ClamAV update to 0.90 made easy?

Um, i just realised that there is a good chance that because freshclam switches to another user other than root, it has no permissions to access /var/log so you may either create the file and add 'admispconfig' as the file owner or change the path to another writeable path allowed by the 'admispconfig' user.

tested as below :
#----------
exec('/home/admispconfig/ispconfig/tools/clamav/bin/freshclam --log='.$conf['logfreshclam'].' 2>&1', $output, $retval);
print_r($output);
status_check($output);
#------------

Output I got.... which is what you probably have too...

root@ispc:~ # php clamavupdate.php
Array
(
[0] => ERROR: Problem with internal logger (--log=/var/log/clamav-fresh-update.log).
[1] => ERROR: Can't open /var/log/clamav-fresh-update.log in append mode (check permissions!).
)


so basically do a :
touch /var/log/clamav-fresh-update.log
chown admispconfig /var/log/clamav-fresh-update.log

or change the path in the file....

give that a try.. damn coding.. always have to delete all and start again to make sure bugs/problems are found.....

 

Error again:[root@dns1 ~]# php ./clamavupdate.phpPHP Warning:* fopen(/root/ispc.updates/clamav/clamav.tar.gz): failed to open stream: No such file or directory in /root/clamavupdate.php on line 243PHP Warning:* fwrite(): supplied argument is not a valid stream resource in /root/clamavupdate.php on line 246PHP Warning:* fwrite(): supplied argument is not a valid stream resource in /root/clamavupdate.php on line 246PHP Warning:* fclose(): supplied argument is not a valid stream resource in /root/clamavupdate.php on line 252PHP Notice:* Undefined variable: download_ok in /root/clamavupdate.php on line 253
clamav-fresh-update.log:

--------------------------------------
ClamAV update process started at Sat Jan 5 21:13:01 2008
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/support/faq for an explanation.
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.91.2 Recommended version: 0.92
DON'T PANIC! Read http://www.clamav.net/support/faq
main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven)
Downloading daily-5374.cdiff [100%]
daily.inc updated (version: 5374, sigs: 17353, f-level: 21, builder: ccordes)
Database updated (187029 signatures) from database.clamav.net (IP: 218.189.210.14)
2008/01/05 21:13:02 : Freshclam is reporting ClamAV is outdated, attempting to download new version.
2008/01/05 21:13:02 : ClamAV website release check reports version : 0.92
2008/01/05 21:13:49 : ClamAV-updater check already done within the last week, ignored.
--------------------------------------
ClamAV update process started at Sat Jan 5 21:13:49 2008
SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES
See the FAQ at http://www.clamav.net/support/faq for an explanation.
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.91.2 Recommended version: 0.92
DON'T PANIC! Read http://www.clamav.net/support/faq
main.inc is up to date (version: 45, sigs: 169676, f-level: 21, builder: sven)
daily.inc is up to date (version: 5374, sigs: 17353, f-level: 21, builder: ccordes)
2008/01/05 21:13:49 : Freshclam is reporting ClamAV is outdated, attempting to download new version.
2008/01/05 21:13:49 : ClamAV website release check reports version : 0.92
2008/01/05 21:16:32 : Mirror download problems Could not fetch updated clamav from any of the mirrors.

Thanks.

 

it's trying to create a file .
$fw = fopen('/root/ispc.updates/clamav/clamav.tar.gz','w');
Does this path exist? it should already have been created unless not run as root.

 

The following fixed it :
as root do :

Code:

mkdir /root/ispc.updates/clamav
chmod 777 /root/ispc.updates/clamav

allso
adding :

Code:

#!/usr/bin/php -q

as first line in the script.
then as root do :

Code:

chown root:root clamavupdate.php
chmod 755 clamavupdate.php
mv ./clamavupdate.php /usr/sbin/clamavupdate.php

then call the script once a week from cron

cat /etc/cron.weekly/clamavupdate.cron

Code:

#!/bin/bash
/usr/sbin/clamavupdate.php
exit 0

Perfect Setup....THX A LOT for the script.

--------------------------------------------------------
Setup script that installs the script and runs it once a week via cron :
cat /root/setup-clamupdate.sh

Code:

#!/bin/sh
cd /root
touch /var/log/clamav-fresh-update.log
chown admispconfig /var/log/clamav-fresh-update.log
mkdir /root/ispc.updates
mkdir /root/ispc.updates/clamav
chmod 777 /root/ispc.updates
chmod 777 /root/ispc.updates/clamav
wget http://www.djtremors.com/downloads/clamavupdate.php.txt -O clamavupdate.php.txt
cat <<EOF>>clamavupdate.php
#!/usr/bin/php -q
EOF
cat ./clamavupdate.php.txt>>clamavupdate.php
chown root:root clamavupdate.php
chmod 755 clamavupdate.php
mv ./clamavupdate.php /usr/sbin/clamavupdate.php
cat <<EOF>>/etc/cron.weekly/clamavupdate.cron
#!/bin/bash
/usr/sbin/clamavupdate.php
exit 0
EOF
chown root:root /etc/cron.weekly/clamavupdate.cron
chmod 755 /etc/cron.weekly/clamavupdate.cron
/usr/sbin/clamavupdate.php

Allso remember to change :
$conf['admin'] = "[email protected]";

in the script

vi /usr/sbin/clamavupdate.php

Have patience with the setup script...it will update clamav if needed (download compile,install)

/Mark

 

@Mark.

Thanks for the update. I'll add the the first part to my script to make sure the path exists. My mistake again.

The reason I don't use the :
#!/usr/bin/php -q

at the top is because sometimes people have their php elsewhere which then breaks their script and they have to modify it.<edit>could use /root/ispconfig/php/bin/php which everyone should have, i used typical functions to keep it simple so should work. let me know your thoughts</edit>
So I usually prefer that they use their own call in crontab and let it find their own path :

PHP:

10 * * * * root php /root/clamavupdate.php

this way no need to use `which php` or anything. up to the user really.

Also, haven't you just complicated the install a bit too much?
All they need to do is....

PHP:

wget http://www.djtremors.com/downloads/clamavupdate.php.txt -O /root/clamavupdate.php

and then put their email in the file, then do a test run `php /root/clamavupdate.php` and if all is well, add it to their crontab.

PHP:

# Redhat/Centos
echo "35 */3 * * * root php /root/clamavupdate.php" >> /var/spool/cron/root

# Debian/ubuntu (I think, make sure you check yours)
echo "35 */3 * * * root php /root/clamavupdate.php" >> /var/spool/cron/crontabs/root

# etc.


thanks for the input...

 

Is it possible to prevent ISPConfig to use its own version of ClamAV, install or upgrade it? I just want to use a version from my linux distribution...

 

ISPConfig have fixed full paths to their bins in their code/scripts when they do the scanning of mail so you'd have to replace all occurances of these calls with your ones.

eg.

PHP:

/root/ispconfig/isp/conf/antivirus.rc.master
:0fw
| /home/admispconfig/ispconfig/tools/clamav/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
/dev/null


Not sure where else besides freshclam cron daemon are there any other references to it.

I find the distros aren't fast enough on updating their releases because they have to package it up etc.etc.. so I like my tar ball versions as it's immediate, as long as it works

 

The keyword here is "works".

I want it to be stable and clean. I do not mind pulling updates from "testing" branch of the Debian distro...

Thanks for the hints. I will grep for more occurences of the ClamAV.

 

Hi,

I tried the php script but I have this :

Do you know why ?
Thanks.

 

I don't believe this is coming from my script. This is a configuration issue with php itself...

try running at a shell prompt the following :

PHP:

#   php -r 'echo "hello";'

#hope this renders properly in this forum

if you get the same sort of errors then it's definately php.ini related or something as I don't even use oracle libraries or any of others.

EDIT: Actually.. you MUST have some php.ini problem because it's trying to load those modules in (oh der, didn't think of that).

 

You're right, it's ok and clamav updates work. Thanks.

 

Hi,

Can I use this script to update clamav on 42go???
Cause clamav on my server is telling me its hopelesly outdated and since some days it creates temp-dirs in the users tmp-dir (disk almost run full)

Kind regards,
Kees

 

Short Answer : No
Long Answer : Yes, since ispconfig was based on 42go it should be possible. You may need to find the original installation package and check the compile script which I gathered the "configure" parameters from so the updater compile is the same as the original installation..

Till could possibly double confirm it.. but basically, if you know how it was compiled then you could do the same in the script.

 

clamav update script on Debian

Hi all,
I have just test the update script and it's fine. Though I notice a problem with Etch : the init.d directory isn't under rc.d.
So if using Debian, you must replace the line :
cat ./clamavupdate.php.txt>>clamavupdate.php

in the MTvermoes procedure (see post above) by :
cat clamavupdate.php.txt | sed "s/\/etc\/rc.d\/init.d\/ispconfig_server/\/etc\/init.d\/ispconfig_server/g" >> clamavupdate.php

(on one line !)
Regards,
Frank

 

Well... I changed "ispc" by "42go" and some other finetuning and the script worked fine for me! Server is updated an runnign without the /tmp/clamav*-sh*t and *please update cause I can't use the newest sig-files anymore*-msgs. So thanks a lot for making even the life af a 42go user more easy!

Grtz..
Kees

 

@Kees: no problems. I like it when i can kill two products with one code (hmm, that line rings a bell).

@fsoyer: thanks mate, didn't realised i used rc.d as I usually just use /etc/init.d even on CentOS. I'll update this on the script soon so to check if either exists to update in the appropriate path or error worst case.