ClamAV version?

freshclam reports ClamAV : " Local version: 0.103.12 Recommended version: 1.0.8 "
apt info clamav on Ubuntu 22.04 shows 0.103.12 is current.
The current LTS version is 1.4.2, 1.0.8 was the previous LTS version (?)

It seems to me the freshclam note is incorrect: unless we install from clamav.net, v0.103.12 from Ubuntu/apt is the right version.
Or... does anyone here install v1 ... and relevant here ... does that work with ISPConfig?
I'm guessing that if it does work and it's substantially better than ISPConfig would install it.

I'm not running a mail server (anymore ) So I don't need it for email, just the file system.

Does ISPConfig in any way manage ClamAV/freshclam and the cron process? Or is that all up to us?
And finally, does anyone here feel a need to run something else in addition to or instead of ClamAV?

Thanks!

 

freshclam is a component of ClamAV and not ISPConfig.
The message means that the ClamAV version you have installed from the Ubuntu 22.04 repositories is not the latest. It is therefore recommended that you use 1.0.8 or 1.4.2.

Nonetheless 0.103.12 still works fine but I would ask the package maintainer who is responsible for the Ubuntu package to update ClamAV to 1.0.8, or alternatively upgrade your Ubuntu to 24.04. I haven't verified it, but I would guess that Ubuntu 24.04 ships already with something newer than 0.103.12.

 

The question was: Or... does anyone here install v1 ... and relevant here ... does that work with ISPConfig?

 

You've asked multiple things in your starting post, just for the record and why should ClamAV 1.0 or 1.4 not work?
If you can compile/build it for your platform (or someone else does it for you), then it will run.

The rest is up to the admin. ISPConfig doesn't manage ClamAV unless you are using Amavisd + ClamAV but as you've stated thats not the case.

 

Friends - the underlying issue is that every 1-3 days on this Ubuntu v22 server the clamd process is OOM killed. Before this happens other processes like the database server and even journalctl are also killed as OOM. This system has 4GB RAM and very little activity - there's nothing big happening in this new installation to mess up ClamAV.

To remedy this I'm tuning clamd.conf and related files.

To answer the question from @michelangelo "why should ClamAV 1.0 or 1.4 not work?" : In this forum we very frequently see admonishment for customizations. "Did you follow the Perfect Server instructions?!" "Why did you change that?" "Don't change things, ISPConfig augments those settings!" It's freakin brutal in here - often for good reason because people load some random software or update and then ask why things are broken.
ISPConfig links deeply into some things and not others. Unless we look into the code, peer deeply into the dbispconfig tables, or poke around in config files for additional .conf files and such, we don't know where ISPConfig links and where it doesn't. We get that education over time, by searching and reading this forum, and occasionally by asking questions here that invite the wrath of those who have been working on this fine software for so long.
So again "why should ClamAV 1.0 or 1.4 not work?" - I don't know. Maybe there are specific .cnf settings somewhere or a crontab directive with version-specific paths or options. I don't see people talking about it here or any official statement one way or the other. That's why I'm asking. I'd rather face the eye-rolls and occasional sighs of superiority here than screw up my system and be faced with restores or repairs.

Back to the challenge. Ubuntu v24 is supported here. I just migrated and upgraded ISPConfig (with the great Migration Toolkit ! ) and now I'm targeting the OS.
As @till said, I prefer to use the OS-supported tooling. My next step is to try a test installation of Ubuntu v24 with ISPConfig 3.2.12 and see how ClamAV is configured there.
Maybe there is something there that manages memory better and avoids this OOM situation. Maybe ClamAV v1 is the default and no one talks about it here because it just works.
There is a recognized "annoyance" that the dataset used by ClamAV is now huge. It includes rules for the OS and for email, even if email isn't being used. I'm not interested in separating the .cvd files - that's strongly discouraged (as noted by Till and many others). The problem may occur only when the 1+GB .cvd is still in ClamAV-Daemon memory while FreshClam is loading up yet another .cvd, resulting in a temporary allocation of over 2GB which suffocates other applications and the OS.

Use Swap? Meh, in modern systems that's often discouraged, particularly because it puts extra load on SSD. If there is a final determination that 2GB of separate HD swap is advised in addition to SSD, I'll add it, but at this point that's not the recommendation.

My testing for now is to disable Bytecode, keep MemoryMax and MemoryLimit to about 800M, and in case the OOM occurs during scanning, I'm reducing the number of scans per day and adding ExcludePath values to reduce scans on paths that are mostly static.
Of course we can discuss the details of these settings outside of the scope of ISPConfig. For now, I'm not asking here for ClamAV support, or misunderstanding its separation from this product. I wanted to know if ISPConfig did its own tweaking of any of these values for some internal purposes that probably only an insider would know about - because if I start tweaking config settings and ISPConfig stops working correctly, you know I'll be facing the "why did you do that" questions here.

I'll do the homework on all tooling - that's my responsibility as an admin (and business owner and developer). Asking questions here is a part of that. Enduring eye rolls and disparagement, to me, is simply a cost of doing business.