Re: [clamav-users] Detected duplicate databases
Hello, thank you. I reported a bug : https://bugzilla.clamav.net/show_bug.cgi?id=12009 If needed I can provide more informations. Best regards On 18 January 2018 at 23:23, Tom Judge (tomjudge) wrote: > It sounds like at some point the freshclam process being used to populate > the private mirror failed to delete the CVD file after applying a CDIFF and > generating the CLD. > > The client in private mirror mode will look for both a CVD and a CLD and > download the file with the correct version number after doing a HEAD for > the metadata of the file. > > I'd start by deleting all the data from the mirror and re-initializing it > with freshclam. After 4 hours or so run freshclam again on the master to > make sure it downloads and apples the CDIFF correctly and generates the CLD > and removes the CLD. > > It's possible there is/was a permissions issue not allowing freshclam to > delete the original CVD. > > > Tom > > > On Jan 18, 2018, at 3:45 PM, Al Varnell wrote: > > > > As I mentioned before, I don't use a private mirror, so I've dropped out > of the conversation. Someone who does use option 2 needs to double-check > your settings here. > > > > -Al- > > > > On Thu, Jan 18, 2018 at 10:07 AM, Hugo Deprez wrote: > >> Hello, > >> > >> I don't think I'm the only one having this issue. It seems that I used > the > >> official configuration from http://www.clamav.net/doc/mirrors-faq.html > <http://www.clamav.net/doc/mirrors-faq.html> > >> Should I report the issue somewhere ? > >> > >> The only way I see to avoid this issue is to create a shell script and > to > >> push the updates my self on all servers, but this is not the proper way > to > >> do this... > >> > >> Hugo > >> > >> On 15 January 2018 at 11:44, Hugo Deprez <mailto:hugo.dep...@gmail.com>> wrote: > >> > >>> Hello, > >>> > >>> by using this freshclam.conf : > >>> > >>> AllowSupplementaryGroups false > >>> Bytecode true > >>> Checks 24 > >>> CompressLocalDatabase no > >>> ConnectTimeout 30 > >>> DNSDatabaseInfo current.cvd.clamav.net <http://current.cvd.clamav.net/ > > > >>> DatabaseDirectory /var/lib/clamav > >>> DatabaseMirror mirror.recette.local > >>> DatabaseOwner clamav > >>> Debug false > >>> Foreground false > >>> LogFacility LOG_LOCAL6 > >>> LogFileMaxSize 0 > >>> LogRotate true > >>> LogSyslog true > >>> LogTime yes > >>> LogVerbose false > >>> MaxAttempts 5 > >>> PidFile /var/run/clamav/freshclam.pid > >>> #PrivateMirror mirror.recette.local > >>> ReceiveTimeout 30 > >>> ScriptedUpdates no > >>> TestDatabases yes > >>> UpdateLogFile /var/log/clamav/freshclam.log > >>> > >>> I got the old issue : > >>> > >>> root@server:/var/lib/clamav# rm -f * > >>> root@server:/var/lib/clamav# freshclam > >>> ClamAV update process started at Mon Jan 15 11:38:48 2018 > >>> Downloading main.cvd [100%] > >>> main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > >>> Downloading daily.cvd [100%] > >>> daily.cvd updated (version: 24223, sigs: 1825336, f-level: 63, builder: > >>> neo) > >>> Downloading bytecode.cvd [100%] > >>> bytecode.cvd updated (version: 315, sigs: 75, f-level: 63, builder: > >>> raynman) > >>> Database updated (6391660 signatures) from mirror.recette.local (IP: > >>> 192.168.1.15) > >>> root@raadmin:/var/lib/clamav# freshclam > >>> ClamAV update process started at Mon Jan 15 11:40:00 2018 > >>> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, > builder: > >>> sigmgr) > >>> daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > >>> builder: neo) > >>> Downloading bytecode.cvd [100%] > >>> WARNING: Mirror 192.168.8.15 is not synchronized. > >>> Trying again in 5 secs... > >>> ClamAV update process started at Mon Jan 15 11:40:05 2018 > >>> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, > builder: > >>> sigmgr) > >>> daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > >>> builder: neo) > >>> WARNING: Can't download bytecode.cvd from
Re: [clamav-users] Detected duplicate databases
Hello, I don't think I'm the only one having this issue. It seems that I used the official configuration from http://www.clamav.net/doc/mirrors-faq.html Should I report the issue somewhere ? The only way I see to avoid this issue is to create a shell script and to push the updates my self on all servers, but this is not the proper way to do this... Hugo On 15 January 2018 at 11:44, Hugo Deprez wrote: > Hello, > > by using this freshclam.conf : > > AllowSupplementaryGroups false > Bytecode true > Checks 24 > CompressLocalDatabase no > ConnectTimeout 30 > DNSDatabaseInfo current.cvd.clamav.net > DatabaseDirectory /var/lib/clamav > DatabaseMirror mirror.recette.local > DatabaseOwner clamav > Debug false > Foreground false > LogFacility LOG_LOCAL6 > LogFileMaxSize 0 > LogRotate true > LogSyslog true > LogTime yes > LogVerbose false > MaxAttempts 5 > PidFile /var/run/clamav/freshclam.pid > #PrivateMirror mirror.recette.local > ReceiveTimeout 30 > ScriptedUpdates no > TestDatabases yes > UpdateLogFile /var/log/clamav/freshclam.log > > I got the old issue : > > root@server:/var/lib/clamav# rm -f * > root@server:/var/lib/clamav# freshclam > ClamAV update process started at Mon Jan 15 11:38:48 2018 > Downloading main.cvd [100%] > main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) > Downloading daily.cvd [100%] > daily.cvd updated (version: 24223, sigs: 1825336, f-level: 63, builder: > neo) > Downloading bytecode.cvd [100%] > bytecode.cvd updated (version: 315, sigs: 75, f-level: 63, builder: > raynman) > Database updated (6391660 signatures) from mirror.recette.local (IP: > 192.168.1.15) > root@raadmin:/var/lib/clamav# freshclam > ClamAV update process started at Mon Jan 15 11:40:00 2018 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > builder: neo) > Downloading bytecode.cvd [100%] > WARNING: Mirror 192.168.8.15 is not synchronized. > Trying again in 5 secs... > ClamAV update process started at Mon Jan 15 11:40:05 2018 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > builder: neo) > WARNING: Can't download bytecode.cvd from mirror.recette.local > Trying again in 5 secs... > ClamAV update process started at Mon Jan 15 11:40:10 2018 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > builder: neo) > WARNING: Can't download bytecode.cvd from mirror.recette.local > Trying again in 5 secs... > ClamAV update process started at Mon Jan 15 11:40:15 2018 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > builder: neo) > WARNING: Can't download bytecode.cvd from mirror.recette.local > Trying again in 5 secs... > ClamAV update process started at Mon Jan 15 11:40:20 2018 > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, > builder: neo) > ERROR: Can't download bytecode.cvd from mirror.recette.local > Giving up on mirror.recette.local ... > Update failed. Your network may be down or none of the mirrors listed in > /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/ > mirrors-faq.html for possible reasons. > > > > On 14 January 2018 at 10:36, Al Varnell wrote: > >> >> On Sat, Jan 13, 2018 at 04:12 AM, Hugo Deprez wrote: >> > >> > hello, >> > >> > sorry I wasn't clear : >> > >> > - I used solution number 3 or more than one year, but freshclam on >> clients >> > was randomly reporting error on downloading cvd files. I never found the >> > solution : >> > >> > *Tue Dec 1 17:54:34 2015 -> WARNING: Can't download daily.cvd from * >> > >> > *mirror* >> > >> > - So now I switch to solution number 2 from >> > https://www.clamav.net/documents/private-local-mirrors >> > >> > My "/etc/clamav/freshclam.conf" is : >> > >> > *AllowSupplementaryGroups falseBytecode trueChecks >> > 24CompressLocalDatabase noConnectTimeout 30DNSDatabaseInfo >> > current.cvd.clamav.net >> > <http://current.cvd.clamav.net>DatabaseDirectory >> > /var/lib/clamavDatabaseMirror mirror.recette.localDatabaseOwner >> > clamavDebug
