FAQ: How does Sentry get ClamAV Virus Definition Updates

The Forum Sentry API Gateway includes on-board AntiVirus scanning of request and response documents passed through the system.  Sentry uses the ClamAV Engine for virus scanning.

This FAQ details how Sentry get the virus definition updates.


**Important note for Sentry software instances (not applicable to appliances)**  

With the Sentry software instances (not appliances) ClamAV is managed and run outside of Sentry. ClamAV is installed separately and Sentry hooks into it when it is running. With the Sentry software instances, the virus definition updates are done via the freshclam process, completely outside of Sentry.



The ClamAV engine is included in the ForumOS operating system (hardware, VMware OVA, and AWS AMI types). The engine can not be updated by Sentry administrators.  New versions of the engine are provided periodically with Sentry product upgrades.

There are 3 ClamAV definition files that can and should be updated regularly.

main.cvd - not updated very often
daily.cvd - updated daily 
bytecode.cvd - updated more frequently than the main, but not daily


There are 2 methods of updating the ClamAV definition files used by the Sentry appliances - automatic updates or manual updates.

1. Automatic update. There are two options for automatic updates

(a) Automatic update from ClamAV web site via HTTP download. This requires that Sentry has internet access on port 80 to database.clamav.net. 

(b) HTTP Update via download from local web server. This is commonly used in environments where the Sentry instances don't have direct access to the internet. You would need a process that collects the files from the ClamAV site and stores them on an HTTP server that Sentry has access to. 


2. Manual update. This process includes downloading the files and manually uploading them to the appliance.

The 3 files required (main.cvd, daily.cvd, and bytecode.cvd) are available on the ClamAV web site. 


Note that Forum Systems does not manage these download locations and while unlikely, they could change at any time.




Article is closed for comments.