Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Dennis Peterson 

Awesome, Joel. Everything is greatly appreciated.

dp

On 8/30/17 3:28 PM, Joel Esler (jesler) wrote:

Dennis,

The team has been cleaning this up almost all day.  Expect the work to continue 
for awhile.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Aug 30, 2017, at 1:11 PM, Dennis Peterson 
> wrote:

I had the same thing happen and I also got successful dl's of the daily.cld 
file multiple times and I'm sure it would have continued looping forever if I'd 
not stopped it after observing it was stuck in a loop. Same symptoms on two 
separate systems. Couldn't find the cdiff file and the corresponding daily.cld 
file was not available.

Several times my client would start a daily.cld only to have the connection 
terminated by the server. The data speed was very low - after 10 minutes a 
daily.cld file would be at 40%. Because the daily.cld file was not current the 
attempt to dl a diff file would begin immediately.

I think it unwise to have mirrors in Germany and Spain included in the 
db.us.clamav.net RR, and the cdiff files should not be 
available until the corresponding daily.cld file is already available else these 
loops will happen.

dp

On 8/30/17 6:15 AM, Gene Heskett wrote:
On Wednesday 30 August 2017 08:48:42 Joel Esler (jesler) wrote:

Gene,

Thanks.  I’ll give this to the ops team.
I had a total failure at 18:00 EDT last night:
=
Tue Aug 29 18:02:04 2017 -> Received signal: wake up
Tue Aug 29 18:02:04 2017 -> ClamAV update process started at Tue Aug 29 
18:02:04 2017
Tue Aug 29 18:02:04 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Tue Aug 29 18:02:35 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:02:35 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 150.214.142.197): Operation
now in progress
Tue Aug 29 18:02:35 2017 -> WARNING: getpatch: Can't download daily-23735.cdiff from 
db.us.clamav.net
Tue Aug 29 18:03:08 2017 -> Downloading daily-23735.cdiff [100%]
Tue Aug 29 18:03:39 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:03:39 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 200.236.31.1): Operation now
in progress
snippage
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Joel Esler (jesler) 
Dennis,

The team has been cleaning this up almost all day.  Expect the work to continue 
for awhile.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Aug 30, 2017, at 1:11 PM, Dennis Peterson 
> wrote:

I had the same thing happen and I also got successful dl's of the daily.cld 
file multiple times and I'm sure it would have continued looping forever if I'd 
not stopped it after observing it was stuck in a loop. Same symptoms on two 
separate systems. Couldn't find the cdiff file and the corresponding daily.cld 
file was not available.

Several times my client would start a daily.cld only to have the connection 
terminated by the server. The data speed was very low - after 10 minutes a 
daily.cld file would be at 40%. Because the daily.cld file was not current the 
attempt to dl a diff file would begin immediately.

I think it unwise to have mirrors in Germany and Spain included in the 
db.us.clamav.net RR, and the cdiff files should not be 
available until the corresponding daily.cld file is already available else 
these loops will happen.

dp

On 8/30/17 6:15 AM, Gene Heskett wrote:
On Wednesday 30 August 2017 08:48:42 Joel Esler (jesler) wrote:

Gene,

Thanks.  I’ll give this to the ops team.
I had a total failure at 18:00 EDT last night:
=
Tue Aug 29 18:02:04 2017 -> Received signal: wake up
Tue Aug 29 18:02:04 2017 -> ClamAV update process started at Tue Aug 29 
18:02:04 2017
Tue Aug 29 18:02:04 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Tue Aug 29 18:02:35 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:02:35 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 150.214.142.197): Operation
now in progress
Tue Aug 29 18:02:35 2017 -> WARNING: getpatch: Can't download daily-23735.cdiff 
from db.us.clamav.net
Tue Aug 29 18:03:08 2017 -> Downloading daily-23735.cdiff [100%]
Tue Aug 29 18:03:39 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:03:39 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 200.236.31.1): Operation now
in progress
snippage
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Steven Morgan 
Colin,

Is it possible that icap has changed the file in some way? Is it possible
to set up a test to verify what is sent to ClamAV?

