Hello guys,
Thanks for the replies. Yes, deleting daily.cld fixed the problem. My concern is that I'm building a docker image with clamav inside it and I have to delete daily.cld on every new build if I want freshclam to work correctly the first time. About the subsequent runs when I tried to run freshclam on two different pods after image deploy, daily.cld was updated to the latest version only on one of them. These are the logs for both pods: #1st pod (successful update): Connecting via dnat.genesaas.io ClamAV update process started at Thu Jul 29 08:54:30 2021 daily database available for update (local version: 26231, remote version: 26246) Current database is 15 versions behind. Downloading database patch # 26232... ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch WARNING: Incremental update failed, trying to download daily.cvd Time: 21.8s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB Testing database: '/var/lib/clamav/tmp.98ba2d17af/clamav-474d295bd3248aa18d6abaf0dc93f952.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 26246, sigs: 1964581, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) 2nd pod (unsuccessful update): Connecting via dnat.genesaas.io ClamAV update process started at Thu Jul 29 09:14:16 2021 daily database available for update (local version: 26231, remote version: 26247) Current database is 16 versions behind. Downloading database patch # 26232... ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch WARNING: Incremental update failed, trying to download daily.cvd Time: 26.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date. daily database available for update (local version: 26231, remote version: 26247) Current database is 16 versions behind. Downloading database patch # 26232... ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch WARNING: Incremental update failed, trying to download daily.cvd Time: 28.0s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date. daily database available for update (local version: 26231, remote version: 26247) Current database is 16 versions behind. Downloading database patch # 26232... ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch WARNING: Incremental update failed, trying to download daily.cvd Time: 25.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) What might be the reason of this inconsistent behavior? And about the ReceiveTimeout this is what I have in freshclam.conf: # Maximum time in seconds for each download operation. 0 means no timeout. # Default: 0 #ReceiveTimeout 1800 So, it should have no timeout, right? Best Regards, Elia From: Micah Snyder (micasnyd) <[email protected]> Sent: Wednesday, July 28, 2021 10:02 PM To: ClamAV users ML <[email protected]> Cc: Asenova, Elia <[email protected]>; Solakov, Panayot <[email protected]> Subject: [EXTERNAL] RE: Freshclam - can't apply latest patch 26246 External email: Do not click the links. Verify legitimacy before taking action. Hi Elia, I would need to see the log messages from your subsequent updates to be sure what's going wrong. The logs you shared in your initial email show a bug but subsequent freshclam runs _should_ work. If you want, the verbose log may reveal something. Like Joel suggested, it may be the ReceiveTimeout issue discussed here: https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html<https://urldefense.com/v3/__https:/blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html__;!!MfzFaTml5A!2MTorJHo0JuGITHu3uFhqXSfGbLTDDQgOG2eWk-yezwsG62YN-5kTVIYs8dfBIE7acA$> Regardless, I think that deleting your daily.cld database (/var/lib/clamav/daily.cld) and trying again should get you back in business. Sorry about the trouble. Regards, Micah From: clamav-users <[email protected]<mailto:[email protected]>> On Behalf Of Asenova, Elia via clamav-users Sent: Wednesday, July 28, 2021 8:15 AM To: [email protected]<mailto:[email protected]> Cc: Asenova, Elia <[email protected]<mailto:[email protected]>>; Solakov, Panayot <[email protected]<mailto:[email protected]>> Subject: [clamav-users] Freshclam - can't apply latest patch 26246 Hello guys, This is related to a freshclam update problem that I have. Basically when running freshclam I get the following errors: ClamAV update process started at Wed Jul 28 14:30:20 2021 daily database available for update (local version: 26209, remote version: 26246) Downloaded 22 patches for daily, which is fewer than the 37 expected patches. We'll settle for this partial-update, at least for now. ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-c22814890a9b587d8060b5d43ce20d40.tmp-daily.cld' ... [LibClamAV] ************************************************** [LibClamAV] *** The virus database is older than 7 days! *** [LibClamAV] *** Please update it as soon as possible. *** [LibClamAV] ************************************************** Database test passed. daily.cld updated (version: 26231, sigs: 3996055, f-level: 63, builder: raynman) main database available for update (local version: 59, remote version: 61) ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch WARNING: Incremental update failed, trying to download main.cvd Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-abc29e83f1558f3534bfbeb8d1a81899.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) It seems like daily.cld cannot be updated to the latest version, so it does a partial update. I tried running freshclam several times but same thing happens over and over again. Clamav version is 0.103.3 and daily db version is 26231 (instead of 26246). I saw an email on this topic in your mail archive (https://lists.clamav.net/pipermail/clamav-users/2021-July/011508.html<https://urldefense.com/v3/__https:/lists.clamav.net/pipermail/clamav-users/2021-July/011508.html__;!!MfzFaTml5A!wRTy_q1wySY-gPyDzwwYOQdV2UcN6jR4FGNN7xYXaDATx_zbNMz9waHWWle-9o8rjHk$>), but I do not see any resolution of the problem. Could you give an update on what is going on and when is this problem going to be resolved? Thank you! Best Regards, Elia Asenova
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
