ClamAV installation is OUTDATED!
Problem reported by Pete LaForge - March 21, 2016 at 5:32 AM
Resolved
Smartermail Version 14.5.5871
Freshclaim log WARNING: Your ClamAV installation is OUTDATED!
 
As I am on the latest Version 14.5.5871, I don't see how a reinstall would change the version of Clam supplied with the program. Ive seen other threads that say a reinstall would Fix similar issue to Clam not running but it hasn't been clear to me for the specific issue of Your ClamAV installation is OUTDATED!
 
I did toss up a remote clam server, and while that seemed to work, The eicar test didn't get through, nothing showed in the logs or reports about it being stopped. That isn't as bad as letting the virus through but without seeing the result of the AV process it leaves one wondering if it truly is doing the job effectively.
 
The Question is How does one Update the CLAM AV to the Latest Version with Smartermail Version 14.5.5871?
 
Thanks
 

28 Replies

Reply to Thread
1
Matt Petty Replied
Employee Post
In 5871, we updated to version .99 of ClamAV which at the time of release (End of January) was the latest. What version is it reporting for you?
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
C:\Program Files\SmarterTools\SmarterMail\Service\Clam\log
freshclam.log
ClamAV update process started at Mon Mar 21 08:07:01 2016
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.99.1
DON'T PANIC! Read www.clamav.net/support/faq
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-21467.cdiff [100%]
daily.cld updated (version: 21467, sigs: 83892, f-level: 63, builder: amishhammer)
Can't query daily.21467.67.1.1.52.36.234.231.ping.clamav.net
bytecode.cvd is up to date (version: 275, sigs: 45, f-level: 63, builder: amishhammer)
Database updated (4302727 signatures) from database.clamav.net (IP: 52.36.234.231)
ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310
0
Matt Petty Replied
Employee Post
Is the clam that is running for you 64bit? You should be able to look at its running process in task manager and it would show you either nothing or (32 bit).
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
It is a 32bit Machine, I do not see it in task manager at all.
0
Pete LaForge Replied
It is a 32bit Machine, I do not see it in task manager at all.
0
Matt Petty Replied
Employee Post
Our 64bit version is running 0.99, 32bit is running .97.
To update your 32bit to 0.99.1 download this https://www.clamav.net/downloads/production/clamav-0.99.1-win32.zip
Then go to C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin\ and replace the EXE's in that folder with the ones from the ZIP and you should be good. Make sure ClamAV isn't running while you do this.
 
Not sure when our next minor will be but will be sure to include the updated 32bit version as well.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
That's at least better, It Updating, for a while now
0
Pete LaForge Replied
Still Updating
I unchecked Enable real-time AV and Enable ClamAV
Saved
and Checked just Enable ClamAV, and its still in the Updating mode.
Any other Ideas? or any Idea when the next minor release will be out?
 
0
Matt Petty Replied
Employee Post
Our next release wouldn't effect anything in regards to ClamAV except switching out the executables, which you did. How long are you giving it to update.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
oh I am done waiting now and clam is disabled, as I just realized while it was trying to update, no email was passing
0
Pete LaForge Replied
oh I am done waiting now and clam is disabled, as I just realized while it was trying to update, no email was passing
 
[2016.03.21] 12:57:27 Updating ClamAV database...
No entries past that in the delivery log, which is rather bad... I am rebooting the machine without the ClamAV checked. Fingers crossed
 
0
Pete LaForge Replied
Matt, this issue isn't fully resolved yet, all we have done is to replace the Clam EXE files. The Updates are not completing and when it is trying to update email is not being passed in. The action of un-checking clamAV and rebooting allow the email back in.
 
So How do I update the Definitions before re enabling clam?
1
Matt Petty Replied
Employee Post
Here is a solution for you so you can see what it is doing while it updates it gives you progress and a way to update without holding mail back.
Make a file called UpdateClam.bat and put the text below in it.
cd "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam"
"bin\freshclam.exe" --config-file=etc\\freshclam.conf
pause
Make sure ClamAV is turned off in SmarterMail, Run this bat file as Admin by right clicking on it. Once it is done you should be able to turn ClamAV back on.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
Matt
 
Was missing some dll from the zip, I had not copied the dlls over, just the exes, After LIBAY32.dll
Libclamav.dll those 2 error in the bat, I just copied all from the zip to the clam directory and the bat completed.
 
We are back to the updating, with this  as the last line in the delivery log.
[2016.03.21] 17:02:39 Updating ClamAV database...
I will only leave clam checked for about 5 more mins ...
0
Pete LaForge Replied
Unchecked the clamAV and reboot, can receive email again. OK so this appears to be on the right track, but isn't  working just yet, next step?
 
