On 23/06/13 23:10, Dennis Peterson wrote: > One 'stupid' question and another test. Do you have any host table > entries that can be confusing your resolver? > > Try running (via sudo or as root) > > strace -f freshclam >/tmp/freshclam.txt 2>&1 > > then post the result on your web page - it will be quite long and will > clutter the mail list.
http://www.sined.co.uk/tmp/freshclam.txt > You're not running any proxies so there should be no passwords in the > output, but check anyway before posting it on the web. What to look for > here are successful socket operations to external DNS servers. All > indications are there will be none, but it will help to see what is > going on in your stack. As I said before, I have two machines on the LAN, one (with dhcp) appears to update fine, the other with static ip doesn't. All the manual tests I try from the system that doesn't update seem to suggest it should be fine. DNS appears to resolve. I've just enabled apache reverse dns lookups for logging on the problem system, and a quick test suggests they're working. Here are the last few lines of the freshclam log from the good machine: Sun Jun 23 23:30:58 2013 -> -------------------------------------- Mon Jun 24 00:30:58 2013 -> Received signal: wake up Mon Jun 24 00:30:58 2013 -> ClamAV update process started at Mon Jun 24 00:30:58 2013 Mon Jun 24 00:30:58 2013 -> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Mon Jun 24 00:30:59 2013 -> Downloading daily-17402.cdiff [100%] Mon Jun 24 00:31:03 2013 -> daily.cld updated (version: 17402, sigs: 1363570, f-level: 63, builder: neo) Mon Jun 24 00:31:03 2013 -> bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo) Mon Jun 24 00:31:05 2013 -> Database updated (2407998 signatures) from db.local.clamav.net (IP: 62.245.181.53) Mon Jun 24 00:31:05 2013 -> -------------------------------------- Mon Jun 24 01:31:05 2013 -> Received signal: wake up Mon Jun 24 01:31:05 2013 -> ClamAV update process started at Mon Jun 24 01:31:05 2013 Mon Jun 24 01:31:05 2013 -> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) Mon Jun 24 01:31:05 2013 -> daily.cld is up to date (version: 17402, sigs: 1363570, f-level: 63, builder: neo) Mon Jun 24 01:31:05 2013 -> bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo) Mon Jun 24 01:31:07 2013 -> -------------------------------------- d Which to my mind tends to rule out any issues upstream of my lan router. Apache seems able to resolve dns just fine for it's log entries, and I can manually request the cvd files with wget on the problem machine (although at present I have the cld's copied from the good machine). > On 6/22/13 5:17:31PM, Denis McMahon wrote: >> On 22/06/13 20:43, Shawn Webb wrote: >>> What does your /etc/resolv.conf and /etc/nsswitch.conf look like? >> $ cat /etc/resolv.conf >> nameserver 8.8.8.8 >> nameserver 158.152.1.43 >> nameserver 192.168.1.254 >> >> $ cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages installed, >> try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: compat >> group: compat >> shadow: compat >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> $ >> >>> On Sat, Jun 22, 2013 at 2:01 PM, Denis McMahon >>> <[email protected]>wrote: >>> >>>> On 22/06/13 17:36, Dennis Peterson wrote: >>>>> On 6/22/13 9:08:48AM, Denis McMahon wrote: >>>>>> $ sudo find / -name mirrors.dat ..... nothing >>>>>> Rgds Denis >>>>> Show the output of these commands: >>>>> id clamav >>>>> ls -ld /var/lib/clamav >>>>> ls -l /var/lib/clamav/ >>>>> clamconf >>>> $ id clamav >>>> uid=107(clamav) gid=121(clamav) groups=121(clamav) >>>> $ ls -ld /var/lib/clamav >>>> drwxr-xr-x 2 clamav clamav 4096 Jun 22 18:54 /var/lib/clamav >>>> $ ls -l /var/lib/clamav/ >>>> total 0 >>>> $ clamconf >>>> Checking configuration files in /etc/clamav >>>> >>>> Config file: clamd.conf >>>> ----------------------- >>>> LogFile = "/var/log/clamav/clamav.log" >>>> LogFileUnlock disabled >>>> LogFileMaxSize = "4294967295" >>>> LogTime = "yes" >>>> LogClean disabled >>>> LogSyslog disabled >>>> LogFacility = "LOG_LOCAL6" >>>> LogVerbose disabled >>>> ExtendedDetectionInfo = "yes" >>>> PidFile = "/var/run/clamav/clamd.pid" >>>> TemporaryDirectory disabled >>>> DatabaseDirectory = "/var/lib/clamav" >>>> OfficialDatabaseOnly disabled >>>> LocalSocket = "/var/run/clamav/clamd.ctl" >>>> LocalSocketGroup = "clamav" >>>> LocalSocketMode = "666" >>>> FixStaleSocket = "yes" >>>> TCPSocket disabled >>>> TCPAddr disabled >>>> MaxConnectionQueueLength = "15" >>>> StreamMaxLength = "26214400" >>>> StreamMinPort = "1024" >>>> StreamMaxPort = "2048" >>>> MaxThreads = "12" >>>> ReadTimeout = "180" >>>> CommandReadTimeout = "5" >>>> SendBufTimeout = "200" >>>> MaxQueue = "100" >>>> IdleTimeout = "30" >>>> ExcludePath disabled >>>> MaxDirectoryRecursion = "15" >>>> FollowDirectorySymlinks disabled >>>> FollowFileSymlinks disabled >>>> CrossFilesystems = "yes" >>>> SelfCheck = "3600" >>>> VirusEvent disabled >>>> ExitOnOOM disabled >>>> Foreground disabled >>>> Debug disabled >>>> LeaveTemporaryFiles disabled >>>> User = "clamav" >>>> AllowSupplementaryGroups = "yes" >>>> Bytecode = "yes" >>>> BytecodeSecurity = "TrustSigned" >>>> BytecodeTimeout = "60000" >>>> BytecodeUnsigned disabled >>>> BytecodeMode = "Auto" >>>> DetectPUA disabled >>>> ExcludePUA disabled >>>> IncludePUA disabled >>>> AlgorithmicDetection = "yes" >>>> ScanPE = "yes" >>>> ScanELF = "yes" >>>> DetectBrokenExecutables disabled >>>> ScanMail = "yes" >>>> ScanPartialMessages disabled >>>> PhishingSignatures = "yes" >>>> PhishingScanURLs = "yes" >>>> PhishingAlwaysBlockCloak disabled >>>> PhishingAlwaysBlockSSLMismatch disabled >>>> HeuristicScanPrecedence disabled >>>> StructuredDataDetection disabled >>>> StructuredMinCreditCardCount = "3" >>>> StructuredMinSSNCount = "3" >>>> StructuredSSNFormatNormal = "yes" >>>> StructuredSSNFormatStripped disabled >>>> ScanHTML = "yes" >>>> ScanOLE2 = "yes" >>>> OLE2BlockMacros disabled >>>> ScanPDF = "yes" >>>> ScanArchive = "yes" >>>> ArchiveBlockEncrypted disabled >>>> MaxScanSize = "104857600" >>>> MaxFileSize = "26214400" >>>> MaxRecursion = "16" >>>> MaxFiles = "10000" >>>> ClamAuth disabled >>>> ClamukoScanOnAccess disabled >>>> ClamukoScannerCount = "3" >>>> ClamukoScanOnOpen disabled >>>> ClamukoScanOnClose disabled >>>> ClamukoScanOnExec disabled >>>> ClamukoIncludePath disabled >>>> ClamukoExcludePath disabled >>>> ClamukoExcludeUID disabled >>>> ClamukoMaxFileSize = "5242880" >>>> DevACOnly disabled >>>> DevACDepth disabled >>>> DevLiblog disabled >>>> >>>> Config file: freshclam.conf >>>> --------------------------- >>>> LogFileMaxSize = "4294967295" >>>> LogTime = "yes" >>>> LogSyslog disabled >>>> LogFacility = "LOG_LOCAL6" >>>> LogVerbose disabled >>>> PidFile = "/var/run/clamav/freshclam.pid" >>>> DatabaseDirectory = "/var/lib/clamav" >>>> Foreground disabled >>>> Debug disabled >>>> AllowSupplementaryGroups disabled >>>> UpdateLogFile = "/var/log/clamav/freshclam.log" >>>> DatabaseOwner = "clamav" >>>> Checks = "24" >>>> DNSDatabaseInfo = "current.cvd.clamav.net" >>>> DatabaseMirror = "db.local.clamav.net", "database.clamav.net" >>>> MaxAttempts = "5" >>>> ScriptedUpdates = "yes" >>>> TestDatabases = "yes" >>>> CompressLocalDatabase disabled >>>> ExtraDatabase disabled >>>> DatabaseCustomURL disabled >>>> HTTPProxyServer disabled >>>> HTTPProxyPort disabled >>>> HTTPProxyUsername disabled >>>> HTTPProxyPassword disabled >>>> HTTPUserAgent disabled >>>> NotifyClamd = "/etc/clamav/clamd.conf" >>>> OnUpdateExecute disabled >>>> OnErrorExecute disabled >>>> OnOutdatedExecute disabled >>>> LocalIPAddress disabled >>>> ConnectTimeout = "30" >>>> ReceiveTimeout = "30" >>>> SubmitDetectionStats disabled >>>> DetectionStatsCountry disabled >>>> DetectionStatsHostID disabled >>>> SafeBrowsing disabled >>>> Bytecode = "yes" >>>> >>>> clamav-milter.conf not found >>>> >>>> Software settings >>>> ----------------- >>>> Version: 0.97.8 >>>> Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 >>>> BZIP2 RAR JIT >>>> >>>> Database information >>>> -------------------- >>>> Database directory: /var/lib/clamav >>>> Total number of signatures: 0 >>>> >>>> Platform information >>>> -------------------- >>>> uname: Linux 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:45:16 UTC >>>> 2013 >>>> i686 >>>> OS: linux-gnu, ARCH: i386, CPU: i686 >>>> Full OS version: Ubuntu 12.04.2 LTS >>>> zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55 >>>> Triple: i386-pc-linux-gnu >>>> CPU: athlon-tbird, Little-endian >>>> platform id: 0x0a1145450404060301040603 >>>> >>>> Build information >>>> ----------------- >>>> GNU C: 4.6.3 (4.6.3) >>>> GNU C++: 4.6.3 (4.6.3) >>>> CPPFLAGS: -D_FORTIFY_SOURCE=2 >>>> CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat >>>> -Wformat-security -Werror=format-security -Wall >>>> CXXFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat >>>> -Wformat-security -Werror=format-security -Wall >>>> LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro >>>> Configure: 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 >>>> -Wformat -Wformat-security -Werror=format-security -Wall' >>>> 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector >>>> --param=ssp-buffer-size=4 -Wformat -Wformat-security >>>> -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions >>>> -Wl,-z,relro' '--build=i686-linux-gnu' '--prefix=/usr' >>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info' >>>> '--disable-clamav' >>>> '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav' >>>> '--enable-milter' '--disable-clamuko' '--with-gnu-ld' >>>> '--enable-dns-fix' >>>> '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath' >>>> '--without-included-ltdl' 'build_alias=i686-linux-gnu' >>>> sizeof(void*) = 4 >>>> Engine flevel: 69, dconf: 69 >>>> $ >>>> >>>> Note - I could copy bytecode.cld daily.cld main.cld mirrors.dat >>>> across from another system on the lan, but I figure it would be better >>>> to try and solve the problem rather than patch round it? >>>> >>>> Rgds >>>> >>>> Denis >>>> >>>> >>>> _______________________________________________ >>>> Help us build a comprehensive ClamAV guide: visit >>>> http://wiki.clamav.net >>>> http://www.clamav.net/support/ml >>>> >>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >>> http://www.clamav.net/support/ml >>> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