Re: [clamav-users] Detected duplicate databases
Hello, by using this freshclam.conf : AllowSupplementaryGroups false Bytecode true Checks 24 CompressLocalDatabase no ConnectTimeout 30 DNSDatabaseInfo current.cvd.clamav.net DatabaseDirectory /var/lib/clamav DatabaseMirror mirror.recette.local DatabaseOwner clamav Debug false Foreground false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogSyslog true LogTime yes LogVerbose false MaxAttempts 5 PidFile /var/run/clamav/freshclam.pid #PrivateMirror mirror.recette.local ReceiveTimeout 30 ScriptedUpdates no TestDatabases yes UpdateLogFile /var/log/clamav/freshclam.log I got the old issue : root@server:/var/lib/clamav# rm -f * root@server:/var/lib/clamav# freshclam ClamAV update process started at Mon Jan 15 11:38:48 2018 Downloading main.cvd [100%] main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily.cvd [100%] daily.cvd updated (version: 24223, sigs: 1825336, f-level: 63, builder: neo) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 315, sigs: 75, f-level: 63, builder: raynman) Database updated (6391660 signatures) from mirror.recette.local (IP: 192.168.1.15) root@raadmin:/var/lib/clamav# freshclam ClamAV update process started at Mon Jan 15 11:40:00 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, builder: neo) Downloading bytecode.cvd [100%] WARNING: Mirror 192.168.8.15 is not synchronized. Trying again in 5 secs... ClamAV update process started at Mon Jan 15 11:40:05 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, builder: neo) WARNING: Can't download bytecode.cvd from mirror.recette.local Trying again in 5 secs... ClamAV update process started at Mon Jan 15 11:40:10 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, builder: neo) WARNING: Can't download bytecode.cvd from mirror.recette.local Trying again in 5 secs... ClamAV update process started at Mon Jan 15 11:40:15 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, builder: neo) WARNING: Can't download bytecode.cvd from mirror.recette.local Trying again in 5 secs... ClamAV update process started at Mon Jan 15 11:40:20 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd is up to date (version: 24223, sigs: 1825336, f-level: 63, builder: neo) ERROR: Can't download bytecode.cvd from mirror.recette.local Giving up on mirror.recette.local ... Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons. On 14 January 2018 at 10:36, Al Varnell wrote: > > On Sat, Jan 13, 2018 at 04:12 AM, Hugo Deprez wrote: > > > > hello, > > > > sorry I wasn't clear : > > > > - I used solution number 3 or more than one year, but freshclam on > clients > > was randomly reporting error on downloading cvd files. I never found the > > solution : > > > > *Tue Dec 1 17:54:34 2015 -> WARNING: Can't download daily.cvd from * > > > > *mirror* > > > > - So now I switch to solution number 2 from > > https://www.clamav.net/documents/private-local-mirrors > > > > My "/etc/clamav/freshclam.conf" is : > > > > *AllowSupplementaryGroups falseBytecode trueChecks > > 24CompressLocalDatabase noConnectTimeout 30DNSDatabaseInfo > > current.cvd.clamav.net > > <http://current.cvd.clamav.net>DatabaseDirectory > > /var/lib/clamavDatabaseMirror mirror.recette.localDatabaseOwner > > clamavDebug falseForeground falseLogFacility LOG_LOCAL6LogFileMaxSize > > 0LogRotate trueLogSyslog trueLogTime yesLogVerbose falseMaxAttempts > > 5PidFile /var/run/clamav/freshclam.pidPrivateMirror > > mirror.recette.localReceiveTimeout 30ScriptedUpdates noTestDatabases > > yesUpdateLogFile /var/log/clamav/freshclam.log* > > > > But when I run freshclam, it still downloading the cld files : > > Because you changed PrivateMirror to mirror.recette.local. See > freshclam.conf: > > # This option allows you to easily point freshclam to private mirrors. > # If PrivateMirror is set, freshclam does not attempt to use DNS > # to determine whether its databases are out-of-date, instead it will > # use the If-Modified-Since request or directly check the headers of the > # remote database files. For each database, freshclam first attempts > # to download the CLD file. If that fails, it tries to download the &g
Re: [clamav-users] Detected duplicate databases
hello, sorry I wasn't clear : - I used solution number 3 or more than one year, but freshclam on clients was randomly reporting error on downloading cvd files. I never found the solution : *Tue Dec 1 17:54:34 2015 -> WARNING: Can't download daily.cvd from * *mirror* - So now I switch to solution number 2 from https://www.clamav.net/documents/private-local-mirrors My "/etc/clamav/freshclam.conf" is : *AllowSupplementaryGroups falseBytecode trueChecks 24CompressLocalDatabase noConnectTimeout 30DNSDatabaseInfo current.cvd.clamav.net <http://current.cvd.clamav.net>DatabaseDirectory /var/lib/clamavDatabaseMirror mirror.recette.localDatabaseOwner clamavDebug falseForeground falseLogFacility LOG_LOCAL6LogFileMaxSize 0LogRotate trueLogSyslog trueLogTime yesLogVerbose falseMaxAttempts 5PidFile /var/run/clamav/freshclam.pidPrivateMirror mirror.recette.localReceiveTimeout 30ScriptedUpdates noTestDatabases yesUpdateLogFile /var/log/clamav/freshclam.log* But when I run freshclam, it still downloading the cld files : *# freshclam* *ClamAV update process started at Sat Jan 13 13:07:47 2018Reading CVD header (main.cld): OK (IMS)Reading CVD header (main.cvd): OK (IMS)main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)Reading CVD header (daily.cld): OKDownloading daily.cld [100%]daily.cld updated (version: 24217, sigs: 1823727, f-level: 63, builder: neo)Reading CVD header (bytecode.cld): OKbytecode.cvd is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)[LibClamAV] Detected duplicate databases /var/lib/clamav/daily.cvd and /var/lib/clamav/daily.cld. The /var/lib/clamav/daily.cvd database is older and will not be loaded, you should manually remove it from the database directory.Database updated (6390051 signatures) from mirror.recette.local (IP: 192.168.1.15)*If I remove cld files from my private mirror : *# freshclamClamAV update process started at Sat Jan 13 13:10:18 2018Downloading main.cld [100%]main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)Downloading daily.cld [100%]daily.cld updated (version: 