Jump to: navigation, search

SUPPORT COMMUNICATION - CUSTOMER ADVISORY - 21627102016

Summary

Element Description
Document ID 21627102016
Version 1
Advisory category Advisory
Impact Low Risk
OS version Centos 6 or RedHat 6
MCS version 3.x
Release date 27 October 2016
Last updated 27 October 2016
Integrated MCS Version 3.31.100.74
Keywords clamav disk full
Apply on DR Secondary server Break DR, then apply advisory on both servers. Reconfigure DR.

Description

  • Recently many servers faced a disk full problem. It was caused by a bug in the clamav antivirus service. We have disabled the service and freshclam agent as a workaround. The permanent solution is to upgrade the clamav component to version clamav-0.98.4-65.el6.x86_64. This advisory provides the updated clamav component.

Patch Name

  • NA

Patch Installation

  • Untar the tar file to extract 'clamav-update' folder.
  • cd clamav-update
  • Run script : ./upgradeClamav.sh
  • Cross check that clamav is upgraded.
rpm -q clamav
Output should be : clamav-0.98.4-65.el6.x86_64
  • If clamav service & freshclam agent are disabled, enable them by running script : ./enableClamav.sh
  • Test normal mail send / receive
  • tail -f /var/log/messages
Mail queueing should happen. There should not be excessive qmail qq errors.
  • Test that agent log file doesn't grow by running agent in one session & watching log file in another.
Session1 : /mithi/mcs/bin/freshclamavnow.sh
Session2 : watch "ls -lh /var/log/mithi/mcs/freshclamavnow.sh.log"
  • Test virus mail is getting detected by sending mail containing foll line( eicar sample virus ) :
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Patch Uninstallation

  • Disable antivirus check
/mithi/mcs/bin/setantivirus.sh -status 0
  • Disable the freshclam agent
/mithi/mcs/bin/modifyagent.sh fresh_clamav -status off -restartagents t