Update Virus Signatures for Postfix

It is important to understand how to manually update virus signatures in case you do not have access to an update automatically from the Internet using Freshclam.

Manually Update Signatures
The signatures are kept in /var/clamav and they are owned by clamav, so it is important to make sure the permissions are correct once you have updated.
Download the main.cvd and daily.cvd, which make up the signatures.  Securely copy them to the /var/clamav directory on your server.

scp *.cvd root@server_ipaddress:/var/clamav

Once the files are copied to the server you should still see these permissions:

ls -la /var/clamav
total 7192
drwxr-xr-x  2 clamav clamav   4096 Nov  5 23:16 .
drwxr-xr-x  19 root    root         4096 Nov 18 12:56 ..
-rw-r—r–   1 clamav clamav     409929 Nov 18 14:32 daily.cvd
-rw-r—r–  1 clamav clamav      6924820 Nov 18 14:35 main.cvd

Freshclam Updates

Edit your /etc/crontab file to add an entry so that freshclam will look for updates every 39 minutes after each hour.  The unusual time just helps freshclam to look for updates when the load is less on the ClamAv servers.

Here is the /etc/crontab file:
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
37 * * * * root run-parts /etc/cron.hourly
19 0 * * * root run-parts /etc/cron.daily
22 5 * * 0 root run-parts /etc/cron.weekly
12 5 13 * * root run-parts /etc/cron.monthly

# Run CLamAv Updates with Freshclam
39 * * * * root /usr/bin/freshclam

freshclam.conf
Comment out example!
This file is found in /etc/freshclam.conf
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
## This file may be optionally merged with clamd.conf.
##

# Comment or remove the line below.
#Example

# Path to the database directory.
# WARNING: It must match clamd.conf’s directive!
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/clamav

# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log

# Enable verbose logging.
# Default: disabled
#LogVerbose

# Use system logger (can work together with UpdateLogFile).
# Default: disabled
#LogSyslog

# Specify the type of syslog messages – please refer to ‘man syslog’
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# This option allows you to save the process identifier of the daemon
# Default: disabled
PidFile /var/run/clamav/freshclam.pid

# By default when started freshclam drops privileges and switches to the
# “clamav” user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
DatabaseOwner clamav

# Initialize supplementary group access (freshclam must be started by root).
# Default: disabled
#AllowSupplementaryGroups

# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# Default: enabled, pointing to current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net

# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default, which results in an error when running freshclam”/etc/freshclam.conf”
#DatabaseMirror db.XY.clamav.net

# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It’s used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror db.local.clamav.net
DatabaseMirror db.local.clamav.net

# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5

# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24

# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS’es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd

# Send the RELOAD command to clamd.
# Default: disabled
#NotifyClamd
# By default it uses the hardcoded configuration file but you can force an
# another one.
NotifyClamd /etc/clamd.conf

# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command

# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command

# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command

# Don’t fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

# Timeout in seconds when connecting to the database server.
# Default: 30
#ConnectTimeout 60

# Timeout in seconds when reading from the database server.
# Default: 30
#ReceiveTimeout 60

Freshclam Log Creation
One of the most important aspects of any antivirus program is that the signatures are current.  Freshclam provides that service.  It is important to set up the log file correctly so that you may verify that freshclam is working.

The default location for the log file is here:
/var/log/clamav/freshclam.log

Check that log file for verification that the signatures are being updated.