ClamAV v0.97 included in ZCS 8.0.6 and below tags all messages as **UNCHECKED**

zimbra-unchecked-bannerHello Everyone. If you are using ZCS 8.0.6 and prior: starting 22 October 2016, anti-virus definitions will no longer update, and your ClamAV instance will stop working entirely.

zimbra-uncheckedThis is a real risk for all outdated ZCS versions, and as a visual symptom, all your messages are being tagged as **UNCHECKED**.

If you try to run the manual update of the DB, you will see the next error that causes a memory allocation error and fills up the logs:

Resolution

zimbra-ps-upgradeThe recommended resolution is to upgrade at least to Zimbra Collaboration 8.6 with the latest Patch to obtain the latest ClamAV Release among other updated packages. This ensures that you will have a properly secured email system.

In case your company needs help with the upgrade, Zimbra offers the Zimbra Collaboration Upgrade Assessment. This Assessment is delivered by Zimbra Certified professionals, and it provides expert recommendations, best practices and planning tools for upgrading your Zimbra Collaboration implementation to the latest release.

PROFESSIONAL SERVICES

Workaround

Zimbra Collaboration is the open source leader in email and collaboration. That means your company can benefit from the manual upgrade of some third party packages and keep your email server up, running and secure, while planning your upgrade to the latest ZCS Release.

Disabling the antivirus

You can follow a workaround by disabling antivirus:

zmprov ms `zmhostname` -zimbraServiceEnabled antivirus
zmcontrol restart

This workaround will let your Zimbra Collaboration platform run without antivirus. However, we don’t recommend it.

Manual upgrade of ClamAV component

For those who don’t want to upgrade now, although we strongly recommended it, you can follow the next steps.

Downloads

Use the clamav version our team has generated for your Zimbra environments:

Update Instructions

As root user, move to the /tmp folder.
Download the file from of the previous links, for example for Ubuntu 12.04:

wget https://files.zimbra.com/downloads/clamav/ubuntu12_64/clamav-0.98.4.tar.gz

Extract the file:

tar xzvf clamav-0.98.4.tar.gz

Stop the Zimbra Services:

su - zimbra -c 'zmcontrol stop'

Move the new folder to /opt/zimbra and change the symbolic link:

mv /tmp/clamav-0.98.4 /opt/zimbra
cd /opt/zimbra
rm clamav 
ln -s clamav-0.98.4 clamav 
ls -l clamav

The output line of this latest command will look similar to:

lrwxrwxrwx  1 root root 25 Apr  9 15:39 clamav -> /opt/zimbra/clamav-0.98.4

Start services, if the ClamAV process doesn’t start or you are facing issues with the clamAV process, we recommend to restart the entire server or kill the ClamAV service before start the Zimbra Services:

su - zimbra -c 'zmcontrol start'

Confirm

You can confirm that the new version of ClamAV is running by checking /opt/zimbra/log/clamd.log. The most recent startup in the log should look similar to:

Sat Oct 22 18:42:31 2016 -> +++ Started at Sat Oct 22 18:42:31 2016
Sat Oct 22 18:42:31 2016 -> clamd daemon 0.98.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Let us know in the comments if you are facing the issue and if you were able to solve it by following these steps.

, , , ,

16 Responses to ClamAV v0.97 included in ZCS 8.0.6 and below tags all messages as **UNCHECKED**

  1. Budi Kurniawan October 25, 2016 at 5:47 AM #

    os = suse 11 sp3
    zimbra = 8.06

    upgrade openssl

    #cd /usr/local/src
    #wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
    #tar -zxf openssl-1.0.2*
    #cd openssl-1.0.2*
    #./config –prefix=/usr –openssldir=/usr/local/openssl shared
    #make
    #make test

    makesure all test is pass/ok like this:

    PASS
    test_bad_dtls
    ../util/shlib_wrap.sh ./bad_dtls_test
    make[1]: Leaving directory `/usr/local/src/openssl-1.0.2j/test’
    OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a
    OpenSSL 1.0.2j 26 Sep 2016
    built on: reproducible build, date unspecified
    platform: linux-x86_64
    options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
    compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,–noexecstack -m64 –

    DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM –

    DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
    OPENSSLDIR: “/usr/local/openssl”

    #make install

    downlaod clamav for suse 11

    #cd /opt/zimbra
    #wget https://files.zimbra.com/downloads/clamav/sles11_64/clamav-0.98.4.tar.gz
    #tar cf /tmp/clamav-0.98.4.tar clamav-0.98.4
    #tar xzvf clamav-0.98.4.tar.gz

    $zmantivirusctl stop

    #rm clamav
    #ln -s clamav-0.98.4 clamav
    #ls -l clamav

    make sure output like this:
    lrwxrwxrwx 1 root root 25 Apr 9 15:39 clamav -> /opt/zimbra/clamav-0.98.4

    $zmantivirusctl start

    It works for my server

    I hope it can help

    Thanks
    BK

  2. Jorge de la Cruz
    Jorge de la Cruz October 25, 2016 at 12:23 PM #

    If there are errors regarding libssl.so.1.0.0, make sure you’ve downloaded the latest version of the binaries. The latest version contains the openssl version used to build clamav, and is approximately 100MB and dated 10/25/2016. The previous version was about 91MB and dated 10/22/2016.

    • alex October 29, 2016 at 3:25 PM #

      Hi. I’ve got the problem with starting ClamAV after upgrading to version 0.98.

      When i try start clamd via Zimbra enviroment:
      Starting clamd…failed.

      Or in case of freshclam usage:
      /opt/zimbra/clamav/bin/freshclam: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

      I already tried to get and install the latest package clamav-0.98.4.tar.gz for my OS (Ubuntu 10) according to written above in the article.
      But how to install openssl-1.0.1j which is included?

    • Jorge de la Cruz
      Jorge de la Cruz October 29, 2016 at 8:59 PM #

      Hi alex,
      Do the same as for the clamav folder, move it to /opt/zimbra and regenerate the symlink

      Best regards

  3. Alberto October 25, 2016 at 5:49 PM #

    Update process went fine on ubuntu 10.04.
    When i restart Zimbra with A/V enabled it fails returning this in clamd.log:

    /opt/zimbra/clamav/sbin/clamd: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

    I’m running Zimbra 7.2.6.
    Any idea (except upgrading version that will be done next weekend)?

    • Jorge de la Cruz
      Jorge de la Cruz October 25, 2016 at 8:12 PM #

      Hi Alberto,
      Try now by downloading again the package for your OS, we have added the libssl inside and so on.

      Let us know!

    • Alberto October 25, 2016 at 11:13 PM #

      Uhm, i haven’t find any difference. Is the link https://files.zimbra.com/downloads/clamav/ubuntu10_64/clamav-0.98.4.tar.gz correct?
      […]
      Starting antivirus…Failed.
      Starting amavisd…amavisd is already running.
      Starting freshclam…done.
      Starting clamd…failed.
      […]

      and in log still
      “/opt/zimbra/clamav/sbin/clamd: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory”

    • Abdul Wahhab November 3, 2016 at 6:05 AM #

      pls do the followings.

      cd /opt/zimbra/clamav/lib
      then make the symbolic link for the files

      ln -s ../../openssl~version/libssl.so.1.0.0 libssl.so.1.0.0 and
      ln -s ../../openssl~version/libcrypto.so.1.0.0 libcrypto.so.1.0.0

      su zimbra

      now restart your zimbra console or restart the antivirus it will work

  4. Guillermo Reutemann October 25, 2016 at 6:42 PM #

    Thanks Jorge. Unfortunately I’m late with zimbra versions (7.2.7) and operating system (CentOS 5.7) and I can not update the clamav. So I’m forced to make migration to CentOS 6. Is there any way to run clamav 0.97 without updates?

