Is Your ClamAV Database Up To Date?

October 23rd, 2006 | Categories: DNS, Database, Nagios, Security | Tags:

ClamAV is the Open Source anti-virus scanner. The project publishes updates to the virus database periodically (currently several times a day!), and ClamAV checks to see if it is up to date, by querying the Domain Name Service, a technology I describe in some detail here.

Once in a while our freshclam hangs up, more often than not due to network issues. When that happens, freshclam leaves a lock which impedes subsequent freshclam processes from doing what they should. The result is that the clamd database goes stale.

This small plugin for Nagios's NRPE monitors the freshness of the database and signals a warning when the database and/or program version goes stale. It queries the TXT resource record for current.cvd.clamav.net and compares that to the output of clamscan -V.

#!/usr/bin/perl

use strict;

my %ERRORS = (
     'OK'=>0,
     'WARNING'=>1,
     'CRITICAL'=>2,
     'UNKNOWN'=>3,
     'DEPENDENT'=>4
     );

my ($cvd, $clam);;
chomp ($cvd = `host -t txt current.cvd.clamav.net`);
$cvd =~ s/[^"]+"//;
my ($engine, $a, $db, $rest) = split(/:/, $cvd);

chomp ($clam = `clamscan -V`);
$clam =~ s/\// /g;

my ($lengine, $ldb);
($a, $lengine, $ldb, $a) = split(/ /, $clam);

print "I:$engine/$db, L:$lengine/$ldb\n";
if (($engine eq $lengine) && ($db eq $ldb)) {
        exit $ERRORS{OK};
} else {
        exit $ERRORS{WARNING};
}

This program is terribly quick and dirty, but it works for me. Your mileage will vary of course, but helps to alert us when something goes wrong.

Leave a comment | Trackback
  1. Nahuel
    April 27th, 2009 at 21:00
    Reply | Quote | #1

    Hi, Do you know how to beat a virus that blocks all antivirus sites including microsoft ?? What do I do ??