[clamav-users] daily.cvd out of date?

Gene Heskett gheskett at wdtv.com
Mon Mar 16 11:16:05 EDT 2015


On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
> David,
>
> I forwarded this on to the ops team for a look.
>
I cannot prove its the same address Joel, my expiry rules clean up this 
folder in about 30 day but this looks like a previous such request that 
has been made before, possibly more than once before.  So please follow 
up, get a report back and put it on the list so we know its been done.

FWIW, I just ran that command, and then stat'd the file, which does not 
reside anywhere in my install as my /var/lib/clamav only contains .cld's 
except for main.cvd.

I got:
gene at coyote:~$ stat daily.cvd
  File: `daily.cvd'
  Size: 33765882  	Blocks: 65952      IO Block: 4096   regular file
Device: 801h/2049d	Inode: 57696146    Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/    gene)   Gid: ( 1000/    gene)
Access: 2015-03-16 10:57:16.000000000 -0400
Modify: 2015-03-15 16:28:00.000000000 -0400
Change: 2015-03-16 10:57:16.137624052 -0400
 Birth: -

Which freshclam is not servicing so I put it in /var/lib /clamav as 
follows.

gene at coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
gene at coyote:~$ ls -l /var/lib/clamav
total 180848
-rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
-rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
-rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
-rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
-rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
gene at coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
gene at coyote:~$ ls -l /var/lib/clamav
total 180848
-rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
-rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
-rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
-rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
-rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
gene at coyote:~$ sudo less /var/lib/clamav/freshclam.log

Is something broken in my freshclam configuration, or is the daily.cld 
the same thing?

A curious user here.

> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Talos Group
>
> On Mar 16, 2015, at 8:51 AM, Smith, David
> <drsmith at fsu.edu<mailto:drsmith at fsu.edu>> wrote:
>
> Jason,
> Can you PLEASE pull mirror 150.214.142.197 out of your lists???  Note
> the modify date on the daily.cvd
>
> [root at rhn cron]# wget http://150.214.142.197/daily.cvd
> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
> Connecting to 150.214.142.197:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27596102 (26M) [text/plain]
> Saving to: `daily.cvd'
>
> 100%[=================================================================
>=================================================================>]
> 27,596,102  2.35M/s   in 13s
>
> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
> [27596102/27596102]
>
> [root at rhn cron]# stat daily.cvd
>  File: `daily.cvd'
>  Size: 27596102        Blocks: 53976      IO Block: 4096   regular
> file Device: fd00h/64768d    Inode: 1310864     Links: 1
> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/   
> root) Access: 2015-03-16 08:47:29.000000000 -0400
> Modify: 2014-08-28 13:26:00.000000000 -0400
> Change: 2015-03-16 08:47:29.000000000 -0400
>
>
> WITH the Pragma: No-cache
>
> [root at rhn cron]# wget --header="Pragma: no-cache"
> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37-- 
> http://150.214.142.197/daily.cvd
> Connecting to 150.214.142.197:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27596102 (26M) [text/plain]
> Saving to: `daily.cvd.1'
>
> 100%[=================================================================
>=================================================================>]
> 27,596,102  4.41M/s   in 7.0s
>
> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
> [27596102/27596102]
>
> [root at rhn cron]# stat daily.cvd.1
>  File: `daily.cvd.1'
>  Size: 27596102        Blocks: 53976      IO Block: 4096   regular
> file Device: fd00h/64768d    Inode: 1310865     Links: 1
> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/   
> root) Access: 2015-03-16 08:49:44.000000000 -0400
> Modify: 2014-08-28 13:26:00.000000000 -0400
> Change: 2015-03-16 08:49:44.000000000 -0400
>
>
> Thanks!
>
> Dave Smith                                                        
> drsmith at fsu.edu<mailto:drsmith at fsu.edu>                           
> (850)645-8024 Linux Administrators                                    
>  its-unixadmins at fsu.edu<mailto:its-unixadmins at fsu.edu>             
> (850)644-2591 Information Technology Services             Florida
> State University
>
>
> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
> Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM
> To:
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] daily.cvd out of date?
>
> On 27/02/15 08:49, Smith, David wrote:
> Nope .. not yet!  :)
> Try
>
> wget --header="Pragma: no-cache"  
> http://database.clamav.net/daily.cvd
>
> I say that because I'm wondering if you have a transparent proxy in
> between you and the server, so that extra Pragma header should force
> the proxy to re-download it instead of feeding out of cache. If the
> file ends up with a newer date, then that confirms there's a proxy in
> between (and as a side effect should have replaced the stale cached
> entry - so freshclam will be happy again - at least for a short while)
>
>
> --
> Cheers
>
> Jason Haar
> Corporate Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>



More information about the clamav-users mailing list