    Regards

    • Jorge de la Cruz
      Jorge de la Cruz October 25, 2016 at 8:14 PM #

      Hi Guillermo,
      We don’t have a package for CentOS 5/RHEL 5, so sorry. You can always disable the antivirus, which is not recommended. Or add in front of your Zimbra actual server, another MTA in CentOS 6 with ZCS 8.6 for example, for the moment.

      Best regards

  5. Abdul Wahhab October 26, 2016 at 6:38 AM #

    We are using centos 6.4(Final) and zimbra version is Release 8.0.0_GA_5434.RHEL6_64_20120907144639 CentOS6_64 FOSS edition. I have downloaded https://files.zimbra.com/downloads/clamav/rhel6_64/clamav-0.98.4.tar.gz . I have followed the way you have mentioned above. but from clamav.log I am getting /opt/zimbra/clamav/sbin/clamd: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory and the output of zmcontrol status is given below
    antispam Running
    antivirus Stopped
    zmclamdctl is not running
    zmfreshclamctl is not running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    snmp Running
    spell Running
    stats Running
    zmconfigd Running

    Please advice what shall we do.

    Thanks in advance.

    Abdul Wahhab

    • Tony Publiski October 26, 2016 at 4:03 PM #

      For those getting the libssl errors, can you please send the following output:

