[clamav-users] Clamav download problems
Hi Joel I have 4 hosts each on a unique IP in the net 212.84.90.0/25. They all run the command "/usr/bin/freshclam --quiet --on-update-execute=EXIT_1 " once per hour. As far as I am aware this is within limits. So why did all 4 of my systems report the same issue for most of yesterday and the first few hours of today that being. ClamAV update process started at Sat Sep 4 09:53:55 2021 daily database available for update (local version: 26283, remote version: 26284 ) WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.c lamav.net/daily-26284.cdiff The database server doesn't have the latest patch for the daily database (versio n 26284). The server will likely have updated if you check again in a few hours. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builde r: sigmgr) bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builde r: awillia2) Regards Paul On 05/09/2021 16:08, Joel Esler (jesler) via clamav-users wrote: This is useful. Thank you. Each host should have a different rate limit under the new system (I turned it back off last night, which is why everyone got everything). Right now, the rate limit is “per IP”. So, if you have several Hosts behind a NAT, so you’ll get blocked. The new system, you can have as many hosts behind the same NAT as long as they aren’t using the same config file. A new problem being, I am seeing a ton of hosts on Amazon or Microsoft’s azure that are using the same config, so that’s a new hurdle that those people will have to overcome. I am sure there are new problems that we’ll encounter during this transition. — Sent from my iPhone On Sep 5, 2021, at 09:09, clamav.mbou...@spamgourmet.com wrote: Joel Esler clamav-users@lists.clamav.net wrote: We are experimenting with a feature that we’ve been working with Cloudflare on, trying to isolate violators on a per host basis for the newest versions of ClamAV, instead of IP. I'm guessing you probably already have all the info you need but, in case it happens to be any help, this is what I have in my freshclam logs (on a home desktop PC, so it's not running 24-7)... Last messages from Friday: Fri Sep 3 22:13:18 2021 -> Received signal: wake up Fri Sep 3 22:13:18 2021 -> ClamAV update process started at Fri Sep 3 22:13:18 2021 Fri Sep 3 22:13:18 2021 -> WARNING: Your ClamAV installation is OUTDATED! Fri Sep 3 22:13:18 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3 Fri Sep 3 22:13:18 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Fri Sep 3 22:13:18 2021 -> daily.cld database is up-to-date (version: 26283, sigs: 1970262, f-level: 90, builder: ray nman) Fri Sep 3 22:13:18 2021 -> main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) Fri Sep 3 22:13:18 2021 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia 2) Fri Sep 3 22:13:18 2021 -> -- Fri Sep 3 23:06:44 2021 -> Update process terminated So all was up-to-date then. Version 0.103.2 is the latest in the Ubuntu 20.04 repositories, which is why I'm on that version, hence the warning. First messages from Saturday: Sat Sep 4 11:54:21 2021 -> -- Sat Sep 4 11:54:21 2021 -> freshclam daemon 0.103.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Sat Sep 4 11:54:21 2021 -> ClamAV update process started at Sat Sep 4 11:54:21 2021 Sat Sep 4 11:54:21 2021 -> WARNING: Your ClamAV installation is OUTDATED! Sat Sep 4 11:54:21 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3 Sat Sep 4 11:54:21 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Sat Sep 4 11:54:21 2021 -> daily database available for update (local version: 26283, remote version: 26284) Sat Sep 4 11:54:23 2021 -> WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff Sat Sep 4 11:54:23 2021 -> The database server doesn't have the latest patch for the daily database (version 26284). The server will likely have updated if you check again in a few hours. Sat Sep 4 11:54:23 2021 -> main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) Sat Sep 4 11:54:23 2021 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Sat Sep 4 11:54:23 2021 -> -- Sat Sep 4 12:54:23 2021 -> Received signal: wake up Sat Sep 4 12:54:23 2021 -> ClamAV update process started at Sat Sep 4 12:54:23 2021 Sat Sep 4 12:54:23 2021 -> WARNING: Your ClamAV installation is OUTDATED! Sat Sep 4 12:54:23 2021 -> WARNING: Local version: 0.103.2 Recommended version: 0.103.3 Sat Sep 4 12:54:23 2021 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Sat Sep 4 12:54:23 2021 ->
Re: [clamav-users] error code 429
Hi Do I have reason to be concerned that my systems could not download yesterday's daily cdiff until the early hours of today. They are all 0.103.(2|3) release.version The experiment did not appear to impact many folk Regards Paul On 05/09/2021 03:45, Joel Esler (jesler) via clamav-users wrote: We are experimenting with a feature that we’ve been working with Cloudflare on, trying to isolate violators on a per host basis for the newest versions of ClamAV, instead of IP. — Sent from my iPhone On Sep 4, 2021, at 18:52, Jim Popovitch via clamav-users wrote: On Sat, 2021-09-04 at 14:41 -0400, Paul Kosinski wrote: Not rate limited (as we only check about once per hour, from each of 3 systems), but we're not getting updates. Seeing similar here now that the (3rd) cool-down has expired. I'm starting to suspect this is a CloudFlare issue. Under the new ClamAV CDN parlance, what exactly defines "a network". Are they expecting service providers to setup clamav caches like major hosting providers do for OS updates? -Jim P. Sep 4 22:41:43 mx3 freshclam[1253]: Cool-down expired, ok to try again. Sep 4 22:41:45 mx3 freshclam[1253]: downloadPatch: Can't download daily-26284.cdiff from https://database.clamav.net/daily-26284.cdiff Sep 4 22:41:45 mx3 freshclam[1253]: The database server doesn't have the latest patch for the daily database (version 26284). The server will likely have updated if you check again in a few hours. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] error code 429