24217, sigs: 1823727, f-level: 63, builder: neo)WARNING: getfile: bytecode.cld not found on mirror.recette.local (IP: 192.168.1.15)WARNING: Can't download bytecode.cld from mirror.recette.localDownloading bytecode.cvd [100%]bytecode.cvd updated (version: 319, sigs: 75, f-level: 63, builder: neo)Database updated (6390051 signatures) from mirror.recette.local (IP: 192.168.1.15)* I just want to run freshclam without any error. * Any idea ? * On 11 January 2018 at 10:37, Al Varnell wrote: > On Thu, Jan 11, 2018 at 01:15 AM, Hugo Deprez wrote: > > Hello, > > > > thank you for the answer. > > I don't think my freshclam is trying to download the cdiff file because I > > use : ScriptedUpdates no > > > > Is this parameter you are talking about incremental updates ? > > Yes, that's what I was referring to. > > > I know this is not bandwith efficient, but I had to many issues with > > freshclam and my local repository made by clamdownloader.pl > > So you are using an option 3 private local mirror as described in < > https://www.clamav.net/documents/private-local-mirrors>. Make sure you > also change freshclam.conf "DatabaseMirror machine1.mylan" where > machine1.mylan is the name of your mirror server. > > Also make sure you are using the latest version of the clamavdownloader.pl > <https://github.com/akissa/clamav-faq/blob/master/ > mirrors/clamdownloader.pl> > > The existing clamdownloader.pl script does not have any error correction > it simply bails out if a downloaded file is not valid and is unable to > retry different mirrors if one fails. That is the most likely reason for > those 404 errors. > > I have no experience with private local mirrors, but you might have better > luck with the clamavmirror script <https://pypi.python.org/pypi/ > clamavmirror/0.0.3>. > > -Al- > > > Best regards, > > > > On 10 January 2018 at 10:20, Al Varnell alvarn...@mac.com>> wrote: > > > >> The first time freshclam pulls down a daily.cdiff file, your daily.cvd > >> file will be decompressed to daily.cld and the .cdiff file added to it. > >> From that point on you should only have the daily.cld file. One > exception > >> is that if for some reason freshclam is unable to find needed .cdiff > files > >> on a mirror, it will download a new .cvd file which will start the > process > >> again. > >> > >> It is possible to reconfigure freshclam to download .cvd files by > >> disabling incremental updates, but that would be very inefficient use of > >> bandwidth and mirror server tim
Re: [clamav-users] Detected duplicate databases
Hello, thank you for the answer. I don't think my freshclam is trying to download the cdiff file because I use : ScriptedUpdates no Is this parameter you are talking about incremental updates ? I know this is not bandwith efficient, but I had to many issues with freshclam and my local repository made by clamdownloader.pl Best regards, On 10 January 2018 at 10:20, Al Varnell wrote: > The first time freshclam pulls down a daily.cdiff file, your daily.cvd > file will be decompressed to daily.cld and the .cdiff file added to it. > From that point on you should only have the daily.cld file. One exception > is that if for some reason freshclam is unable to find needed .cdiff files > on a mirror, it will download a new .cvd file which will start the process > again. > > It is possible to reconfigure freshclam to download .cvd files by > disabling incremental updates, but that would be very inefficient use of > bandwidth and mirror server time, so unless you have a overriding need for > that, I don't recommend it. > > -Al- > > On Wed, Jan 10, 2018 at 01:12 AM, Hugo Deprez wrote: > > Hello, > > > > I have a question about daily.cvd and daily.cld files. If I understood > > correctly, those two files are almost the same : one is compressed, the > > other is not. > > Still I have an issue in my setup : > > > > If I put both filtes in apache2 server (which act as PrivateMirror) : > > > > -rw-r--r-- 1 www-data www-data 117892267 07.06.2017 23:38 main.cvd > > -rw-r--r-- 1 www-data www-data153228 07.12.2017 03:17 bytecode.cvd > > lrwxrwxrwx 1 root root 8 05.01.2018 10:14 main.cld -> > > main.cvd > > lrwxrwxrwx 1 root root 9 05.01.2018 10:14 daily.cld -> > > daily.cvd > > lrwxrwxrwx 1 root root12 05.01.2018 10:14 bytecode.cld -> > > bytecode.cvd > > -rw-r--r-- 1 www-data www-data 43804052 10.01.2018 06:17 daily.cvd > > > > On the client side I have this Warning : > > > > LibClamAV Warning: Detected duplicate databases /var/lib/clamav/daily.cvd > > and /var/lib/clamav/daily.cld, please manually remove one of them > > > > > > But If I remove the *.cld files on my PrivateMirror I got multiples 404 > > errors from the Freshclam clients. > > > > Is there a way to configure Freshclam in order to grabe only the cvd > files > > ? > > > > Best regards, > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Detected duplicate databases
Hello, I have a question about daily.cvd and daily.cld files. If I understood correctly, those two files are almost the same : one is compressed, the other is not. Still I have an issue in my setup : If I put both filtes in apache2 server (which act as PrivateMirror) : -rw-r--r-- 1 www-data www-data 117892267 07.06.2017 23:38 main.cvd -rw-r--r-- 1 www-data www-data153228 07.12.2017 03:17 bytecode.cvd lrwxrwxrwx 1 root root 8 05.01.2018 10:14 main.cld -> main.cvd lrwxrwxrwx 1 root root 9 05.01.2018 10:14 daily.cld -> daily.cvd lrwxrwxrwx 1 root root12 05.01.2018 10:14 bytecode.cld -> bytecode.cvd -rw-r--r-- 1 www-data www-data 43804052 10.01.2018 06:17 daily.cvd On the client side I have this Warning : LibClamAV Warning: Detected duplicate databases /var/lib/clamav/daily.cvd and /var/lib/clamav/daily.cld, please manually remove one of them But If I remove the *.cld files on my PrivateMirror I got multiples 404 errors from the Freshclam clients. Is there a way to configure Freshclam in order to grabe only the cvd files ? Best regards, ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshcalm issues
