Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

[Joel Esler (jesler) via clamav-users]

Thanks for pointing that out. We’ve corrected it with mitre, but obviously, we 
can’t correct the news.md for now. 

— 
Sent from my  iPad

> On Apr 10, 2021, at 08:14, Sergey  wrote:
> 
> On Wednesday 07 April 2021, Joel Esler (jesler) via clamav-users wrote:
> 
>> CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. Affects 
>> 0.103.0 and 0.103.1 only.
>> 
>> CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects 0.103.1 
>> and prior.
> 
> I seems you got the CVE description mixed between: 1405 about PDF (and in 
> NEWS.md).
> 
> -- 
> Regards,
> Sergey
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Joel Esler (jesler) via clamav-users]

This. 

— 
Sent from my  iPad

> On Apr 10, 2021, at 09:15, Gary R. Schmidt  wrote:
> 
> On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
> [SNIP]
>> it could help if we provided proper reason to upgrade tho.
> Isn't, "It's security software", sufficient?
> 
>Cheers,
>GaryB-)
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


smime.p7s
Description: S/MIME cryptographic signature

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Matus UHLAR - fantomas]

On 10/04/2021 23:45, Matus UHLAR - fantomas wrote:

On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
[SNIP]

it could help if we provided proper reason to upgrade tho.


On 10.04.21 23:08, Gary R. Schmidt wrote:

Isn't, "It's security software", sufficient?


obviously not. There are still question:
1.) what may break if we upgrade?
2.) what may break if we don't upgrade?
3.) why should we upgrade if nothing's broken and we risk 1.) ?

etc


On 10.04.21 23:54, Gary R. Schmidt wrote:

Hmm, must not be too worried, then.

The mob I work for's (enterprise) clients tend to send me queries 
every time an OpenSSL or other CVE comes out, "How long will it take 
to apply the fix?", "When will you have a new release ready?", "Does 
it affect the product(s)?", usually in that order.


And yes, we all know about the problem of, "How much other testing 
will have to be done?"


Debian and other distros usually fix security bugs by backporting security fix 
into
provided SW version.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SSN question

[Matus UHLAR - fantomas]

On Tue, 6 Apr 2021, Matus UHLAR - fantomas wrote:

I see that I can enable DLP by enabling

StructuredDataDetection true

which allows for scanning credit card numbers  and social security numbers
in US format.

Is there any possibility to enhance this by adding other formats?

in slovakia we have numbers in format XMDD/OPQR? ... i can scan 
these in spamassassin but perhaps ehnancing clamav (and

therefore everything that uses clamav) could be useful.


On 07.04.21 00:17, G.W. Haywood via clamav-users wrote:

Perhaps this should go to the development list?  Or/and Bugzilla?


I don't feel joining devel list. I can fill out bugreport but first wanted
to discuss it here to see if it makes sense for others.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Where do you want to go to die?" [Microsoft]

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] SSN question

[Matus UHLAR - fantomas]

On 06.04.21 15:51, eric-l...@truenet.com wrote:

I noticed no one emailed you back.


I usually give people time to think, so thank you for doing it.


I personally would just use a yara regex if needed, but I would definitely
test first with just yara to make sure there isn't too many false positives.

If you've never created a yara file, it's just really a regex.
Searching on Google, as there may be something already:
https://regexlib.com/UserPatterns.aspx?authorid=1c12ce3c-cb6a-43c3-8d86-4ea8
777f4393


/*** Slovak_ID.yar ***/
rule slovak_id_format
{
strings:
$re1 =
/([0-9]{2})(01|02|03|04|05|06|07|08|09|10|11|12|51|52|53|54|55|56|57|58|59|6
0|61|62)(([0]{1}[1-9]{1})|([1-2]{1}[0-9]{1})|([3]{1}[0-1]{1}))/([0-9]{3,4})/
condition:
$re1
/**/

No clue, but looks like the format of this one is different, as I would
expect either 19 or 20 to start, but this says 0-9 for both.


first two PIN digits are just the last two digits of birth year, so yes, any
combination is possible.

I tried optional space before/after the slash which made the RE even more
effective.



-Original Message-
From: clamav-users  On Behalf Of
Matus UHLAR - fantomas
Sent: Tuesday, April 6, 2021 12:03 PM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] SSN question

Hello,

I see that I can enable DLP by enabling

StructuredDataDetection true

which allows for scanning credit card numbers  and social security numbers
in US format.

