[clamav-users] daily.cvd out of date?
Gene Heskett
gheskett at wdtv.com
Mon Mar 16 15:16:05 UTC 2015
On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
> David,
>
> I forwarded this on to the ops team for a look.
>
I cannot prove its the same address Joel, my expiry rules clean up this
folder in about 30 day but this looks like a previous such request that
has been made before, possibly more than once before. So please follow
up, get a report back and put it on the list so we know its been done.
FWIW, I just ran that command, and then stat'd the file, which does not
reside anywhere in my install as my /var/lib/clamav only contains .cld's
except for main.cvd.
I got:
gene at coyote:~$ stat daily.cvd
File: `daily.cvd'
Size: 33765882 Blocks: 65952 IO Block: 4096 regular file
Device: 801h/2049d Inode: 57696146 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 1000/ gene) Gid: ( 1000/ gene)
Access: 2015-03-16 10:57:16.000000000 -0400
Modify: 2015-03-15 16:28:00.000000000 -0400
Change: 2015-03-16 10:57:16.137624052 -0400
Birth: -
Which freshclam is not servicing so I put it in /var/lib /clamav as
follows.
gene at coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
gene at coyote:~$ ls -l /var/lib/clamav
total 180848
-rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
-rw-r--r-- 1 root root 33765882 Mar 16 11:02 daily.cvd
-rw-r----- 1 clamav clamav 45334 Mar 16 09:37 freshclam.log
-rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd
-rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat
gene at coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
gene at coyote:~$ ls -l /var/lib/clamav
total 180848
-rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
-rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
-rw-r----- 1 clamav clamav 45334 Mar 16 09:37 freshclam.log
-rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd
-rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat
gene at coyote:~$ sudo less /var/lib/clamav/freshclam.log
Is something broken in my freshclam configuration, or is the daily.cld
the same thing?
A curious user here.
> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Talos Group
>
> On Mar 16, 2015, at 8:51 AM, Smith, David
> <drsmith at fsu.edu<mailto:drsmith at fsu.edu>> wrote:
>
> Jason,
> Can you PLEASE pull mirror 150.214.142.197 out of your lists??? Note
> the modify date on the daily.cvd
>
> [root at rhn cron]# wget http://150.214.142.197/daily.cvd
> --2015-03-16 08:47:15-- http://150.214.142.197/daily.cvd
> Connecting to 150.214.142.197:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27596102 (26M) [text/plain]
> Saving to: `daily.cvd'
>
> 100%[=================================================================
>=================================================================>]
> 27,596,102 2.35M/s in 13s
>
> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
> [27596102/27596102]
>
> [root at rhn cron]# stat daily.cvd
> File: `daily.cvd'
> Size: 27596102 Blocks: 53976 IO Block: 4096 regular
> file Device: fd00h/64768d Inode: 1310864 Links: 1
> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/
> root) Access: 2015-03-16 08:47:29.000000000 -0400
> Modify: 2014-08-28 13:26:00.000000000 -0400
> Change: 2015-03-16 08:47:29.000000000 -0400
>
>
> WITH the Pragma: No-cache
>
> [root at rhn cron]# wget --header="Pragma: no-cache"
> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37--
> http://150.214.142.197/daily.cvd
> Connecting to 150.214.142.197:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27596102 (26M) [text/plain]
> Saving to: `daily.cvd.1'
>
> 100%[=================================================================
>=================================================================>]
> 27,596,102 4.41M/s in 7.0s
>
> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
> [27596102/27596102]
>
> [root at rhn cron]# stat daily.cvd.1
> File: `daily.cvd.1'
> Size: 27596102 Blocks: 53976 IO Block: 4096 regular
> file Device: fd00h/64768d Inode: 1310865 Links: 1
> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/
> root) Access: 2015-03-16 08:49:44.000000000 -0400
> Modify: 2014-08-28 13:26:00.000000000 -0400
> Change: 2015-03-16 08:49:44.000000000 -0400
>
>
> Thanks!
>
> Dave Smith
> drsmith at fsu.edu<mailto:drsmith at fsu.edu>
> (850)645-8024 Linux Administrators
> its-unixadmins at fsu.edu<mailto:its-unixadmins at fsu.edu>
> (850)644-2591 Information Technology Services Florida
> State University
>
>
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
> Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM
> To:
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] daily.cvd out of date?
>
> On 27/02/15 08:49, Smith, David wrote:
> Nope .. not yet! :)
> Try
>
> wget --header="Pragma: no-cache"
> http://database.clamav.net/daily.cvd
>
> I say that because I'm wondering if you have a transparent proxy in
> between you and the server, so that extra Pragma header should force
> the proxy to re-download it instead of feeding out of cache. If the
> file ends up with a newer date, then that confirms there's a proxy in
> between (and as a side effect should have replaced the stale cached
> entry - so freshclam will be happy again - at least for a short while)
>
>
> --
> Cheers
>
> Jason Haar
> Corporate Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
More information about the clamav-users
mailing list