Important ClamAV security updates for V 5.0

Discussion in 'Mail Gateway: Installation and configuration' started by martin, Jan 31, 2018.

  1. martin

    martin Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    618
    Likes Received:
    271
    In order to get latest ClamAV security updates for Proxmox Mail Gateway 5.0 (includes back-ported fixes from 0.99.3), please add the following repository to your /etc/apt/sources.list:
    Code:
    nano /etc/apt/sources.list
    
    deb  http://deb.debian.org/debian stretch-updates main
    
    Now, you can install the clamav updates via:
    Code:
    apt update
    
    apt dist-upgrade
    On the pop up dialogs, please select always "keep the local version currently installed" (just press enter).

    Changelog

    * Apply security patches from 0.99.3 (Closes: #888484):
    - fixes for the following CVE's: CVE-2017-6418, CVE-2017-6420,
    CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377,
    CVE-2017-12378, CVE-2017-12379, CVE-2017-12380.
    * Bump symbol version of cl_retflevel because CL_FLEVEL changed.

    The next release of the ISO (ISO release 12) will contain this repo by default.
    __________________
    Best regards,

    Martin Maurer
    Proxmox Mail Gateway project leader
     
    DerDanilo likes this.
  2. FedeGarcia

    FedeGarcia New Member

    Joined:
    Feb 26, 2008
    Messages:
    3
    Likes Received:
    0
    I think this must be notified to all licensed users.
     
  3. Virtualizer

    Virtualizer Member

    Joined:
    Dec 19, 2011
    Messages:
    76
    Likes Received:
    1
    done, but not why not to 0.99.3 ?

    The following packages will be upgraded:
    clamav clamav-base clamav-daemon clamav-freshclam clamdscan libclamav7
    6 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
    Need to get 2,735 kB of archives.
    After this operation, 5,120 B disk space will be freed.
    Do you want to continue? [Y/n] y
    Get:1 http://deb.debian.org/debian stretch-updates/main amd64 libclamav7 amd64 0.99.2+dfsg-6+deb9u1 [971 kB]
    Get:2 http://deb.debian.org/debian stretch-updates/main amd64 clamav-daemon amd64 0.99.2+dfsg-6+deb9u1 [445 kB]
    Get:3 http://deb.debian.org/debian stretch-updates/main amd64 clamdscan amd64 0.99.2+dfsg-6+deb9u1 [314 kB]
    Get:4 http://deb.debian.org/debian stretch-updates/main amd64 clamav-base all 0.99.2+dfsg-6+deb9u1 [295 kB]
    Get:5 http://deb.debian.org/debian stretch-updates/main amd64 clamav-freshclam amd64 0.99.2+dfsg-6+deb9u1 [359 kB]
    Get:6 http://deb.debian.org/debian stretch-updates/main amd64 clamav amd64 0.99.2+dfsg-6+deb9u1 [351 kB]
    Fetched 2,735 kB in 0s (16.3 MB/s)
    Reading changelogs... Done
    Preconfiguring packages ...
    (Reading database ... 37189 files and directories currently installed.)
    Preparing to unpack .../0-libclamav7_0.99.2+dfsg-6+deb9u1_amd64.deb ...
    Unpacking libclamav7:amd64 (0.99.2+dfsg-6+deb9u1) over (0.99.2+dfsg-6+b1) ...
    Preparing to unpack .../1-clamav-daemon_0.99.2+dfsg-6+deb9u1_amd64.deb ...
    Unpacking clamav-daemon (0.99.2+dfsg-6+deb9u1) over (0.99.2+dfsg-6+b1) ...
    Preparing to unpack .../2-clamdscan_0.99.2+dfsg-6+deb9u1_amd64.deb ...
    Unpacking clamdscan (0.99.2+dfsg-6+deb9u1) over (0.99.2+dfsg-6+b1) ...
    Preparing to unpack .../3-clamav-base_0.99.2+dfsg-6+deb9u1_all.deb ...
    Unpacking clamav-base (0.99.2+dfsg-6+deb9u1) over (0.99.2+dfsg-6) ...
    Preparing to unpack .../4-clamav-freshclam_0.99.2+dfsg-6+deb9u1_amd64.deb ...
    Unpacking clamav-freshclam (0.99.2+dfsg-6+deb9u1) over (0.99.2+dfsg-6+b1) ...
    Preparing to unpack .../5-clamav_0.99.2+dfsg-6+deb9u1_amd64.deb ...
    Unpacking clamav (0.99.2+dfsg-6+deb9u1) over (0.99.2+dfsg-6+b1) ...
    Setting up clamav-base (0.99.2+dfsg-6+deb9u1) ...
    Setting up libclamav7:amd64 (0.99.2+dfsg-6+deb9u1) ...
    Processing triggers for libc-bin (2.24-11+deb9u1) ...
    Processing triggers for systemd (232-25+deb9u1) ...
    Processing triggers for man-db (2.7.6.1-2) ...
    Setting up clamdscan (0.99.2+dfsg-6+deb9u1) ...
    Setting up clamav-freshclam (0.99.2+dfsg-6+deb9u1) ...
    Setting up clamav (0.99.2+dfsg-6+deb9u1) ...
    Setting up clamav-daemon (0.99.2+dfsg-6+deb9u1) ...
    root@mxgate1:~# apt-get dist-upgrade
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Calculating upgrade... Done
    0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

    And from GUI:

    Update available for channel updates.spamassassin.org: 1822491 -> 1822773
    http: (curl) GET http://sa-update.verein-clean.net/1822773.tar.gz, success
    http: (curl) GET http://sa-update.verein-clean.net/1822773.tar.gz.sha1, success
    http: (curl) GET http://sa-update.verein-clean.net/1822773.tar.gz.asc, success
    rules: failed to run FORGED_GMAIL_RCVD test, skipping:
    (Can't locate object method "check_for_forged_gmail_received_headers" via package "Mail::SpamAssassin::perMsgStatus" at (eval 1327) line 539.
    )
    channel: lint check of update failed, channel failed
    Update failed, exiting with code 4
    TASK OK
     
  4. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    12,960
    Likes Received:
    324
    This is just Debian specific how they handle package names and numbering

    See also https://forum.proxmox.com/threads/spam-assassin-update-not-working-after-update.40963/

    It looks like this is fixed now, works here again.
    https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7540
     
  5. martin

    martin Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    618
    Likes Received:
    271
  6. pitterski

    pitterski New Member

    Joined:
    Jun 24, 2018
    Messages:
    4
    Likes Received:
    0
    I have problem with freshclam.
    After instalation of PMG and update to 0.9.4 freshclam is unable to update virus definitions forclam.
    When I delete files /var/lib/clam/* it if possible to download new version when i'm running freshclam.
    But in nex day definitions are not updated, whe i run it manually i'v some errors:

    ClamAV update process started at Wed Jun 27 22:27:53 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read httpwwwclamavnetdocumentsupgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.185.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jun 27 22:28:01 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read httpwwwclamavnetdocumentsupgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.189.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jun 27 22:28:08 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read httpwwwclamavnetdocumentsupgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Trying host db.pl.clamav.net (104.16.188.138)...
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.188.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jun 27 22:28:16 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read httpwwwclamavnetdocumentsupgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Trying host db.pl.clamav.net (104.16.187.138)...
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.187.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jun 27 22:28:23 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read httpwwwclamavnetdocumentsupgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Trying host db.pl.clamav.net (104.16.186.138)...
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.186.138 is not synchronized.
    Giving up on db.pl.clamav.net...
    Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check httpwwwclamavnetdocmirrors-faq.html for possible reasons.
    TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 59

    On my second PMG installed and configured in the same way, the freshclam process updates virus definitions without problem.
    What I have to check or do?

    Kind regards
    Piotr
     
  7. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,173
    Likes Received:
    268
    Please remove the mirror status file:

    # rm /var/lib/clamav/mirrors.dat

    Then try again.
     
  8. pitterski

    pitterski New Member

    Joined:
    Jun 24, 2018
    Messages:
    4
    Likes Received:
    0
    I did this before with no efect.
    I'm doing it again, there is output. Still with no efect: last updates from 25/06/2018 eg: daily ver 24696.

    root@mx5:~# rm /var/lib/clamav/mirrors.dat
    root@mx5:~# /usr/bin/freshclam --stdout
    ClamAV update process started at Thu Jun 28 09:15:33 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read http_www_clamav_net_documents_upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.189.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Thu Jun 28 09:15:47 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read http_www_clamav_net_documents_upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.187.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Thu Jun 28 09:16:01 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read http_www_clamav_net_documents_upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.188.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Thu Jun 28 09:16:28 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read http_www_clamav_net_documents_upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.185.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Thu Jun 28 09:16:47 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.0
    DON'T PANIC! Read http_www_clamav_net_documents_upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    Trying host db.pl.clamav.net (104.16.186.138)...
    Downloading daily.cvd [100%]
    WARNING: Mirror 104.16.186.138 is not synchronized.
    Giving up on db.pl.clamav.net...
    Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http_www_clamav_net_doc_mirrors-faq.html for possible reasons.
    root-@mx5:~#

    If I remove all files from /var/lib/clam/*, first execution of fresclam will download new signatures. Second execution on next day does not updaes signatures.

