[clamav-users] Problem with new safebrowsing file

Maarten Broekman maarten.broekman at gmail.com
Wed Mar 6 19:41:33 EST 2019


Thanks for the help, Dave. The 48474 cvd downloaded fine and loads quickly
again!

--Maarten

On Wed, Mar 6, 2019 at 7:05 PM David Raynor <draynor at sourcefire.com> wrote:

> If the safebrowsing CDIFF is too intensive to apply (from trying to move
> so much of the content around), then we'll need to zero out the CDIFF file
> to tell freshclam to just download the new CVD and avoid the heavy work.
> I think we'll take that action to nip this in the bud right here.
>
> Dave R.
>
> On Wed, Mar 6, 2019 at 6:20 PM Chris Pollock via clamav-users <
> clamav-users at lists.clamav.net> wrote:
>
>> On Wed, 2019-03-06 at 17:55 -0500, Maarten Broekman via clamav-users
>> wrote:
>> > I have 48472 and 48473. The 48474 I got was the gdb file that was
>> > downloaded as part of the cdiff. The freshclam process hung after
>> > downloading though.  The order of the 48474 gdb file was no different
>> > from the order of the 48473 file.
>> >
>> > Freshclam gets this far before hanging after the download. The gdb
>> > file listed there has the same format.
>> > > Wed Mar  6 16:50:46 2019 -> *main.cvd version from DNS: 58
>> > > Wed Mar  6 16:50:46 2019 -> main.cvd is up to date (version: 58,
>> > > sigs: 4566249, f-level: 60, builder: sigmgr)
>> > > Wed Mar  6 16:50:46 2019 -> *daily.cvd version from DNS: 25380
>> > > Wed Mar  6 16:50:46 2019 -> daily.cvd is up to date (version:
>> > > 25380, sigs: 1503528, f-level: 63, builder: raynman)
>> > > Wed Mar  6 16:50:46 2019 -> *safebrowsing.cvd version from DNS:
>> > > 48474
>> > > LibClamAV debug: in cli_untgz()
>> > > LibClamAV debug: cli_untgz: Unpacking
>> > > /home/logins/mbroekman/analysis/tmp/clamav-
>> > > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
>> > > b4a94beaae2191e11c7805c6e49be7e6.tmp/COPYING
>> > > LibClamAV debug: cli_untgz: Unpacking
>> > > /home/logins/mbroekman/analysis/tmp/clamav-
>> > > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
>> > > b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.info
>> > > LibClamAV debug: cli_untgz: Unpacking
>> > > /home/logins/mbroekman/analysis/tmp/clamav-
>> > > 317041d4b9d853e83b60005464dd098c.tmp/clamav-
>> > > b4a94beaae2191e11c7805c6e49be7e6.tmp/safebrowsing.gdb
>> > > LibClamAV debug: in cli_untgz_cleanup()
>> > > Wed Mar  6 16:50:49 2019 -> *Retrieving
>> > > http://db.US.clamav.net/safebrowsing-48474.cdiff
>> > > Wed Mar  6 16:50:49 2019 -> nonblock_connect: connect(): fd=4
>> > > errno=101: Network is unreachable
>> > > Wed Mar  6 16:50:49 2019 -> Can't connect to port 80 of host
>> > > db.US.clamav.net (IP: 2606:4700::6810:da54)
>> > > Wed Mar  6 16:50:49 2019 -> *Trying to download
>> > > http://db.US.clamav.net/safebrowsing-48474.cdiff (IP:
>> > > 104.16.219.84)
>> > > Wed Mar  6 16:50:49 2019 -> Downloading safebrowsing-48474.cdiff
>> > > [100%]
>>
>> Same here,
>>
>> Wed Mar  6 16:00:00 2019 -> Downloading safebrowsing-48474.cdiff [100%]
>> and it's now 17:12CST. Top shows
>> 1997 clamav    20   0  578112 450352  21692 R 100.0  2.9 123:49.48
>> freshclam
>>
>> I stopped and restarted freshclam:
>>
>> Wed Mar  6 17:13:54 2019 -> Downloading safebrowsing-48474.cdiff [100%]
>> 32439 clamav    20   0  167716  40428  22256 R  99.7  0.3   3:12.59
>> freshclam
>>
>> Something is definitely amiss somewhere. For now I'll have to stop the
>> freshclam process until the issue is resolved.
>>
>> --
>> Chris
>> KeyID 0xE372A7DA98E6705C
>> 31.11972; -97.90167 (Elev. 1092 ft)
>> 17:11:37 up 1 day, 17 min, 1 user, load average: 2.47, 2.25, 2.05
>> Description:    Ubuntu 18.04.2 LTS, kernel 4.15.0-46-generic
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> ---
> Dave Raynor
> Talos Security Intelligence and Research Group
> draynor at sourcefire.com
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190306/0ca3d3d0/attachment.html>


More information about the clamav-users mailing list