Warning, this is longer than I intended. and "updates.blah.com" is a replacement for my real machine name.
I am trying to use a local ClamAV-DB mirror, I've put in place the clamdownloader.pl, which works a treat, once I added a couple CPAN modules to my machine. I've also got a local webserver, responding to "updates.blah.com" with all the proper files in the DocumentRoot: [public]# ls -l *cvd *cdiff *txt -rw-r--r-- 1 root root 59212 Nov 16 12:15 bytecode.cvd -rw-r--r-- 1 root root 901 Nov 17 15:41 daily-15587.cdiff -rw-r--r-- 1 root root 1308 Nov 17 17:58 daily-15588.cdiff -rw-r--r-- 1 root root 776 Nov 17 19:22 daily-15589.cdiff -rw-r--r-- 1 root root 776 Nov 17 19:38 daily-15590.cdiff -rw-r--r-- 1 root root 777 Nov 17 20:19 daily-15591.cdiff -rw-r--r-- 1 root root 774 Nov 17 20:39 daily-15592.cdiff -rw-r--r-- 1 root root 1303 Nov 17 22:04 daily-15593.cdiff -rw-r--r-- 1 root root 1077 Nov 18 13:07 daily-15594.cdiff -rw-r--r-- 1 root root 897 Nov 18 14:47 daily-15595.cdiff -rw-r--r-- 1 root root 1505 Nov 18 18:41 daily-15596.cdiff -rw-r--r-- 1 root root 1086 Nov 18 21:19 daily-15597.cdiff -rw-r--r-- 1 root root 5773 Nov 19 07:25 daily-15598.cdiff -rw-r--r-- 1 root root 1139 Nov 19 11:42 daily-15599.cdiff -rw-r--r-- 1 root root 977 Nov 19 12:26 daily-15600.cdiff -rw-r--r-- 1 root root 1104 Nov 19 12:49 daily-15601.cdiff -rw-r--r-- 1 root root 1251 Nov 19 14:29 daily-15602.cdiff -rw-r--r-- 1 root root 1150 Nov 19 19:30 daily-15603.cdiff -rw-r--r-- 1 root root 6823485 Nov 19 19:30 daily.cvd -rw-r--r-- 1 root root 41 Nov 20 07:52 dns.txt -rw-r--r-- 1 root root 30750647 Oct 11 2011 main.cvd I can do a "curl" or "wget" of all these files WITHOUT issue. I can also look at the DocumentRoot Automatic Index provided by Apache. I should also mention this same vhost operates as my local mirrors for CentOSv4/v5/v6 and RPMForge for el4/el5/el6, does so without ANY issue. Rrunning "Freshclam" to get daily.cvd and bytecode.cvd: [clamav]# pwd /var/clamav [clamav]# freshclam ClamAV update process started at Tue Nov 20 12:07:56 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: Can't download daily.cvd from updates.blah.com Trying again in 5 secs... ClamAV update process started at Tue Nov 20 12:08:01 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: Can't download daily.cvd from updates.blah.com Trying again in 5 secs... ClamAV update process started at Tue Nov 20 12:08:06 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) ERROR: Can't download daily.cvd from updates.blah.com Giving up on updates.blah.com Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. Now I can very easily make a script that just brute forces the updates shortly after I update the local mirror. I'd prefer not to, since that defeats the automaticness of things. The problems are, that I do not even see the http requests from Freshclam in the logs or in tcpdump to the machine I am hosting the "webserver" on. I DO see the requests using either curl or wget, so accessing the files is not the issue. Currently I run ClamAV/ClamD on CentOS v4/v5/v6 machines without issues and they are all on current versions, getting updates from the public mirrors. I am currently being forced to mirror all updates and external data on a local system, due to PCI Compliance auditing and need to get this working. Here are the versions being run, I'm running multiples of these, but have only chosen one machine of each version to get this working: CentOSv4: clamav-db-0.97.6-1.el4.rf clamd-0.97.6-1.el4.rf clamav-0.97.6-1.el4.rf CentOSv5: clamav-db-0.97.6-1.el5.rf clamav-0.97.6-1.el5.rf clamd-0.97.6-1.el5.rf CentOSv6: clamd-0.97.6-1.el6.rf clamav-db-0.97.6-1.el6.rf clamav-0.97.6-1.el6.rf Now, in my freshclam.conf on the clients I need to be locally updated, I've tried: DatabaseMirror updates.blah.com ScriptedUpdates no And All I get are errors similar to this in the automated cron run setup: ClamAV update process started at Tue Nov 20 04:02:07 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from updates.blah.com Trying again in 5 secs... ClamAV update process started at Tue Nov 20 04:02:13 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: Incremental update failed, trying to download daily.cvd WARNING: Can't download daily.cvd from updates.blah.com Trying again in 5 secs... ClamAV update process started at Tue Nov 20 04:02:19 2012 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: getpatch: Can't download daily-15603.cdiff from updates.blah.com ERROR: getpatch: Can't download daily-15603.cdiff from updates.blah.com WARNING: Incremental update failed, trying to download daily.cvd ERROR: Can't download daily.cvd from updates.blah.com Giving up on updates.blah.com... Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. Again, I'm not even seeing freshclam http requests going to my local webserver. Pointer to the fix or a pointer to the exact location in TFM would be great. Cheers and Thanks! -- greg folkert - systems administration and support web: donor.com email: [email protected] phone: 877-751-3300 x416 direct: 616-328-6449 (direct dial and fax) "It takes a great man to be a good listener." -- Calvin Coolidge _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
