[clamav-users] running freshclam and 3rd party/clamav-unofficial-sigs.sh owner name changes occasionally

G.W. Haywood clamav at jubileegroup.co.uk
Fri Oct 9 23:37:32 UTC 2020 

Hello again,

On Fri, 9 Oct 2020, Robert Kudyba wrote:

> ... today when it started:
> Oct 09 04:15:56 Checking for urlhaus updates...
> Oct 09 04:15:56 Checking for updated urlhaus database file: urlhaus.ndb
> Oct 09 04:15:56 Testing updated urlhaus database file: urlhaus.ndb
> Oct 09 04:15:56 Clamscan reports urlhaus urlhaus.ndb database integrity tested good
> Oct 09 04:15:56 Successfully updated urlhaus production database file: urlhaus.ndb
> Oct 09 04:15:56 Update(s) detected, reloading ClamAV databases
> Oct 09 04:15:56 ClamAV databases reloading
> Oct 09 04:15:56 Issue tracker : https://github.com/extremeshok/clamav-unofficial-sigs/issues
> Oct 09 04:15:56       Powered By https://eXtremeSHOK.com
>*Oct 09 05:14:02 ERROR: clam database directory (clam_dbs) not writable /var/lib/clamav*

Looks clear that the urlhaus db was updated OK.  Does the unofficial
update script normally take an hour to run on your system?!  The one
we use usually takes just a few minutes.

> ... perhaps I should contact the ExtremeSHOK contributors ...

I'd have said so, yes.

> perhaps there's some debug option that I'm not aware of?

It's just a shell script, you could edit it to put debugging things in
there if you're comfortable with hacking shell scripts.  Does it give
usage help if run with no arguments?  Does it have the '-i' option?

> ... I do see:
> systemctl status clam
> clamav-clamonacc.service        clamav-unofficial-sigs.service
> clamd.service
> clamav-freshclam.service        clamav-unofficial-sigs.timer
> clam-freshclam.service
> clamav-milter.service           clamd at scan.service
> clamonacc.service

I don't use any of that stuff, I like to know what's going on.  It
might be worth disabling all the service frippery and starting the
daemons from the command line to see if it behaves any differently.

> I see Fangfrisch <https://rseichter.github.io/fangfrisch/>is being
> maintained as an alternative. Haven't tried it yet.

It might not be time to throw out the baby just yet, before swapping
one lot of unknowns for another lot of unknowns I'd definitely try a
bit of investigative work.  After all other people use this stuff.  If
extra logging, disabling services etc don't lead you anywhere it might
be worth purging and reinstalling all the implicated packages.

-- 

73,
Ged.

More information about the clamav-users mailing list