      ls -la /opt/zimbra

    • Abdul Wahhab October 27, 2016 at 11:55 AM #

      The output of /otp/zimbra is given below
      drwxr-xr-x. 3 root root 4096 Aug 14 2013 ..
      lrwxrwxrwx 1 root root 28 Aug 15 2013 altermime -> /opt/zimbra/altermime-0.3.10
      drwxr-xr-x 3 root root 4096 Aug 15 2013 altermime-0.3.10
      lrwxrwxrwx 1 root root 29 Aug 15 2013 amavisd -> /opt/zimbra/amavisd-new-2.8.0
      drwxrwxr-x 4 root root 4096 Aug 15 2013 amavisd-new-2.8.0
      lrwxrwxrwx 1 root root 27 Aug 15 2013 aspell -> /opt/zimbra/aspell-0.60.6.1
      drwxr-xr-x 6 root root 4096 Aug 15 2013 aspell-0.60.6.1
      drwxr-xr-x 2 zimbra zimbra 4096 Aug 15 2013 backup
      -rw-r—– 1 zimbra zimbra 1014 Oct 26 12:28 .bash_history
      -r–r–r– 1 zimbra zimbra 350 Sep 7 2012 .bash_profile
      -r–r–r– 1 zimbra zimbra 1255 Sep 7 2012 .bashrc
      lrwxrwxrwx 1 root root 22 Aug 15 2013 bdb -> /opt/zimbra/bdb-5.2.36
      drwxr-xr-x 6 root root 4096 Aug 15 2013 bdb-5.2.36
      drwxr-xr-x 2 root root 4096 Aug 15 2013 bin
      lrwxrwxrwx 1 root root 32 Aug 15 2013 cbpolicyd -> /opt/zimbra/cbpolicyd-2.1.0-beta
      drwxr-xr-x 5 root root 4096 Aug 15 2013 cbpolicyd-2.1.0-beta
      lrwxrwxrwx 1 root root 13 Oct 26 12:02 clamav -> clamav-0.98.4
      dr-xr-xr-x 9 root root 4096 Aug 15 2013 clamav-0.97.5
      dr-xr-xr-x 9 root root 4096 Oct 22 18:14 clamav-0.98.4
      dr-xr-xr-x 9 root root 4096 Oct 26 11:56 clamav-0.98.4_o
      drwxrwxr-x 13 zimbra zimbra 4096 Oct 26 12:03 conf
      -rw——- 1 root root 2194 Aug 15 2013 config.9522
      drwxr-xr-x 2 root root 4096 Aug 15 2013 contrib
      lrwxrwxrwx 1 root root 23 Aug 15 2013 curl -> /opt/zimbra/curl-7.25.0
      drwxr-xr-x 6 root root 4096 Aug 15 2013 curl-7.25.0
      lrwxrwxrwx 1 root root 32 Aug 15 2013 cyrus-sasl -> /opt/zimbra/cyrus-sasl-2.1.25.4z
      drwxr-xr-x 6 root root 4096 Aug 15 2013 cyrus-sasl-2.1.25.4z
      drwxr-xr-x 12 zimbra zimbra 4096 Aug 15 2013 data
      drwxrwxr-x 3 zimbra zimbra 4096 Oct 26 12:03 db
      drwxr-xr-x 2 zimbra zimbra 4096 Aug 15 2013 docs
      lrwxrwxrwx 1 root root 24 Aug 15 2013 dspam -> /opt/zimbra/dspam-3.10.1
      drwxr-xr-x 7 root root 4096 Aug 15 2013 dspam-3.10.1
      -r–r–r– 1 zimbra zimbra 62 Sep 7 2012 .exrc
      drwxr-xr-x 3 zimbra zimbra 4096 Aug 15 2013 extensions-extra
      drwxr-xr-x 2 zimbra zimbra 4096 Aug 15 2013 fbqueue
      lrwxrwxrwx 1 root root 25 Aug 15 2013 heimdal -> /opt/zimbra/heimdal-1.5.2
      drwxr-xr-x 7 root root 4096 Aug 15 2013 heimdal-1.5.2
      lrwxrwxrwx 1 root root 23 Aug 15 2013 httpd -> /opt/zimbra/httpd-2.4.2
      drwxr-xr-x 15 root root 4096 Aug 15 2013 httpd-2.4.2
      drwxr-xr-x 3 zimbra zimbra 4096 Aug 15 2013 index
      -rw-r–r– 1 root root 4014 Aug 15 2013 .install_history
      lrwxrwxrwx 1 root root 23 Aug 15 2013 java -> /opt/zimbra/jdk1.7.0_05
      drwxr-xr-x 8 root root 4096 Aug 15 2013 jdk1.7.0_05
      lrwxrwxrwx 1 root root 39 Aug 15 2013 jetty -> /opt/zimbra/jetty-distribution-7.6.2.z4
      drwxr-xr-x 15 root root 4096 Aug 15 2013 jetty-distribution-7.6.2.z4
      -r–r–r– 1 zimbra zimbra 52 Sep 7 2012 .ldaprc
      drwxrwxr-x 4 root root 4096 Aug 15 2013 lib
      drwxrwxr-x 4 root root 4096 Aug 15 2013 libexec
      lrwxrwxrwx 1 root root 30 Aug 15 2013 libmemcached -> /opt/zimbra/libmemcached-1.0.6
      drwxr-xr-x 6 root root 4096 Aug 15 2013 libmemcached-1.0.6
      lrwxrwxrwx 1 root root 26 Aug 15 2013 libtool -> /opt/zimbra/libtool-2.2.6b
