How to be sure ClamAV database is up to date?
I am currently having an issue with ClamAV and freshclam on Centos 6.9.
I have the last Clam engine 0.99.2, and a working internet connection.
Even if I run the # freshclam -v
command ( it only returns a security warning about unsecure permission of freshclam.conf) before a # clamscan
, clamAV return me this warning :
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days. ***
LibClamAV Warning: *** Please update it IMMEDIATELY! ***
LibClamAV Warning: **************************************************
So my questions are : how can I know when the last update was done ? Or make sure the virus database is up-to-date ?
PS : I've tested the clamscan with eicar test file and it detects it.
clamscan --version
shows the version and date of signatures, e.g.
$ clamscan --version
ClamAV 0.101.4/25613/Fri Oct 25 11:00:25 2019
where 25613
is the signatures version and it is followed by the date of the signatures
You have 2 questions:
- How can I know when the last update was done ?
host -t txt current.cvd.clamav.net; perl -e 'printf "%d\n", time;'
This will tell you when clamav made available the last update.
- Make sure the virus database is up-to-date ?
First you need to understand why you get the security warning. If you post the warning here maybe we'd have a better chance to help you.
Then I recommend you look in the log at /var/log/clamav/freshclam.log
Also, if you have selinux enabled, you'd have to run this: setsebool -P antivirus_can_scan_system 1
. If by any chance the error is something like this During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied
then clearly your solution is the command I mentioned above.
This is what I do for the second part of your question: Make sure the virus database is up-to-date ?
My systems are offline so cannot query the clamav site for their most recent virus definitions database but I can easily examine the date of my current cvd files with this linux command.
strings /var/lib/clamav/daily.cvd|head -1|cut -c1-28
ClamAV-VDB:31 Jul 2019 04-17
Edit: As Jonathon has so kindly mentioned, sigtool is a great way to examine the clamav dat file signature:
sigtool --info daily.cvd
File: daily.cvd
Build time: 28 Aug 2019 04:24 -0400
Version: 25555
Signatures: 1739106
Functionality level: 63
Builder: raynman
...