ClamAV not updating virus definitions via proxy
Article ID: 168849
Updated On:
Products
Security Analytics
Security Analytics - VA
Issue/Introduction
When Security Analytics (SA) is configured via the GUI to use a web proxy, the ClamAV definition update service 'freshclam' will not use the proxy and cannot reach the Internet.
The following or similar messages may be present in /var/log/messages:
The following or similar messages may be present in /var/log/messages:
Nov 11 13:18:26 solera1 freshclam[6451]: nonblock_connect: connect timing out (30 secs)
Nov 11 13:18:26 solera1 freshclam[6451]: Can't connect to port 80 of host database.clamav.net (IP: 218.189.210.14)
Nov 11 13:18:26 solera1 freshclam[6451]: Can't download daily.cvd from database.clamav.net
Nov 11 13:18:26 solera1 freshclam[6451]: Giving up on database.clamav.net...
Nov 11 13:18:26 solera1 freshclam[6451]: Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.
Cause
The freshclam program is not designed to recognize standard Linux environmental variables used by Security Analytics which define the web proxy.
Further manual configuration is needed for freshclam.
Further manual configuration is needed for freshclam.
Resolution
Workaround
The proxy must be defined in the freshclam configuration file using the following procedure:1. Log into the device via SSH or at the console as the root user
2. Make a backup of the freshclam configuration file
cp /etc/freshclam.conf /etc/freshclam.conf.orig
3. Edit the freshclam configuration file using the "vi" editor
vi /etc/freshclam.conf
4. Locate the proxy configuration lines, uncomment the required settings, and modify them to the desired web proxy values
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
5. Save the file
6. At the command line, run "freshclam" to verify that the proxy settings are working and that the updater can reach the ClamAV database servers through the proxy.
7. Restart the ClamAV update service using the command "service solera-freshclamd restart"
Additional Information
Here are a few other things you can try:
Run the following command to see if the server has downloaded a local copy of the freshclam database:
freshclam --debug --verbose
You can look in the /var/lib/clamav directory and check the timestamps on files like 'daily.cvd' You can try deleting (or moving) the daily.cld and then restart freshclam to see if it is able to pull down a fresh copy of the database.
Feedback
Yes
No
Powered by