Hi all Similar issue from Manchester UK. 4 mx's all failing to collect today's update apparently first available 9:50 am today ClamAV update process started at Sat Sep 4 14:55:38 2021 daily database available for update (local version: 26283, remote version: 26284 ) WARNING: downloadPatch: Can't download daily-26284.cdiff from https://database.c lamav.net/daily-26284.cdiff The database server doesn't have the latest patch for the daily database (versio n 26284). The server will likely have updated if you check again in a few hours. main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builde r: sigmgr) bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builde r: awillia2) On 04/09/2021 14:20, Jim Popovitch via clamav-users wrote: Add me to the 429 list. I have 3 clamav installations (Debian Bullseye). All 3 are on separate networks (in separate datacenters, at separate hosting providers) ~$ for m in mx1 mx2 mx3; do echo -n "$m: "; ssh $m grep ^Check /etc/clamav/freshclam.conf; done mx1: Checks 12 mx2: Checks 12 mx3: Checks 12 All 3 MXes got this exact same set of messages, two times, over the past 4 hours. Sep 4 12:49:37 mx2 freshclam[1264]: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN). Sep 4 12:49:37 mx2 freshclam[1264]: This means that you have been rate limited by the CDN. Sep 4 12:49:37 mx2 freshclam[1264]: 1. Run FreshClam no more than once an hour to check for updates. Sep 4 12:49:37 mx2 freshclam[1264]: FreshClam should check DNS first to see if an update is needed. Sep 4 12:49:37 mx2 freshclam[1264]: 2. If you have more than 10 hosts on your network attempting to download, Sep 4 12:49:37 mx2 freshclam[1264]: it is recommended that you set up a private mirror on your network using Sep 4 12:49:37 mx2 freshclam[1264]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Sep 4 12:49:37 mx2 freshclam[1264]: CDN and your own network. Sep 4 12:49:37 mx2 freshclam[1264]: 3. Please do not open a ticket asking for an exemption from the rate limit, Sep 4 12:49:37 mx2 freshclam[1264]: it will not be granted. Sep 4 12:49:37 mx2 freshclam[1264]: You are still on cool-down until after: 2021-09-04 14:49:37 Something is not right with the CDN. -Jim P. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Freshclam updates problem
Hello This has started occurring on all our 103.2 systems. Is this related to the " New Main & Daily CVD's are incoming" email from Joel earlier today ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch The database server doesn't have the latest patch for the daily database (versio n 26232). The server will likely have updated if you check again in a few hours. main database available for update (local version: 59, remote version: 60) ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed ERROR: downloadPatch: Can't apply patch The database server doesn't have the latest patch for the main database (version 60). The server will likely have updated if you check again in a few hours. bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builde r: awillia2) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] What are all the tmp.xyzuvwpqrs subdirs that keep accumulating
Hi Possibly resolved with "Fixed FreshClam's --on-update-execute=EXIT_1 temporary directory cleanup issue." Taken from https://blog.clamav.net/2021/02/clamav-01031-patch-release.html On 12/02/2021 02:13, Paul Kosinski via clamav-users wrote: For ClamAV 0.103.0: root@ime1:~# grep -i temporary /opt/clamav.d/clamav.0.103.0/etc/clamd.conf # Optional path to the global temporary directory. TemporaryDirectory /var/clamav/tmp # Do not remove temporary files (for debug purposes). LeaveTemporaryFiles 0 For ClamAV 0.102.1 it was the same: root@ime1:~# grep -i temporary /opt/clamav.d/clamav.0.102.2/etc/clamd.conf # Optional path to the global temporary directory. TemporaryDirectory /var/clamav/tmp # Do not remove temporary files (for debug purposes). LeaveTemporaryFiles 0 But the subdirs are in my "/opt/clamav.d/clamav.0.103.0/share/clamav/" directory. (I install each new version under opt, "just in case".) And there's no "temporary". "tmp" or "temp" (except in the word "attempt") in my freshclam.conf file. On Thu, 11 Feb 2021 23:52:37 + (GMT) "G.W. Haywood via clamav-users" wrote: Hi there, On Thu, 11 Feb 2021, Paul Kosinski via clamav-users wrote: in my clamav.0.103.0/share/clamav/ directory? They don't seem to have been there with clamav.0.102.0 and earlier. What's the output of grep -i temporary clamd.conf ? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml