[clamav-users] Trouble getting cvd files from private local mirror

Dennis Peterson dennispe at inetnw.com
Fri Dec 8 16:31:21 UTC 2017 

The client is ignoring your servers because they are listen in mirrors.dat as 
broken. Remove the mirrors.dat file and try again.

You have not mentioned DNS or host tables but the natural assumption is all your 
clients and servers have the host tables or dns information needed to find each 
other and that router tables and net masks are not an issue.

dp

On 12/8/17 8:23 AM, John Kennedy wrote:
> I have set up a private local mirror at clamav.trustx.com. Our environment
> is AWS based with many VPC's. We have an "admin" VPC that is reachable from
> all other VPCs.
>
> I have tried both the second (Serve CVD files from a local web server - my
> preferred method) and third (Serve CVD and CDIFF files from a local web
> server) options from the Private Mirror FAQ with no luck. I can use both
> curl and wget from the client machine to pull down the cvd files but when I
> try and run freshclam I get the following error:
> -----
>
> # freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Fri Dec  8 16:14:06 2017
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 60
> Software version from DNS: 0.99.2
> main.cvd version from DNS: 58
> Retrieving http://clamav.trustx.com/main-58.cdiff
> Ignoring mirror 10.10.10.10 (due to previous errors)
> Ignoring mirror 10.10.10.10 (due to previous errors)
> WARNING: getpatch: Can't download main-58.cdiff from clamav.trustx.com
> Retrieving http://clamav.trustx.com/main-58.cdiff
> Ignoring mirror 10.10.10.10 (due to previous errors)
> WARNING: getpatch: Can't download main-58.cdiff from clamav.trustx.com
> Retrieving http://clamav.trustx.com/main-58.cdiff
> Ignoring mirror 10.10.10.10 (due to previous errors)
> WARNING: getpatch: Can't download main-58.cdiff from clamav.trustx.com
> WARNING: Incremental update failed, trying to download main.cvd
> Whitelisting short-term blacklisted mirrors
> Retrieving http://clamav.trustx.com/main.cvd
> connect_error: getsockopt(SO_ERROR): fd=4 error=110: Connection timed out
> Can't connect to port 80 of host clamav.trustx.com (IP: 10.10.10.10)
> Ignoring mirror 10.10.10.10 (due to previous errors)
> WARNING: Can't download main.cvd from clamav.trustx.com
> Trying again in 5 secs...
> -----
>
> # curl -q http://clamav.trustx.com/main.cvd --output main.cvd
>    % Total    % Received % Xferd  Average Speed   Time    Time     Time
> Current
>                                   Dload  Upload   Total   Spent    Left
> Speed
> 100  112M  100  112M    0     0  8856k      0  0:00:13  0:00:13 --:--:--
> 11.5M
> -----
>
> >From the web server:
> -----
>
> # cat 100-clamav.conf
> server {
>    listen  80;
>    server_name  clamav.trustx.com;
>    sendfile on;
>
>    add_header Strict-Transport-Security "max-age=31536000;
> includeSubDomains";
>
>
>    root  /var/data/clamav;
>
>    location /simple {
>      allow 10.0.0.0/8;
>      allow 77.75.100.144/28;
>      deny all;
>      autoindex on;
>    }
>
>    access_log  /var/log/nginx/clamav_access.log;
>    error_log   /var/log/nginx/clamav_error.log;
> } # End server clamav.trustx.com
> -----
>
> Both clamav_access.log and clamav_error.log are empty
> -----
>
> # pwd
> /var/data/clamav
> [root at DevOps clamav]# ls -l
> total 208800
> -rw-r--r-- 1 nginx root       770 Dec  7 02:17 bytecode-319.cdiff
> -rw-r--r-- 1 nginx root    153228 Dec  7 02:17 bytecode.cvd
> -rw-r--r-- 1 nginx root      6437 Nov 28 01:09 daily-24080.cdiff
> -rw-r--r-- 1 nginx root      7802 Nov 28 09:07 daily-24081.cdiff
> -rw-r--r-- 1 nginx root      9705 Nov 28 17:09 daily-24082.cdiff
> -rw-r--r-- 1 nginx root     10406 Nov 29 01:08 daily-24083.cdiff
> -rw-r--r-- 1 nginx root      7508 Nov 29 09:03 daily-24084.cdiff
> -rw-r--r-- 1 nginx root      6990 Nov 29 17:08 daily-24085.cdiff
> -rw-r--r-- 1 nginx root     12340 Nov 30 01:10 daily-24086.cdiff
> -rw-r--r-- 1 nginx root      7461 Nov 30 09:09 daily-24087.cdiff
> -rw-r--r-- 1 nginx root      6331 Nov 30 17:10 daily-24088.cdiff
> -rw-r--r-- 1 nginx root      8811 Dec  1 01:12 daily-24089.cdiff
> -rw-r--r-- 1 nginx root      9504 Dec  1 09:11 daily-24090.cdiff
> -rw-r--r-- 1 nginx root      6476 Dec  1 17:09 daily-24091.cdiff
> -rw-r--r-- 1 nginx root      8647 Dec  2 01:09 daily-24092.cdiff
> -rw-r--r-- 1 nginx root      6714 Dec  2 09:12 daily-24093.cdiff
> -rw-r--r-- 1 nginx root      4034 Dec  2 17:08 daily-24094.cdiff
> -rw-r--r-- 1 nginx root      3766 Dec  3 01:11 daily-24095.cdiff
> -rw-r--r-- 1 nginx root      3609 Dec  3 09:10 daily-24096.cdiff
> -rw-r--r-- 1 nginx root      5718 Dec  3 17:09 daily-24097.cdiff
> -rw-r--r-- 1 nginx root      4577 Dec  4 01:10 daily-24098.cdiff
> -rw-r--r-- 1 nginx root      3616 Dec  4 09:09 daily-24099.cdiff
> -rw-r--r-- 1 nginx root      6595 Dec  4 17:12 daily-24100.cdiff
> -rw-r--r-- 1 nginx root     10800 Dec  5 01:12 daily-24101.cdiff
> -rw-r--r-- 1 nginx root      9302 Dec  5 09:11 daily-24102.cdiff
> -rw-r--r-- 1 nginx root     11367 Dec  5 17:12 daily-24103.cdiff
> -rw-r--r-- 1 nginx root     40675 Dec  6 01:15 daily-24104.cdiff
> -rw-r--r-- 1 nginx root     30876 Dec  6 09:10 daily-24105.cdiff
> -rw-r--r-- 1 nginx root      9570 Dec  6 17:13 daily-24106.cdiff
> -rw-r--r-- 1 nginx root     16062 Dec  7 02:17 daily-24107.cdiff
> -rw-r--r-- 1 nginx root     19871 Dec  7 21:14 daily-24108.cdiff
> -rw-r--r-- 1 nginx root     12366 Dec  8 05:11 daily-24109.cdiff
> -rw-r--r-- 1 nginx root      9439 Dec  8 13:12 daily-24110.cdiff
> -rw-r--r-- 1 nginx root  43280869 Dec  8 13:12 daily.cvd
> -rw-r--r-- 1 nginx root  43280869 Dec  8 13:12 daily.cvd.1
> -rw-r--r-- 1 nginx root        41 Dec  8 15:41 dns.txt
> -rw-r--r-- 1 nginx root       138 Nov 27 21:03 index.html
> -rw-r--r-- 1 nginx root   8808462 Nov 27 21:30 main-58.cdiff
> -rw-r--r-- 1 nginx root 117892267 Nov 27 21:29 main.cvd
> drwxr-xr-x 2 nginx root         6 Dec  8 16:05 temp
> -----
>
> John Kennedy  (_8(|)
>
> If I'm a sarcastic asshole when I talk to you it's either because I really
> like you and feel comfortable teasing you or I really hate you and don't
> care if you know it. Good luck figuring out which one...
>
> Sometimes it happens, sometimes it doesn't - Pedro Catacora
>
> The Dunning-Kruger effect occurs when incompetent people not only fail to
> realize their incompetence, but consider themselves much more competent
> than everyone else. Basically - they're too stupid to know that they're
> stupid.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list