Hi all, 1. the daily.cvd file I referring to is on the local server which acts as the private local mirror (not referring to clients at all)
2. The freshclam is running in a docker , his image came from `alpine:3.12` and clamav was install with that command: `apk add --no-cache clamav=0.102.4-r11 clamav-libunrar=0.102.4-r11` 3. I checking the updates twice a day 4. it's not that straightforward to run wireshark on that server, but i can route it to a specific dns record (will update) 5. here are the full logs of the latest update failure (26011 -> 26012),freshclam run takes 19 sec Tue Dec 8 22:00:02 2020 -> ClamAV update process started at Tue Dec 8 22:00:02 2020 Tue Dec 8 22:00:02 2020 -> *Current working dir is /data/ Tue Dec 8 22:00:02 2020 -> *Querying current.cvd.clamav.net Tue Dec 8 22:00:02 2020 -> *TTL: 30 Tue Dec 8 22:00:02 2020 -> *fc_dns_query_update_info: Software version from DNS: 0.103.0 Tue Dec 8 22:00:02 2020 -> *Current working dir is /data/ Tue Dec 8 22:00:02 2020 -> *check_for_new_database_version: Local copy of daily found: daily.cvd. Tue Dec 8 22:00:02 2020 -> *query_remote_database_version: daily.cvd version from DNS: 26012 Tue Dec 8 22:00:02 2020 -> daily database available for update (local version: 26011, remote version: 26012) Tue Dec 8 22:00:02 2020 -> *Retrieving https://database.clamav.net/daily.cvd Tue Dec 8 22:00:02 2020 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd Tue Dec 8 22:00:02 2020 -> *downloadFile: Download destination: /data/tmp.7624b/clamav-cde3734f56b3b9351a0261c3b140966f.tmp * Trying 104.16.218.84:443... * Connected to database.clamav.net (104.16.218.84) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN= sni.cloudflaressl.com * start date: Aug 15 00:00:00 2020 GMT * expire date: Aug 15 12:00:00 2021 GMT * subjectAltName: host "database.clamav.net" matched cert's " database.clamav.net" * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x56459985de60) > GET /daily.cvd HTTP/2 Host: database.clamav.net user-agent: ClamAV/0.102.4 (OS: linux-musl, ARCH: x86_64, CPU: x86_64) accept: */* connection: close * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 256)! < HTTP/2 200 < date: Tue, 08 Dec 2020 22:00:02 GMT < content-type: application/octet-stream < content-length: 114885026 < set-cookie: __cfduid=dc7afe2099393f2517fefc5bfc70645881607464802; expires=Thu, 07-Jan-21 22:00:02 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax < last-modified: Mon, 07 Dec 2020 14:37:00 GMT < etag: "5fce3e0c-6d901a2" < expires: Wed, 09 Dec 2020 10:00:02 GMT < cache-control: public, max-age=43200 < cf-cache-status: HIT < age: 109 < accept-ranges: bytes < cf-request-id: 06e5f76fd70000dfa591a49000000001 < expect-ct: max-age=604800, report-uri=" https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"; < strict-transport-security: max-age=15552000 < x-content-type-options: nosniff < server: cloudflare < cf-ray: 5fe9c1c62d72dfa5-FRA < * Connection #0 to host database.clamav.net left intact Tue Dec 8 22:00:05 2020 -> *The daily.cvd database downloaded from https://database.clamav.net is one version older than advertised in the DNS TXT record. Tue Dec 8 22:00:05 2020 -> *updatedb: Running g_cb_download_complete callback... Tue Dec 8 22:00:05 2020 -> *download_complete_callback: Download complete for database : /data/tmp.7624b/clamav-cde3734f56b3b9351a0261c3b140966f.tmp-daily.cvd Tue Dec 8 22:00:05 2020 -> *download_complete_callback: fc_context->bTestDatabases : 1 Tue Dec 8 22:00:05 2020 -> *download_complete_callback: fc_context->bBytecodeEnabled : 1 Tue Dec 8 22:00:05 2020 -> Testing database: '/data/tmp.7624b/clamav-cde3734f56b3b9351a0261c3b140966f.tmp-daily.cvd' ... Tue Dec 8 22:00:05 2020 -> *Loading signatures from /data/tmp.7624b/clamav-cde3734f56b3b9351a0261c3b140966f.tmp-daily.cvd Tue Dec 8 22:00:20 2020 -> *Properly loaded 4397905 signatures from /data/tmp.7624b/clamav-cde3734f56b3b9351a0261c3b140966f.tmp-daily.cvd Tue Dec 8 22:00:21 2020 -> Database test passed. Tue Dec 8 22:00:21 2020 -> daily.cvd updated (version: 26011, sigs: 4351421, f-level: 63, builder: raynman) Tue Dec 8 22:00:21 2020 -> *fc_update_database: daily.cvd updated. Tue Dec 8 22:00:21 2020 -> *Current working dir is /data/ Tue Dec 8 22:00:21 2020 -> *check_for_new_database_version: Local copy of main found: main.cvd. Tue Dec 8 22:00:21 2020 -> *query_remote_database_version: main.cvd version from DNS: 59 Tue Dec 8 22:00:21 2020 -> main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) Tue Dec 8 22:00:21 2020 -> *fc_update_database: main.cvd already up-to-date. Tue Dec 8 22:00:21 2020 -> *Current working dir is /data/ Tue Dec 8 22:00:21 2020 -> *check_for_new_database_version: Local copy of bytecode found: bytecode.cvd. Tue Dec 8 22:00:21 2020 -> *query_remote_database_version: bytecode.cvd version from DNS: 331 Tue Dec 8 22:00:21 2020 -> bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg) Tue Dec 8 22:00:21 2020 -> *fc_update_database: bytecode.cvd already up-to-date. Tue Dec 8 22:00:21 2020 -> *Current working dir is /data/ Tue Dec 8 22:00:21 2020 -> *check_for_new_database_version: Local copy of safebrowsing found: safebrowsing.cvd. Tue Dec 8 22:00:21 2020 -> *query_remote_database_version: safebrowsing.cvd version from DNS: 49191 Tue Dec 8 22:00:21 2020 -> safebrowsing.cvd database is up to date (version: 49191, sigs: 2213119, f-level: 63, builder: google) Tue Dec 8 22:00:21 2020 -> *fc_update_database: safebrowsing.cvd already up-to-date. On Tue, Dec 8, 2020 at 8:01 PM Gal Cohen <[email protected]> wrote: > Hello, > > I'm serving cvd files from a local server, when I run freshclam on my > server it takes some runes until the daily.cvd is updated even though the > remote version was updated a while ago. > > - the clamav version I'm using is 0.102.4-r1 > - freshclam.conf I'm using is: > DatabaseDirectory /data > LogSyslog yes > UpdateLogFile /logs/freshclam.log > LogTime yes > PidFile /run/clamav/freshclam.pid > DatabaseOwner root > LogVerbose yes > DatabaseMirror database.clamav.net > ScriptedUpdates no. (for serving as local server) > SafeBrowsing yes > Bytecode yes > > some focused logs from freshclam run which not update the local daily.cvd > even though it indicates a newer version remotely: > "daily database available for update (local version: 26009, remote > version: 26010) > *The daily.cvd database downloaded from https://database.clamav.net is > one version older than advertised in the DNS TXT record. > Database test passed. > daily.cvd updated (version: 26009, sigs: 4351133, f-level: 63, builder: > raynman)" > > Do I need to change my configuration or is it a bug on the 102.4 clamav > version? > > Thanks > Gal >
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
