FAQ: ClamAV Virus Definition Updates Via HTTP

Description

Due to recent changes (March of 2021) to the ClamAV virus definition hosting site, automatic virus definition updates may fail in Sentry when using the "HTTP Update" update mode and referencing the ClamAV virus definition site (http://database.clamav.net/).

The ClamAV virus definition site has implemented a User-Agent check which allows certain User-Agents to download the virus definition. The current User-Agent sent from Sentry - Forum Sentry - is not allowed and subsequently virus definitions using these settings fail. 

 

 

mceclip0.png

 

Workarounds

Current workarounds for this issue include the following:

  • Use the "Clam AV Engine" update mode in Sentry instead of the "HTTP Update" option.
  • Manually apply virus update definition files.
  • Set up an internal web server and script obtaining the definition files from ClamAV. Then configure Sentry to auto-update using HTTP from this internal webserver.

 

Resolution

An update has been made to Sentry to allow HTTP automatic updates from http://database.clamav to work. The update will be available in the GA version of Sentry (ETA May 2021). Please contact Forum Systems Support to be notified when the release is available.

0 Comments

Article is closed for comments.