Updating Virus Definitions on an Anti-Virus Mirror
Note: Pivotal Platform is now part of VMware Tanzu. In v2.2 and later, Pivotal Anti-Virus is named Anti-Virus for VMware Tanzu.
Page last updated:
This topic describes how to update virus definitions on an Anti-Virus for VMware Tanzu mirror that is deployed by the Anti-Virus Mirror for VMware Tanzu tile.
The Anti-Virus Mirror for VMware Tanzu tile and the Anti-Virus for VMware Tanzu tile work together as follows:
- The Anti-Virus for VMware Tanzu tile runs Anti-Virus on all BOSH VMs by adding it to the BOSH runtime config.
- The Anti-Virus Mirror for VMware Tanzu tile creates an internal mirror that is used by the ClamAV components running on BOSH VMs.
Overview
The ClamAV community regularly updates virus definitions and publishes them to an external ClamAV database.
How these updated virus definitions propagate to the internal Anti-Virus Mirror that BOSH VMs use depends on whether your environment is running in an online or air-gapped network:
- Online Network: The Anti-Virus Mirror updates its virus definitions automatically.
- Air-gapped Network: An operator must manually download new virus definitions
and run
bosh scp
to update them on the internal Anti-Virus mirror.
For more information and diagrams about this architecture, see How Virus Definitions Propagate to VMs.
The following sections describe both of these scenarios and explain how to manually update virus definitions on the internal Anti-Virus mirror.
Verify That Your Virus Definitions Are Up to Date
To confirm that virus definitions are up to date on a given VM:
- BOSH SSH on to the VM.
- View the
go-clam-tls
logs located at/var/vcap/sys/log/antivirus/go-clam-tls.log
. For more information, see go-clam-tls Log Messages.
Automatic Updates with Online Networks
When your environment runs on an online network, the Anti-Virus Mirror VM regularly checks the external ClamAV database every two hours.
When new virus definitions are present on the external database, Anti-Virus Mirror downloads them automatically.
Manually Update on an Air-gapped Network
Anti-Virus jobs use three virus definitions files, main.cvd
, daily.cvd
, and bytecode.cvd
.
The internal Anti-Virus Mirror serves these three files to all
Anti-Virus jobs in your environment.
To update the virus definitions:
Download the three virus definition files from the ClamAV virus database mirror or an equivalent external mirror. You can access the ClamAV mirror at the the following URLs:
Copy your downloaded virus definition files to your Ops Manager VM.
scp -i PATH-TO-PRIVATE-KEY PATH-TO-CVD-FILE ... ubuntu@OPS-MANAGER-VM-IP:
For example:
$ scp -i ~/.ssh/my-key.pem ~/Downloads/main.cvd ~/Downloads/daily.cvd ~/Downloads/bytecode.cvd ubuntu@192.168.0.2:
SSH into the Ops Manager VM. For instructions, see Log in to the Ops Manager VM with SSH.
Find the name of your Anti-Virus Mirror deployment by running:
bosh -e BOSH-ENVIRONMENT deployments | grep p-antivirus-mirror | cut -f1
For example:
$ bosh -e my-env deployments | grep p-antivirus-mirror | cut -f1
The deployment name starts with
p-antivirus-mirror-
and is followed by a string of characters. For example:$ p-antivirus-mirror-08815ca5ead252c4b8d8
Copy the virus definitions to your internal Anti-Virus Mirror by running:
bosh -e BOSH-ENVIRONMENT -d ANTIVIRUS-DEPLOYMENT-NAME scp /path/to/local/main.cvd /path/to/local/daily.cvd /path/to/local/bytecode.cvd :/var/vcap/data/antivirus-mirror/unvalidated
For example:
$ bosh -e my-env -d p-antivirus-mirror-4cb8cfbeee717258d72e scp main.cvd daily.cvd bytecode.cvd :/var/vcap/data/antivirus-mirror/unvalidated
Verify that the mirror validated and updated its local copies of the virus definitions by running:
bosh -e BOSH-ENVIRONMENT -d ANTIVIRUS-DEPLOYMENT-NAME ssh -c "sudo cat FILE | grep \"updated /var/vcap/store\""
Where
FILE
is determined by the output destination configured in Anti-Virus Mirror Configuration of the Anti-Virus Mirror for VMware Tanzu tile. Use one of these:/var/vcap/sys/log/antivirus-mirror/antivirus-mirror.stdout.log
for stdout/var/vcap/sys/log/antivirus-mirror/antivirus-mirror.stderr.log
for stderr/var/log/syslog
for syslog
For example:
$ bosh -e my-env -d p-antivirus-mirror-4cb8cfbeee717258d72e ssh -c "sudo cat /var/log/syslog | grep \"updated /var/vcap/store\"" 2019/05/30 17:16:34 updated /var/vcap/store/antivirus-mirror/validated/bytecode.cvd 2019/05/30 17:16:40 updated /var/vcap/store/antivirus-mirror/validated/daily.cvd 2019/05/30 17:16:49 updated /var/vcap/store/antivirus-mirror/validated/main.cvd