[clamav-users] Freshclam updates problem

Robert M. Stockmann stock at stokkie.net
Thu Jul 15 09:01:11 UTC 2021 

On Thu, 15 Jul 2021, Mark E. Mallett wrote:

> Date: Thu, 15 Jul 2021 00:57:51 -0400
> From: Mark E. Mallett <mem at schmem.com>
> Reply-To: ClamAV users ML <clamav-users at lists.clamav.net>
> To: ClamAV users ML <clamav-users at lists.clamav.net>
> Subject: Re: [clamav-users] Freshclam updates problem
> 
> Thanks. I haven't seen further error reports since around the time you
> sent this.
> 
> -mm-  (but there's always tomorrow)
> 
> 
> 
> On Thu, Jul 15, 2021 at 02:32:39AM +0000, Micah Snyder (micasnyd) via clamav-users wrote:
> > Hi Mark,
> > 
> > I think I know what happened on your system. The CDN (cloudflare) sometimes sends cached responses for daily.cvd downloads, and presumably also does for main.cvd.  If you got a cached main.cvd version 59 after attempting to download version 60, then it would try a new download all over again the next time you run freshclam. 
> > 
> > We just cleared the cache on cloudflare so hopefully this doesn't happen again.  Clearing the cache hasn't been reliable, in my experience, so if we get more reports of this we'll clear it again.  
> > 
> > Meanwhile, we're building a minor patch version for main.cvd and publish version 61.  Combine that with the daily update for daily.cvd and we should be back to normal tomorrow morning.
> > 
> > Regards,
> > Micah
> > 
> > > -----Original Message-----
> > > From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of
> > > Mark E. Mallett
> > > Sent: Wednesday, July 14, 2021 5:51 PM
> > > To: ClamAV users ML <clamav-users at lists.clamav.net>
> > > Subject: Re: [clamav-users] Freshclam updates problem
> > > 
> > > On Wed, Jul 14, 2021 at 11:55:06PM +0000, Micah Snyder (micasnyd) via
> > > clamav-users wrote:
> > > 
> > >   ...
> > > >
> > > >  But it seems 0.103 has a second bug where it will patiently wait
> > > > until  it's at least 2 versions behind before it downloads the whole
> > > > CVD  database. This behavior is supposed to happen when a private
> > > > mirror  doesn't have the latest patch file yet, but wasn't supposed to
> > > > happen  for a zero-byte patch file. So we clearly have 2 bugs to fix ASAP.
> > > 
> > > FWIW: 0.103.0 here; freshclam does say we're 1 diff behind. It fails to apply the
> > > diff with the seek error mentioned:
> > > 
> > >     ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > >     ERROR: downloadPatch: Can't apply patch
> > > 
> > > But then it *does* download the two new .cvd files. Or at least two new .cvd
> > > files, I can't tell if they are the latest but I assume so.
> > > Next time around, the process repeats and we do the big downloads again.
> > > 
> > > This may be what you meant but it doesn't sound like it. Just thought I'd pipe
> > > up.
> > > 
> > > -mm-
> > > 
> > > PS when I first saw the daemon reports I tried clearing the data and running
> > > freshclam by hand. Since it downloaded the two new .cvd files I assumed it had
> > > self-corrected, so I did the same on all servers.
> > > I was surprised on next daemon run to see the errors again, and tried a manual
> > > run again and got the same errors.
> > > 
> > > I figured the problem was related to the new thing today; I was going to stop
> > > all freshclams until I looked deeper or heard more. But it sounds like wait-and-
> > > see for now.
> > > 

[hubble:root]:(~)# freshclam 
ClamAV update process started at Thu Jul 15 10:51:15 2021
daily database available for update (local version: 26231, remote version: 26233)
Current database is 2 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.8s, ETA:    0.0s [========================>]   54.72MiB/54.72MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26233)
Current database is 2 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.1s, ETA:    0.0s [========================>]   54.72MiB/54.72MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26233)
Current database is 2 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.5s, ETA:    0.0s [========================>]   54.72MiB/54.72MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26233)
Current database is 2 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.5s, ETA:    0.0s [========================>]   54.72MiB/54.72MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26233)
Current database is 2 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.8s, ETA:    0.0s [========================>]   54.72MiB/54.72MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26233)
Current database is 2 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time:    3.1s, ETA:    0.0s [========================>]   54.72MiB/54.72MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
[hubble:root]:(~)# 
[hubble:root]:(~)# clamdscan --version
ClamAV 0.103.3/26231/Wed Jul 14 13:05:45 2021
[hubble:root]:(~)# 

-- 
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org  stock at stokkie.net

More information about the clamav-users mailing list