Is there any possibility to enhance this by adding other formats?

in slovakia we have numbers in format XMDD/OPQR?

... i can scan these in spamassassin but perhaps ehnancing clamav (and
therefore everything that uses clamav) could be useful.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Gary R. Schmidt]

On 10/04/2021 23:45, Matus UHLAR - fantomas wrote:

On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
[SNIP]

it could help if we provided proper reason to upgrade tho.


On 10.04.21 23:08, Gary R. Schmidt wrote:

Isn't, "It's security software", sufficient?


obviously not. There are still question:
1.) what may break if we upgrade?
2.) what may break if we don't upgrade?
3.) why should we upgrade if nothing's broken and we risk 1.) ?

etc


Hmm, must not be too worried, then.

The mob I work for's (enterprise) clients tend to send me queries every 
time an OpenSSL or other CVE comes out, "How long will it take to apply 
the fix?", "When will you have a new release ready?", "Does it affect 
the product(s)?", usually in that order.


And yes, we all know about the problem of, "How much other testing will 
have to be done?"


Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Matus UHLAR - fantomas]

On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
[SNIP]

it could help if we provided proper reason to upgrade tho.


On 10.04.21 23:08, Gary R. Schmidt wrote:

Isn't, "It's security software", sufficient?


obviously not. There are still question:
1.) what may break if we upgrade?
2.) what may break if we don't upgrade?
3.) why should we upgrade if nothing's broken and we risk 1.) ?

etc
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Gary R. Schmidt]

On 10/04/2021 22:59, Matus UHLAR - fantomas wrote:
[SNIP]

it could help if we provided proper reason to upgrade tho.


Isn't, "It's security software", sufficient?

Cheers,
GaryB-)

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Matus UHLAR - fantomas]

On 08.04.21 16:23, Joel Esler (jesler) via clamav-users wrote:
Upgrade to 103.2.  The FreshClam there is much better and will resolve the 
issues.



On Thu, 8 Apr 2021 16:44:46 Matus UHLAR - fantomas wrote:
I don't think this is easily doable for devuan ascii.
(not much people want to backport manually)



On Sat, 10 Apr 2021, Marko Randjelovic wrote:

I have backported software many times. It usually needs much time,


needs or doesn't need?


though in concrete case I suppose not so much because you can install
dependencies with 'apt-get build-deps clamav'. Furthermore, then you
have to update it manually. On the other hand, I'm sure the packages
will be updated in Devuan, just with a relatively long delay. It's
always so with Debian clamav packages.


On 10.04.21 09:35, G.W. Haywood via clamav-users wrote:

Your choice.  I prefer (1) to be responsible for my own security, and
(2) to be considerate to people who provide me with a service for free
and also free advice about how cause the least trouble for them.  I'm
running 0.103.2 on Debian Buster which was no trouble at all to build.

Debian Buster was released nearly two years ago; Devuan Ascii is based
on Debian Stretch, which was released two years earlier.  I can't see
that it makes sense deliberately to throw away two years' development
plus security fixes but I understand what drove the Devuan distraction
and briefly flirted with it myself.  The experience did not prove to
be so refreshing as I had hoped.


luckily debian people tend to update clamav quite soon, compared to common
packages.  However, functionality and backwards compatibility is the key
here, not just having current SW version.

There's already a bug filled:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622

it could help if we provided proper reason to upgrade tho.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.2 security patch release

[Per Jessen]

G.W. Haywood via clamav-users wrote:

> Hi there,
> 
> On Sat, 10 Apr 2021, Per Jessen wrote:
>> G.W. Haywood wrote:
>>> On Sat, 10 Apr 2021, Per Jessen wrote:
>>>
 When I built $SUBJ just now, I see

 libclammspack.so.0
 =>
 /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0
>>>
>>> Is this before 'make install'?
>>
>> Yes. See below.
>>
>>> After you install it I'd expect something more like
>>>
>>> # ldd `which clamd-0.103.2-allmatchstream` | grep libclammspack
>>>  libclammspack.so.0 => /usr/local/lib/libclammspack.so.0
>>>  (0xb6734000)
>>
>> Ditto, and that's what I got with e.g. 102.1.
> 
> You mean 0.103.2 doesn't behave like 0.102.1 in this regard?
> If it does not, that sounds like one for the ClamAV Bugzilla.

I'll doublecheck first, but I don't remember seeing this issue before. 

>> I don't normally do a "make install", I copy the libraries to the
>> destination servers directly.  I only need the libraries.
> 
> Seems you're not a typical user. :)

Yeah :-) 
 
Thanks,

-- 
Per Jessen, Zürich (15.1°C)



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.2 security patch release

[Per Jessen]

Per Jessen wrote:

> 
>> If this is after install, exactly how did you build it?
> 
> I don't normally do a "make install", I copy the libraries to the
> destination servers directly.  I only need the libraries.

Having just built and installed on another machine, this is what is
causing my issue.  




-- 
Per Jessen, Zürich (15.4°C)



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.2 security patch release

[G.W. Haywood via clamav-users]

Hi there,

On Sat, 10 Apr 2021, Per Jessen wrote:

G.W. Haywood wrote:

On Sat, 10 Apr 2021, Per Jessen wrote:


When I built $SUBJ just now, I see

libclammspack.so.0
=>
/home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0


Is this before 'make install'?


Yes. See below.


After you install it I'd expect something more like

# ldd `which clamd-0.103.2-allmatchstream` | grep libclammspack
 libclammspack.so.0 => /usr/local/lib/libclammspack.so.0
 (0xb6734000)


Ditto, and that's what I got with e.g. 102.1.


You mean 0.103.2 doesn't behave like 0.102.1 in this regard?
If it does not, that sounds like one for the ClamAV Bugzilla.


I don't normally do a "make install", I copy the libraries to the
destination servers directly.  I only need the libraries.


Seems you're not a typical user. :)

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.103.2 security patch release

[Per Jessen]

G.W. Haywood wrote:

> Hi there,
> 
> On Sat, 10 Apr 2021, Per Jessen wrote:
> 
>> When I built $SUBJ just now, I see
>>
>> libclammspack.so.0
>> =>
>> /home/per/workspace/clamav-0.103.2/libclamav/.libs/libclammspack.so.0
>>
>> ie. with a fixed path ?  How do I avoid that?
> 
> Is this before 'make install'?

Yes. See below. 

> After you install it I'd expect something more like
> 
> # ldd `which clamd-0.103.2-allmatchstream` | grep libclammspack
>  libclammspack.so.0 => /usr/local/lib/libclammspack.so.0
>  (0xb6734000)

Ditto, and that's what I got with e.g. 102.1. 

> If this is after install, exactly how did you build it?

I don't normally do a "make install", I copy the libraries to the
destination servers directly.  I only need the libraries. 

> Not sure this should be on the development list.

Agree.

 

-- 
Per Jessen, Zürich (16.9°C)
http://www.dns24.ch/ - free dynamic DNS, made in Switzerland.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV® blog: ClamAV 0.103.2 security patch release

[Sergey]

On Wednesday 07 April 2021, Joel Esler (jesler) via clamav-users wrote:

> CVE-2021-1404: Fix for PDF parser buffer over-read; possible crash. Affects 
> 0.103.0 and 0.103.1 only.
> 
> CVE-2021-1405: Fix for mail parser NULL-dereference crash. Affects 0.103.1 
> and prior.
 
I seems you got the CVE description mixed between: 1405 about PDF (and in 
NEWS.md).

-- 
Regards,
Sergey

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] understanding clamd.conf: TemporaryDirectory and clamonacc

[Sergey]

On Saturday 10 April 2021, G.W. Haywood via clamav-users wrote:

> > Does clamonacc have to watch in /tmp ?
> 
> No.  But we do not know what you have told clamonacc to watch because
> you have not told us.  My guess is that you have told it to watch the
> entire filesystem, which will cause problems.  You need to think about
> what you are doing - and you need to tell us what you are doing.  Read
> about the 'clamconf' utility.  If you can post the output of
> 
> clamconf -n

Good utility, thanks! I found an error in my clamd.conf. :-)
This is my first experience to run the clamonacc.

-- 
Regards,
Sergey

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[G.W. Haywood via clamav-users]

Hi there,

On Sat, 10 Apr 2021, Marko Randjelovic wrote:

On Thu, 8 Apr 2021 16:44:46 Matus UHLAR - fantomas wrote:

On 08.04.21 16:23, Joel Esler (jesler) via clamav-users wrote:

Upgrade to 103.2.  The FreshClam there is much better and will resolve the 
issues.


I don't think this is easily doable for devuan ascii.
(not much people want to backport manually)


I have backported software many times. It usually needs much time,
though in concrete case I suppose not so much because you can install
dependencies with 'apt-get build-deps clamav'. Furthermore, then you
have to update it manually. On the other hand, I'm sure the packages
will be updated in Devuan, just with a relatively long delay. It's
always so with Debian clamav packages.


Your choice.  I prefer (1) to be responsible for my own security, and
(2) to be considerate to people who provide me with a service for free
and also free advice about how cause the least trouble for them.  I'm
running 0.103.2 on Debian Buster which was no trouble at all to build.

Debian Buster was released nearly two years ago; Devuan Ascii is based
on Debian Stretch, which was released two years earlier.  I can't see
that it makes sense deliberately to throw away two years' development
plus security fixes but I understand what drove the Devuan distraction
and briefly flirted with it myself.  The experience did not prove to
be so refreshing as I had hoped.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] understanding clamd.conf: TemporaryDirectory and clamonacc

[G.W. Haywood via clamav-users]

Hi there,

On Sat, 10 Apr 2021, Sergey wrote:


clamd.conf contains default setting

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

It cause error message when clamonacc starting:


It is not the TemporaryDirectory which causes the error, it is the
path(s) which you are telling clamonacc to watch.  Please tell us.


clamonacc[103181]: ERROR: ClamInotif: Not watching path '/tmp'
clamonacc[103181]: ERROR: ClamInotif: ClamOnAcc should not watch the directory 
clamd is using for temp files
clamonacc[103181]: ERROR: ClamInotif: Consider setting TemporaryDirectory in 
clamd.conf to a different directory.

I attempt to use "OnAccessExcludePath /tmp" but it unsusseful.


The error message did not tell you to set "OnAccessExcludePath /tmp".

It told you to use a different TemporaryDirectory.  One which
clamonacc is not required by your configuration to watch.


Consider setting TemporaryDirectory in clamd.conf to a different directory.


I thought about it. /tmp is system default and it tmpfs usually now (in Linux
based OS). And that's good. I can certainly make a separate tmpfs for clamd,
but so far this does not seem to me a good idea. But I'm wrong maybe.


Maybe.  You should certainly take heed of the error messages.


Does clamonacc have to watch in /tmp ?


No.  But we do not know what you have told clamonacc to watch because
you have not told us.  My guess is that you have told it to watch the
entire filesystem, which will cause problems.  You need to think about
what you are doing - and you need to tell us what you are doing.  Read
about the 'clamconf' utility.  If you can post the output of

clamconf -n

that will help us to know what you're doing.

--

73,
Ged.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Marko Randjelovic]

On Thu, 8 Apr 2021 20:26:36 +0200
Matus UHLAR - fantomas  wrote:

> >On 08.04.21 16:37, marko...@eunet.rs wrote:
> >I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and
> >when try to update databases I get error 429 from server (logged in
> >/var/log/clamav/freshclam.log):  
> 
> >Thu Apr  8 14:23:32 2021 -> WARNING: downloadFile: Unexpected response
> >(429) from https://database.clamav.net/daily.cvd  
> 
> >Is there a way to solve this?  
> 
> 
> >On Thu, 8 Apr 2021 16:44:46 +0200
> >Matus UHLAR - fantomas mailto:uh...@fantomas.sk>> wrote:
> >code 429 means you make a problem:
> >
> >https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> >
> >are you behind NAT? do you use clamav on multiple machines?  
> 
> >On Apr 8, 2021, at 11:52 AM, Marko Randjelovic 
> >mailto:marko...@eunet.rs>> wrote:
> >After a long time I tried to scan a file but saw databases are very old
> >and update was not working. Then I deleted databases
> >from /var/lib/clamav thinking this will resolve problem. But obviously
> >I was wrong. And yes, I have another machine with clamav which is
> >behind the same NAT as the problematic machine.  
> 
> one time freshclam download should not cause a problem.
> 
> ...unless others knows more :)
> 
> >Now I just copied files from another machine and freshclam says
> >databases are up to date. I'll see after update become available if
> >freshclam will be able to download it.  
> 
> this _should_ work. but the real quest is why tehe above didn't work.
> If you cause problem, another update may be refused...
> 
> again, more info may be available from others
> 
> good luck and watch the logs.
> 
> On 08.04.21 16:23, Joel Esler (jesler) via clamav-users wrote:
> >Advice, for literally anyone:
> >
> >Upgrade to 103.2.  The FreshClam there is much better and will resolve the 
> >issues.  
> 
> I don't think this is easily doable for devuan ascii.
> (not much people want to backport manually)

I have backported software many times. It usually needs much time,
though in concrete case I suppose not so much because you can install
dependencies with 'apt-get build-deps clamav'. Furthermore, then you
have to update it manually. On the other hand, I'm sure the packages
will be updated in Devuan, just with a relatively long delay. It's
always so with Debian clamav packages.


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Error 429 when updating database

[Marko Randjelovic]

On Thu, 8 Apr 2021 17:52:01 +0200
Marko Randjelovic  wrote:

> On Thu, 8 Apr 2021 16:44:46 +0200
> Matus UHLAR - fantomas  wrote:
> 
> > On 08.04.21 16:37, marko...@eunet.rs wrote:  
> > >I use ClamAV on a Devuan ASCII (based on Debian Stretch) machine and 
> > >when try to update databases I get error 429 from server (logged in 
> > >/var/log/clamav/freshclam.log):
> > >
> > >Thu Apr  8 14:23:32 2021 -> ClamAV update process started at Thu Apr  
> > >8 14:23:32 2021
> > >Thu Apr  8 14:23:32 2021 -> WARNING: Your ClamAV installation is 
> > >OUTDATED!
> > >Thu Apr  8 14:23:32 2021 -> WARNING: Local version: 0.102.4 
> > >Recommended version: 0.103.2
> > >Thu Apr  8 14:23:32 2021 -> DON'T PANIC! Read 
> > >https://www.clamav.net/documents/upgrading-clamav
> > >Thu Apr  8 14:23:32 2021 -> daily database available for download 
> > >(remote version: 26134)
> > >Thu Apr  8 14:23:32 2021 -> WARNING: downloadFile: Unexpected response 
> > >(429) from https://database.clamav.net/daily.cvd
> > >Thu Apr  8 14:23:32 2021 -> WARNING: getcvd: Can't download daily.cvd 
> > >from https://database.clamav.net/daily.cvd
> > >Thu Apr  8 14:23:32 2021 -> Trying again in 5 secs...
> > >
> > >Is there a way to solve this?
> > 
> > code 429 means you make a problem:
> > 
> > https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html
> > 
> > are you behind NAT? do you use clamav on multiple machines?
> > 
> >   
> 
> After a long time I tried to scan a file but saw databases are very old
> and update was not working. Then I deleted databases
> from /var/lib/clamav thinking this will resolve problem. But obviously
> I was wrong. And yes, I have another machine with clamav which is
> behind the same NAT as the problematic machine.
> 
> Now I just copied files from another machine and freshclam says
> databases are up to date. I'll see after update become available if
> freshclam will be able to download it.

Hi all,

This morning I tunrned the machine on and according to the log
everything is fine (for now):

Sat Apr 10 08:18:36 2021 -> --
Sat Apr 10 08:18:36 2021 -> freshclam daemon 0.102.4 (OS: linux-gnu, ARCH: 
x86_64, CPU: x86_64)
Sat Apr 10 08:18:36 2021 -> ClamAV update process started at Sat Apr 10 
08:18:36 2021
Sat Apr 10 08:18:36 2021 -> WARNING: Your ClamAV installation is OUTDATED!
Sat Apr 10 08:18:36 2021 -> WARNING: Local version: 0.102.4 Recommended 
version: 0.103.2
Sat Apr 10 08:18:36 2021 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Sat Apr 10 08:18:36 2021 -> daily database available for update (local version: 
26134, remote version: 26135)
Sat Apr 10 08:18:51 2021 -> Testing database: 
'/var/lib/clamav/tmp.2b89c/clamav-432b432fd939b436dca2c710f8d051cd.tmp-daily.cld'
 ...
Sat Apr 10 08:19:02 2021 -> Database test passed.
Sat Apr 10 08:19:02 2021 -> daily.cld updated (version: 26135, sigs: 3969549, 
f-level: 63, builder: raynman)
Sat Apr 10 08:19:03 2021 -> main.cvd database is up to date (version: 59, sigs: 
4564902, f-level: 60, builder: sigmgr)
Sat Apr 10 08:19:03 2021 -> bytecode.cld database is up to date (version: 333, 
sigs: 92, f-level: 63, builder: awillia2)
Sat Apr 10 08:19:03 2021 -> WARNING: Clamd was NOT notified: Can't connect to 
clamd through /var/run/clamav/clamd.ctl: No such file or directory
Sat Apr 10 08:19:03 2021 -> --

Regards,
Marko


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml