[clamav-users] Unable to download database

Joel Esler (jesler) jesler at cisco.com
Wed Aug 23 21:21:48 UTC 2017 

All — I sent a note earlier, but this should be fixed/recovering now.  We are working on an idea that may prevent this kind of thing from happening in the future.

Dennis — If you do a health check, and you find things that are… not matching up with our results… please let me know your failure list?


--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






On Aug 23, 2017, at 3:16 PM, Dennis Peterson <dennispe at inetnw.com<mailto:dennispe at inetnw.com>> wrote:

After testing several of the DNS round robin aliases I found the db.ca.clamav.net<http://db.ca.clamav.net> had the most reliable server set for North America. After editing the freshclam.conf file the files updated on the next cron.hourly cycle.

I also found that the number of viable mirror sites is a small portion of the total number of mirrors. I also found that a lot of "local" mirrors are not all that local.

I think I'll run a health check of every mirror in the western hemisphere and use the results in a local DNS round robin running my own servers. It is a form of dynamic load balancing using real-time network response time. If nothing else it will stop most if not all attempts to missing mirrors which seem to be the majority. Obviously it will also ignore mirrors that disallow icmp traffic.

dp

On 8/23/17 9:48 AM, Dennis Peterson wrote:
nslookup db.local.clamav.net<http://db.local.clamav.net> |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1

nslookup db.us.clamav.net<http://db.us.clamav.net> |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1

nslookup db.ca.clamav.net<http://db.ca.clamav.net> |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1

nslookup db.ru.clamav.net<http://db.ru.clamav.net> |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1

nslookup db.uk.clamav.net<http://db.uk.clamav.net> |awk '/Address:/ {print $2}' |xargs -L1 ping -c 1


Nobody home.

dp

On 8/23/17 12:26 AM, lukn555 wrote:
Good Day ClamAV List

Since yesterday at around noon CET I've been having issues downloading
the ClamAV database:

freshclam --version
ClamAV 0.99.2/23696/Tue Aug 22 14:36:14 2017


# /usr/local/bin/freshclam --verbose
Current working dir is /usr/local/share/clamav
Max retries == 3
ClamAV update process started at Wed Aug 23 09:11:52 2017
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net>
TTL: 609
Software version from DNS: 0.99.2
main.cvd version from DNS: 58
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60,
builder: sigmgr)
daily.cvd version from DNS: 23700
Retrieving http://database.clamav.net/daily-23697.cdiff
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 193.230.240.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 193.230.240.8 (due to previous errors)
WARNING: getpatch: Can't download daily-23697.cdiff from database.clamav.net<http://database.clamav.net>
Retrieving http://database.clamav.net/daily-23697.cdiff
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 193.230.240.8 (due to previous errors)
WARNING: getpatch: Can't download daily-23697.cdiff from database.clamav.net<http://database.clamav.net>
Retrieving http://database.clamav.net/daily-23697.cdiff
Ignoring mirror 193.230.240.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
WARNING: getpatch: Can't download daily-23697.cdiff from database.clamav.net<http://database.clamav.net>
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 193.230.240.8 (due to previous errors)
Ignoring mirror 130.59.113.36 (due to previous errors)
Ignoring mirror 193.230.240.8 (due to previous errors)
WARNING: Can't download daily.cvd from database.clamav.net<http://database.clamav.net>
Trying again in 5 secs...


# dig database.clamav.net<http://database.clamav.net> +short
db.local.clamav.net<http://db.local.clamav.net>.
db.centraleu.clamav.net<http://db.centraleu.clamav.net>.
130.59.113.36
193.230.240.8


# wget http://database.clamav.net/daily-23697.cdiff
--2017-08-23 09:14:16-- http://database.clamav.net/daily-23697.cdiff
Resolving database.clamav.net<http://database.clamav.net> (database.clamav.net<http://database.clamav.net>)... 193.230.240.8,
130.59.113.36
Connecting to database.clamav.net<http://database.clamav.net>
(database.clamav.net<http://database.clamav.net>)|193.230.240.8|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2017-08-23 09:14:16 ERROR 403: Forbidden.


Is this an issue on my side or on ClamAV mirror side?
Any help is appreciated.
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list