If you're running into the CA cert problem with FreshClam because your CA certificate bundle is in a non-standard place, you can also set the CURL_CA_BUNDLE environment to point to the file holding one or more certificates.  FreshClam and ClamSubmit will check that environment variable and use it instead of the default openssl CA path.

My apologies that this isn't in the documentation (yet). I will add it today. https://github.com/Cisco-Talos/clamav/issues/175



Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Jona Tallieu <jona@tnt.be>
Sent: Tuesday, August 17, 2021 5:55 AM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] database updates blocked
 

Dear,

 

Thanks for your answer.

We are using Freshclam, the curl was a test to see what the problem was.

 

The logs show a SSL CA cert problem:

 

13:26:22.633 5 EXTFILTER(CGPClamAV) inp(059): * ClamAV update process started at Mon Aug 16 13:26:22 2021

13:26:22.634 5 EXTFILTER(CGPClamAV) inp(048): * WARNING: Your ClamAV installation is OUTDATED!

13:26:22.634 5 EXTFILTER(CGPClamAV) inp(062): * WARNING: Local version: 0.103.2 Recommended version: 0.103.3

13:26:22.634 5 EXTFILTER(CGPClamAV) inp(069): * DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

13:26:22.634 5 EXTFILTER(CGPClamAV) inp(083): * daily database available for update (local version: 26231, remote version: 26265)

13:26:24.644 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)

13:26:24.644 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch: Can't download daily-26232.cdiff from https://database.clamav.net/daily-26232.cdiff

13:26:24.646 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)

13:26:24.646 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch: Can't download daily-26232.cdiff from https://database.clamav.net/daily-26232.cdiff

13:26:24.651 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)

13:26:24.651 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch: Can't download daily-26232.cdiff from https://database.clamav.net/daily-26232.cdiff

13:26:24.651 5 EXTFILTER(CGPClamAV) inp(066): * WARNING: Incremental update failed, trying to download daily.cvd

13:26:24.653 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?)

13:26:24.653 5 EXTFILTER(CGPClamAV) inp(078): * WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd

 

But the ca-certificates package (which contains the CA roots) is the most recent version. Other Cloudflare hosted url’s (with the same TLS settings) work fine…

 

 

Best,

 

Jona

 

 

 

 

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of "Joel Esler (jesler) via clamav-users" <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Tuesday, 17 August 2021 at 14:45
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: "Joel Esler (jesler)" <jesler@cisco.com>
Subject: Re: [clamav-users] database updates blocked
Resent-From: <jona@mail.tnt.be>
Resent-Date: Tuesday, 17 August 2021 at 14:45

 

Curl is not authorized to be used to download updates.  Please use Freshclam or cvdupdate to download updates.