      drwxr-xr-x 4 root root 4096 Aug 15 2013 libtool-2.2.6b
      drwxrwxr-x 2 zimbra zimbra 126976 Oct 26 20:00 log
      drwxrwxr-x 3 zimbra zimbra 4096 Sep 7 2012 logger
      lrwxrwxrwx 1 root root 39 Aug 15 2013 mailboxd -> /opt/zimbra/jetty-distribution-7.6.2.z4
      drwxr-xr-x 3 root root 4096 Aug 15 2013 mta
      lrwxrwxrwx 1 root root 59 Aug 15 2013 mysql -> /opt/zimbra/mysql-standard-5.5.24-pc-linux-gnu-i686-glibc23
      drwxrwxr-x 8 root root 4096 Aug 15 2013 mysql-standard-5.5.24-pc-linux-gnu-i686-glibc23
      lrwxrwxrwx 1 root root 26 Aug 15 2013 net-snmp -> /opt/zimbra/net-snmp-5.7.1
      drwxr-xr-x 9 root root 4096 Aug 15 2013 net-snmp-5.7.1
      lrwxrwxrwx 1 root root 26 Aug 15 2013 opendkim -> /opt/zimbra/opendkim-2.6.0
      drwxr-xr-x 7 root root 4096 Aug 15 2013 opendkim-2.6.0
      lrwxrwxrwx 1 root root 30 Aug 15 2013 openldap -> /opt/zimbra/openldap-2.4.31.7z
      drwxrwxr-x 9 root root 4096 Aug 15 2013 openldap-2.4.31.7z
      lrwxrwxrwx 1 root root 26 Aug 15 2013 openssl -> /opt/zimbra/openssl-1.0.1c
      drwxr-xr-x 6 root root 4096 Aug 15 2013 openssl-1.0.1c
      -r–r–r– 1 zimbra zimbra 9 Sep 7 2012 .platform
      lrwxrwxrwx 1 root root 36 Aug 15 2013 postfix -> /opt/zimbra/postfix-2.10-20120422.2z
      drwxr-xr-x 6 root root 4096 Aug 15 2013 postfix-2.10-20120422.2z
      drwxr-xr-x 3 zimbra zimbra 4096 Oct 26 12:01 redolog
      lrwxrwxrwx 1 root root 23 Aug 15 2013 rsync -> /opt/zimbra/rsync-3.0.9
      drwxr-xr-x 4 root root 4096 Aug 15 2013 rsync-3.0.9
      drwxr-x—. 2 zimbra zimbra 4096 Aug 15 2013 .saveconfig
      lrwxrwxrwx 1 root root 26 Aug 15 2013 snmp -> /opt/zimbra/net-snmp-5.7.1
      drwx—— 2 zimbra zimbra 4096 Aug 15 2013 .ssh
      drwxr-xr-x 6 zimbra zimbra 4096 Aug 15 2013 ssl
      drwxr-xr-x 4 zimbra zimbra 4096 Jan 13 2016 store
      lrwxrwxrwx 1 root root 26 Aug 15 2013 tcmalloc -> /opt/zimbra/tcmalloc-1.8.3
      drwxr-xr-x 5 root root 4096 Aug 15 2013 tcmalloc-1.8.3
      -rw-r–r– 1 zimbra zimbra 0 Sep 7 2012 .viminfo
      lrwxrwxrwx 1 root root 24 Aug 15 2013 zeromq -> /opt/zimbra/zeromq-3.2.0
      drwxr-xr-x 5 root root 4096 Aug 15 2013 zeromq-3.2.0
      drwxrwxr-x 7 root root 4096 Aug 15 2013 zimbramon
      drwxrwxr-x 2 zimbra zimbra 4096 Aug 15 2013 zimlets
      dr-xr-xr-x 17 zimbra zimbra 4096 Aug 15 2013 zimlets-deployed
      -rw-r—– 1 zimbra zimbra 0 Aug 14 2013 .zmmailbox_history
      -rw-r—– 1 zimbra zimbra 0 Aug 14 2013 .zmprov_history
      drwxr-xr-x 1171 zimbra zimbra 36864 Oct 26 03:33 zmstat

  6. Juan October 26, 2016 at 9:13 AM #

    Gracias, funciono a la primera con Ubuntu 10 y Zimbra Appliance zca-8.0.4

  7. adem October 31, 2016 at 1:47 PM #

    I can do it, Actually unchecked is delete, but Cpu is %99 working clamdav :)

  8. Radit January 13, 2017 at 10:34 AM #

    i’ve got this error in freshclam.log.
    clamav 0.99.2
    ubuntu 14.04

    [LibClamAV] cli_loadldb: logical signature for Email.Trojan.Toa-5557761-0 uses PCREs but support is disabled, skipping
    [LibClamAV] cli_loadldb: logical signature for Email.Trojan.Toa-5558733-0 uses PCREs but support is disabled, skipping
    [LibClamAV] cli_loadldb: logical signature for Email.Trojan.Toa-5558735-0 uses PCREs but support is disabled, skipping
    [LibClamAV] cli_loadldb: logical signature for Email.Trojan.Toa-5558737-0 uses PCREs but support is disabled, skipping
    [LibClamAV] cli_loadldb: logical signature for Email.Trojan.Toa-5558739-0 uses PCREs but support is disabled, skipping

Leave a Reply