Re: [clamav-users] daily.cvd out of date?

[Steve Brazill]

At least 2 of the sites referenced by the "db.local.clamav.net" IP pool, are 
not responding (this morning), and my "wget" of the files last weekend, failed 
with ('emeksensin.com' does 'not' resolve to any of the IP's in the DNS 'pool') 
:
** Initiating File Download Process **Sun Mar 22 08:55:01 PDT 
2015http://emeksensin.com/main.cvd:2015-03-22 08:55:02 ERROR 407: Proxy 
Authentication Required.http://emeksensin.com/daily.cvd:2015-03-22 08:55:02 
ERROR 407: Proxy Authentication 
Required.http://emeksensin.com/bytecode.cvd:2015-03-22 08:55:02 ERROR 407: 
Proxy Authentication Required.http://emeksensin.com/safebrowsing.cvd:2015-03-22 
08:55:02 ERROR 407: Proxy Authentication Required.Sun Mar 22 08:55:02 PDT 
2015** File Download Process Completed **

> nslookup emeksensin.comNon-authoritative answer:Name: emeksensin.comAddress: 
> 78.46.82.212

> nslookup db.local.clamav.netNon-authoritative answer:db.local.clamav.net 
> canonical name = db.us.rr.clamav.net.Name: db.us.rr.clamav.netAddress: 
> 209.198.147.20Name: db.us.rr.clamav.netAddress: 66.18.18.59Name: 
> db.us.rr.clamav.netAddress: 78.46.84.244Name: db.us.rr.clamav.netAddress: 
> 150.214.142.197Name: db.us.rr.clamav.netAddress: 194.186.47.19Name: 
> db.us.rr.clamav.netAddress: 200.236.31.1