0
Matt Petty Replied
Employee Post
Follow the steps for the batch file I mentioned above, this will let you see how it updates. Might make some errors known by being able to actually see what it is doing in a console window.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
Matt
I did that, That is How I saw the info about the missing dlls
"
Matt
 
Was missing some dll from the zip, I had not copied the dlls over, just the exes, After LIBAY32.dll
Libclamav.dll those 2 errored in the bat, I just copied all from the zip to the clam directory and the bat completed.
 
We are back to the updating, with this  as the last line in the delivery log.
[2016.03.21] 17:02:39 Updating ClamAV database...
I will only leave clam checked for about 5 more mins ...
"
 
1
Matt Petty Replied
Employee Post
You won't see anything in any SmarterMail logs as long as you disable ClamAV and manually run the update. The window that pops up should give you the status of what is happening. Your emails should continue to run as long as you have ClamAV turned off.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
Matt
 
So what is the next step to getting the ClamAv working again?
 
0
michael~ Replied
Not sure if this will help at all, but after your initial post, I saw we were only on v0.99, so I tried to manually update to v0.99.1 and clamd would complain about a "Malformed database" and refuse to start. 
I ended up deleting everything from \Smartermail\Service\Clam\share\clamav\ and re-run "Update Clam-AV" from within Smartermail Antivirus Admin.  It needs to download about 170mb of updates (18 files), so it takes a bit to complete.  You can check freshclam.log for progress. 
Again, not sure if that will help, but I didn't see a fresh database download as a suggestion yet.
0
Pete LaForge Replied
Thanks, Ill give that a try after hours tonight
0
Matt Petty Replied
Employee Post
Probably was this, http://blog.clamav.net/2016/03/clamav-will-release-new-maincvd-and.html is the reason it had to redownload those files.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
Well That didn't work either , And I left it for about 2 hours. during this time no mail was passed.and it required a reboot of the server to fix that part.
 
Matt Couple questions;
Does this issue exist with the 64 bit installation? (I am considering a move to a 64 bit machine this weekend)
Any known issues moving from 32Bit to 64bit, do these instructions still apply? https://portal.smartertools.com/kb/a2726/move-a-domain-from-one-smartermail-server-to-another.aspx

Should SM record deleted virus from a remote ClamAv server?
 
 To be fair I would like to say, Smarter Mail has been flawless for me for years/decades , Couple features would be nice, and I would love to see ST make a client other than the web interface and get outlook out of my life. However Upgrades and server moves have been 100+%, and until now I have had no major issues with any of the include features.    
0
Matt Petty Replied
Employee Post
We aren't getting any reported issues aside from yours with ClamAV at the moment, 64bit may offer a good option, especially since 15 is around the corner and 16 will introduce a new interface. SM 14 was our last 32bit release.

When migrating the servers, if your just switching out the hardware, make sure your SmarterMail folders stay intact, C:\SmarterMail and the config files in C:\Program Files (x86)\SmarterTools\SmarterMail\Service\
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Pete LaForge Replied
OK  I moved the server to a new 2012 64 bit machine, and as expected with a Smarter Mail machine move ( i have done this several times before) the move itself was flawless, easy and fairly quick, so Kudos on that.
 
 In security antivirus, enable ClamAV is checked on the options tab. On the ClamAV tab is the default 127.0.0.1 and 3310. Virus Definitions read 3/26/2016 7:29:22 PM.  ( just for extra I have added  3310 TCP to the allow rules in the inbound firewall, shouldn't be need but hey)
 
On the System Statistics dashboard Security Tab is just - - - , nothing.
On the Trend reports ClamAV at the time of this post is 27 Failed connections  and  - in Avg Active connections and - in Connections.
I used the Alph Tech site to send a EICAR test, I did also have that site send a plan message to ensure delivery, I received the plain message and did not receive the The test EICAR attachment.
 
In the task manager on the machine I do see Smarter Mail Service, and I do not see (32 bit) after it , so the 64 bit machine just by itself was worth the move.
However No where in the Processes do I see ClamAV, to be clear its does not appear to be running, which would explain the failed connections. This is a fresh install and yes it was rebooted.
 
So any advice?
 
 
 
 
 
 
 
 
0
Sterling Kendrick Replied
I too recently moved to Windows Server 2012 and Clam wouldn't run. Check your event viewer and see if you see any errors about MSVCR100.dll. If so install the Microsoft Visual C++ 2010 Redistributable Package and it should work. At least it did for me.
0
Pete LaForge Replied
Bingo, I really must have missed that in the setup and transfer steps, thanks for pointing it out.

Clam is running and reporting again.. Everybody thank you for the help.
0
Matt Petty Replied
Employee Post
Thank you Sterling Kendrick for pointing that out. Glad we were able to help.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Reply to Thread