You could also try using the clamd.conf parameters LeaveTemporaryFiles and
TemporaryDirectory. Then run your file through your squidclamav
configuration and inspect the file(s) left in the temporary directory.
Hopefully, it will contain a file that looks something like the eicar. If
nothing is left there, try it with eicar inside of a zip file.

Steve

On Wed, Aug 30, 2017 at 2:40 PM, Colin Rogers 
wrote:

> I also get signature found when I run clamscan against the file but not
> when going through icap. I can see in my c-icap/access.log file that clam
> considers the file good to go:
>
> ubuntu-icap:~$ clamscan eicar.com.txt
> eicar.com.txt: Eicar-Test-Signature FOUND
>
> --- SCAN SUMMARY ---
> Known viruses: 6303395
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 9.843 sec (0 m 9 s)
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Ralph Seichter 
On 30.08.17 19:01, Colin Rogers wrote:

> Please let me know what I can provide to get to the bottom of this.

Three messages of yours have been weeded out here. Please don't send
virus samples to public mailing lists.

-Ralph
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Colin Rogers 
I also get signature found when I run clamscan against the file but not
when going through icap. I can see in my c-icap/access.log file that clam
considers the file good to go:

ubuntu-icap:~$ clamscan eicar.com.txt
eicar.com.txt: Eicar-Test-Signature FOUND

--- SCAN SUMMARY ---
Known viruses: 6303395
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 9.843 sec (0 m 9 s)

ubuntu-icap:~$ tail -f /var/log/c-icap/access.log
30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:37 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:41 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:19:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 REQMOD squidclamav 200
30/Aug/2017:10:20:48 -0700, 2.2.2.5 2.2.2.2 RESPMOD squidclamav 200



On Wed, Aug 30, 2017 at 11:37 AM, Alain Zidouemba  wrote:

> $ wget http://www.eicar.org/download/eicar.com.txt
> --2017-08-30 14:35:48--  http://www.eicar.org/download/eicar.com.txt
> Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
> Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80...
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 68 [application/octet-stream]
> Saving to: 'eicar.com.txt'
>
> eicar.com.txt
> 100%[===
> ===>]
>  68  --.-KB/sin 0s
>
> 2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68]
>
> $ shasum -a 256 eicar.com.txt
> 275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
>  eicar.com.txt
>
> $ clamscan eicar.com.txt
> *eicar.com.txt: Eicar-Test-Signature FOUND*
>
> --- SCAN SUMMARY ---
> Known viruses: 6303395
> Engine version: 0.99.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 15.420 sec (0 m 15 s)
>
>
> On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers 
> wrote:
>
> > Hello Steve,
> >
> > Thank you for getting back to me about this. I can definitely open a bug
> > for this but I would like to make sure it is an actual bug and not a
> > misconfiguration on my part somehow. This was working before so I dont
> > understand why it isnt working any longer. Is there anything I can
> provide
> > to try and troubleshoot this before opening a bug? This is the exact
> file:
> >
> > http://www.eicar.org/download/eicar.com.txt
> >
> > I have renamed it, tried the other files on that page, etc etc to no
> avail.
> >
> > I have attached my squidclamav.conf and clamd.conf files in case I have
> > missed something in those files.
> >
> > Thanks again,
> >
> > Colin
> >
> > On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan 
> > wrote:
> >
> > > Colin,
> > >
> > > Please open a bug report @ bugzilla.clamav.net. In the report, please
> > > attach the exact eicar files that you are using.
> > >
> > > Steve
> > >
> > > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers <
> colinrogers...@gmail.com>
> > > wrote:
> > >
> > > > Hello everyone,
> > > >
> > > > I am having some trouble getting my clamav setup to detect infected
> > files
> > > > suddenly. I have downloaded various eicar test files and each one is
> > let
> > > > through clamav without any issues. Im pretty new to this but would
> > > greatly
> > > > appreciate some assistance.
> > > >
> > > > Please let me know what I can provide to get to the bottom of this.
> > > >
> > > > Thank you in advance,
> > > >
> > > > Colin
> > > >
> > > ___
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Alain Zidouemba 
$ wget http://www.eicar.org/download/eicar.com.txt
--2017-08-30 14:35:48--  http://www.eicar.org/download/eicar.com.txt
Resolving www.eicar.org (www.eicar.org)... 213.211.198.62
Connecting to www.eicar.org (www.eicar.org)|213.211.198.62|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: 'eicar.com.txt'

