[clamav-users] daily.cvd vs main.cvd

Paul Kosinski clamav at iment.com
Tue Sep 23 00:58:23 UTC 2014 

On Sat, 20 Sep 2014 12:00:01 -0400
Al Varnell <alvarnell at mac.com> wrote:

> Have you disabled "scripted updates" for some reason?  

> Is there some reason those other NTP-synced machines on your LAN
> can't use a daily.cld instead?  

Scripted Updates seem to have been introduced with ClamAV 0.90. When
that came out, I added "ScriptedUpdates no" to the freshclam.conf file
to avoid any problems that might have arisen with a new feature.
Since things seemed to work smoothly in that mode, I never enabled the
feature -- and then, I forgot about it.

So, I changed the Internet-facing freshclam.conf to enable "scripted
updates", but now the "private mirror" feature fails miserably.
It always fails with the following error sequence:

  Reading CVD header (daily.cld): Connected to 10.1.2.3 (IP: 10.1.2.3).
  Trying to retrieve CVD header of http://10.1.2.3/daily.cld
  OK
  Retrieving http://10.1.2.3/daily.cld
  Trying to download http://10.1.2.3/daily.cld (IP: 10.1.2.3)
  Downloading daily.cld [100%]
  ERROR: Verification: Can't verify database integrity
  Retrieving http://10.1.2.3/daily.cvd
  Trying to download http://10.1.2.3/daily.cvd (IP: 10.1.2.3)
  WARNING: Can't download daily.cvd from 10.1.2.3

This happens no matter what the setting of CompressLocalDatabase is;
ScriptedUpdates has to be 'no' on the clients since the cdiff files
don't exist on the mirror.

And when I intercepted (using Wireshark) the file being pulled from
our mirror to one of our other ClamAV machines, it compared exactly
with the file on our mirror, which, of course, did pass freshclam
verification. So the problem is probably related to the way freshclam
verifies files pulled from a local mirror.

This problem has been noted before, for example, at

  http://www.gossamer-threads.com/lists/clamav/users/61096.

(That reporter suggested that the verification process was treating
cld files as if they were cvd files, and therefore failed.)

Thus I'll have to go back to the old way of having the Internet-facing
freshclam retrieve the whole cvd files, instead of the much shorter
cdiff files.

Paul Kosinski

More information about the clamav-users mailing list