Monday, March 14, 2011

Updating Clamav databases - Freshclam


When installing Clamav, one of the difficulties people encounters is to update the virus definitions.

The Clamav antivirus is composed of several virus signature files, the databases of viruses.

They are:
main.cvd, released on 14/11/2010 and the one that has the basis of virus signatures.
daily.cvd, which is updated daily, with the latest virus signatures.
bytecode.cvd, which is a file used to implement complex signatures of viruses, to search several variants of a virus (mutations or polymorphic)
safebrowsing.cvd, which is a signature file that implements connection with Google Safe Browsing, and is updated daily.

One of the files, main.cvd is updated when there's the release of new versions of clamav, the most recent is version 0.97, released in November 2010.
Other files, however, are updated daily. Therefore, to have a reliable protection, you need to update the databases of clamav as often as possible.
But, in most of the cases, one can not upgrade the databases. One of the error messages: "Database not found" - WARNING: getpatch: Can not download daily.cvd / bytecode.cvd / safebrowsing.cvd.

What Happens?
It happens that the default settings of Freshclam (which is the tool to update the database) does not specify the addresses of the several mirrors of the databases of Clamav. The freshclam.conf comes with default settings, and the information regarding the databases is commented  (#).

What to Do?
As root, look for freshclam.conf file in / etc / freshclam.conf and, with your favorite text editor, add the following line:


DatabaseMirror database.clamav.net


This line may be placed below the mirror databases section of clamav. As it is the fallback database (backup database), should work well in any country in the world.

Another configuration  to be made is to enable the download of bytecode.cvd by inserting the following lines:

# This option Enables downloading of bytecode.cvd, Which includes additional
# Mechanisms detection and improvements to the ClamAV engine.
# Default: enabled

Bytecode yes


You can also download the virus definition files directly from the site of Clamav in http://www.clamav.net/lang/en/, and manually download the CVD files one by one  and then copy them (as root) to / var / lib / clamav, which is the default location of virus definitions.
Once configured, run the freshclam command in a terminal as root.
Should solve the problems of updating Clamav.

Sharing is Caring:
By Alessandro Ebersol with 1 comment

1 comments:

Post a Comment

  • Popular
  • Categories
  • Archives