On Monday 16 March 2015 18:59:30 Al Varnell wrote:> It would certainly seem so. 
A few users either prefer or must disable> scripted updates and download the 
full daily.cvd each time. I would have> to guess the major reason is to provide 
a local mirror to service a> network of computers, all using ClamAV®. In those 
cases they rely on the> daily.cvd being up-to-date with the latest releases 
included. I don’t> know what method the mirror network uses to make sure all 
servers are in> sync, but something must have failed with regard to 
150.214.142.197.> > -Al-> > On Mon, Mar 16, 2015 at 06:04PM, Gene Heskett 
wrote:> > On Monday 16 March 2015 12:46:56 Al Varnell wrote:> >> daily.cvd is 
compressed to save time and bandwidth when you need the> >> entire daily 
database downloaded. If you use scripted update> >> (default) then it’s 
decompressed to become daily.cld and each> >> daily.cdiff is then added to it. 
So yes, at any given point in time> >> for the same version number, they are 
the same thing, but different> >> sizes.> >> > I see, so I won't waste the 
effort to add it to the freshclam refresh.> >> > Thank you. But I have to 
assume the Original Posters problem still> > exists as his is not being 
refreshed.> >> > Any SWAG's?> >> > Thanks Al.> >> >> -Al—> >>> >> On Mon, Mar 
16, 2015 at 08:16AM, Gene Heskett wrote:> >>> On Monday 16 March 2015 09:14:36 
Joel Esler (jesler) wrote:> >>>> David,> >>>>> >>>> I forwarded this on to the 
ops team for a look.> >>>> >>> I cannot prove its the same address Joel, my 
expiry rules clean up> >>> this folder in about 30 day but this looks like a 
previous such> >>> request that has been made before, possibly more than once 
before.> >>> So please follow up, get a report back and put it on the list so 
we> >>> know its been done.> >>>> >>> FWIW, I just ran that command, and then 
stat'd the file, which does> >>> not reside anywhere in my install as my 
/var/lib/clamav only> >>> contains .cld's except for main.cvd.> >>>> >>> I 
got:> >>> gene@coyote:~$ stat daily.cvd> >>> File: `daily.cvd'> >>> Size: 
33765882 Blocks: 65952 IO Block: 4096 regular file> >>> Device: 801h/2049d 
Inode: 57696146 Links: 1> >>> Access: (0644/-rw-r--r--) Uid: ( 1000/ gene) Gid: 
( 1000/> >>> gene) Access: 2015-03-16 10:57:16.000000000 -0400> >>> Modify: 
2015-03-15 16:28:00.000000000 -0400> >>> Change: 2015-03-16 10:57:16.137624052 
-0400> >>> Birth: -> >>>> >>> Which freshclam is not servicing so I put it in 
/var/lib /clamav as> >>> follows.> >>>> >>> gene@coyote:~$ sudo cp daily.cvd 
/var/lib/clamav/daily.cvd> >>> gene@coyote:~$ ls -l /var/lib/clamav> >>> total 
180848> >>> -rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld> >>> 
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld> >>> -rw-r--r-- 1 
root root 33765882 Mar 16 11:02 daily.cvd> >>> -rw-r----- 1 clamav clamav 45334 
Mar 16 09:37 freshclam.log> >>> -rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 
main.cvd> >>> -rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat> >>> 
gene@coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd> >>> 
gene@coyote:~$ ls -l /var/lib/clamav> >>> total 180848> >>> -rw-r--r-- 1 clamav 
clamav 346624 Feb 27 15:32 bytecode.cld> >>> -rw-r--r-- 1 clamav clamav 
86291456 Mar 15 17:30 daily.cld> >>> -rw-r--r-- 1 clamav clamav 33765882 Mar 16 
11:02 daily.cvd> >>> -rw-r----- 1 clamav clamav 45334 Mar 16 09:37 
freshclam.log> >>> -rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd> 
>>> -rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat> >>> gene@coyote:~$ 
sudo less /var/lib/clamav/freshclam.log> >>>> >>> Is something broken in my 
freshclam configuration, or is the> >>> daily.cld the same thing?> >>>> >>> A 
curious user here.> >>>> >>>> --> >>>> Joel Esler> >>>> Open Source Manager> 
>>>> Threat Intelligence Team Lead> >>>> Talos Group> >>>>> >>>> On Mar 16, 
2015, at 8:51 AM, Smith, David> >>>> <drsm...@fsu.edu<mailto:drsm...@fsu.edu>> 
wrote:> >>>>> >>>> Jason,> >>>> Can you PLEASE pull mirror 150.214.142.197 out 
of your lists???> >>>> Note the modify date on the daily.cvd> >>>>> >>>> 
[root@rhn cron]# wget http://150.214.142.197/daily.cvd> >>>> --2015-03-16 
08:47:15-- http://150.214.142.197/daily.cvd> >>>> Connecting to 
150.214.142.197:80... connected.> >>>> HTTP request sent, awaiting response... 
200 OK> >>>> Length: 27596102 (26M) [text/plain]> >>>> Saving to: `daily.cvd'> 
>>>>> >>>> 100%[==============================================================> 
>>>> ===> >>>> 
=================================================================>]> >>>> 
27,596,102 2.35M/s in 13s> >>>>> >>>> 2015-03-16 08:47:29 (2.05 MB/s) - 
`daily.cvd' saved> >>>> [27596102/27596102]> >>>>> >>>> [root@rhn cron]# stat 
daily.cvd> >>>> File: `daily.cvd'> >>>> Size: 27596102 Blocks: 53976 IO Block: 
4096 regular> >>>> file Device: fd00h/64768d Inode: 1310864 Links: 1> >>>> 
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/> >>>> root) Access: 
2015-03-16 08:47:29.000000000 -0400> >>>> Modify: 2014-08-28 13:26:00.000000000 
-0400> >>>> Change: 2015-03-16 08:47:29.000000000 -0400> >>>>> >>>>> >>>> WITH 
the Pragma: No-cache> >>>>> >>>> [root@rhn cron]# wget --header="Pragma: 
no-cache"> >>>> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37--> >>>> 
http://150.214.142.197/daily.cvd> >>>> Connecting to 150.214.142.197:80... 
connected.> >>>> HTTP request sent, awaiting response... 200 OK> >>>> Length: 
27596102 (26M) [text/plain]> >>>> Saving to: `daily.cvd.1'> >>>>> >>>> 
100%[==============================================================> >>>> ===> 
>>>> =================================================================>]> >>>> 
27,596,102 4.41M/s in 7.0s> >>>>> >>>> 2015-03-16 08:49:44 (3.75 MB/s) - 
`daily.cvd.1' saved> >>>> [27596102/27596102]> >>>>> >>>> [root@rhn cron]# stat 
daily.cvd.1> >>>> File: `daily.cvd.1'> >>>> Size: 27596102 Blocks: 53976 IO 
Block: 4096 regular> >>>> file Device: fd00h/64768d Inode: 1310865 Links: 1> 
>>>> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/> >>>> root) Access: 
2015-03-16 08:49:44.000000000 -0400> >>>> Modify: 2014-08-28 13:26:00.000000000 
-0400> >>>> Change: 2015-03-16 08:49:44.000000000 -0400> >>>>> >>>>> >>>> 
Thanks!> >>>>> >>>> Dave Smith> >>>> drsm...@fsu.edu<mailto:drsm...@fsu.edu>> 
>>>> (850)645-8024 Linux Administrators> >>>> 
its-unixadm...@fsu.edu<mailto:its-unixadm...@fsu.edu>> >>>> (850)644-2591 
Information Technology Services Florida> >>>> State University> >>>>> >>>>> 
>>>> -----Original Message-----> >>>> From: clamav-users 
[mailto:clamav-users-boun...@lists.clamav.net]> >>>> On Behalf Of Jason Haar 
Sent: Sunday, March 1, 2015 6:29 PM> >>>> To:> >>>> 
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> >>>> 
Subject: Re: [clamav-users] daily.cvd out of date?> >>>>> >>>> On 27/02/15 
08:49, Smith, David wrote:> >>>> Nope .. not yet! :)> >>>> Try> >>>>> >>>> wget 
--header="Pragma: no-cache"> >>>> http://database.clamav.net/daily.cvd> >>>>> 
>>>> I say that because I'm wondering if you have a transparent proxy in> >>>> 
between you and the server, so that extra Pragma header should> >>>> force the 
proxy to re-download it instead of feeding out of cache.> >>>> If the file ends 
up with a newer date, then that confirms there's a> >>>> proxy in between (and 
as a side effect should have replaced the> >>>> stale cached entry - so 
freshclam will be happy again - at least> >>>> for a short while)> >>>>> >>>>> 
>>>> --> >>>> Cheers> >>>>> >>>> Jason Haar> >>> >> 
_______________________________________________> >> Help us build a 
comprehensive ClamAV guide:> >> https://github.com/vrtadmin/clamav-faq> >>> >> 
http://www.clamav.net/contact.html#ml> >> > Cheers, Gene Heskett> > -Al-> 

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml