Implementing a quick and easy way to check from the Linux Desktop Environment if the ClamAV signatures database is up-to-date
April 27, 2021 Leave a comment
If you use ClamAV with the Freshclam daemon and your Linux installation does not hide the console output during boot, you might see a message similar to the following on the console briefly during boot if the signatures database has not been updated recently:
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days. ***
LibClamAV Warning: *** Please update it IMMEDIATELY! ***
LibClamAV Warning: **************************************************
This can happen for a number of reasons. The Freshclam daemon may not have been enabled, for example. Or you purposely configured your installation not to use the Freshclam daemon but forgot to run Freshclam manually (either from the command line or via ClamTk) during the past seven days to update the database. Or there is a problem with the Freshclam configuration or software installation itself. Or everything is configured correctly but you have not powered up the installation for over seven days. And so on.
This happened to me recently simply because I had forgotten to enable the Freshclam service in one of my Linux installations but had not noticed the error message on the console at boot. Anyway, I fixed it quickly and ran Freshclam from the command line to update the database. The database was very out-of-date and I had to run Freshclam several times – do not enter the sudo freshclam command more frequently than once per hour otherwise Cisco Systems’ ClamAV server will block you for several hours due to excessive use of their bandwidth – but I got everything working in the end.
If Freshclam is actually running, the situation with database updating can be checked by looking in the file /var/log/clamav/freshclam.log. However, as all my Linux machines use ClamAV I decided it would be worth adding a quicker way of checking on the database status that is easy to do from the Desktop. I created a Bash script which can be launched by double-clicking on an icon on the Desktop. It opens a terminal window and reports the current status of the ClamAV signatures database. The current status will depend on the frequency you update the database, so you would expect the database to be out of date briefly from time to time; there is nothing wrong with that. But if it consistently reports that the database is out of date longer than the update frequency specified in freshclam.conf (don’t forget to look in the system freshclam.conf file and, if it exists, the user freshclam.conf file) then further investigation would be warranted.
I created a Bash script ~/.clamav_db_up-to-date_check.sh containing the following:
#!/bin/bash
echo
echo "+--------------------------------------------------------------+"
echo "| Check if ClamAV database is up-to-date on this machine |"
echo "+--------------------------------------------------------------+"
((ping -w5 -c3 8.8.8.8 || ping -w5 -c3 4.2.2.1) > /dev/null 2>&1) && INTERNET="y" || (INTERNET="n")
if [ "$INTERNET" = "y" ]; then
echo
echo " ** Internet check for latest update available **"
echo
echo -n " Date update available: "
DNSLKUP=$( host -t txt current.cvd.clamav.net )
date -d @$( echo $DNSLKUP | awk '{ print $4 }' | awk -F ":" '{ print $4 }' )
echo
echo -n " Signatures version: "
RMTSIGV=$( echo $DNSLKUP | awk '{ print $4 }' | awk -F ":" '{ print $3 }' )
echo $RMTSIGV
else
echo
echo "** No connection to the Internet - Cannot check remote server **"
fi
echo
echo -n " Date when checked: "
date
echo
echo "----------------------------------------------------------------"
echo
echo " ** Currently installed on this machine **"
echo
CLAMINST=$( clamscan --version )
echo -n " Signatures version: "
LCLSIGV=$( echo $CLAMINST | awk -F "/" '{ print $2 }' )
echo $LCLSIGV
echo
echo -n " Date of signatures: "
echo $CLAMINST | awk -F "/" '{ print $3 }'
echo
echo -n " ClamAV version: "
echo $CLAMINST | awk -F "/" '{ print $1 }'
echo
echo "----------------------------------------------------------------"
echo
if [ "$INTERNET" = "y" ]; then
if [ "$LCLSIGV" = "$RMTSIGV" ]; then
echo " Same version of signatures as the latest on the remote server"
else
echo " Different version of signatures to latest on the remote server"
fi
fi
echo
read -p "Press any key to exit..." -n1 -s
exit
and made it executable:
user $ chmod +x ~/.clamav_db_up-to-date_check.sh
On a machine running Lubuntu 20.10 (LXQt Desktop Environment), I created the Desktop Configuration File ~/Desktop/ClamAV_DB_check.desktop containing the following:
[Desktop Entry] Name=ClamAV_DB_check GenericName=ClamAV_DB_check Comment=Check if ClamAV database is up-to-date Exec=qterminal -e '/home/fitzcarraldo/.clamav_db_up-to-date_check.sh' Type=Application Icon=/home/fitzcarraldo/Pictures/Icons/clamav-icon.png Terminal=false
I downloaded from the Web a nice ClamAV icon and specified it in the Desktop Configuration File.
I right-clicked on the icon on the Desktop and selected ‘Trust this executable’.
In my Gentoo Linux installations that use KDE, the Desktop Configuration File looks like this:
[Desktop Entry] Comment[en_GB]=Check if ClamAV database is up-to-date Comment=Check if ClamAV database is up-to-date Exec=konsole -e '/home/fitzcarraldo/.clamav_db_up-to-date_check.sh' GenericName[en_GB]=Run ClamAV DB check in Konsole GenericName=Run ClamAV DB check in Konsole Icon=/home/fitzcarraldo/Pictures/Icons/clamav-icon.png MimeType= Name[en_GB]=ClamAV_DB_check Name=ClamAV_DB_check Path= StartupNotify=true Terminal=true TerminalOptions= Type=Application X-DBUS-ServiceName= X-DBUS-StartupType=none X-KDE-SubstituteUID=false X-KDE-Username=
When I checked earlier today on one of my machines, the output of the script looked like this:
+--------------------------------------------------------------+
| Check if ClamAV database is up-to-date on this machine |
+--------------------------------------------------------------+
** Internet check for latest update available **
Date update available: Tue 27 Apr 12:29:00 BST 2021
Signatures version: 26153
Date when checked: Tue 27 Apr 12:52:49 BST 2021
----------------------------------------------------------------
** Currently installed on this machine **
Signatures version: 26152
Date of signatures: Mon Apr 26 12:04:28 2021
ClamAV version: ClamAV 0.103.2
----------------------------------------------------------------
Different version of signatures to latest on the remote server
Press any key to exit...
The next time I checked, roughly 50 minutes later, the output of the script then looked like this:
+--------------------------------------------------------------+
| Check if ClamAV database is up-to-date on this machine |
+--------------------------------------------------------------+
** Internet check for latest update available **
Date update available: Tue 27 Apr 12:29:00 BST 2021
Signatures version: 26153
Date when checked: Tue 27 Apr 13:41:38 BST 2021
----------------------------------------------------------------
** Currently installed on this machine **
Signatures version: 26153
Date of signatures: Tue Apr 27 12:09:27 2021
ClamAV version: ClamAV 0.103.2
----------------------------------------------------------------
Same version of signatures as the latest on the remote server
Press any key to exit...
As you can see, the signatures database had been updated automatically by Freshclam in the intervening period.
About Fitzcarraldo
Fitzcarraldo's Blog 