[clamav-users] daily.cvd out of date?

Al Varnell alvarnell at mac.com
Mon Mar 16 21:59:30 EDT 2015


It would certainly seem so.  A few users either prefer or must disable scripted updates and download the full daily.cvd each time.  I would have to guess the major reason is to provide a local mirror to service a network of computers, all using ClamAV®.  In those cases they rely on the daily.cvd being up-to-date with the latest releases included.  I don’t know what method the mirror network uses to make sure all servers are in sync, but something must have failed with regard to 150.214.142.197.

-Al-


On Mon, Mar 16, 2015 at 06:04PM, Gene Heskett wrote:
> 
> On Monday 16 March 2015 12:46:56 Al Varnell wrote:
>> daily.cvd is compressed to save time and bandwidth when you need the
>> entire daily database downloaded.  If you use scripted update
>> (default) then it’s decompressed to become daily.cld and each
>> daily.cdiff is then added to it.  So yes, at any given point in time
>> for the same version number, they are the same thing, but different
>> sizes.
> 
> I see, so I won't waste the effort to add it to the freshclam refresh.
> 
> Thank you.  But I have to assume the Original Posters problem still 
> exists as his is not being refreshed.
> 
> Any SWAG's?
> 
> Thanks Al.
> 
>> -Al—
>> 
>> On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:
>>> On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
>>>> David,
>>>> 
>>>> I forwarded this on to the ops team for a look.
>>> 
>>> I cannot prove its the same address Joel, my expiry rules clean up
>>> this folder in about 30 day but this looks like a previous such
>>> request that has been made before, possibly more than once before. 
>>> So please follow up, get a report back and put it on the list so we
>>> know its been done.
>>> 
>>> FWIW, I just ran that command, and then stat'd the file, which does
>>> not reside anywhere in my install as my /var/lib/clamav only
>>> contains .cld's except for main.cvd.
>>> 
>>> I got:
>>> gene at coyote:~$ stat daily.cvd
>>> File: `daily.cvd'
>>> Size: 33765882  	Blocks: 65952      IO Block: 4096   regular file
>>> Device: 801h/2049d	Inode: 57696146    Links: 1
>>> Access: (0644/-rw-r--r--)  Uid: ( 1000/    gene)   Gid: ( 1000/   
>>> gene) Access: 2015-03-16 10:57:16.000000000 -0400
>>> Modify: 2015-03-15 16:28:00.000000000 -0400
>>> Change: 2015-03-16 10:57:16.137624052 -0400
>>> Birth: -
>>> 
>>> Which freshclam is not servicing so I put it in /var/lib /clamav as
>>> follows.
>>> 
>>> gene at coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
>>> gene at coyote:~$ ls -l /var/lib/clamav
>>> total 180848
>>> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
>>> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
>>> -rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
>>> -rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
>>> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
>>> -rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
>>> gene at coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
>>> gene at coyote:~$ ls -l /var/lib/clamav
>>> total 180848
>>> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
>>> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
>>> -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
>>> -rw-r----- 1 clamav clamav    45334 Mar 16 09:37 freshclam.log
>>> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
>>> -rw------- 1 clamav clamav      988 Mar 16 10:31 mirrors.dat
>>> gene at coyote:~$ sudo less /var/lib/clamav/freshclam.log
>>> 
>>> Is something broken in my freshclam configuration, or is the
>>> daily.cld the same thing?
>>> 
>>> A curious user here.
>>> 
>>>> --
>>>> Joel Esler
>>>> Open Source Manager
>>>> Threat Intelligence Team Lead
>>>> Talos Group
>>>> 
>>>> On Mar 16, 2015, at 8:51 AM, Smith, David
>>>> <drsmith at fsu.edu<mailto:drsmith at fsu.edu>> wrote:
>>>> 
>>>> Jason,
>>>> Can you PLEASE pull mirror 150.214.142.197 out of your lists??? 
>>>> Note the modify date on the daily.cvd
>>>> 
>>>> [root at rhn cron]# wget http://150.214.142.197/daily.cvd
>>>> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
>>>> Connecting to 150.214.142.197:80... connected.
>>>> HTTP request sent, awaiting response... 200 OK
>>>> Length: 27596102 (26M) [text/plain]
>>>> Saving to: `daily.cvd'
>>>> 
>>>> 100%[==============================================================
>>>> ===
>>>> =================================================================>]
>>>> 27,596,102  2.35M/s   in 13s
>>>> 
>>>> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
>>>> [27596102/27596102]
>>>> 
>>>> [root at rhn cron]# stat daily.cvd
>>>> File: `daily.cvd'
>>>> Size: 27596102        Blocks: 53976      IO Block: 4096   regular
>>>> file Device: fd00h/64768d    Inode: 1310864     Links: 1
>>>> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/
>>>> root) Access: 2015-03-16 08:47:29.000000000 -0400
>>>> Modify: 2014-08-28 13:26:00.000000000 -0400
>>>> Change: 2015-03-16 08:47:29.000000000 -0400
>>>> 
>>>> 
>>>> WITH the Pragma: No-cache
>>>> 
>>>> [root at rhn cron]# wget --header="Pragma: no-cache"
>>>> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37--
>>>> http://150.214.142.197/daily.cvd
>>>> Connecting to 150.214.142.197:80... connected.
>>>> HTTP request sent, awaiting response... 200 OK
>>>> Length: 27596102 (26M) [text/plain]
>>>> Saving to: `daily.cvd.1'
>>>> 
>>>> 100%[==============================================================
>>>> ===
>>>> =================================================================>]
>>>> 27,596,102  4.41M/s   in 7.0s
>>>> 
>>>> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
>>>> [27596102/27596102]
>>>> 
>>>> [root at rhn cron]# stat daily.cvd.1
>>>> File: `daily.cvd.1'
>>>> Size: 27596102        Blocks: 53976      IO Block: 4096   regular
>>>> file Device: fd00h/64768d    Inode: 1310865     Links: 1
>>>> Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/
>>>> root) Access: 2015-03-16 08:49:44.000000000 -0400
>>>> Modify: 2014-08-28 13:26:00.000000000 -0400
>>>> Change: 2015-03-16 08:49:44.000000000 -0400
>>>> 
>>>> 
>>>> Thanks!
>>>> 
>>>> Dave Smith
>>>> drsmith at fsu.edu<mailto:drsmith at fsu.edu>
>>>> (850)645-8024 Linux Administrators
>>>> its-unixadmins at fsu.edu<mailto:its-unixadmins at fsu.edu>
>>>> (850)644-2591 Information Technology Services             Florida
>>>> State University
>>>> 
>>>> 
>>>> -----Original Message-----
>>>> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net]
>>>> On Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM
>>>> To:
>>>> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
>>>> Subject: Re: [clamav-users] daily.cvd out of date?
>>>> 
>>>> On 27/02/15 08:49, Smith, David wrote:
>>>> Nope .. not yet!  :)
>>>> Try
>>>> 
>>>> wget --header="Pragma: no-cache"
>>>> http://database.clamav.net/daily.cvd
>>>> 
>>>> I say that because I'm wondering if you have a transparent proxy in
>>>> between you and the server, so that extra Pragma header should
>>>> force the proxy to re-download it instead of feeding out of cache.
>>>> If the file ends up with a newer date, then that confirms there's a
>>>> proxy in between (and as a side effect should have replaced the
>>>> stale cached entry - so freshclam will be happy again - at least
>>>> for a short while)
>>>> 
>>>> 
>>>> --
>>>> Cheers
>>>> 
>>>> Jason Haar
>> 
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> Cheers, Gene Heskett

-Al-
-- 
Al Varnell
Mountain View, CA








More information about the clamav-users mailing list