[clamav-users] daily.cvd out of date?

Gene Heskett gheskett at wdtv.com
Mon Mar 16 21:04:47 EDT 2015


On Monday 16 March 2015 12:46:56 Al Varnell wrote:
> daily.cvd is compressed to save time and bandwidth when you need the
> entire daily database downloaded.  If you use scripted update
> (default) then it’s decompressed to become daily.cld and each
> daily.cdiff is then added to it.  So yes, at any given point in time
> for the same version number, they are the same thing, but different
> sizes.

I see, so I won't waste the effort to add it to the freshclam refresh.

Thank you.  But I have to assume the Original Posters problem still 
exists as his is not being refreshed.

Any SWAG's?

Thanks Al.

> -Al—
>
> On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:
> > On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
> >> David,
> >>
> >> I forwarded this on to the ops team for a look.
> >
> > I cannot prove its the same address Joel, my expiry rules clean up
> > this folder in about 30 day but this looks like a previous such
> > request that has been made before, possibly more than once before. 
> > So please follow up, get a report back and put it on the list so we
> > know its been done.
> >
> > FWIW, I just ran that command, and then stat'd the file, which does
> > not reside anywhere in my install as my /var/lib/clamav only
> > contains .cld's except for main.cvd.
> >
> > I got:
> > gene at coyote:~$ stat daily.cvd
> >  File: `daily.cvd'
> >  Size: 33765882  	Blocks: 65952      IO Block: 4096   regular file
> > Device: 801h/2049d	Inode: 57696146    Links: 1
> > Access: (0644/-rw-r--r--)  Uid: ( 1000/    gene)   Gid: ( 1000/   
> > gene) Access: 2015-03-16 10:57:16.000000000 -0400
> > Modify: 2015-03-15 16:28:00.000000000 -0400
> > Change: 2015-03-16 10:57:16.137624052 -0400
> > Birth: -
> >
> > Which freshclam is not servicing so I put it in /var/lib /clamav as
> > follows.
> >
> > gene at coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
> > gene at coyote:~$ ls -l /var/lib/clamav
> > total 180848
> > -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> > -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> > -rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
> > -rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
> > -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> > -rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
> > gene at coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
> > gene at coyote:~$ ls -l /var/lib/clamav
> > total 180848
> > -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> > -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> > -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
> > -rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
> > -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> > -rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
> > gene at coyote:~$ sudo less /var/lib/clamav/freshclam.log
> >
> > Is something broken in my freshclam configuration, or is the
> > daily.cld the same thing?
> >
> > A curious user here.
> >
> >> --
> >> Joel Esler
> >> Open Source Manager
> >> Threat Intelligence Team Lead
> >> Talos Group
> >>
> >> On Mar 16, 2015, at 8:51 AM, Smith, David
> >> <drsmith at fsu.edu<mailto:drsmith at fsu.edu>> wrote:
> >>
> >> Jason,
> >> Can you PLEASE pull mirror 150.214.142.197 out of your lists??? 
> >> Note the modify date on the daily.cvd
> >>
> >> [root at rhn cron]# wget http://150.214.142.197/daily.cvd
> >> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
> >> Connecting to 150.214.142.197:80... connected.
> >> HTTP request sent, awaiting response... 200 OK
> >> Length: 27596102 (26M) [text/plain]
> >> Saving to: `daily.cvd'
> >>
> >> 100%[==============================================================
> >>===
> >> =================================================================>]
> >> 27,596,102  2.35M/s   in 13s
> >>
> >> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
> >> [27596102/27596102]
> >>
> >> [root at rhn cron]# stat daily.cvd
> >> File: `daily.cvd'
> >> Size: 27596102        Blocks: 53976      IO Block: 4096   regular
> >> file Device: fd00h/64768d    Inode: 1310864     Links: 1
> >> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/
> >> root) Access: 2015-03-16 08:47:29.000000000 -0400
> >> Modify: 2014-08-28 13:26:00.000000000 -0400
> >> Change: 2015-03-16 08:47:29.000000000 -0400
> >>
> >>
> >> WITH the Pragma: No-cache
> >>
> >> [root at rhn cron]# wget --header="Pragma: no-cache"
> >> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37--
> >> http://150.214.142.197/daily.cvd
> >> Connecting to 150.214.142.197:80... connected.
> >> HTTP request sent, awaiting response... 200 OK
> >> Length: 27596102 (26M) [text/plain]
> >> Saving to: `daily.cvd.1'
> >>
> >> 100%[==============================================================
> >>===
> >> =================================================================>]
> >> 27,596,102  4.41M/s   in 7.0s
> >>
> >> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
> >> [27596102/27596102]
> >>
> >> [root at rhn cron]# stat daily.cvd.1
> >> File: `daily.cvd.1'
> >> Size: 27596102        Blocks: 53976      IO Block: 4096   regular
> >> file Device: fd00h/64768d    Inode: 1310865     Links: 1
> >> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/
> >> root) Access: 2015-03-16 08:49:44.000000000 -0400
> >> Modify: 2014-08-28 13:26:00.000000000 -0400
> >> Change: 2015-03-16 08:49:44.000000000 -0400
> >>
> >>
> >> Thanks!
> >>
> >> Dave Smith
> >> drsmith at fsu.edu<mailto:drsmith at fsu.edu>
> >> (850)645-8024 Linux Administrators
> >> its-unixadmins at fsu.edu<mailto:its-unixadmins at fsu.edu>
> >> (850)644-2591 Information Technology Services             Florida
> >> State University
> >>
> >>
> >> -----Original Message-----
> >> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net]
> >> On Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM
> >> To:
> >> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> >> Subject: Re: [clamav-users] daily.cvd out of date?
> >>
> >> On 27/02/15 08:49, Smith, David wrote:
> >> Nope .. not yet!  :)
> >> Try
> >>
> >> wget --header="Pragma: no-cache"
> >> http://database.clamav.net/daily.cvd
> >>
> >> I say that because I'm wondering if you have a transparent proxy in
> >> between you and the server, so that extra Pragma header should
> >> force the proxy to re-download it instead of feeding out of cache.
> >> If the file ends up with a newer date, then that confirms there's a
> >> proxy in between (and as a side effect should have replaced the
> >> stale cached entry - so freshclam will be happy again - at least
> >> for a short while)
> >>
> >>
> >> --
> >> Cheers
> >>
> >> Jason Haar
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>



More information about the clamav-users mailing list