[clamav-users] Problem with new safebrowsing file

David Raynor draynor at sourcefire.com
Wed Mar 6 19:02:56 EST 2019


If the safebrowsing CDIFF is too intensive to apply (from trying to move so
much of the content around), then we'll need to zero out the CDIFF file to
tell freshclam to just download the new CVD and avoid the heavy work.
I think we'll take that action to nip this in the bud right here.

Dave R.

On Wed, Mar 6, 2019 at 6:20 PM Chris Pollock via clamav-users <
clamav-users at lists.clamav.net> wrote:

> On Wed, 2019-03-06 at 17:55 -0500, Maarten Broekman via clamav-users
> wrote:
> > I have 48472 and 48473. The 48474 I got was the gdb file that was
> > downloaded as part of the cdiff. The freshclam process hung after
> > downloading though.  The order of the 48474 gdb file was no different
> > from the order of the 48473 file.
> >
> > Freshclam gets this far before hanging after the download. The gdb
> > file listed there has the same format.
> > > Wed Mar  6 16:50:46 2019 -> *main.cvd version from DNS: 58
> > > Wed Mar  6 16:50:46 2019 -> main.cvd is up to date (version: 58,
> > > sigs: 4566249, f-level: 60, builder: sigmgr)
> > > Wed Mar  6 16:50:46 2019 -> *daily.cvd version from DNS: 25380
> > > Wed Mar  6 16:50:46 2019 -> daily.cvd is up to date (version:
> > > 25380, sigs: 1503528, f-level: 63, builder: raynman)
> > > Wed Mar  6 16:50:46 2019 -> *safebrowsing.cvd version from DNS:
> > > 48474
> > > LibClamAV debug: in cli_untgz()
> > > LibClamAV debug: cli_untgz: Unpacking
> > > /home/logins/mbroekman/analysis/tmp/clamav-
> > > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
> > > b4a94beaae2191e11c7805c6e49be7e6.tmp/COPYING
> > > LibClamAV debug: cli_untgz: Unpacking
> > > /home/logins/mbroekman/analysis/tmp/clamav-
> > > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
> > > b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.info
> > > LibClamAV debug: cli_untgz: Unpacking
> > > /home/logins/mbroekman/analysis/tmp/clamav-
> > > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
> > > b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.gdb
> > > LibClamAV debug: in cli_untgz_cleanup()
> > > Wed Mar  6 16:50:49 2019 -> *Retrieving
> > > http://db.US.clamav.net/safebrowsing-48474.cdiff
> > > Wed Mar  6 16:50:49 2019 -> nonblock_connect: connect(): fd=4
> > > errno=101: Network is unreachable
> > > Wed Mar  6 16:50:49 2019 -> Can't connect to port 80 of host
> > > db.US.clamav.net (IP: 2606:4700::6810:da54)
> > > Wed Mar  6 16:50:49 2019 -> *Trying to download
> > > http://db.US.clamav.net/safebrowsing-48474.cdiff (IP:
> > > 104.16.219.84)
> > > Wed Mar  6 16:50:49 2019 -> Downloading safebrowsing-48474.cdiff
> > > [100%]
>
> Same here,
>
> Wed Mar  6 16:00:00 2019 -> Downloading safebrowsing-48474.cdiff [100%]
> and it's now 17:12CST. Top shows
> 1997 clamav    20   0  578112 450352  21692 R 100.0  2.9 123:49.48
> freshclam
>
> I stopped and restarted freshclam:
>
> Wed Mar  6 17:13:54 2019 -> Downloading safebrowsing-48474.cdiff [100%]
> 32439 clamav    20   0  167716  40428  22256 R  99.7  0.3   3:12.59
> freshclam
>
> Something is definitely amiss somewhere. For now I'll have to stop the
> freshclam process until the issue is resolved.
>
> --
> Chris
> KeyID 0xE372A7DA98E6705C
> 31.11972; -97.90167 (Elev. 1092 ft)
> 17:11:37 up 1 day, 17 min, 1 user, load average: 2.47, 2.25, 2.05
> Description:    Ubuntu 18.04.2 LTS, kernel 4.15.0-46-generic
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


-- 
---
Dave Raynor
Talos Security Intelligence and Research Group
draynor at sourcefire.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190306/1456bbc9/attachment.html>


More information about the clamav-users mailing list