Hello, am I the only one having that kind of issues ? On 3 January 2017 at 14:49, Hugo Deprez wrote: > Hello, > > I still have some issues with my local clamav proxy. > Here is the command I use to reproduce the issue. > > To some up : > - clean up /var/lib/clamav, > - start freshclam to download updates, > - restart freshclam randomly to get update => Here I get warning messages, > and finaly flag my mirror as down > > Any idea ? > > root@admin:/var/lib/clamav# ll > total 136296 > -rw-r--r-- 1 clamav clamav 96528 23.11.2016 21:06 bytecode.cvd > -rw-r--r-- 1 clamav clamav 30314677 03.01.2017 10:43 daily.cvd > -rw-r--r-- 1 clamav clamav 109143933 17.03.2016 06:55 main.cvd > -rw--- 1 clamav clamav52 03.01.2017 14:43 mirrors.dat > root@admin:/var/lib/clamav# rm -f * > > root@admin:/var/lib/clamav# freshclam > ClamAV update process started at Tue Jan 3 14:43:25 2017 > Downloading main.cvd [100%] > main.cvd updated (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > Downloading daily.cvd [100%] > daily.cvd updated (version: 22827, sigs: 1230804, f-level: 63, builder: > neo) > Downloading bytecode.cvd [100%] > bytecode.cvd updated (version: 285, sigs: 57, f-level: 63, builder: bbaker) > Database updated (5449651 signatures) from proxy.domain.local (IP: > 192.168.1.1) > root@admin:/var/lib/clamav# freshclam > ClamAV update process started at Tue Jan 3 14:43:48 2017 > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > Downloading daily.cvd [100%] > WARNING: Mirror 192.168.1.1 is not synchronized. > Trying again in 5 secs... > ClamAV update process started at Tue Jan 3 14:43:55 2017 > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > WARNING: Can't download daily.cvd from proxy.domain.local > Trying again in 5 secs... > ClamAV update process started at Tue Jan 3 14:44:00 2017 > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > WARNING: Can't download daily.cvd from proxy.domain.local > Trying again in 5 secs... > ClamAV update process started at Tue Jan 3 14:44:05 2017 > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > WARNING: Can't download daily.cvd from proxy.domain.local > Trying again in 5 secs... > ClamAV update process started at Tue Jan 3 14:44:10 2017 > main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: > amishhammer) > ERROR: Can't download daily.cvd from proxy.domain.local > Giving up on proxy.domain.local... > Update failed. Your network may be down or none of the mirrors listed in > /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/ > mirrors-faq.html for possible reasons. > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Freshcalm issues
Hello, I still have some issues with my local clamav proxy. Here is the command I use to reproduce the issue. To some up : - clean up /var/lib/clamav, - start freshclam to download updates, - restart freshclam randomly to get update => Here I get warning messages, and finaly flag my mirror as down Any idea ? root@admin:/var/lib/clamav# ll total 136296 -rw-r--r-- 1 clamav clamav 96528 23.11.2016 21:06 bytecode.cvd -rw-r--r-- 1 clamav clamav 30314677 03.01.2017 10:43 daily.cvd -rw-r--r-- 1 clamav clamav 109143933 17.03.2016 06:55 main.cvd -rw--- 1 clamav clamav52 03.01.2017 14:43 mirrors.dat root@admin:/var/lib/clamav# rm -f * root@admin:/var/lib/clamav# freshclam ClamAV update process started at Tue Jan 3 14:43:25 2017 Downloading main.cvd [100%] main.cvd updated (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Downloading daily.cvd [100%] daily.cvd updated (version: 22827, sigs: 1230804, f-level: 63, builder: neo) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 285, sigs: 57, f-level: 63, builder: bbaker) Database updated (5449651 signatures) from proxy.domain.local (IP: 192.168.1.1) root@admin:/var/lib/clamav# freshclam ClamAV update process started at Tue Jan 3 14:43:48 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) Downloading daily.cvd [100%] WARNING: Mirror 192.168.1.1 is not synchronized. Trying again in 5 secs... ClamAV update process started at Tue Jan 3 14:43:55 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) WARNING: Can't download daily.cvd from proxy.domain.local Trying again in 5 secs... ClamAV update process started at Tue Jan 3 14:44:00 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) WARNING: Can't download daily.cvd from proxy.domain.local Trying again in 5 secs... ClamAV update process started at Tue Jan 3 14:44:05 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) WARNING: Can't download daily.cvd from proxy.domain.local Trying again in 5 secs... ClamAV update process started at Tue Jan 3 14:44:10 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) ERROR: Can't download daily.cvd from proxy.domain.local Giving up on proxy.domain.local... Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] no new signatures
Hello, thank you. Now I understand, I though they were at least one update on daily.cvd per day. I still have issue with the script though : /root/clamdownloader.pl TXT from DNS: 0.99.1:57:21485:1459776540:1:63:44502:275 FIELDS main=57 daily=21485 bytecode=275 main old: 57 current: 57 daily old: 21484 current: 21485 « daily.cvd » -> « temp/daily.cvd » 2016-04-04 16:24:44 URL:http://clamav.poc.mirrors.ovh.net/daily.cvd [2206964/2206964] -> "daily.cvd" [1] file temp/daily.cvd not touched by wget « temp/daily.cvd » supprimé bytecode old: 275 current: 275 The script is failing to update my daily.cvd file. Seems wget issue related. Any idea ? Thank you On 4 April 2016 at 15:52, Al Varnell wrote: > Sorry, I should have checked my inbox first. > > Daily:21484 was pushed out about an hour ago, so check again. > > -Al- > > On Mon, Apr 04, 2016 at 06:47 AM, Al Varnell wrote: > > > > I don’t think I understand what you are saying. The DNS record shows > the latest version is 21484 which matches what you have and the last update > was on April 1 with daily:21484, so it would appear that everything is > working correctly at your end. There were no new signatures over the > weekend. > > > > -Al- > > > > On Mon, Apr 04, 2016 at 05:44 AM, Hugo Deprez wrote: > >> > >> Hello, > >> > >> I still have issue with clamav updates : > >> > >> using the clamdownloader.pl script for my local mirror, the daily.cvd > is > >> the one from 01/04/2016 : > >> # sigtool -i daily.cvd > >> File: daily.cvd > >> Build time: 01 Apr 2016 16:09 -0400 > >> Version: 21484 > >> Signatures: 83932 > >> Functionality level: 63 > >> Builder: neo > >> MD5: acd69c2bf770a9f80c13b4cb996a0704 > >> Digital signature: > >> > djy+YzR0QSQ9AiS0MeFYZiwLlgvGYurnFp1HWpJz2C+0p7Eio09dX9FHV+RYTQ/SHEGRDToGlFfbnrxy4iSOf38mN6a+WgWnZg8r3OMu0kkRtFIy94TXHlHFF6xBQBjr3qiJE8dFSwKcRNmgzvCo4lRgKQGSq+yVPu0RJYt08dc > >> Verification OK. > >> > >> > >> Looking at the DNS record from current.cvd.clamav.net: > >> > >> TXT from DNS: 0.99.1:57:21484:1459769340:1:63:44502:275 > >> FIELDS main=57 daily=21484 bytecode=275 > >> main old: 57 current: 57 > >> daily old: 21484 current: 21484 > >> bytecode old: 275 current: 275 > >> > >> > >> It seems that the DNS record is not up to date ? > >> > >> Any idea on what is going wrong ? > >> > >> Best regards, > >> > >> > >> > >> On 18 March 2016 at 17:12, Helmut Hullen wrote: > >> > >>> Hallo, SternData, > >>> > >>> Du meintest am 18.03.16: > >>> > >>>>> The signatures haven't been updated since Friday. > >>> > >>> [...] > >>> > >>>> I had a similar issue. After deleting /var/lib/clamav/mirrors.dat, > >>>> the updates started working again. > >>> > >>> No - that's another problem. > >>> > >>> I've just tried "freshclam" with deleted "mirrors.dat" - all three > *.cvd > >>> files are up to date, since 7 o'clock. Unchanged versions, levels 60, > 63 > >>> and 63. > >>> > >>> Viele Gruesse! > >>> Helmut > >>> > >>> ___ > >>> Help us build a comprehensive ClamAV guide: > >>> https://github.com/vrtadmin/clamav-faq > >>> > >>> http://www.clamav.net/contact.html#ml > >>> > >> ___ > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > > > > -Al- > > -Al- > -- > Al Varnell > Mountain View, CA > > > > > > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] no new signatures
Hello, I still have issue with clamav updates : using the clamdownloader.pl script for my local mirror, the daily.cvd is the one from 01/04/2016 : # sigtool -i daily.cvd File: daily.cvd Build time: 01 Apr 2016 16:09 -0400 Version: 21484 Signatures: 83932 Functionality level: 63 Builder: neo MD5: acd69c2bf770a9f80c13b4cb996a0704 Digital signature: djy+YzR0QSQ9AiS0MeFYZiwLlgvGYurnFp1HWpJz2C+0p7Eio09dX9FHV+RYTQ/SHEGRDToGlFfbnrxy4iSOf38mN6a+WgWnZg8r3OMu0kkRtFIy94TXHlHFF6xBQBjr3qiJE8dFSwKcRNmgzvCo4lRgKQGSq+yVPu0RJYt08dc Verification OK. Looking at the DNS record from current.cvd.clamav.net: TXT from DNS: 0.99.1:57:21484:1459769340:1:63:44502:275 FIELDS main=57 daily=21484 bytecode=275 main old: 57 current: 57 daily old: 21484 current: 21484 bytecode old: 275 current: 275 It seems that the DNS record is not up to date ? Any idea on what is going wrong ? Best regards, On 18 March 2016 at 17:12, Helmut Hullen wrote: > Hallo, SternData, > > Du meintest am 18.03.16: > > >> The signatures haven't been updated since Friday. > > [...] > > > I had a similar issue. After deleting /var/lib/clamav/mirrors.dat, > > the updates started working again. > > No - that's another problem. > > I've just tried "freshclam" with deleted "mirrors.dat" - all three *.cvd > files are up to date, since 7 o'clock. Unchanged versions, levels 60, 63 > and 63. > > Viele Gruesse! > Helmut > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Freshclam failing randomly
Yes my servers are not looking for cdiff any more. That's fine for me. I really don't understand why freshclam set my proxy to "Ignore : Yes". I think this is a bug. Do you know where I can report this issue ? Regards, On 3 December 2015 at 10:36, Al Varnell wrote: > On Thu, Dec 03, 2015 at 01:08 AM, Hugo Deprez wrote: > > > > I changed the crontab on the server to run every hour. > > > > 0 * * * * /root/clamdownloader.pl > > > > Here is my freshclam configuration : > > > > DatabaseDirectory /var/lib/clamav > > UpdateLogFile /var/log/clamav/freshclam.log > > LogFileMaxSize 0 > > LogTime true > > LogSyslog no > > LogRotate true > > DatabaseOwner clamav > > AllowSupplementaryGroups false > > DatabaseMirror proxy > > MaxAttempts 5 > > ScriptedUpdates no > > Checks 24 > > Foreground false > > Debug true > > > > I am not using DNS (DNSDatabaseInfo), as clients were looking for cdiff > not > > available on my server. > > With "ScriptedUpdates no" it should never be looking for .cdiff files. > > > I just want the client to download the available updates on the server. > > > > I still get errors : ERROR: Can't download daily.cvd from proxy > > I don't understand as the daily.cvd is on the server, and there no access > > logs. > > > > # freshclam --list-mirrors > > Mirror #1 > > IP: 192.168.1.8 > > Successes: 1 > > Failures: 1 > > Last access: Thu Dec 3 09:57:24 2015 > > Ignore: Yes > > "Ignore: Yes" disables that mirror for a set period of time (I forget how > long). > > > Any idea ? I assume that if I delete the mirrors.dat file, freshclam > will > > work again, but there is no reason to do this in my case. > > Deleting mirrors.dat is what I have users do when they can’t reach any > server, so yes, you will need to do that. I am not aware of any way to > configure freshclam to disable the Ignore routine. > > With that, I’m out of ideas. > > -Al- > > > On 2 December 2015 at 11:23, Al Varnell wrote: > >> On Wed, Dec 02, 2015 at 02:16 AM, Hugo Deprez wrote: > >>> > >>> Yes, this is one of issue I was thinking of. > >>> > >>> clamdownloader.pl is running every 5 minutes. I didn't found any > >>> information on how many updates there is per day. > >> > >> There have been 26 updates in the last 7 days, which is slightly higher > >> than usual. > >> > >>> Freshclam is set to Checks 24 > >>> > >>> What would you recommend ? > >> > >> From the Troubleshooting FAQ: > >> > >>>> If you are running ClamAV 0.8x or later, you can check for database > >>>> update as often as 4 times per hour provided that you have the > following > >>>> options in freshclam.conf: DNSDatabaseInfo current.cvd.clamav.net > >>>> DatabaseMirror db.XY.clamav.net DatabaseMirror database.clamav.net > >>>> Replace XY with your “country code”:iana. If you don’t have that > option, > >>>> then you must stick with 1 check per hour. > >>>> > >> -Al- > >> > >>> On 2 December 2015 at 10:19, Al Varnell wrote: > >>>> Perhaps your clients are trying to update at the same time your local > >>>> mirror is updating? How often do you update the local mirror? > >>>> > >>>> -Al- > >>>> > >>>> On Wed, Dec 02, 2015 at 01:01 AM, Hugo Deprez wrote: > >>>>> > >>>>> I configured a local mirror using clamdownloader.pl provided on your > >>>>> website. > >>>>> The script seems to be working fine. But clients randmly fails with > >>>>> errors > >>>>> such as : > >>>>> > >>>>> Tue Dec 1 17:54:28 2015 -> Received signal: wake up > >>>>> Tue Dec 1 17:54:28 2015 -> ClamAV update process started at Tue > Dec 1 > >>>>> 17:54:28 2015 > >>>>> Tue Dec 1 17:54:28 2015 -> main.cvd is up to date (version: 55, > sigs: > >>>>> 2424225, f-level: 60, builder: neo) > >>>>> Tue Dec 1 17:54:28 2015 -> Downloading daily.cvd [100%] > >>>>> Tue Dec 1 17:54:29 2015 -> WARNING: Mirror 192.168.6.8 is not > >>>>> synchronized. > >>>>> Tue Dec 1 17:54:29 2015 -> Trying again in 5 secs... > >>>>> Tue Dec 1 17:54:34 2015
Re: [clamav-users] Freshclam failing randomly
Hello, I changed the crontab on the server to run every hour. 0 * * * * /root/clamdownloader.pl Here is my freshclam configuration : DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/clamav/freshclam.log LogFileMaxSize 0 LogTime true LogSyslog no LogRotate true DatabaseOwner clamav AllowSupplementaryGroups false DatabaseMirror proxy MaxAttempts 5 ScriptedUpdates no Checks 24 Foreground false Debug true I am not using DNS (DNSDatabaseInfo), as clients were looking for cdiff not available on my server. I just want the client to download the available updates on the server. I still get errors : ERROR: Can't download daily.cvd from proxy I don't understand as the daily.cvd is on the server, and there no access logs. # freshclam --list-mirrors Mirror #1 IP: 192.168.1.8 Successes: 1 Failures: 1 Last access: Thu Dec 3 09:57:24 2015 Ignore: Yes Any idea ? I assume that if I delete the mirrors.dat file, freshclam will work again, but there is no reason to do this in my case. Hugo On 2 December 2015 at 11:23, Al Varnell wrote: > > On Wed, Dec 02, 2015 at 02:16 AM, Hugo Deprez wrote: > > > > Yes, this is one of issue I was thinking of. > > > > clamdownloader.pl is running every 5 minutes. I didn't found any > > information on how many updates there is per day. > > There have been 26 updates in the last 7 days, which is slightly higher > than usual. > > > Freshclam is set to Checks 24 > > > > What would you recommend ? > > From the Troubleshooting FAQ: > > >> If you are running ClamAV 0.8x or later, you can check for database > update as often as 4 times per hour provided that you have the following > options in freshclam.conf: DNSDatabaseInfo current.cvd.clamav.net > DatabaseMirror db.XY.clamav.net DatabaseMirror database.clamav.net > Replace XY with your “country code”:iana. If you don’t have that option, > then you must stick with 1 check per hour. > > -Al- > > > On 2 December 2015 at 10:19, Al Varnell wrote: > >> Perhaps your clients are trying to update at the same time your local > >> mirror is updating? How often do you update the local mirror? > >> > >> -Al- > >> > >> On Wed, Dec 02, 2015 at 01:01 AM, Hugo Deprez wrote: > >>> > >>> I configured a local mirror using clamdownloader.pl provided on your > >>> website. > >>> The script seems to be working fine. But clients randmly fails with > >>> errors > >>> such as : > >>> > >>> Tue Dec 1 17:54:28 2015 -> Received signal: wake up > >>> Tue Dec 1 17:54:28 2015 -> ClamAV update process started at Tue Dec 1 > >>> 17:54:28 2015 > >>> Tue Dec 1 17:54:28 2015 -> main.cvd is up to date (version: 55, sigs: > >>> 2424225, f-level: 60, builder: neo) > >>> Tue Dec 1 17:54:28 2015 -> Downloading daily.cvd [100%] > >>> Tue Dec 1 17:54:29 2015 -> WARNING: Mirror 192.168.6.8 is not > >>> synchronized. > >>> Tue Dec 1 17:54:29 2015 -> Trying again in 5 secs... > >>> Tue Dec 1 17:54:34 2015 -> ClamAV update process started at Tue Dec 1 > >>> 17:54:34 2015 > >>> Tue Dec 1 17:54:34 2015 -> main.cvd is up to date (version: 55, sigs: > >>> 2424225, f-level: 60, builder: neo) > >>> Tue Dec 1 17:54:34 2015 -> WARNING: Can't download daily.cvd from > mirror > >>> Tue Dec 1 17:54:34 2015 -> Trying again in 5 secs... > >>> Tue Dec 1 17:54:39 2015 -> ClamAV update process started at Tue Dec 1 > >>> 17:54:39 2015 > >>> Tue Dec 1 17:54:39 2015 -> main.cvd is up to date (version: 55, sigs: > >>> 2424225, f-level: 60, builder: neo) > >>> Tue Dec 1 17:54:39 2015 -> WARNING: Can't download daily.cvd from > mirror > >>> Tue Dec 1 17:54:39 2015 -> Trying again in 5 secs... > >>> Tue Dec 1 17:54:44 2015 -> ClamAV update process started at Tue Dec 1 > >>> 17:54:44 2015 > >>> Tue Dec 1 17:54:44 2015 -> main.cvd is up to date (version: 55, sigs: > >>> 2424225, f-level: 60, builder: neo) > >>> Tue Dec 1 17:54:44 2015 -> WARNING: Can't download daily.cvd from > mirror > >>> Tue Dec 1 17:54:44 2015 -> Trying again in 5 secs... > >>> Tue Dec 1 17:54:49 2015 -> ClamAV update process started at Tue Dec 1 > >>> 17:54:49 2015 > >>> Tue Dec 1 17:54:49 2015 -> main.cvd is up to date (version: 55, sigs: > >>> 2424225, f-level: 60, builder: neo) > >>> Tue Dec 1 17:54:49 2015 -> ERROR: Can't download daily.cvd from mirror > &
Re: [clamav-users] Freshclam failing randomly
Yes, this is one of issue I was thinking of. clamdownloader.pl is running every 5 minutes. I didn't found any information on how many updates there is per day. Freshclam is set to Checks 24 What would you recommend ? Best regards, On 2 December 2015 at 10:19, Al Varnell wrote: > Perhaps your clients are trying to update at the same time your local > mirror is updating? How often do you update the local mirror? > > -Al- > > On Wed, Dec 02, 2015 at 01:01 AM, Hugo Deprez wrote: > > > > Hello, > > > > I configured a local mirror using clamdownloader.pl provided on your > > website. > > The script seems to be working fine. But clients randmly fails with > errors > > such as : > > > > Tue Dec 1 17:54:28 2015 -> Received signal: wake up > > Tue Dec 1 17:54:28 2015 -> ClamAV update process started at Tue Dec 1 > > 17:54:28 2015 > > Tue Dec 1 17:54:28 2015 -> main.cvd is up to date (version: 55, sigs: > > 2424225, f-level: 60, builder: neo) > > Tue Dec 1 17:54:28 2015 -> Downloading daily.cvd [100%] > > Tue Dec 1 17:54:29 2015 -> WARNING: Mirror 192.168.6.8 is not > synchronized. > > Tue Dec 1 17:54:29 2015 -> Trying again in 5 secs... > > Tue Dec 1 17:54:34 2015 -> ClamAV update process started at Tue Dec 1 > > 17:54:34 2015 > > Tue Dec 1 17:54:34 2015 -> main.cvd is up to date (version: 55, sigs: > > 2424225, f-level: 60, builder: neo) > > Tue Dec 1 17:54:34 2015 -> WARNING: Can't download daily.cvd from mirror > > Tue Dec 1 17:54:34 2015 -> Trying again in 5 secs... > > Tue Dec 1 17:54:39 2015 -> ClamAV update process started at Tue Dec 1 > > 17:54:39 2015 > > Tue Dec 1 17:54:39 2015 -> main.cvd is up to date (version: 55, sigs: > > 2424225, f-level: 60, builder: neo) > > Tue Dec 1 17:54:39 2015 -> WARNING: Can't download daily.cvd from mirror > > Tue Dec 1 17:54:39 2015 -> Trying again in 5 secs... > > Tue Dec 1 17:54:44 2015 -> ClamAV update process started at Tue Dec 1 > > 17:54:44 2015 > > Tue Dec 1 17:54:44 2015 -> main.cvd is up to date (version: 55, sigs: > > 2424225, f-level: 60, builder: neo) > > Tue Dec 1 17:54:44 2015 -> WARNING: Can't download daily.cvd from mirror > > Tue Dec 1 17:54:44 2015 -> Trying again in 5 secs... > > Tue Dec 1 17:54:49 2015 -> ClamAV update process started at Tue Dec 1 > > 17:54:49 2015 > > Tue Dec 1 17:54:49 2015 -> main.cvd is up to date (version: 55, sigs: > > 2424225, f-level: 60, builder: neo) > > Tue Dec 1 17:54:49 2015 -> ERROR: Can't download daily.cvd from mirror > > Tue Dec 1 17:54:49 2015 -> Giving up on mirror... > > Tue Dec 1 17:54:49 2015 -> Update failed. Your network may be down or > none > > of the mirrors listed in /etc/clamav/freshclam.conf is working. Check > > http://www.clamav.net/doc/mirrors-faq.html for possible reasons. > > > > > > This happen randomly on all servers. I read the FAQ about those messages, > > but it didn't helped me to solve the issue. > > > > Do you have any information about this ? > > > > Best regards, > > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Freshclam failing randomly
Hello, I configured a local mirror using clamdownloader.pl provided on your website. The script seems to be working fine. But clients randmly fails with errors such as : Tue Dec 1 17:54:28 2015 -> Received signal: wake up Tue Dec 1 17:54:28 2015 -> ClamAV update process started at Tue Dec 1 17:54:28 2015 Tue Dec 1 17:54:28 2015 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Tue Dec 1 17:54:28 2015 -> Downloading daily.cvd [100%] Tue Dec 1 17:54:29 2015 -> WARNING: Mirror 192.168.6.8 is not synchronized. Tue Dec 1 17:54:29 2015 -> Trying again in 5 secs... Tue Dec 1 17:54:34 2015 -> ClamAV update process started at Tue Dec 1 17:54:34 2015 Tue Dec 1 17:54:34 2015 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Tue Dec 1 17:54:34 2015 -> WARNING: Can't download daily.cvd from mirror Tue Dec 1 17:54:34 2015 -> Trying again in 5 secs... Tue Dec 1 17:54:39 2015 -> ClamAV update process started at Tue Dec 1 17:54:39 2015 Tue Dec 1 17:54:39 2015 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Tue Dec 1 17:54:39 2015 -> WARNING: Can't download daily.cvd from mirror Tue Dec 1 17:54:39 2015 -> Trying again in 5 secs... Tue Dec 1 17:54:44 2015 -> ClamAV update process started at Tue Dec 1 17:54:44 2015 Tue Dec 1 17:54:44 2015 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Tue Dec 1 17:54:44 2015 -> WARNING: Can't download daily.cvd from mirror Tue Dec 1 17:54:44 2015 -> Trying again in 5 secs... Tue Dec 1 17:54:49 2015 -> ClamAV update process started at Tue Dec 1 17:54:49 2015 Tue Dec 1 17:54:49 2015 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Tue Dec 1 17:54:49 2015 -> ERROR: Can't download daily.cvd from mirror Tue Dec 1 17:54:49 2015 -> Giving up on mirror... Tue Dec 1 17:54:49 2015 -> Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons. This happen randomly on all servers. I read the FAQ about those messages, but it didn't helped me to solve the issue. Do you have any information about this ? Best regards, ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Private Local Mirrors issue
Hello, I think I solved the issue by setting the following option on my clients : ScriptedUpdates no On 21 October 2015 at 15:13, Hugo Deprez wrote: > Hello, > > I read the documentation for setting up a local repo for my clients : > http://www.clamav.net/documents/private-local-mirrors > > My proxy server is running the crontab to get the update on the internet : > */30 * * * * /root/z_script_for_crontab/clamdownloader.pl > > I have an issue with my clients, which happen from time to time : > > Wed Oct 21 14:53:03 2015 -> Received signal: wake up > Wed Oct 21 14:53:03 2015 -> ClamAV update process started at Wed Oct 21 > 14:53:03 2015 > Wed Oct 21 14:53:03 2015 -> main.cvd is up to date (version: 55, sigs: > 2424225, f-level: 60, builder: neo) > Wed Oct 21 14:53:03 2015 -> WARNING: getfile: daily-20992.cdiff not found > on remote server (IP: 192.168.1.1) > Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download > daily-20992.cdiff from proxy > Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download > daily-20992.cdiff from proxy > Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download > daily-20992.cdiff from proxy > Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download > daily-20992.cdiff from proxy > Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download > daily-20992.cdiff from proxy > Wed Oct 21 14:53:03 2015 -> WARNING: Incremental update failed, trying to > download daily.cvd > Wed Oct 21 14:53:04 2015 -> Downloading daily.cvd [100%] > Wed Oct 21 14:53:05 2015 -> WARNING: Mirror 192.168.1.1 is not > synchronized. > Wed Oct 21 14:53:05 2015 -> Trying again in 5 secs... > > > I checked on the proxy, the file daily-20992.cdiff was not present when > the client try to update, but the clamav record dns was up to date. > > What should I do to avoid this ? > > - Run the crontab every 15 min ? > - modify the client freshclam.conf file ? I just use DatabaseMirror proxy > for now. Should I turn off scripted update ? > > Thank you for you help ! > > Best regards > > Hugo > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Private Local Mirrors issue
Hello, I read the documentation for setting up a local repo for my clients : http://www.clamav.net/documents/private-local-mirrors My proxy server is running the crontab to get the update on the internet : */30 * * * * /root/z_script_for_crontab/clamdownloader.pl I have an issue with my clients, which happen from time to time : Wed Oct 21 14:53:03 2015 -> Received signal: wake up Wed Oct 21 14:53:03 2015 -> ClamAV update process started at Wed Oct 21 14:53:03 2015 Wed Oct 21 14:53:03 2015 -> main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Wed Oct 21 14:53:03 2015 -> WARNING: getfile: daily-20992.cdiff not found on remote server (IP: 192.168.1.1) Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download daily-20992.cdiff from proxy Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download daily-20992.cdiff from proxy Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download daily-20992.cdiff from proxy Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download daily-20992.cdiff from proxy Wed Oct 21 14:53:03 2015 -> WARNING: getpatch: Can't download daily-20992.cdiff from proxy Wed Oct 21 14:53:03 2015 -> WARNING: Incremental update failed, trying to download daily.cvd Wed Oct 21 14:53:04 2015 -> Downloading daily.cvd [100%] Wed Oct 21 14:53:05 2015 -> WARNING: Mirror 192.168.1.1 is not synchronized. Wed Oct 21 14:53:05 2015 -> Trying again in 5 secs... I checked on the proxy, the file daily-20992.cdiff was not present when the client try to update, but the clamav record dns was up to date. What should I do to avoid this ? - Run the crontab every 15 min ? - modify the client freshclam.conf file ? I just use DatabaseMirror proxy for now. Should I turn off scripted update ? Thank you for you help ! Best regards Hugo ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] False positive reporting
Hello, I submitted a new FP on monday. here is the detail : jre-6u16-windows-i586.exe.zip cbb80060fbbecb3eac71b7fd66abd087 Can you have a look ? Regards On 28 August 2013 17:16, Alain Zidouemba wrote: > Thanks for letting us know Hugo. We are looking into it. > > - Alain > > > On Wed, Aug 28, 2013 at 11:11 AM, Hugo Deprez > wrote: > > > Hello, > > > > this FP has been corrected, but I didn't get any e-mail from clamav. > > > > Best regards, > > > > > > > > > > On 23 August 2013 18:34, Joel Esler wrote: > > > > > You should receive an email when the FP is dealt with from our system. > > > > > > -- > > > Joel Esler > > > Senior Research Engineer, VRT > > > OpenSource Community Manager > > > Sourcefire > > > > > > On Aug 23, 2013, at 9:32 AM, Hugo Deprez > wrote: > > > > > > > Hello, > > > > > > > > thank you for the information. > > > > > > > > In my own opinion, the issue is not the speed of processing FP > reports, > > > but > > > > just the acknowledgement of the process. > > > > There is nothing worst than reporting something and you don't know > what > > > > happen next... > > > > > > > > Regards, > > > > > > > > > > > > > > > > > > > > On 23 August 2013 13:46, Alain Zidouemba > > > wrote: > > > > > > > >> Thanks for the MD5. This should be addressed in the next few hours. > > > >> > > > >> Additionally, we will see what we can do to speed up the processing > of > > > >> FP reports. > > > >> > > > >> Thanks, > > > >> > > > >> -Alain > > > >> > > > >> On Aug 23, 2013, at 4:57 AM, Hugo Deprez > > wrote: > > > >> > > > >>> A good thing would a least to have an acknowledgement when it has > > been > > > >>> submitted. > > > >>> GemSafe_User_4.2_SP3.msi eb7e8d808c289b03d3a243cd11408b3e > > > >>> > > > >>> > > > >>> On 23 August 2013 10:39, Al Varnell wrote: > > > >>> > > > >>>> On Aug 22, 2013, at 11:53 PM, Hugo Deprez > > > >> wrote: > > > >>>> > > > >>>>> I have been using the following link > > > >>>>> http://www.clamav.net/lang/en/sendvirus/submit-fp/ to report a > > false > > > >>>>> positive about Win.Trojan.Genome-6665. > > > >>>> > > > >>>> You will probably get a request for the MD5 of the file submitted > to > > > >> speed > > > >>>> the process of tracking it. > > > >>>> > > > >>>>> Until now I don't have any feed back and my clamscan is still > > > >> complaining > > > >>>>> about those files. > > > >>>>> Did I miss something ? > > > >>>> > > > >>>> Feedback is rarely provided in such cases. > > > >>>> > > > >>>>> Moreover I didn't find anything on > > > >>>>> http://lurker.clamav.net/list/clamav-virusdb.html about any > update > > > for > > > >>>>> Win.Trojan.Genome-6665. > > > >>>> > > > >>>> I have never seen updates listed there. > > > >>>> > > > >>>> > > > >>>> Sent from Janet's iPad > > > >>>> > > > >>>> -Al- > > > >>>> -- > > > >>>> Al Varnell > > > >>>> ___ > > > >>>> Help us build a comprehensive ClamAV guide: visit > > > >> http://wiki.clamav.net > > > >>>> http://www.clamav.net/support/ml > > > >>> ___ > > > >>> Help us build a comprehensive ClamAV guide: visit > > > http://wiki.clamav.net > > > >>> http://www.clamav.net/support/ml > > > >> ___ > > > >> Help us build a comprehensive ClamAV guide: visit > > > http://wiki.clamav.net > > > >> http://www.clamav.net/support/ml > > > >> > > > > ___ > > > > Help us build a comprehensive ClamAV guide: visit > > http://wiki.clamav.net > > > > http://www.clamav.net/support/ml > > > > > > ___ > > > Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > > > http://www.clamav.net/support/ml > > > > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] False positive reporting
Hello, this FP has been corrected, but I didn't get any e-mail from clamav. Best regards, On 23 August 2013 18:34, Joel Esler wrote: > You should receive an email when the FP is dealt with from our system. > > -- > Joel Esler > Senior Research Engineer, VRT > OpenSource Community Manager > Sourcefire > > On Aug 23, 2013, at 9:32 AM, Hugo Deprez wrote: > > > Hello, > > > > thank you for the information. > > > > In my own opinion, the issue is not the speed of processing FP reports, > but > > just the acknowledgement of the process. > > There is nothing worst than reporting something and you don't know what > > happen next... > > > > Regards, > > > > > > > > > > On 23 August 2013 13:46, Alain Zidouemba > wrote: > > > >> Thanks for the MD5. This should be addressed in the next few hours. > >> > >> Additionally, we will see what we can do to speed up the processing of > >> FP reports. > >> > >> Thanks, > >> > >> -Alain > >> > >> On Aug 23, 2013, at 4:57 AM, Hugo Deprez wrote: > >> > >>> A good thing would a least to have an acknowledgement when it has been > >>> submitted. > >>> GemSafe_User_4.2_SP3.msi eb7e8d808c289b03d3a243cd11408b3e > >>> > >>> > >>> On 23 August 2013 10:39, Al Varnell wrote: > >>> > >>>> On Aug 22, 2013, at 11:53 PM, Hugo Deprez > >> wrote: > >>>> > >>>>> I have been using the following link > >>>>> http://www.clamav.net/lang/en/sendvirus/submit-fp/ to report a false > >>>>> positive about Win.Trojan.Genome-6665. > >>>> > >>>> You will probably get a request for the MD5 of the file submitted to > >> speed > >>>> the process of tracking it. > >>>> > >>>>> Until now I don't have any feed back and my clamscan is still > >> complaining > >>>>> about those files. > >>>>> Did I miss something ? > >>>> > >>>> Feedback is rarely provided in such cases. > >>>> > >>>>> Moreover I didn't find anything on > >>>>> http://lurker.clamav.net/list/clamav-virusdb.html about any update > for > >>>>> Win.Trojan.Genome-6665. > >>>> > >>>> I have never seen updates listed there. > >>>> > >>>> > >>>> Sent from Janet's iPad > >>>> > >>>> -Al- > >>>> -- > >>>> Al Varnell > >>>> ___ > >>>> Help us build a comprehensive ClamAV guide: visit > >> http://wiki.clamav.net > >>>> http://www.clamav.net/support/ml > >>> ___ > >>> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >>> http://www.clamav.net/support/ml > >> ___ > >> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >> http://www.clamav.net/support/ml > >> > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive reporting
Hello, thank you for the information. In my own opinion, the issue is not the speed of processing FP reports, but just the acknowledgement of the process. There is nothing worst than reporting something and you don't know what happen next... Regards, On 23 August 2013 13:46, Alain Zidouemba wrote: > Thanks for the MD5. This should be addressed in the next few hours. > > Additionally, we will see what we can do to speed up the processing of > FP reports. > > Thanks, > > -Alain > > On Aug 23, 2013, at 4:57 AM, Hugo Deprez wrote: > > > A good thing would a least to have an acknowledgement when it has been > > submitted. > > GemSafe_User_4.2_SP3.msi eb7e8d808c289b03d3a243cd11408b3e > > > > > > On 23 August 2013 10:39, Al Varnell wrote: > > > >> On Aug 22, 2013, at 11:53 PM, Hugo Deprez > wrote: > >> > >>> I have been using the following link > >>> http://www.clamav.net/lang/en/sendvirus/submit-fp/ to report a false > >>> positive about Win.Trojan.Genome-6665. > >> > >> You will probably get a request for the MD5 of the file submitted to > speed > >> the process of tracking it. > >> > >>> Until now I don't have any feed back and my clamscan is still > complaining > >>> about those files. > >>> Did I miss something ? > >> > >> Feedback is rarely provided in such cases. > >> > >>> Moreover I didn't find anything on > >>> http://lurker.clamav.net/list/clamav-virusdb.html about any update for > >>> Win.Trojan.Genome-6665. > >> > >> I have never seen updates listed there. > >> > >> > >> Sent from Janet's iPad > >> > >> -Al- > >> -- > >> Al Varnell > >> ___ > >> Help us build a comprehensive ClamAV guide: visit > http://wiki.clamav.net > >> http://www.clamav.net/support/ml > > ___ > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > > http://www.clamav.net/support/ml > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] False positive reporting
A good thing would a least to have an acknowledgement when it has been submitted. GemSafe_User_4.2_SP3.msi eb7e8d808c289b03d3a243cd11408b3e On 23 August 2013 10:39, Al Varnell wrote: > On Aug 22, 2013, at 11:53 PM, Hugo Deprez wrote: > > > I have been using the following link > > http://www.clamav.net/lang/en/sendvirus/submit-fp/ to report a false > > positive about Win.Trojan.Genome-6665. > > You will probably get a request for the MD5 of the file submitted to speed > the process of tracking it. > > > Until now I don't have any feed back and my clamscan is still complaining > > about those files. > > Did I miss something ? > > Feedback is rarely provided in such cases. > > > Moreover I didn't find anything on > > http://lurker.clamav.net/list/clamav-virusdb.html about any update for > > Win.Trojan.Genome-6665. > > I have never seen updates listed there. > > > Sent from Janet's iPad > > -Al- > -- > Al Varnell > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] False positive reporting
hello, I have been using the following link http://www.clamav.net/lang/en/sendvirus/submit-fp/ to report a false positive about Win.Trojan.Genome-6665. Until now I don't have any feed back and my clamscan is still complaining about those files. Did I miss something ? Moreover I didn't find anything on http://lurker.clamav.net/list/clamav-virusdb.html about any update for Win.Trojan.Genome-6665. Thank you for your help ! Best regards Hugo ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
