Public bug reported: Ubuntu 21.04 clamav-freshclam: 0.103.0+dfsg-3.1
Commands executed as root: # systemctl stop clamav-freshclam # freshclam --debug --verbose Sat Mar 20 16:00:21 2021 -> ClamAV update process started at Sat Mar 20 16:00:21 2021 Sat Mar 20 16:00:21 2021 -> *Current working dir is /var/lib/clamav/ Sat Mar 20 16:00:21 2021 -> *Querying current.cvd.clamav.net Sat Mar 20 16:00:21 2021 -> *TTL: 1623 Sat Mar 20 16:00:21 2021 -> *fc_dns_query_update_info: Software version from DNS: 0.103.1 Sat Mar 20 16:00:21 2021 -> *Current working dir is /var/lib/clamav/ Sat Mar 20 16:00:21 2021 -> *check_for_new_database_version: No local copy of "daily" database. Sat Mar 20 16:00:21 2021 -> *query_remote_database_version: daily.cvd version from DNS: 26115 Sat Mar 20 16:00:21 2021 -> daily database available for download (remote version: 26115) Sat Mar 20 16:00:21 2021 -> *Retrieving https://database.clamav.net/daily.cvd Sat Mar 20 16:00:21 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd Sat Mar 20 16:00:21 2021 -> *downloadFile: Download destination: /var/lib/clamav/tmp.5ee08cf0a0/clamav-746b5f842a022ff02206be76e0c77fe8.tmp * Trying 104.16.219.84:443... * Connected to database.clamav.net (104.16.219.84) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * Closing connection 0 Sat Mar 20 16:00:21 2021 -> ^Download failed (77) Sat Mar 20 16:00:21 2021 -> ^ Message: Problem with the SSL CA cert (path? access rights?) Sat Mar 20 16:00:21 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd Sat Mar 20 16:00:21 2021 -> Trying again in 5 secs... The alleged "error setting certificate verify locations" is false: # sudo -u clamav -EH ls -al /etc/ssl/certs/ca-certificates.crt -rw-r--r-- 1 root root 186336 Mar 15 08:45 /etc/ssl/certs/ca-certificates.crt # sudo -u clamav -EH ls -al /etc/ssl/certs total 556 drwxr-xr-x 3 root root 12288 Mar 15 08:45 . ... Also, it is possible to contact the website as clamav user, meaning there is no CA access issue for that user: # sudo -u clamav -EH wget https://database.clamav.net --2021-03-20 16:21:12-- https://database.clamav.net/ Resolving database.clamav.net (database.clamav.net)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ... Connecting to database.clamav.net (database.clamav.net)|104.16.219.84|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [text/html] Saving to: ‘index.html’ index.html [ <=> ] 1.14K --.-KB/s in 0s 2021-03-20 16:21:12 (21.3 MB/s) - ‘index.html’ saved [1166] # more index.html <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"> <meta content="15;url=http://www.clamav.net"; http-equiv="Refresh"> <title>ClamAV database mirror</title> </head> <body> <div style="text-align: center;"> <big> <img style="width: 125px; height: 102px;" alt="ClamAV logo" src="//www.clamav.net/assets/clamav-trademark.png"> </big> <br> </div> <br> <br> You reached one of ClamAV virus database mirrors: <a style="font-style: italic;" href="http://database.clamav.net";>database.clamav.net</a> is a round robin record that tries to equally balance the traffic between all the database mirrors.<br> For a complete list of our mirrors visit <a href="http://www.clamav.net/mirrors.html";>http://www.clamav.net/mirrors.html</a><br> <br> <br> You'll be redirected to ClamAV home page (<a href="http://www.clamav.net";>http://www.clamav.net</a>) in 15 seconds...<br> <br> <br> <hr style="width: 100%; height: 2px;"><small style="font-weight: bold;">This mirror is sponsored by </small><br> <br> <img alt="Sponsor Logo" src="local_logo.png"><br> <br> </body> </html> This is a very strange issue. Any suggestion on how to debug/workaround that issue? ** Affects: clamav (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1920615 Title: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd despite correct connection to https://database.clamav.net To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1920615/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
