Updating Virus Definitions on an Anti-Virus Mirror
Note: Pivotal Platform is now part of VMware Tanzu. In v2.2 and later, Pivotal Anti-Virus is named Anti-Virus for VMware Tanzu.
Page last updated:
This topic describes how to update virus definitions on an Anti-Virus for VMware Tanzu mirror that is deployed by the Anti-Virus Mirror for VMware Tanzu tile.
The Anti-Virus Mirror for VMware Tanzu tile and the Anti-Virus for VMware Tanzu tile work together as follows:
- The Anti-Virus for VMware Tanzu tile runs Anti-Virus on all BOSH VMs by adding it to the BOSH runtime config.
- The Anti-Virus Mirror for VMware Tanzu tile creates an internal mirror that is used by the ClamAV components running on BOSH VMs.
The ClamAV community regularly updates virus definitions and publishes them to an external ClamAV database.
How these updated virus definitions propagate to the internal Anti-Virus Mirror that BOSH VMs use depends on whether your environment is running in an online or air-gapped network:
- Online Network: The Anti-Virus Mirror updates its virus definitions automatically.
- Air-gapped Network: An operator must manually download new virus definitions
bosh scpto update them on the internal Anti-Virus mirror.
For more information and diagrams about this architecture, see How Virus Definitions Propagate to VMs.
The following sections describe both of these scenarios and explain how to manually update virus definitions on the internal Anti-Virus mirror.
To confirm that virus definitions are up to date on a given VM:
- BOSH SSH on to the VM.
- View the
go-clam-tlslogs located at
/var/vcap/sys/log/antivirus/go-clam-tls.log. For more information, see go-clam-tls Log Messages.
When your environment runs on an online network, the Anti-Virus Mirror VM regularly checks the external ClamAV database every two hours.
When new virus definitions are present on the external database, Anti-Virus Mirror downloads them automatically.
Anti-Virus jobs use three virus definitions files,
The internal Anti-Virus Mirror serves these three files to all
Anti-Virus jobs in your environment.
To update the virus definitions:
Download the three virus definition files from the ClamAV virus database mirror or an equivalent external mirror. You can access the ClamAV mirror at the the following URLs:
Copy your downloaded virus definition files to your Ops Manager VM.
scp -i PATH-TO-PRIVATE-KEY PATH-TO-CVD-FILE ... ubuntu@OPS-MANAGER-VM-IP:
$ scp -i ~/.ssh/my-key.pem ~/Downloads/main.cvd ~/Downloads/daily.cvd ~/Downloads/bytecode.cvd email@example.com:
SSH into the Ops Manager VM. For instructions, see Log in to the Ops Manager VM with SSH.
Find the name of your Anti-Virus Mirror deployment by running:
bosh -e BOSH-ENVIRONMENT deployments | grep p-antivirus-mirror | cut -f1
$ bosh -e my-env deployments | grep p-antivirus-mirror | cut -f1
The deployment name starts with
p-antivirus-mirror-and is followed by a string of characters. For example:
Copy the virus definitions to your internal Anti-Virus Mirror by running:
bosh -e BOSH-ENVIRONMENT -d ANTIVIRUS-DEPLOYMENT-NAME scp /path/to/local/main.cvd /path/to/local/daily.cvd /path/to/local/bytecode.cvd :/var/vcap/data/antivirus-mirror/unvalidated
$ bosh -e my-env -d p-antivirus-mirror-4cb8cfbeee717258d72e scp main.cvd daily.cvd bytecode.cvd :/var/vcap/data/antivirus-mirror/unvalidated
Verify that the mirror validated and updated its local copies of the virus definitions by running:
bosh -e BOSH-ENVIRONMENT -d ANTIVIRUS-DEPLOYMENT-NAME ssh -c "sudo cat FILE | grep \"updated /var/vcap/store\""
FILEis determined by the output destination configured in Anti-Virus Mirror Configuration of the Anti-Virus Mirror for VMware Tanzu tile. Use one of these:
$ bosh -e my-env -d p-antivirus-mirror-4cb8cfbeee717258d72e ssh -c "sudo cat /var/log/syslog | grep \"updated /var/vcap/store\"" 2019/05/30 17:16:34 updated /var/vcap/store/antivirus-mirror/validated/bytecode.cvd 2019/05/30 17:16:40 updated /var/vcap/store/antivirus-mirror/validated/daily.cvd 2019/05/30 17:16:49 updated /var/vcap/store/antivirus-mirror/validated/main.cvd