This page describes what to do in case of an Icinga alert. For more information you could search the govuk-puppet repo for the source of the alert

Warning This document has not been updated for a while now. It may be out of date.

Last updated: 5 Apr 2022

ClamAV definitions out of date

This could be because of a number of reasons. Check that the database is up to date by logging into a backend machine and calling the freshclam command directly with verbose:

$ gds govuk connect ssh -e production backend
$ freshclam -v

If it reports the virus databases are up to date then you may need to check the ClamAV virusdb archive to investigate.

If it can’t seem to download the updated definition files, with errors such as Ignoring mirror 130.59.113.36 (due to previous errors), it could be that all the mirrors available have been blacklisted. You can reset the blacklisted mirrors by deleting the file that stores them:

$ sudo rm /var/lib/clamav/mirrors.dat

After doing this, running freshclam -v as above may well work again.