ClamAV v0.97 included in ZCS 8.0.6 and below tags all messages as **UNCHECKED**

zimbra-unchecked-bannerHello Everyone. If you are using ZCS 8.0.6 and prior: starting 22 October 2016, anti-virus definitions will no longer update, and your ClamAV instance will stop working entirely.

zimbra-uncheckedThis is a real risk for all outdated ZCS versions, and as a visual symptom, all your messages are being tagged as **UNCHECKED**.

If you try to run the manual update of the DB, you will see the next error that causes a memory allocation error and fills up the logs:

Resolution

zimbra-ps-upgradeThe recommended resolution is to upgrade at least to Zimbra Collaboration 8.6 with the latest Patch to obtain the latest ClamAV Release among other updated packages. This ensures that you will have a properly secured email system.

In case your company needs help with the upgrade, Zimbra offers the Zimbra Collaboration Upgrade Assessment. This Assessment is delivered by Zimbra Certified professionals, and it provides expert recommendations, best practices and planning tools for upgrading your Zimbra Collaboration implementation to the latest release.

PROFESSIONAL SERVICES

Workaround

Zimbra Collaboration is the open source leader in email and collaboration. That means your company can benefit from the manual upgrade of some third party packages and keep your email server up, running and secure, while planning your upgrade to the latest ZCS Release.

Disabling the antivirus

You can follow a workaround by disabling antivirus:

zmprov ms `zmhostname` -zimbraServiceEnabled antivirus
zmcontrol restart

This workaround will let your Zimbra Collaboration platform run without antivirus. However, we don’t recommend it.

Manual upgrade of ClamAV component

For those who don’t want to upgrade now, although we strongly recommended it, you can follow the next steps.

Downloads

Use the clamav version our team has generated for your Zimbra environments:

Update Instructions

As root user, move to the /tmp folder.
Download the file from of the previous links, for example for Ubuntu 12.04:

wget https://files.zimbra.com/downloads/clamav/ubuntu12_64/clamav-0.98.4.tar.gz

Extract the file:

tar xzvf clamav-0.98.4.tar.gz

Stop the Zimbra Services:

su - zimbra -c 'zmcontrol stop'

Move the new folder to /opt/zimbra and change the symbolic link:

mv /tmp/clamav-0.98.4 /opt/zimbra
cd /opt/zimbra
rm clamav 
ln -s clamav-0.98.4 clamav 
ls -l clamav

The output line of this latest command will look similar to:

lrwxrwxrwx  1 root root 25 Apr  9 15:39 clamav -> /opt/zimbra/clamav-0.98.4

Start services, if the ClamAV process doesn’t start or you are facing issues with the clamAV process, we recommend to restart the entire server or kill the ClamAV service before start the Zimbra Services:

su - zimbra -c 'zmcontrol start'

Confirm

You can confirm that the new version of ClamAV is running by checking /opt/zimbra/log/clamd.log. The most recent startup in the log should look similar to:

Sat Oct 22 18:42:31 2016 -> +++ Started at Sat Oct 22 18:42:31 2016
Sat Oct 22 18:42:31 2016 -> clamd daemon 0.98.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Let us know in the comments if you are facing the issue and if you were able to solve it by following these steps.

Jorge de la Cruz

About Jorge de la Cruz

Hi everyone, my name is Jorge de la Cruz and I’m a passionate Zimbra fan. VMware vExpert ’14-’16 and Veeam Vanguard ’15-16, writing about Zimbra in a Technical manner since 2011, now leading the Product Marketing team for OEM, thrilled to be part of the Synacor Team.

Comments are closed.

>