久しぶりのClamAV、amavisd-new の更新
October 3, 2016 – 11:45 am長期間 logwatch に ClamAV が outdate との警告がでていたが、これを無視していた。遂に、障害の発生に発展。定期的に実行される ClamAV の database 更新時に際限な warning error が吐きだされてしまうという事態におちいってしまった。メールサーバーが機能しなくなったら大変だ、ということで大急ぎで更新作業を実施。
更新前のclamdのversionは0.97.7、それに対し、要求されていた version が0.99.2だった。最後に更新したのが、2012年の12月(「clamAV,,amavisd-newをyum-リポジトリrpmforgeでインストール」)だったのでもう4年も前になってしまっている。
以下、今回の更新作業記録:
ClamAV関連と、amavisd-new関連のパッケージの更新ログをそれぞれアップする。
ClamAV関連:
# yum --enablerepo=epel update clam\* Loaded plugins: refresh-packagekit, security Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package clamav.x86_64 0:0.97.7-1.el6.rf will be updated ---> Package clamav.x86_64 0:0.99.2-1.el6 will be an update ---> Package clamav-db.x86_64 0:0.97.7-1.el6.rf will be updated ---> Package clamav-db.x86_64 0:0.99.2-1.el6 will be an update ---> Package clamav-devel.x86_64 0:0.97.7-1.el6.rf will be updated ---> Package clamav-devel.x86_64 0:0.99.2-1.el6 will be an update ---> Package clamav-milter.x86_64 0:0.97.7-1.el6.rf will be updated ---> Package clamav-milter.x86_64 0:0.99.2-1.el6 will be an update ---> Package clamd.x86_64 0:0.97.7-1.el6.rf will be updated ---> Package clamd.x86_64 0:0.99.2-1.el6 will be an update --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Updating: clamav x86_64 0.99.2-1.el6 epel 4.3 M clamav-db x86_64 0.99.2-1.el6 epel 110 M clamav-devel x86_64 0.99.2-1.el6 epel 23 k clamav-milter x86_64 0.99.2-1.el6 epel 90 k clamd x86_64 0.99.2-1.el6 epel 167 k Transaction Summary ===================================================================================================== Upgrade 5 Package(s) Total download size: 115 M Is this ok [y/N]: y Downloading Packages: (1/5): clamav-0.99.2-1.el6.x86_64.rpm | 4.3 MB 00:03 (2/5): clamav-db-0.99.2-1.el6.x86_64.rpm | 110 MB 02:06 (3/5): clamav-devel-0.99.2-1.el6.x86_64.rpm | 23 kB 00:00 (4/5): clamav-milter-0.99.2-1.el6.x86_64.rpm | 90 kB 00:00 (5/5): clamd-0.99.2-1.el6.x86_64.rpm | 167 kB 00:00 ----------------------------------------------------------------------------------------------------- Total 900 kB/s | 115 MB 02:10 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : clamav-db-0.99.2-1.el6.x86_64 1/10 Updating : clamav-0.99.2-1.el6.x86_64 2/10 warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew Updating : clamd-0.99.2-1.el6.x86_64 3/10 Updating : clamav-milter-0.99.2-1.el6.x86_64 4/10 Updating : clamav-devel-0.99.2-1.el6.x86_64 5/10 Cleanup : clamav-devel-0.97.7-1.el6.rf.x86_64 6/10 Cleanup : clamav-milter-0.97.7-1.el6.rf.x86_64 7/10 Cleanup : clamd-0.97.7-1.el6.rf.x86_64 8/10 Cleanup : clamav-0.97.7-1.el6.rf.x86_64 9/10 Cleanup : clamav-db-0.97.7-1.el6.rf.x86_64 10/10 warning: /var/clamav/main.cvd saved as /var/clamav/main.cvd.rpmsave Verifying : clamd-0.99.2-1.el6.x86_64 1/10 Verifying : clamav-db-0.99.2-1.el6.x86_64 2/10 Verifying : clamav-devel-0.99.2-1.el6.x86_64 3/10 Verifying : clamav-milter-0.99.2-1.el6.x86_64 4/10 Verifying : clamav-0.99.2-1.el6.x86_64 5/10 Verifying : clamav-0.97.7-1.el6.rf.x86_64 6/10 Verifying : clamd-0.97.7-1.el6.rf.x86_64 7/10 Verifying : clamav-devel-0.97.7-1.el6.rf.x86_64 8/10 Verifying : clamav-db-0.97.7-1.el6.rf.x86_64 9/10 Verifying : clamav-milter-0.97.7-1.el6.rf.x86_64 10/10 Updated: clamav.x86_64 0:0.99.2-1.el6 clamav-db.x86_64 0:0.99.2-1.el6 clamav-devel.x86_64 0:0.99.2-1.el6 clamav-milter.x86_64 0:0.99.2-1.el6 clamd.x86_64 0:0.99.2-1.el6 Complete!設定ファイル /etc/clamd.conf 修正
修正前: Database Directory /var/lib/clamav
修正後: Database Directory /var/clamav
amavisd-new 関連:
# yum --enablerepo=epel update amavis\* Loaded plugins: refresh-packagekit, security Setting up Update Process Resolving Dependencies --> Running transaction check ---> Package amavisd-new.x86_64 0:2.6.6-3.el6.rf will be updated ---> Package amavisd-new.noarch 0:2.9.1-2.el6 will be an update --> Processing Dependency: unzoo for package: amavisd-new-2.9.1-2.el6.noarch --> Processing Dependency: p7zip-plugins for package: amavisd-new-2.9.1-2.el6.noarch --> Processing Dependency: lrzip for package: amavisd-new-2.9.1-2.el6.noarch ---> Package amavisd-new-snmp.x86_64 0:2.6.6-3.el6.rf will be updated ---> Package amavisd-new-snmp.noarch 0:2.9.1-2.el6 will be an update --> Running transaction check ---> Package lrzip.x86_64 0:0.614-1.el6 will be installed ---> Package p7zip-plugins.x86_64 0:16.02-1.el6 will be installed ---> Package unzoo.x86_64 0:4.4-7.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ===================================================================================================== Package Arch Version Repository Size ===================================================================================================== Updating: amavisd-new noarch 2.9.1-2.el6 epel 836 k amavisd-new-snmp noarch 2.9.1-2.el6 epel 34 k Installing for dependencies: lrzip x86_64 0.614-1.el6 epel 185 k p7zip-plugins x86_64 16.02-1.el6 epel 982 k unzoo x86_64 4.4-7.el6 epel 21 k Transaction Summary ===================================================================================================== Install 3 Package(s) Upgrade 2 Package(s) Total download size: 2.0 M Is this ok [y/N]: y Downloading Packages: (1/5): amavisd-new-2.9.1-2.el6.noarch.rpm | 836 kB 00:01 (2/5): amavisd-new-snmp-2.9.1-2.el6.noarch.rpm | 34 kB 00:00 (3/5): lrzip-0.614-1.el6.x86_64.rpm | 185 kB 00:00 (4/5): p7zip-plugins-16.02-1.el6.x86_64.rpm | 982 kB 00:00 (5/5): unzoo-4.4-7.el6.x86_64.rpm | 21 kB 00:00 ----------------------------------------------------------------------------------------------------- Total 792 kB/s | 2.0 MB 00:02 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : unzoo-4.4-7.el6.x86_64 1/7 Installing : lrzip-0.614-1.el6.x86_64 2/7 Installing : p7zip-plugins-16.02-1.el6.x86_64 3/7 Updating : amavisd-new-2.9.1-2.el6.noarch 4/7 Updating : amavisd-new-snmp-2.9.1-2.el6.noarch 5/7 Cleanup : amavisd-new-snmp-2.6.6-3.el6.rf.x86_64 6/7 Cleanup : amavisd-new-2.6.6-3.el6.rf.x86_64 7/7 warning: /etc/amavisd.conf saved as /etc/amavisd.conf.rpmsave Verifying : p7zip-plugins-16.02-1.el6.x86_64 1/7 Verifying : amavisd-new-2.9.1-2.el6.noarch 2/7 Verifying : lrzip-0.614-1.el6.x86_64 3/7 Verifying : unzoo-4.4-7.el6.x86_64 4/7 Verifying : amavisd-new-snmp-2.9.1-2.el6.noarch 5/7 Verifying : amavisd-new-snmp-2.6.6-3.el6.rf.x86_64 6/7 Verifying : amavisd-new-2.6.6-3.el6.rf.x86_64 7/7 Dependency Installed: lrzip.x86_64 0:0.614-1.el6 p7zip-plugins.x86_64 0:16.02-1.el6 unzoo.x86_64 0:4.4-7.el6 Updated: amavisd-new.noarch 0:2.9.1-2.el6 amavisd-new-snmp.noarch 0:2.9.1-2.el6 Complete!設定ファイル /etc/amavisd/amavisd.conf の修正
修正前: $QUARANTINEDIR = undef: #-Q
修正後: $QUARANTINEDIR = “/var/virusmails”;$mydomain, $myhostname をそれぞれ サーバのdomain hostnameに変更
@av_scanners のなかのClamAv-clamdの設定部をコメントアウトし、ソケット名をclamd.confで指定したもの(/var/run/clamav/clamd.sock)と一致させ、以下のように変更
### http://www.clamav.net/ ['ClamAV-clamd', \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"], qr/\bOK$/m, qr/\bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
その他更新時に行った措置:
以下のディレクトリについて、その所有権(user,groupとも)をclamav変更
/var/run/clamav
/var/lib/clamav/etc/logrotate.d/freshclamを以下に修正:
/var/log/clamav/freshclam.log { missingok notifempty create 644 clamav clamav }