ClamAV Administration

Have a Question?

This section describes how to manage the ClamAV Anti-Virus engine.

Updater for ClamAV Signatures

ClamAV’s capabilities include the ability to load external signatures, which are lists of virus hashes or fingerprints grouped into a signature database and used to detect a greater variety of potential threats conveyed over e-mail.

ClamAV may use a variety of signature providers, the majority of which are licenced as Open Source; nevertheless, employing numerous signature databases may not necessarily result in a greater precision of the ClamAV engine. Indeed, utilising too many signature databases may result in false positives, labelling innocent e-mails as malware and sending them to quarantine or deletion. Furthermore, because the signatures are put into RAM to enable for speedier tests, this might result in excessive CPU consumption and, in the event that a DB or a signature is damaged or not 100% compliant, failure of the entire ClamAV engine.

As a result, Carbonio obtains signatures from a security partner that are certified to be 100% compatible with ClamAV, lowering the possibility of false positives. Carbonio uses a system service called carbonio-avdb-updater to keep the signatures up to date.

Log in to the Proxy Node, then update the list of packages to ensure the most recent version is picked up, then install the updater.

The service should begin immediately, and you may monitor its status via

Start the service manually if it is not already running.

Check the Signature Status

You can examine the service log to ensure that the service is operational and that signatures are up to current.

If the signatures are changed, you will see a block in the log that looks like this:

The S T A R T I N G and F I N I S H E D messages, which signify the beginning and successful completion of the signature update process, are crucial. If no update is available and downloaded, the following two messages appear:

Turn off ClamAV.
There are times when an Administrator wants or has to disable Carbonio’s internal anti-virus engine, amavis, such as when utilising an external anti-virus engine or investigating an MTA issue in a test environment.

In such instances, the status of amavis can be manually deactivated via the CLI with the command
Restart the service to ensure that the updated value is recognised by the system.
You may check the status of the variable and the service at any time.