eicar.com.txt
100%[==>]
 68  --.-KB/sin 0s

2017-08-30 14:35:49 (16.5 MB/s) - 'eicar.com.txt' saved [68/68]

$ shasum -a 256 eicar.com.txt
275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
 eicar.com.txt

$ clamscan eicar.com.txt
*eicar.com.txt: Eicar-Test-Signature FOUND*

--- SCAN SUMMARY ---
Known viruses: 6303395
Engine version: 0.99.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 15.420 sec (0 m 15 s)


On Wed, Aug 30, 2017 at 1:59 PM, Colin Rogers 
wrote:

> Hello Steve,
>
> Thank you for getting back to me about this. I can definitely open a bug
> for this but I would like to make sure it is an actual bug and not a
> misconfiguration on my part somehow. This was working before so I dont
> understand why it isnt working any longer. Is there anything I can provide
> to try and troubleshoot this before opening a bug? This is the exact file:
>
> http://www.eicar.org/download/eicar.com.txt
>
> I have renamed it, tried the other files on that page, etc etc to no avail.
>
> I have attached my squidclamav.conf and clamd.conf files in case I have
> missed something in those files.
>
> Thanks again,
>
> Colin
>
> On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan 
> wrote:
>
> > Colin,
> >
> > Please open a bug report @ bugzilla.clamav.net. In the report, please
> > attach the exact eicar files that you are using.
> >
> > Steve
> >
> > On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers 
> > wrote:
> >
> > > Hello everyone,
> > >
> > > I am having some trouble getting my clamav setup to detect infected
> files
> > > suddenly. I have downloaded various eicar test files and each one is
> let
> > > through clamav without any issues. Im pretty new to this but would
> > greatly
> > > appreciate some assistance.
> > >
> > > Please let me know what I can provide to get to the bottom of this.
> > >
> > > Thank you in advance,
> > >
> > > Colin
> > >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Colin Rogers 
Hello Steve,

Thank you for getting back to me about this. I can definitely open a bug
for this but I would like to make sure it is an actual bug and not a
misconfiguration on my part somehow. This was working before so I dont
understand why it isnt working any longer. Is there anything I can provide
to try and troubleshoot this before opening a bug? This is the exact file:

http://www.eicar.org/download/eicar.com.txt

I have renamed it, tried the other files on that page, etc etc to no avail.

I have attached my squidclamav.conf and clamd.conf files in case I have
missed something in those files.

Thanks again,

Colin

On Wed, Aug 30, 2017 at 10:52 AM, Steven Morgan 
wrote:

> Colin,
>
> Please open a bug report @ bugzilla.clamav.net. In the report, please
> attach the exact eicar files that you are using.
>
> Steve
>
> On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers 
> wrote:
>
> > Hello everyone,
> >
> > I am having some trouble getting my clamav setup to detect infected files
> > suddenly. I have downloaded various eicar test files and each one is let
> > through clamav without any issues. Im pretty new to this but would
> greatly
> > appreciate some assistance.
> >
> > Please let me know what I can provide to get to the bottom of this.
> >
> > Thank you in advance,
> >
> > Colin
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Steven Morgan 
Colin,

Please open a bug report @ bugzilla.clamav.net. In the report, please
attach the exact eicar files that you are using.

