[clamav-users] freshclam: Verification: Can't verify database integrity

Jim Popovitch jimpop at domainmail.org
Mon Dec 26 15:14:56 UTC 2022 

On Mon, 2022-12-26 at 15:51 +0100, Matus UHLAR - fantomas wrote:
> On 25.12.22 16:16, Jim Popovitch via clamav-users wrote:
> > What the heck could be causing freshclam verification problems for the
> > past 2 days?  I'm getting rate-limited over and over because freshclam
> > fails to verify daily.cvd (and then retries over and over).  Is there a
> > known problem with daily.cvd downloads being corrupt?  Google says to
> > "wget http://database.clamav.net/daily.cvd" but that no longer works.
> > What should I be doing differently?
> 
> 
> > ~$ grep freshclam /var/log/syslog
> > Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
> > Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022
> > Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022
> 
> this looks like you are running two concurrent update processes.
> This may or may not cause the problem.

I can't explain the 2 identical logged lines, freshclam has been logging
dups that for a while now:

Dec 19 08:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 08:19:34 2022
Dec 19 08:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 08:19:34 2022
Dec 19 10:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 10:19:34 2022
Dec 19 10:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 10:19:34 2022
 
but there is only 1 instance running:
~$ ps -ef|grep clamav
clamav    1013     1  0 Dec25 ?        00:00:02 /usr/bin/freshclam -d --foreground=true

$ dpkg --list |grep clamav-freshclam 
ii  clamav-freshclam                   0.103.7+dfsg-1+b2                 amd64        anti-virus utility for Unix - virus database update utility


> > Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
> Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
> Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN.
> Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN.

do you have single dedicated IP address for this server?

Yes, both IPv4 and IPv6.


> DatabaseOwner clamav
> DatabaseDirectory /var/lib/clamav

does the freshclam process run with permissions required to update the 
/var/lib/clamav directory? 
is it all owned by clamav user?

Yes, freshclam previously created this one file:

$ ll /var/lib/clamav/
total 4
-rw-r--r-- 1 clamav clamav 69 Dec 25 20:29 freshclam.dat


Very odd situation indeed.

-Jim P.

More information about the clamav-users mailing list