[clamav-users] Partial downloads of updates

David Rosenstrauch darose at darose.net
Fri Aug 3 01:56:02 UTC 2018 

On 2018-07-30 12:39 pm, G.W. Haywood wrote:
> Hi there,
> 
> On Mon, 30 Jul 2018, David Rosenstrauch wrote:
> 
>> I've been having some issues over the last few weeks with freshclam
>> failing to download updates.
> 
> FWIW here in the UK I see no problems with IPv6 downloads.
> 
> This is the log for July 2018:
> 
> mail6:~$ >>> grep interrupted /var/log/freshclam.log
> mail6:~$ >>> grep download /var/log/freshclam.log | \
> 	     sed -e 's/.*IP: \(.*\))/\1/' | sort | uniq -c
>       7 104.16.185.138
>       9 104.16.186.138
>       9 104.16.187.138
>       9 104.16.188.138
>       9 104.16.189.138
>       9 2400:cb00:2048:1::6810:b98a
>       9 2400:cb00:2048:1::6810:ba8a
>       9 2400:cb00:2048:1::6810:bb8a
>       9 2400:cb00:2048:1::6810:bc8a
>       9 2400:cb00:2048:1::6810:bd8a
> 
> As you can see there's a roughly even split between IPv4 and IPv6
> downloads on this server.
> 
> Seems like you might have a comms problem.  I'd be thinking of things
> like traceroute, mtr, tcpdump, wireshark, etc..


I finally had some time to dig into this issue, and ran wireshark on a 
"freshclam" download, although I'm not sure it's helped me get any 
closer to figuring out what's going on.  To the best of my knowledge 
(I'm definitely not an expert in networking) it looks like I'm having 
some packets dropped - but again I have no idea why (or where)?  I put 
up a wireshark screenshot at http://darose.net/packets-dropped.png which 
shows a download from 2400:cb00:2048:1::6810:bd8a humming along nicely, 
when all of a sudden it looks like the that remote host seems to jump 
way ahead in the sequence numbering, and my server keeps re-sending 
duplicate acks based on where it thinks the correct sequence number is.  
In addition, "ifconfig" on my server shows 17 Rx dropped packets on 
eth0.  (Possibly coincidental, possibly not.)

Any idea what I might look for / where I might look from here to figure 
out what's causing the issue?  My server is running (an up to date) Arch 
Linux installation, and is behind a Netgear WNDR3700 router.  Any 
suggestions appreciated!

Thanks,

DR

More information about the clamav-users mailing list