Hi there, On Wed, 2 Nov 2022, Ben Argyle via clamav-users wrote:
I'll admit up front I'm running ClamAV v100.3 on RHEL 6. This is not my fault, but also nothing I can do anything about (the hosts doing so are long-scheduled for decommissioning). As such I don't expect any help. But I am interested if this is where I get another string to my bow to tell the people who won't move off these hosts that now they have no ClamAV protection from newer threats.
Maybe show them this blog post: https://blog.clamav.net/2021/10/clamav-0100-end-of-life-today-and.html which to me says theoretically they'd have had no ClamAV updates since last October - but see below.
As of daily-26708.cdiff I get this on all of those hosts when running freshclam: # freshclam ClamAV update process started at Wed Nov 2 09:18:06 2022 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.100.3 Recommended version: 0.103.7 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Downloading daily-26707.cdiff [100%] Downloading daily-26708.cdiff [100%] ERROR: During database load : WARNING: [LibClamAV] cli_hex2str(): Malformed hexstring: >>26#ib2#>512 (length: 13) [...] ERROR: Failed to load new database: Malformed database WARNING: Database load exited with status 55 ERROR: Failed to load new database Is this an incompatibility with v100.3, or an error in the cdiff?
Again, reading the EOL blog post I'm surprised that the CDN is even allowing you to download the cdiff - are you using a local mirror with an up-to-date freshclam or something like that? But since you seem to be downloading the cdiff OK, I very much doubt that there's anything wrong with it. Here's a log extract taken from a clamd server here, downloading the same two cdiff files: ... Tue Nov 1 23:14:11 2022 -> ClamAV update process started at Tue Nov 1 23:14:11 2022 Tue Nov 1 23:14:11 2022 -> daily database available for update (local version: 26706, remote version: 26707) Tue Nov 1 23:14:17 2022 -> Testing database: '/EXPORTS/clamav/databases/tmp.6cba9d4577/clamav-afd6a8d4c872bc90643557b8ae8a87be.tmp-daily.cld' ... Tue Nov 1 23:14:37 2022 -> Database test passed. Tue Nov 1 23:14:38 2022 -> daily.cld updated (version: 26707, sigs: 2009761, f-level: 90, builder: cmarczewski) Tue Nov 1 23:14:38 2022 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Nov 1 23:14:38 2022 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Tue Nov 1 23:14:38 2022 -> Clamd successfully notified about the update. ... Wed Nov 2 09:36:22 2022 -> ClamAV update process started at Wed Nov 2 09:36:22 2022 Wed Nov 2 09:36:23 2022 -> daily database available for update (local version: 26707, remote version: 26708) Wed Nov 2 09:36:30 2022 -> Testing database: '/EXPORTS/clamav/databases/tmp.063d4c241f/clamav-13690daaba0c36fe94ca0c8f0baa091b.tmp-daily.cld' ... Wed Nov 2 09:36:50 2022 -> Database test passed. Wed Nov 2 09:36:51 2022 -> daily.cld updated (version: 26708, sigs: 2009776, f-level: 90, builder: raynman) Wed Nov 2 09:36:51 2022 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Wed Nov 2 09:36:51 2022 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Wed Nov 2 09:36:51 2022 -> Clamd successfully notified about the update. ... The server is running the 0.103.7 LTS release. HTH -- 73, Ged. _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
