Sorry some of this confusion is probably my fault trying to help without going 
back to the whole thread.

> On Dec 10, 2018, at 9:34 PM, Paul Kosinski <> wrote:
> We ARE using freshclam to perform the actual update. And always have
> been!
> We've only been using curl (not wget, if that matters) to pull the first
> few bytes of the cvd to see if its version number matches what the DNS
> TXT query said.
> We do this because, after the conversion to Cloudflare, we were getting
> lots of FAILURES where *freshclam* said things were out of sync (and
> eventually disabled all the mirrors).

Have you tried what I did below?  I.E. curl/wget/telnet whatever your flavor of 
the day, and pull the newest cdiff?
If you’re getting a 404, that’s definitely an issue.  

My guess is that it’s actually timing out though, and could be more of an issue 
Is it local, ie an IDP getting stuck scanning the files, or remotely freshclam 
itself is timing out on BOS pulling the update from ClamAV and caching it 
before you can download it.

> And we have recently seen that our Web server sometimes can get the new
> updates (from IAD) *hours* before our main LAN does (from BOS).

Those hours before are only checking the CVDs, which can and probably are 
cached on CloudFlare so not up to date.
My guess is that there are just more people in Boston using Clam, so the cache 
last the longest.

> P.S. It's been quite frustrating getting some replies seemingly based on
> assumptions that we are doing things we shouldn't, when we aren't in
> fact doing those things. (Like not using freshclam.)

I would agree, this has gone on a long time from my recollection, which is why 
I jumped in and started looking at it.
Definitely, I did hop on without all the facts and was just trying to figure 
out on the fly what’s going on, so my bad on that.

When in doubt, I usually pull a pcap on a server.  There’s a lot of factors 
that can come into play, but actually with clam only using http, this actually 
makes it a lot easier.


Eric Tykwinski

clamav-users mailing list

Help us build a comprehensive ClamAV guide:

Reply via email to