[clamav-users] looks like I have a problem too
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Mar 16 19:29:04 UTC 2021
Hi Gene,
Regarding the errors you're observing:
I don't know why the daily.cld check is failing with:
WARNING: [LibClamAV] cli_tgzload: Invalid checksum for file daily.hsb
My guess is that there was a truncated download but that Freshclam didn't realize it (see below).
The second issue I see is that database verification failed, but then it claimed the database test passed. This is a knowns issue that we fixed recently, here:
- ticket: https://bugzilla.clamav.net/show_bug.cgi?id=12522
- commit: https://github.com/Cisco-Talos/clamav-devel/commit/ade9352d9a168f3560f28da806b48e010ff009b7
I believe this issue was fixed in 0.103.1: https://blog.clamav.net/2021/02/clamav-01031-patch-release.html
This does raise a point that we could improve the error handling in freshclam to try to not only verify the database with a load test, but also first verify that the content-length in the HTTP headers matches the size of the downloaded files. I'll make a ticket to add this extra check just in case users have database verification disabled (or the verification is broken again in some unexpected way).
Sorry for all the trouble!
Regards,
-Micah
> -----Original Message-----
> From: clamav-users <clamav-users-bounces at lists.clamav.net> On Behalf Of
> Gene Heskett via clamav-users
> Sent: Wednesday, March 10, 2021 9:25 AM
> To: clamav-users at lists.clamav.net
> Cc: Gene Heskett <gheskett at shentel.net>
> Subject: [clamav-users] looks like I have a problem too
>
> Greetings;
>
> I just reduced my freshclam fetch from 24 to 6 times a day. But I do see some
> errors when it does try to update:
> copy/paste, wordwrap off:
> from freshclam.log:
>
> Wed Mar 10 08:09:24 2021 -> Received signal: wake up Wed Mar 10 08:09:24
> 2021 -> ClamAV update process started at Wed Mar 10 08:09:24 2021 Wed
> Mar 10 08:09:24 2021 -> daily database available for update (local version:
> 26103, remote version: 26104) Wed Mar 10 08:09:24 2021 -> Testing
> database: '/var/lib/clamav/tmp.9230f/clamav-
> e29c7bfba68291a21e41dbe83fb8c776.tmp-daily.cld' ...
> Wed Mar 10 08:09:29 2021 -> WARNING: [LibClamAV] cli_tgzload: Invalid
> checksum for file daily.hsb Wed Mar 10 08:09:29 2021 -> WARNING:
> [LibClamAV] Can't load /var/lib/clamav/tmp.9230f/clamav-
> e29c7bfba68291a21e41dbe83fb8c776.tmp-daily.cld: Malformed database
> Wed Mar 10 08:09:29 2021 -> ERROR: Failed to load new database: Malformed
> database Wed Mar 10 08:09:29 2021 -> Database test passed.
> Wed Mar 10 08:09:31 2021 -> daily.cld updated (version: 26104, sigs:
> 3958880, f-level: 63, builder: raynman) Wed Mar 10 08:09:31 2021 -> main.cld
> database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
> Wed Mar 10 08:09:31 2021 -> bytecode.cld database is up to date (version:
> 333, sigs: 92, f-level: 63, builder: awillia2) Wed Mar 10 08:09:31 2021 ->
> WARNING: Clamd was NOT notified: Can't connect to clamd through
> /var/run/clamav/clamd.ctl: No such file or directory
>
> So obviously something is aglay with my config which I haven't touched since
> debian stretch was installed. But it has been kept uptodate at least weekly.
> synaptic says I have version 102-4.
>
> What should I fix?
>
> Thanks folks.
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law respectable.
> - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list