Steve

On Wed, Aug 30, 2017 at 1:01 PM, Colin Rogers 
wrote:

> Hello everyone,
>
> I am having some trouble getting my clamav setup to detect infected files
> suddenly. I have downloaded various eicar test files and each one is let
> through clamav without any issues. Im pretty new to this but would greatly
> appreciate some assistance.
>
> Please let me know what I can provide to get to the bottom of this.
>
> Thank you in advance,
>
> Colin
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Dennis Peterson 
I had the same thing happen and I also got successful dl's of the daily.cld file 
multiple times and I'm sure it would have continued looping forever if I'd not 
stopped it after observing it was stuck in a loop. Same symptoms on two separate 
systems. Couldn't find the cdiff file and the corresponding daily.cld file was 
not available.


Several times my client would start a daily.cld only to have the connection 
terminated by the server. The data speed was very low - after 10 minutes a 
daily.cld file would be at 40%. Because the daily.cld file was not current the 
attempt to dl a diff file would begin immediately.


I think it unwise to have mirrors in Germany and Spain included in the 
db.us.clamav.net RR, and the cdiff files should not be available until the 
corresponding daily.cld file is already available else these loops will happen.


dp

On 8/30/17 6:15 AM, Gene Heskett wrote:

On Wednesday 30 August 2017 08:48:42 Joel Esler (jesler) wrote:


Gene,

Thanks.  I’ll give this to the ops team.

I had a total failure at 18:00 EDT last night:
=
Tue Aug 29 18:02:04 2017 -> Received signal: wake up
Tue Aug 29 18:02:04 2017 -> ClamAV update process started at Tue Aug 29 
18:02:04 2017
Tue Aug 29 18:02:04 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Tue Aug 29 18:02:35 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:02:35 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 150.214.142.197): Operation
now in progress
Tue Aug 29 18:02:35 2017 -> WARNING: getpatch: Can't download daily-23735.cdiff 
from db.us.clamav.net
Tue Aug 29 18:03:08 2017 -> Downloading daily-23735.cdiff [100%]
Tue Aug 29 18:03:39 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:03:39 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 200.236.31.1): Operation now
in progress

snippage
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV not picking up Eicar file...

2017-08-30 Thread Colin Rogers 
Hello everyone,

I am having some trouble getting my clamav setup to detect infected files
suddenly. I have downloaded various eicar test files and each one is let
through clamav without any issues. Im pretty new to this but would greatly
appreciate some assistance.

Please let me know what I can provide to get to the bottom of this.

Thank you in advance,

Colin
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Benny Pedersen 

Virgo Pärna skrev den 2017-08-30 15:32:

I had to remove mirrors.dat, because all mirrors were being
ignored, as the output of "freshclam -v --debug" showed. After that I
got updates working again.


this is imho a clearly bug, would you make bugzilla to it ?

https://bugs.clamav.net/buglist.cgi?component=freshclam=ClamAV=---

note to owners of clamav.net ssl needs update, sorry if its a old url 
depricated, i could not find one where ssl is ok

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Virgo Pärna 

I had to remove mirrors.dat, because all mirrors were being
ignored, as the output of "freshclam -v --debug" showed. After that I
got updates working again.

-- 
Virgo Pärna 
virgo.pa...@mail.ee

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Gene Heskett 
On Wednesday 30 August 2017 08:48:42 Joel Esler (jesler) wrote:

> Gene,
>
> Thanks.  I’ll give this to the ops team.