    Kind regards
    Piotr
     
  9. pitterski

    pitterski New Member

    Joined:
    Jun 24, 2018
    Messages:
    4
    Likes Received:
    0
    I have deleted all files from the /var/lib/clam/* directory again
    After restarting freshclam, everything started to work properly.

    Kind regards
    Piotr
     
  10. ProxUser3000

    ProxUser3000 New Member

    Joined:
    Dec 20, 2013
    Messages:
    14
    Likes Received:
    0
    hi,

    i am on
    Mail Gateway 5.0-71 currently, do we have to do this also`?

    Becaus it says clam av is outdated

    Code:
    ()
    ClamAV update process started at Wed Jul 11 08:47:04 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.1
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 24742, sigs: 2010062, f-level: 63, builder: neo)
    Downloading safebrowsing.cvd [100%]
    WARNING: Mirror 104.16.187.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jul 11 08:47:21 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.1
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 24742, sigs: 2010062, f-level: 63, builder: neo)
    Trying host database.clamav.net (104.16.189.138)...
    Downloading safebrowsing.cvd [100%]
    WARNING: Mirror 104.16.189.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jul 11 08:47:37 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.1
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 24742, sigs: 2010062, f-level: 63, builder: neo)
    Downloading safebrowsing.cvd [100%]
    WARNING: Mirror 104.16.186.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jul 11 08:47:53 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.1
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 24742, sigs: 2010062, f-level: 63, builder: neo)
    Trying host database.clamav.net (104.16.185.138)...
    Downloading safebrowsing.cvd [100%]
    WARNING: Mirror 104.16.185.138 is not synchronized.
    Trying again in 5 secs...
    ClamAV update process started at Wed Jul 11 08:48:09 2018
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.99.4 Recommended version: 0.100.1
    DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 24742, sigs: 2010062, f-level: 63, builder: neo)
    Downloading safebrowsing.cvd [100%]
    WARNING: Mirror 104.16.187.138 is not synchronized.
    Giving up on database.clamav.net...
    Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
    TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 59
    What can we do?
     
  11. pitterski

    pitterski New Member

    Joined:
    Jun 24, 2018
    Messages:
    4
    Likes Received:
    0
    Please try doing this steps.
    1. Stop freshclam proces (from gui/ssh) and check that freshclam is stopped.
    2. Delete all files from /var/lib/clam/* (from ssh)
    3. Start freshclam (from gui/ssh)
    For my installation it just worked.
    I had the same errors before.

    Kind regards
    Piotr
     
  12. DerDanilo

    DerDanilo Member

    Joined:
    Jan 21, 2017
    Messages:
    206
    Likes Received:
    15
    Is this still required? I installed before ISO release 12 but the repo was there already anyways.
     
  13. sub7on

    sub7on New Member

    Joined:
    Sep 2, 2018
    Messages:
    2
    Likes Received:
    0
    setup a virtual machine, installed the latest version, did an apt update and dist upgrade and tried to update the ClamAV.. not possible, got the following error:

    Code:
    ClamAV update process started at Sun Sep  2 11:36:33 2018
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd is up to date (version: 24894, sigs: 2072025, f-level: 63, builder: neo)
    safebrowsing.cvd is up to date (version: 47820, sigs: 2936605, f-level: 63, builder: google)
    bytecode.cvd is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
    TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 1
    Tried to lookup in the freshclam file with nano, this the output:

    does anyone have a solution
     
  14. dietmar

    dietmar Proxmox Staff Member
    Staff Member

    Joined:
    Apr 28, 2005
    Messages:
    16,173
    Likes Received:
    268
    Your database is already up to date. Not sure when/where you get that errorß
     
    sub7on likes this.
  15. sub7on

    sub7on New Member

    Joined:
    Sep 2, 2018
    Messages:
    2
    Likes Received:
    0
    ohhh, so i dont have to care? i m just getting this error after updating linux via update, upgrade and dist-upgrade. After the reboot this message appears. its a fresh installed system. you can try it yourself. download the iso, install it, update via ssh or interface and you ll see the same error as i posted above...

    thanks for the help!
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice