000029273 - Manually applying the definition files to ClamAV for RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000029273
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0, 8.1, 8.2
IssueHaving difficulty updating the definition files for ClamAV that comes as part of RSA Authentication Manager 8.2 software.  Running freshclam to update the virus databases, results in this warning:
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd-socket: 
No such file or directory
TasksFor information on using ClamAV with a deployed Authentication Manager instance refer to Chapter 16 for a section called Run Clam Antivirus Software (page 332) of the RSA Authentication Manager 8.2 Administrator’s Guide.
  1. Log on to the RSA Authentication Manager 8.2 operating system with the rsaadmin account, either via the local console or SSH (where SSH has been enabled in the Operations Console).
  2. ClamAV requires root privileges to be updated or used to scan the operating system files, so elevate privileges with the command sudo su - root.
  3. Enter the rsaadmin password when prompted.
  4. Use the command touch /var/lib/clamav/clamd-socket.  This will remove the warning regarding the/var/lib/clamav/clamd-socket when running freshclam
ResolutionIn most cases, Authentication Manager will not have access to the internet to download the updated ClamAV definition files due to security measures.
ClamAV definition files can be manually downloaded from http://database.clamav.net/main.cvd, http://database.clamav.net/daily.cvd and http://database.clamav.net/bytecode.cvd.  Note:  These files are current as of December 2014.
Steps to manually apply the new definition files and use ClamAV
  1. Download the ClamAV definition files mentioned above.
  2. Log on to the RSA Authentication Manager 8.1 operating system with the rsaadmin account, either via the local console or SSH (where SSH has been enabled in the Operations Console).
  3. ClamAV requires root privileges to be updated or used to scan the operating system files, so elevate privileges with the command sudo su - root.
  4. Enter the rsaadmin password when prompted.
  5. Create a working directory in /tmp, for example, /tmp/clamav.
  6. Using a secure FTP client (such as WinSCP), copy the main.cvd, daily.cvd and bytecode.cvd files to the working folder.
  7. Copy the *.cvd files to /var/lib/clamav.
  8. Run the ClamAV software with the command clamscan -r / --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/opt/rsa/am/rsapgdata --follow-dir-symlinks=0 --follow-file-symlinks=0 --log=/var/log/clamav.log.
  9. The files being scanned will appear in the session.  Review the /var/log/clamav.log file when the command line returns.
login as: rsaadmin 
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Tue Jan 24 16:35:53 2017 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> sudo su - root
rsaadmin's password: <enter operating system password>
am81p:~ # sudo /usr/bin/freshclam
am81p:~ # mkdir /tmp/clamav
am81p:~ # cp /tmp/clamav/*.cvd /var/lib/clamav
am81p:~ # clamscan -r / --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/opt/rsa/am/rsapgdata --follow-dir-symlinks=0 --follow-file-symlinks=0 --log=/var/log/clamav.log
NotesA typical freshclam example on an Authentication Manager 8.2 instance that was updated for the first time:
login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Tue Jan 24 16:35:53 2017 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> sudo su - root
rsaadmin's password: <enter operating system password>
am81p:~ # sudo /usr/bin/freshclam
ClamAV update process started at Sun Dec 21 15:44:56 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.3 Recommended version: 0.98.5
DON'T PANIC! Read http://www.clamav.net/support/faq
Downloading main.cvd [100%]
main.cvd updated (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily.cvd [100%]
daily.cvd updated (version: 19815, sigs: 1294259, f-level: 63, builder: neo)
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 128.199.133.36): Operation now in progress
WARNING: Can't download bytecode.cvd from database.clamav.net
Trying again in 5 secs...
ClamAV update process started at Sun Dec 21 17:06:51 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.3 Recommended version: 0.98.5
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
WARNING: getfile: daily-19816.cdiff not found on remote server (IP: 150.214.142.197)
WARNING: getpatch: Can't download daily-19816.cdiff from database.clamav.net
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from database.clamav.net (IP: 65.19.179.67): Operation now in progress
WARNING: getpatch: Can't download daily-19816.cdiff from database.clamav.net
Downloading daily-19816.cdiff [100%]
daily.cld updated (version: 19816, sigs: 1294480, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 244, sigs: 44, f-level: 63, builder: dgoddard)
Database updated (3718749 signatures) from database.clamav.net (IP: 200.236.31.1)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd-socket: No such file or directory
rsaadmin@app81p:~>

This WARNING can be safely ignored:
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd-socket: No such file or directory

Attachments

    Outcomes