I had a total failure at 18:00 EDT last night:
=
Tue Aug 29 18:02:04 2017 -> Received signal: wake up
Tue Aug 29 18:02:04 2017 -> ClamAV update process started at Tue Aug 29 
18:02:04 2017
Tue Aug 29 18:02:04 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Tue Aug 29 18:02:35 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:02:35 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 150.214.142.197): Operation 
now in progress
Tue Aug 29 18:02:35 2017 -> WARNING: getpatch: Can't download daily-23735.cdiff 
from db.us.clamav.net
Tue Aug 29 18:03:08 2017 -> Downloading daily-23735.cdiff [100%]
Tue Aug 29 18:03:39 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:03:39 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 200.236.31.1): Operation now 
in progress
Tue Aug 29 18:03:39 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from db.us.clamav.net
Tue Aug 29 18:04:09 2017 -> nonblock_connect: connect timing out (30 secs)
Tue Aug 29 18:04:09 2017 -> Can't connect to port 80 of host db.us.clamav.net 
(IP: 155.98.64.87)
Tue Aug 29 18:04:09 2017 -> Trying host db.us.clamav.net (204.130.133.50)...
Tue Aug 29 18:04:39 2017 -> nonblock_connect: connect timing out (30 secs)
Tue Aug 29 18:04:39 2017 -> Can't connect to port 80 of host db.us.clamav.net 
(IP: 204.130.133.50)
Tue Aug 29 18:04:39 2017 -> Trying host db.us.clamav.net (69.12.162.28)...
Tue Aug 29 18:05:09 2017 -> nonblock_connect: connect timing out (30 secs)
Tue Aug 29 18:05:09 2017 -> Can't connect to port 80 of host db.us.clamav.net 
(IP: 69.12.162.28)
Tue Aug 29 18:05:09 2017 -> Trying host db.us.clamav.net (194.8.197.22)...
Tue Aug 29 18:05:10 2017 -> WARNING: getfile: daily-23736.cdiff not found on 
db.us.clamav.net (IP: 194.8.197.22)
Tue Aug 29 18:05:10 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from db.us.clamav.net
Tue Aug 29 18:05:11 2017 -> Trying host db.us.clamav.net (150.214.142.197)...
Tue Aug 29 18:05:18 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 150.214.142.197): Operation 
now in progress
Tue Aug 29 18:05:18 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from db.us.clamav.net
Tue Aug 29 18:05:18 2017 -> Trying host db.us.clamav.net (69.163.100.14)...
Tue Aug 29 18:05:48 2017 -> nonblock_connect: connect timing out (30 secs)
Tue Aug 29 18:05:48 2017 -> Can't connect to port 80 of host db.us.clamav.net 
(IP: 69.163.100.14)
Tue Aug 29 18:05:48 2017 -> Trying host db.us.clamav.net (198.148.78.4)...
Tue Aug 29 18:05:54 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 198.148.78.4): Operation now 
in progress
Tue Aug 29 18:05:54 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from db.us.clamav.net
Tue Aug 29 18:05:54 2017 -> Trying host db.us.clamav.net (198.148.78.4)...
Tue Aug 29 18:06:04 2017 -> WARNING: getfile: daily-23736.cdiff not found on 
db.us.clamav.net (IP: 198.148.78.4)
Tue Aug 29 18:06:04 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from db.us.clamav.net
Tue Aug 29 18:06:04 2017 -> WARNING: Incremental update failed, trying to 
download daily.cvd
Tue Aug 29 18:07:03 2017 -> nonblock_recv: recv timing out (30 secs)
Tue Aug 29 18:07:03 2017 -> WARNING: getfile: Download interrupted: Operation 
now in progress (IP: 194.8.197.22)
Tue Aug 29 18:07:03 2017 -> WARNING: Can't download daily.cvd from 
db.us.clamav.net
Tue Aug 29 18:07:03 2017 -> Trying again in 5 secs...
Tue Aug 29 18:07:08 2017 -> ClamAV update process started at Tue Aug 29 
18:07:08 2017
Tue Aug 29 18:07:08 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Tue Aug 29 18:07:08 2017 -> Trying host db.us.clamav.net (198.148.78.4)...
Tue Aug 29 18:07:21 2017 -> Downloading daily-23735.cdiff [100%]
Tue Aug 29 18:07:27 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 198.148.78.4): Operation now 
in progress
Tue Aug 29 18:07:27 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from db.us.clamav.net
Tue Aug 29 18:07:58 2017 -> nonblock_connect: connect timing out (30 secs)
Tue Aug 29 18:07:58 2017 -> Can't connect to port 80 of host db.us.clamav.net 
(IP: 204.130.133.50)
Tue Aug 29 18:07:58 2017 -> Trying host db.us.clamav.net (69.12.162.28)...
Tue Aug 29 18:08:28 2017 -> nonblock_connect: connect timing out (30 secs)
Tue Aug 29 18:08:28 2017 -> Can't connect to port 80 of host db.us.clamav.net 
(IP: 69.12.162.28)
Tue Aug 29 18:08:28 2017 -> Trying host db.us.clamav.net (155.98.64.87)...
Tue Aug 29 18:08:28 2017 -> WARNING: getfile: daily-23736.cdiff not found on 
db.us.clamav.net (IP: 155.98.64.87)
Tue Aug 29 18:08:28 2017 -> WARNING: getpatch: Can't download daily-23736.cdiff 
from

Re: [clamav-users] Mirror issues and what we are doing to fix it

2017-08-30 Thread Joel Esler (jesler) 
Gene,

Thanks.  I’ll give this to the ops team.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Aug 28, 2017, at 2:07 PM, Gene Heskett 
> wrote:

On Monday 28 August 2017 13:48:32 Joel Esler (jesler) wrote:

As a quick followup to this, we’ve removed all the mirrors in the
mirror list that no longer resolve.  Yes, it took us longer than it
should have to realize that this needed to be done, but it’s now done.

Further improvements should continue in the coming days.

Not entirely true for my 6am pull:

Mon Aug 28 05:59:27 2017 -> Received signal: wake up
Mon Aug 28 05:59:27 2017 -> ClamAV update process started at Mon Aug 28 
05:59:27 2017
Mon Aug 28 05:59:27 2017 -> main.cld is up to date (version: 58, sigs: 4566249, 
f-level: 60, builder: sigmgr)
Mon Aug 28 05:59:57 2017 -> nonblock_connect: connect timing out (30 secs)
Mon Aug 28 05:59:57 2017 -> Can't connect to port 80 of host 
db.us.clamav.net (IP: 207.57.106.31)
Mon Aug 28 06:00:28 2017 -> nonblock_connect: connect timing out (30 secs)
Mon Aug 28 06:00:28 2017 -> Can't connect to port 80 of host 
db.us.clamav.net (IP: 168.143.19.95)
Mon Aug 28 06:00:28 2017 -> Trying host 
db.us.clamav.net (128.199.133.36)...
Mon Aug 28 06:01:01 2017 -> nonblock_recv: recv timing out (30 secs)
Mon Aug 28 06:01:01 2017 -> WARNING: getfile: Error while reading database from 
db.us.clamav.net (IP: 128.199.133.36): Operation now
in progress
Mon Aug 28 06:01:01 2017 -> WARNING: getpatch: Can't download daily-23726.cdiff 
from db.us.clamav.net
Mon Aug 28 06:01:31 2017 -> nonblock_connect: connect timing out (30 secs)
Mon Aug 28 06:01:31 2017 -> Can't connect to port 80 of host 
db.us.clamav.net (IP: 64.6.100.177)
Mon Aug 28 06:01:31 2017 -> Trying host 
db.us.clamav.net (204.130.133.50)...
Mon Aug 28 06:01:31 2017 -> Downloading daily-23726.cdiff [100%]
Mon Aug 28 06:01:31 2017 -> Downloading daily-23727.cdiff [100%]

But OTOH, I don't think I've had a total failure in about 36 hours now.

So it has improved.  Thank you Joel.
--
Joel Esler | Talos: Manager |
jes...@cisco.com






On Aug 28, 2017, at 9:33 AM, Joel Esler (jesler)
> wrote:

ClamAV Community —

For too long we’ve had a problem with mirrors and downloads.  There
are a bunch of really good excuses for this internally, but I can
comfortably say that we are beyond the problems we had in the past,
and now it’s time for us to go fix it.

As of Friday, I assumed control (From a Project Owner point of view, I
don’t directly control the mirrors), over the ClamAV Mirror
infrastructure and am taking steps to clean this up.

(Internally we break ClamAV down into a bunch of pieces, a little
“inside baseball” for you, but we have the development team, them
mirror project, the signature interface (where all signatures are
written, tested, and published), the malware team.  All of these
responsibilities are spread amongst several groups within
Talos (who owns ClamAV inside of
Cisco, amongst many other things).)

I have called a meeting with our ClamAV team, both from my team (the
Open Source Team), the mirror team (operations), and the PM for
Development on Thursday.  My plan is to outline an immediate “fix”
trajectory.   What is working, what isn’t working, immediate fixes,
and finally suggestions for moving forward.

Please continue to bear with us a little while longer.  They always
say things get worse before they get better.  Right now, hopefully, we
are at the “worst” stage.

--
Joel Esler | Talos: Manager |
jes...@cisco.com






___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net

Re: [clamav-users] DNS issue: there is a loop

2017-08-30 Thread Joel Esler (jesler) 
Hans,

We are aware of this issue, and I have opened a ticket with our operations team.

--
Joel Esler | Talos: Manager | jes...@cisco.com






On Aug 30, 2017, at 8:46 AM, MAYER Hans 
> wrote:


Dear systems administrators

There is a loop in your DNS definitions. Can't update.


# dig database.clamav.net

; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> 
database.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19930
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;database.clamav.net.   IN  A

;; ANSWER SECTION:
database.clamav.net.58  IN  CNAME   
db.local.clamav.net.
db.local.clamav.net.7073IN  CNAME   
db.at.clamav.net.
db.at.clamav.net.   54752   IN  CNAME   
db.local.clamav.net.

;; Query time: 6 msec
;; SERVER: 192.168.241.10#53(192.168.241.10)
;; WHEN: Wed Aug 30 14:34:18 CEST 2017
;; MSG SIZE  rcvd: 105



Kind regards
Hans



--

Ing. Dipl.-Ing. Hans Mayer
Systems Administrator
Information and Communication Technologies (ICT)

International Institute for Applied Systems Analysis (IIASA)
Schlossplatz 1
A-2361 Laxenburg, Austria
Phone: +43 2236 807 Ext 215
Mobile: +43 676 83 807 215
Web: http://www.iiasa.ac.at
E-Mail: ma...@iiasa.ac.at



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] DNS issue: there is a loop

2017-08-30 Thread MAYER Hans 

Dear systems administrators

There is a loop in your DNS definitions. Can't update.


# dig database.clamav.net

; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> database.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19930
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;database.clamav.net.   IN  A

;; ANSWER SECTION:
database.clamav.net.58  IN  CNAME   db.local.clamav.net.
db.local.clamav.net.7073IN  CNAME   db.at.clamav.net.
db.at.clamav.net.   54752   IN  CNAME   db.local.clamav.net.

;; Query time: 6 msec
;; SERVER: 192.168.241.10#53(192.168.241.10)
;; WHEN: Wed Aug 30 14:34:18 CEST 2017
;; MSG SIZE  rcvd: 105



Kind regards
Hans



--

Ing. Dipl.-Ing. Hans Mayer
Systems Administrator
Information and Communication Technologies (ICT)

International Institute for Applied Systems Analysis (IIASA)
Schlossplatz 1
A-2361 Laxenburg, Austria
Phone: +43 2236 807 Ext 215
Mobile: +43 676 83 807 215
Web: http://www.iiasa.ac.at
E-Mail: ma...@iiasa.ac.at



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml