Re: [clamav-users] database updates blocked

Wed, 18 Aug 2021 02:40:25 -0700 

Dear all,

Thanks for all the help and info.

I ended up doing a trace of what our custom clamav does at boot time:

90272 open("/etc/pki/tls/certs/ca-bundle.crt", O_RDONLY) = -1 ENOENT (No such 
file or directory)
90272 close(4) = 0
90272 write(1, "* ERROR: Download failed (77)", 30) = 30
90272 write(1, "* ERROR: Message: Problem with the SSL CA cert (path? access 
rights?)\n", 71) = 71

That path is apparently hardcoded in the custom binary we use:

mail: # strings cgpclamav | grep ca bundle
/etc/pki/tls/certs/ca-bundle.crt

As far as I can see that is the path used on RHEL (and derivatives like 
CentOS). Since I didn't find a location to overwrite that path, I made a 
symlink from /etc/pki/tls/certs/ca-bundle.crt to 
/etc/ssl/certs/ca-certificates.crt, where the certificates on Debian are 
located (provided there by the ca-certificates package).

Now the database updates work again.

Thanks for point me in the right direction!


Regards,

Jona

[http://www.tnt.be/static/emailsig/img/tallieu-tallieu-signature.png]<http://www.tnt.be/>


From: clamav-users <[email protected]> on behalf of "Micah 
Snyder (micasnyd) via clamav-users" <[email protected]>
Reply-To: ClamAV users ML <[email protected]>
Date: Tuesday, 17 August 2021 at 18:07
To: ClamAV users ML <[email protected]>
Cc: "Micah Snyder (micasnyd)" <[email protected]>
Subject: Re: [clamav-users] database updates blocked
Resent-From: <[email protected]>
Resent-Date: Tuesday, 17 August 2021 at 18:07

If you're running into the CA cert problem with FreshClam because your CA 
certificate bundle is in a non-standard place, you can also set the 
CURL_CA_BUNDLE environment to point to the file holding one or more 
certificates.  FreshClam and ClamSubmit will check that environment variable 
and use it instead of the default openssl CA path.

My apologies that this isn't in the documentation (yet). I will add it today. 
https://github.com/Cisco-Talos/clamav/issues/175



_______________________________________________

clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to