Hi there, On Sat, 16 Jun 2018, Greg Knaddison wrote:
It seems straightforward to automate the process of downloading the virus definition files and pushing them to these computers ...
It is. Note the file you need to download periodically is not main.cvd (or main.cld) which change infrequently, but daily.cvd (or daily.cld): mail6:~# >>> ls -lrt /etc/mail/clamav/*cld -rw-r--r-- 1 clamav clamav 307499008 Jun 7 2017 /etc/mail/clamav/main.cld -rw-r--r-- 1 clamav clamav 766976 Dec 7 2017 /etc/mail/clamav/bytecode.cld -rw-r--r-- 1 clamav clamav 142240768 Jun 17 14:38 /etc/mail/clamav/daily.cld I use ClamAV only to scan mail. I don't know how you're going to use it, but for this discussion it probably doesn't matter very much.
... but then I imagine I need to configure the computers to import the definition.
It's almost sufficient to put the files in the right place. You only need to make sure the database is reloaded if you're using the 'clamd' daemon, but fortunately that's also straightforward.
Is there a command that needs to be run to import the virus defintions?
You can run a command but you don't need to. Look at the 'man' page for clamd.conf, search for 'SelfCheck'. Note that reloading the database can take some time, during which time the daemon will not respond to queries. I just tell the milters to wait. Here's a log extract which shows a mail being held up by clamd because its database is being reloaded at the time: 8<---------------------------------------------------------------------- Jun 15 06:51:30 mail6 sm-mta[28797]: NOQUEUE: connect from vmx.spamcop.net [184.94.240.112] Jun 15 06:51:30 mail6 sm-mta[28797]: w5F5pUde028797: --- 220 server ready Jun 15 06:51:31 mail6 sm-mta[28797]: w5F5pUde028797: <-- EHLO vmx.spamcop.net Jun 15 06:51:31 mail6 sm-mta[28797]: w5F5pUdf028797: --- 250-mail6.jubileegroup.co.uk Hello vmx.spamcop.net [184.94.240.112], pleased to meet you Jun 15 06:51:31 mail6 sm-mta[28797]: w5F5pUdf028797: <-- MAIL FROM:<spamid.6469143...@bounces.spamcop.net> SIZE=3318 Jun 15 06:51:33 mail6 sm-mta[28797]: w5F5pUdf028797: --- 250 2.1.0 <spamid.6469143...@bounces.spamcop.net>... Sender ok Jun 15 06:51:33 mail6 sm-mta[28797]: w5F5pUdf028797: <-- RCPT TO:<redac...@jubileegroup.co.uk> Jun 15 06:51:33 mail6 sm-mta[28797]: w5F5pUdf028797: --- 250 2.1.5 <redac...@jubileegroup.co.uk>... Recipient ok Jun 15 06:51:33 mail6 sm-mta[28797]: w5F5pUdf028797: <-- DATA Jun 15 06:51:33 mail6 sm-mta[28797]: w5F5pUdf028797: --- 354 Enter mail, end with "." on a line by itself Jun 15 06:51:34 mail6 clamd[670]: SelfCheck: Database modification detected. Forcing reload. Jun 15 06:51:35 mail6 clamd[670]: Reading databases from /etc/mail/clamav Jun 15 06:52:18 mail6 clamd[670]: Database correctly reloaded (6823949 signatures) Jun 15 06:52:19 mail6 clamd[670]: fd[11]: OK Jun 15 06:52:19 mail6 sm-mta[28797]: w5F5pUdf028797: --- 050 <redac...@jubileegroup.co.uk>... Connecting to local... Jun 15 06:52:19 mail6 sm-mta[28797]: w5F5pUdf028797: --- 050 <redac...@jubileegroup.co.uk>... Sent Jun 15 06:52:19 mail6 sm-mta[28797]: w5F5pUdf028797: to=<redac...@jubileegroup.co.uk>, delay=00:00:46, xdelay=00:00:00, mailer=local, pri=33547, dsn=2.0.0, stat=Sent Jun 15 06:52:19 mail6 sm-mta[28797]: w5F5pUdf028797: done; delay=00:00:46, ntries=1 Jun 15 06:52:19 mail6 sm-mta[28797]: w5F5pUdf028797: --- 250 2.0.0 w5F5pUdf028797 Message accepted for delivery Jun 15 06:52:24 mail6 sm-mta[28797]: w5F5pUdg028797: <-- QUIT Jun 15 06:52:24 mail6 sm-mta[28797]: w5F5pUdg028797: --- 221 2.0.0 mail6.jubileegroup.co.uk closing connection 8<---------------------------------------------------------------------- As you can see above, the message was held up for more than 40 seconds. To avoid a blackout period during the database update I imagine if you were creative enough you could run two daemons in tandem configured to listen on different ports. For the modest mail volumes on my servers, I've never thought it worth the effort. HTH -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml