav-0.96.1"#ClamURL="http://easynews.dl.sourceforge.net/sourceforge/clamav/clamav-0.96.1.tar.gz"

ClamVer="clamav-0.97.4"ClamURL="http://cdnetworks-kr-2.dl.sourceforge.net/project/clamav/clamav/0.97.4/clamav-0.97.4.tar.gz"echo "Installing dependencies if necessary"yum -y install gcc glibc zlib-devel gmp-devel bzip2-devel# on Debian/Ubuntu use: apt-get build-dep clamav# apt-get build-dep clamavecho "Preparing Source"mkdir ${BUILDDIR} && cd ${BUILDDIR}wget ${ClamURL}tar -zxvf ${ClamVer}.tar.gzcd ${ClamVer}echo "==== Building and Installing ClamAV ===="./configure --prefix=/opt/zimbra/${ClamVer} --with-user=zimbra --with-group=zimbramake && make check && make installchown -R zimbra:zimbra /opt/zimbra/${ClamVer}cd /opt/zimbra/${ClamVer}/etcmv clamd.conf clamd.conf.origmv freshclam.conf freshclam.conf.origcp /opt/zimbra/conf/clamd.conf .cp /opt/zimbra/conf/freshclam.conf .chown zimbra:zimbra *.confsudo -u zimbra /opt/zimbra/bin/zmcontrol stopcd /opt/zimbraunlink clamavln -s ${ClamVer} clamavecho "==== Freshen ========="sudo -u zimbra /opt/zimbra/clamav/bin/freshclamecho "===== Starting Zimbra ======="echo " If it doesn't work, try a reboot"sudo -u zimbra /opt/zimbra/bin/zmcontrol start

Related Articles

• ClamAV - Updating from versions lower than 0.90.0

Verified Against: unknownDate Created: 5/6/2007Article ID: http://wiki.zimbra.com/index.php?title=ClamAV_-_Updating_VersionDate Modified: 11/17/2010

Retrieved from "http://wiki.zimbra.com/wiki/ClamAV_-_Updating_Version"

Categories:Administration |ZCS 5.0 |Anti-virus

=====================================================================

官方说明中的下载地址不可用，至少我这是没连上，所以到clamAV官网找了个最新版的链接clamav-0.97.4的，

直接运行官方的shell脚本就可以了