Hello guys,
Thanks for the replies. Yes, deleting daily.cld fixed the problem. My concern is that I’m building a docker image with clamav inside it and I have to delete daily.cld on every new build if I want freshclam to work correctly the first time. About the subsequent runs when I tried to run freshclam on two different pods after image deploy, daily.cld was updated to the latest version only on one of them. These are the logs for both pods:
#1st pod (successful update):
Connecting via dnat.genesaas.io
ClamAV update process started at Thu Jul 29 08:54:30 2021
daily database available for update (local version: 26231, remote version: 26246)
Current database is 15 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 21.8s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Testing database: '/var/lib/clamav/tmp.98ba2d17af/clamav-474d295bd3248aa18d6abaf0dc93f952.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26246, sigs: 1964581, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
2nd pod (unsuccessful update):
Connecting via dnat.genesaas.io
ClamAV update process started at Thu Jul 29 09:14:16 2021
daily database available for update (local version: 26231, remote version: 26247)
Current database is 16 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 26.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26247)
Current database is 16 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 28.0s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version: 26247)
Current database is 16 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 25.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
What might be the reason of this inconsistent behavior?
And about the ReceiveTimeout this is what I have in freshclam.conf:
# Maximum time in seconds for each download operation. 0 means no timeout.
# Default: 0
#ReceiveTimeout 1800
So, it should have no timeout, right?
Best Regards,
Elia
From: Micah Snyder (micasnyd) <micasnyd@cisco.com>
Sent: Wednesday, July 28, 2021 10:02 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Asenova, Elia <Elia.Asenova@experian.com>; Solakov, Panayot <Panayot.Solakov@experian.com>
Subject: [EXTERNAL] RE: Freshclam - can't apply latest patch 26246
|
External email:
Do not click the links. Verify legitimacy before taking action. |
Hi Elia,
I would need to see the log messages from your subsequent updates to be sure what’s going wrong. The logs you shared in your initial email show a bug but subsequent freshclam runs _should_ work.
If you want, the verbose log may reveal something.
Like Joel suggested, it may be the ReceiveTimeout issue discussed here:
https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html
Regardless, I think that deleting your daily.cld database (/var/lib/clamav/daily.cld) and trying again should get you back in business.
Sorry about the trouble.
Regards,
Micah
From: clamav-users <clamav-users-bounces@lists.clamav.net>
On Behalf Of Asenova, Elia via clamav-users
Sent: Wednesday, July 28, 2021 8:15 AM
To: clamav-users@lists.clamav.net
Cc: Asenova, Elia <Elia.Asenova@experian.com>; Solakov, Panayot <Panayot.Solakov@experian.com>
Subject: [clamav-users] Freshclam - can't apply latest patch 26246
Hello guys,
This is related to a freshclam update problem that I have. Basically when running freshclam I get the following errors:
ClamAV update process started at Wed Jul 28 14:30:20 2021
daily database available for update (local version: 26209, remote version: 26246)
Downloaded 22 patches for daily, which is fewer than the 37 expected patches.
We'll settle for this partial-update, at least for now.
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-c22814890a9b587d8060b5d43ce20d40.tmp-daily.cld' ...
[LibClamAV] **************************************************
[LibClamAV] *** The virus database is older than 7 days! ***
[LibClamAV] *** Please update it as soon as possible. ***
[LibClamAV] **************************************************
Database test passed.
daily.cld updated (version: 26231, sigs: 3996055, f-level: 63, builder: raynman)
main database available for update (local version: 59, remote version: 61)
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download main.cvd
Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-abc29e83f1558f3534bfbeb8d1a81899.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
It seems like daily.cld cannot be updated to the latest version, so it does a partial update. I tried running freshclam several times but same thing happens over and over again. Clamav version is 0.103.3 and daily db version is 26231 (instead
of 26246).
I saw an email on this topic in your mail archive (https://lists.clamav.net/pipermail/clamav-users/2021-July/011508.html),
but I do not see any resolution of the problem. Could you give an update on what is going on and when is this problem going to be resolved? Thank you!
Best Regards,
Elia Asenova