FAQ: How does Sentry get ClamAV Virus Definition Updates

The Forum Sentry API Gateway includes on-board AntiVirus scanning of request and response documents passed through the system.  Sentry uses the ClamAV Engine for virus scanning.

This FAQ details how Sentry get the virus definition updates.


**Important note for Sentry software instances (not applicable to appliances)**  

With the Sentry software instances (not appliances) ClamAV is managed and run outside of Sentry. ClamAV is installed separately and Sentry hooks into it when it is running. With the Sentry software instances, the virus definition updates are done via the freshclam process, completely outside of Sentry.



The ClamAV engine ships with the Forum Sentry appliances, the engine can not be updated by Sentry administrators.  New versions of the engine are provided periodically with Sentry product upgrades.

There are 3 ClamAV definition files that can and should be updated by Sentry admins regularly.

main.cvd - not updated very often
daily.cvd - updated daily 
bytecode.cvd - updated more frequently than the main, but not daily


There are 2 methods of updating the ClamAV definition files used by the Sentry appliances - automatic updates or manual updates.

1. Automatic update. There are two options for automatic updates

(a) Automatic update from ClamAV web site via HTTP download. This requires that Sentry has internet access on port 80 to www.clamav.net

(b) HTTP Update via download from local web server. This is commonly used in environments where the Sentry instances don't have direct access to the internet. You would need a process that collects the files from the ClamAV site and stores them on an HTTP server that Sentry has access to. 

3. Manual update.
This entails downloading the files and manually uploading them to the appliance.

In the past, the 3 files required (main.cvd, daily.cvd, and bytecode.cvd) were all available on the main http://www.clamav.net web site.  ClamAV has recently changed their site and these 3 files are now available on the ClamAV Download page under the Virus Database section.



Note that Forum Systems does not manage these download locations and while unlikely, they could change at any time.



Have more questions? Submit a request


Article is closed for comments.