This topic tells you how to update virus definitions on an Anti-Virus for VMware Tanzu mirror that is deployed by the Anti-Virus Mirror for VMware Tanzu tile.
The Anti-Virus Mirror for VMware Tanzu tile and the Anti-Virus for VMware Tanzu tile work together as follows:
The ClamAV community regularly updates virus definitions and publishes them to an external ClamAV database.
How these updated virus definitions propagate to the internal Anti-Virus Mirror that BOSH VMs use depends on whether your environment is running in an online or air-gapped network:
bosh scpto update them on the internal Anti-Virus mirror.
For more information and diagrams about this architecture, see How Virus Definitions Propagate to VMs.
The following sections describe both of these scenarios and explain how to manually update virus definitions on the internal Anti-Virus mirror.
To confirm that virus definitions are up to date on a given VM:
go-clam-tlslogs located at
/var/vcap/sys/log/antivirus/go-clam-tls.log. For more information, see go-clam-tls Log Messages.
When your environment runs on an online network, the Anti-Virus Mirror VM regularly checks the external ClamAV database every two hours.
When new virus definitions are present on the external database, Anti-Virus Mirror downloads them automatically.
Anti-Virus jobs use three virus definitions files,
bytecode.cvd. The internal Anti-Virus Mirror serves these three files to all Anti-Virus jobs in your environment.
To update the virus definitions:
Download the three virus definition files from the ClamAV virus database mirror or an equivalent external mirror. You can access the ClamAV mirror at the following URLs:
Copy your downloaded virus definition files to your Ops Manager VM.
scp -i PATH-TO-PRIVATE-KEY PATH-TO-CVD-FILE ... ubuntu@OPS-MANAGER-VM-IP:
$ scp -i ~/.ssh/my-key.pem ~/Downloads/main.cvd ~/Downloads/daily.cvd ~/Downloads/bytecode.cvd email@example.com:
SSH into the Ops Manager VM. For instructions, see Log in to the Ops Manager VM with SSH in the Ops Manager documentation.
Find the name of your Anti-Virus Mirror deployment by running:
bosh -e BOSH-ENVIRONMENT deployments | grep p-antivirus-mirror | cut -f1
$ bosh -e my-env deployments | grep p-antivirus-mirror | cut -f1
The deployment name starts with
p-antivirus-mirror- and is followed by a string of characters. For example:
Copy the virus definitions to your internal Anti-Virus Mirror by running:
bosh -e BOSH-ENVIRONMENT -d ANTIVIRUS-DEPLOYMENT-NAME scp /path/to/local/main.cvd /path/to/local/daily.cvd /path/to/local/bytecode.cvd :/var/vcap/data/antivirus-mirror/unvalidated
$ bosh -e my-env -d p-antivirus-mirror-4cb8cfbeee717258d72e scp main.cvd daily.cvd bytecode.cvd :/var/vcap/data/antivirus-mirror/unvalidated
Note If the CVD files being uploaded are too big,
clamd might start consuming them before the upload has finished. If this happens, you might receive log messages saying one of the CVD files could not be loaded. To workaround this issue, you can upload the CVD files to a temporary folder on the VM first, and after the upload is finished, move the files to
Verify that the mirror validated and updated its local copies of the virus definitions by running:
bosh -e BOSH-ENVIRONMENT -d ANTIVIRUS-DEPLOYMENT-NAME ssh -c "sudo cat FILE | grep \"updated /var/vcap/store\""
FILE is determined by the output destination configured in Anti-Virus Mirror Configuration of the Anti-Virus Mirror for VMware Tanzu tile. Use one of the following:
$ bosh -e my-env -d p-antivirus-mirror-4cb8cfbeee717258d72e ssh -c "sudo cat /var/log/syslog | grep \"updated /var/vcap/store\"" 2019/05/30 17:16:34 updated /var/vcap/store/antivirus-mirror/validated/bytecode.cvd 2019/05/30 17:16:40 updated /var/vcap/store/antivirus-mirror/validated/daily.cvd 2019/05/30 17:16:49 updated /var/vcap/store/antivirus-mirror/validated/main.cvd