[clamav-users] daily.cvd out of date?

Steve Brazill yubby at sbcglobal.net
Fri Mar 27 15:01:09 EDT 2015


At least 2 of the sites referenced by the "db.local.clamav.net" IP pool, are not responding (this morning), and my "wget" of the files last weekend, failed with ('emeksensin.com' does 'not' resolve to any of the IP's in the DNS 'pool') :
** Initiating File Download Process **Sun Mar 22 08:55:01 PDT 2015http://emeksensin.com/main.cvd:2015-03-22 08:55:02 ERROR 407: Proxy Authentication Required.http://emeksensin.com/daily.cvd:2015-03-22 08:55:02 ERROR 407: Proxy Authentication Required.http://emeksensin.com/bytecode.cvd:2015-03-22 08:55:02 ERROR 407: Proxy Authentication Required.http://emeksensin.com/safebrowsing.cvd:2015-03-22 08:55:02 ERROR 407: Proxy Authentication Required.Sun Mar 22 08:55:02 PDT 2015** File Download Process Completed **

> nslookup emeksensin.comNon-authoritative answer:Name: emeksensin.comAddress: 78.46.82.212

> nslookup db.local.clamav.netNon-authoritative answer:db.local.clamav.net canonical name = db.us.rr.clamav.net.Name: db.us.rr.clamav.netAddress: 209.198.147.20Name: db.us.rr.clamav.netAddress: 66.18.18.59Name: db.us.rr.clamav.netAddress: 78.46.84.244Name: db.us.rr.clamav.netAddress: 150.214.142.197Name: db.us.rr.clamav.netAddress: 194.186.47.19Name: db.us.rr.clamav.netAddress: 200.236.31.1

On Monday 16 March 2015 18:59:30 Al Varnell wrote:> It would certainly seem so. A few users either prefer or must disable> scripted updates and download the full daily.cvd each time. I would have> to guess the major reason is to provide a local mirror to service a> network of computers, all using ClamAV®. In those cases they rely on the> daily.cvd being up-to-date with the latest releases included. I don’t> know what method the mirror network uses to make sure all servers are in> sync, but something must have failed with regard to 150.214.142.197.> > -Al-> > On Mon, Mar 16, 2015 at 06:04PM, Gene Heskett wrote:> > On Monday 16 March 2015 12:46:56 Al Varnell wrote:> >> daily.cvd is compressed to save time and bandwidth when you need the> >> entire daily database downloaded. If you use scripted update> >> (default) then it’s decompressed to become daily.cld and each> >> daily.cdiff is then added to it. So yes, at any given point in time> >> for the same version number, they are the same thing, but different> >> sizes.> >> > I see, so I won't waste the effort to add it to the freshclam refresh.> >> > Thank you. But I have to assume the Original Posters problem still> > exists as his is not being refreshed.> >> > Any SWAG's?> >> > Thanks Al.> >> >> -Al—> >>> >> On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:> >>> On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:> >>>> David,> >>>>> >>>> I forwarded this on to the ops team for a look.> >>>> >>> I cannot prove its the same address Joel, my expiry rules clean up> >>> this folder in about 30 day but this looks like a previous such> >>> request that has been made before, possibly more than once before.> >>> So please follow up, get a report back and put it on the list so we> >>> know its been done.> >>>> >>> FWIW, I just ran that command, and then stat'd the file, which does> >>> not reside anywhere in my install as my /var/lib/clamav only> >>> contains .cld's except for main.cvd.> >>>> >>> I got:> >>> gene at coyote:~$ stat daily.cvd> >>> File: `daily.cvd'> >>> Size: 33765882 Blocks: 65952 IO Block: 4096 regular file> >>> Device: 801h/2049d Inode: 57696146 Links: 1> >>> Access: (0644/-rw-r--r--) Uid: ( 1000/ gene) Gid: ( 1000/> >>> gene) Access: 2015-03-16 10:57:16.000000000 -0400> >>> Modify: 2015-03-15 16:28:00.000000000 -0400> >>> Change: 2015-03-16 10:57:16.137624052 -0400> >>> Birth: -> >>>> >>> Which freshclam is not servicing so I put it in /var/lib /clamav as> >>> follows.> >>>> >>> gene at coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd> >>> gene at coyote:~$ ls -l /var/lib/clamav> >>> total 180848> >>> -rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld> >>> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld> >>> -rw-r--r-- 1 root root 33765882 Mar 16 11:02 daily.cvd> >>> -rw-r----- 1 clamav clamav 45334 Mar 16 09:37 freshclam.log> >>> -rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd> >>> -rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat> >>> gene at coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd> >>> gene at coyote:~$ ls -l /var/lib/clamav> >>> total 180848> >>> -rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld> >>> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld> >>> -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd> >>> -rw-r----- 1 clamav clamav 45334 Mar 16 09:37 freshclam.log> >>> -rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd> >>> -rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat> >>> gene at coyote:~$ sudo less /var/lib/clamav/freshclam.log> >>>> >>> Is something broken in my freshclam configuration, or is the> >>> daily.cld the same thing?> >>>> >>> A curious user here.> >>>> >>>> --> >>>> Joel Esler> >>>> Open Source Manager> >>>> Threat Intelligence Team Lead> >>>> Talos Group> >>>>> >>>> On Mar 16, 2015, at 8:51 AM, Smith, David> >>>> <drsmith at fsu.edu<mailto:drsmith at fsu.edu>> wrote:> >>>>> >>>> Jason,> >>>> Can you PLEASE pull mirror 150.214.142.197 out of your lists???> >>>> Note the modify date on the daily.cvd> >>>>> >>>> [root at rhn cron]# wget http://150.214.142.197/daily.cvd> >>>> --2015-03-16 08:47:15-- http://150.214.142.197/daily.cvd> >>>> Connecting to 150.214.142.197:80... connected.> >>>> HTTP request sent, awaiting response... 200 OK> >>>> Length: 27596102 (26M) [text/plain]> >>>> Saving to: `daily.cvd'> >>>>> >>>> 100%[==============================================================> >>>> ===> >>>> =================================================================>]> >>>> 27,596,102 2.35M/s in 13s> >>>>> >>>> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved> >>>> [27596102/27596102]> >>>>> >>>> [root at rhn cron]# stat daily.cvd> >>>> File: `daily.cvd'> >>>> Size: 27596102 Blocks: 53976 IO Block: 4096 regular> >>>> file Device: fd00h/64768d Inode: 1310864 Links: 1> >>>> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/> >>>> root) Access: 2015-03-16 08:47:29.000000000 -0400> >>>> Modify: 2014-08-28 13:26:00.000000000 -0400> >>>> Change: 2015-03-16 08:47:29.000000000 -0400> >>>>> >>>>> >>>> WITH the Pragma: No-cache> >>>>> >>>> [root at rhn cron]# wget --header="Pragma: no-cache"> >>>> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37--> >>>> http://150.214.142.197/daily.cvd> >>>> Connecting to 150.214.142.197:80... connected.> >>>> HTTP request sent, awaiting response... 200 OK> >>>> Length: 27596102 (26M) [text/plain]> >>>> Saving to: `daily.cvd.1'> >>>>> >>>> 100%[==============================================================> >>>> ===> >>>> =================================================================>]> >>>> 27,596,102 4.41M/s in 7.0s> >>>>> >>>> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved> >>>> [27596102/27596102]> >>>>> >>>> [root at rhn cron]# stat daily.cvd.1> >>>> File: `daily.cvd.1'> >>>> Size: 27596102 Blocks: 53976 IO Block: 4096 regular> >>>> file Device: fd00h/64768d Inode: 1310865 Links: 1> >>>> Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/> >>>> root) Access: 2015-03-16 08:49:44.000000000 -0400> >>>> Modify: 2014-08-28 13:26:00.000000000 -0400> >>>> Change: 2015-03-16 08:49:44.000000000 -0400> >>>>> >>>>> >>>> Thanks!> >>>>> >>>> Dave Smith> >>>> drsmith at fsu.edu<mailto:drsmith at fsu.edu>> >>>> (850)645-8024 Linux Administrators> >>>> its-unixadmins at fsu.edu<mailto:its-unixadmins at fsu.edu>> >>>> (850)644-2591 Information Technology Services Florida> >>>> State University> >>>>> >>>>> >>>> -----Original Message-----> >>>> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net]> >>>> On Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM> >>>> To:> >>>> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>> >>>> Subject: Re: [clamav-users] daily.cvd out of date?> >>>>> >>>> On 27/02/15 08:49, Smith, David wrote:> >>>> Nope .. not yet! :)> >>>> Try> >>>>> >>>> wget --header="Pragma: no-cache"> >>>> http://database.clamav.net/daily.cvd> >>>>> >>>> I say that because I'm wondering if you have a transparent proxy in> >>>> between you and the server, so that extra Pragma header should> >>>> force the proxy to re-download it instead of feeding out of cache.> >>>> If the file ends up with a newer date, then that confirms there's a> >>>> proxy in between (and as a side effect should have replaced the> >>>> stale cached entry - so freshclam will be happy again - at least> >>>> for a short while)> >>>>> >>>>> >>>> --> >>>> Cheers> >>>>> >>>> Jason Haar> >>> >> _______________________________________________> >> Help us build a comprehensive ClamAV guide:> >> https://github.com/vrtadmin/clamav-faq> >>> >> http://www.clamav.net/contact.html#ml> >> > Cheers, Gene Heskett> > -Al-> 




More information about the clamav-users mailing list