Topic: workaround for clamav update problem

[stephdl]

In this moment we have a lot of messages of clamav which does'nt want to be updated.
In the bugzilla there is a workaround to provide a solution. http://bugs.contribs.org/show_bug.cgi?id=7353

thank to  Graeme Fleming http://bugs.contribs.org/show_bug.cgi?id=7353#c51

Code: [Select]

I'm documenting an update process that has worked without fail everytime I've used it, regardless of Clam version & update status; it follows most of what the previous few posters have said with a few additions for completeness & clarity:

# Shutdown clam so clamd.socket file is removed
service clamd stop

# Navigate to clamav folder
cd /var/clamav

# Remove ALL files from folder to provide clean slate for update process
rm -f /var/clamav/* (you could skip the -f & confirm every file delete for safety)

# Current Clamav version is clamav-0.97.6

rpm -q clamav

clamav-0.97.6-1.el5.rf

# Update clamav to latest version if required
# Not downloading clamav-db
yum update clamav

# Restart clam
service clamd start

# Update sigs
freshclam -v (--no-dns can be used if just -v fails tho I haven't struck this issue)

Check output from freshclam to make sure update completes sucessfully.

Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Sun Feb 24 15:14:02 2013
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.97.6
main.cvd version from DNS: 54
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd version from DNS: 16731
daily.cld is up to date (version: 16731, sigs: 829102, f-level: 63, builder: guitar)
bytecode.cvd version from DNS: 214
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)

which showed as just 5 files in the /var/clamav folder:

-rw-r--r--  1 clamav clamav    60125 Feb 17 12:11 bytecode.cvd
srw-rw-rw-  1 clamav clamav        0 Feb 24 14:27 clamd.socket
-rw-r--r--  1 clamav clamav 52101120 Feb 24 11:46 daily.cld
-rw-r--r--  1 clamav clamav 30750647 Oct 11  2011 main.cvd
-rw-------  1 clamav clamav      104 Feb 24 14:46 mirrors.dat

Note:  if you are bandwidth poor or on slow connection then don't delete main.cvd

For completeness & to be absolutely sure signal-event post-update; signal-event reboot, then go through the logs post reboot to make sure everything started correctly.  This is not necessary for this procedure but doesn't hurt.

[jameswilson]

Works for me. Maybe a sticky? Or a wiki add?

[p-jones]

This will work everytime. For me, the million dollar question is 'why do we need to do this' (rhetorical).

For my own server, I needed to do this once maybe 4-6 weeks ago. I have a friend down country who also had to do it once 4-6 weeks ago. I have several servers across town belonging to severable not for profit organisations I donate my time to. I have had to do  it to these servers 3 or 4 times over recent weeks. One, as recently as yesterday.I know of another server nearby that has never needed it doing. I have logged into that server and checked the AV is working.

I have read extensivley on this issue and believe I understand why it has happened. If I am understanding all this correctly, it is not an issue with SME but an upstream issue with the CLAM Team and the integrity of the update files they are pushing out.

What I dont understand is that there seems to be no pattern and different servers at different locations, some with different ISP are behaving very differently.

The only way I am able to rationalise this in my own mind is by embarking on the very unsafe practice of assumption. My assumption is that different servers in different locations or with different ISP are are ending up at different mirrors with varying integrities. I cant prove this, I dont even know if I am right but there is nothing else I can think of that explains this random behaviour.

For clarity, I should also state that (a) when I delete the files, the situation is resolved for days. I have checked this in the logs and files.  (b) I always delete the mirrors.dat file so the mirror list gets replaced/updated.

The only way I can think to sort it is to run a daily cron job tp delete these files so they get replace. However, I dont think the volume of additional traffic upstream would be appreciated ! Could also have the effect of compounding the problem.

[stephdl]

done http://wiki.contribs.org/Clamav:freshclam_update

[bclayton]

I, too, have been getting hourly emails.  I have tried the workaround several times and am still getting emails.
Here is the output from command line:
[root@provue-server ~]# freshclam -v
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Sun Mar 10 15:54:08 2013
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 844
Software version from DNS: 0.97.6
main.cvd version from DNS: 54
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd version from DNS: 16825
daily.cvd is up to date (version: 16825, sigs: 915586, f-level: 63, builder: neo)
bytecode.cvd version from DNS: 214
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
[root@provue-server ~]#

All seems well, however, I got this email shortly after:

2013-03-10 16:18:39.149484500 ClamAV update process started at Sun Mar 10 16:18:39 2013
2013-03-10 16:18:39.149914500 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
2013-03-10 16:18:40.130638500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-10 16:18:40.131407500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-10 16:18:40.132159500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-10 16:18:40.132899500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-10 16:18:40.133645500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-10 16:18:40.134402500 ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-10 16:18:40.169794500 WARNING: Incremental update failed, trying to download daily.cvd
2013-03-10 16:18:40.170672500 ERROR: Can't download daily.cvd from database.clamav.net
2013-03-10 16:18:40.170836500 Giving up on database.clamav.net...
2013-03-10 16:18:40.170857500 Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

I am wondering if I have another problem.  My server is 8.0, fully updated.  Any suggestions?

[p-jones]

Follow the instructions listed above and your problem WILL resolve itself.

[bclayton]

Thanks.  I have run the fix probably 10 times over the last two or threee weeks, but so far emails continue.  I'll just give it more time.

[p-jones]

Else cut and paste below to a command prompt and it will also achieve the desired result. (Putty is helpful here)



# Shutdown clam so clamd.socket file is removed
service clamd stop
# Navigate to clamav folder
cd /var/clamav
# Remove ALL files from folder to provide clean slate for update process
rm -f /var/clamav/*
# (you could skip the -f & confirm every file delete for safety)
# Restart clam
service clamd start
# Update sigs
freshclam -v
#(--no-dns can be used if just -v fails tho I haven't struck this issue)

[bclayton]

Thanks, again.  I did exactly that today (and earlier) using Putty.  Any thing else I should try?

[p-jones]

No that shud do it. Has ALWAYS worked for me but may need to do it again a day latter. That is just the nature of the problem. You can also delete all the files with WinSCP  (you wont be able to delete the socket file) and run freshclam - v . That will do it also.

Just note I have modified the above script ever so slightly to make it command prompt friendly.

[bclayton]

Thank you.  I will keep trying the workaround.

[Michail Pappas]

@bclayton: I presume that the clamav mirror used is the default one, db.local.clamav.net:

Code: [Select]

# config getprop clamav DatabaseMirror
db.local.clamav.net

Try this (worked for me). Set the DatabaseMirror to the one of your one country. DatabaseMirror has the format db.XY.clamav.net, where XY is the country code of your country. For example, if you are from the US, then most likely the mirror is named db.us.clamav.net.

So first, check that the mirror server does exist, by using a dig:

Code: [Select]

# dig db.us.clamav.net

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> db.us.clamav.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64013
;; flags: qr rd ra; QUERY: 1, ANSWER: 18, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;db.us.clamav.net.              IN      A

;; ANSWER SECTION:
db.us.clamav.net.       1200    IN      CNAME   db.us.big.clamav.net.
db.us.big.clamav.net.   60      IN      A       64.6.100.177
db.us.big.clamav.net.   60      IN      A       64.22.33.90
db.us.big.clamav.net.   60      IN      A       65.19.179.67
db.us.big.clamav.net.   60      IN      A       69.12.162.28
db.us.big.clamav.net.   60      IN      A       69.163.100.14
db.us.big.clamav.net.   60      IN      A       78.46.84.244
db.us.big.clamav.net.   60      IN      A       128.177.8.248
db.us.big.clamav.net.   60      IN      A       129.21.171.98
db.us.big.clamav.net.   60      IN      A       150.214.142.197
db.us.big.clamav.net.   60      IN      A       155.98.64.87
db.us.big.clamav.net.   60      IN      A       168.143.19.95
db.us.big.clamav.net.   60      IN      A       194.8.197.22
db.us.big.clamav.net.   60      IN      A       194.186.47.19
db.us.big.clamav.net.   60      IN      A       200.236.31.1
db.us.big.clamav.net.   60      IN      A       207.57.106.31
db.us.big.clamav.net.   60      IN      A       208.72.56.53
db.us.big.clamav.net.   60      IN      A       209.198.147.20

;; Query time: 192 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Mon Mar 11 08:34:42 2013
;; MSG SIZE  rcvd: 330

Seems ok, so configure it:

Code: [Select]

# config setprop clamav DatabaseMirror db.us.clamav.net
# signal-event clamav-update

After doing these, try the hints given by the posters above.

Again, changing the database mirror is what helped in my case, YMMV.

[bclayton]

Thanks, Michail. 
My default mirror was set to local.  I tried your suggestion and set it to US and reran the code provided earlier, but I'm still getting emails.  I'm a bit baffled as these workarounds seem to have worked for others.

[Michail Pappas]

Can you try a:

Code: [Select]

freshclam -v --no-dns


[bclayton]

Tried that a couple of hours ago, and still getting emails.  I welcome any other suggestions.  Thanks.

[Michail Pappas]

Can you do the steps below? Please paste the output of the commands:

Code: [Select]

service clamd stop
cd /var/clamav
ls -laFt
rm -f /var/clamav/*
ls -laFt
service clamd start
freshclam -v --no-dns
ls -laFt


[purvis]

Not sure. Just a jabb. My SME is in server mode. Once I set the DNS of the server to my router or the DNS of my local provider. A SME person told me to not do that. So I reconfigured the server by looking into the admin account from the prompt.

Also routers cn get messed up. Reboot routers to clear the cached DNS in them at least once a month.

[TerryF]

Please show results of following
[root@sme8vm ~]# ls /var/clamav

[bclayton]

Thanks to all for your help.  Michail, here is the output of your command:
[root@provue-server ~]# service clamd stop
Stopping clamd:                                            [  OK  ]
[root@provue-server ~]# cd /var/clamav
[root@provue-server clamav]# ls -laFt
total 86472
drwxr-xr-x  2 clamav clamav     4096 Mar 12 08:31 ./
-rw-------  1 clamav clamav      364 Mar 12 07:51 mirrors.dat
-rw-r--r--  1 clamav clamav 57616896 Mar 12 07:50 daily.cld
-rw-r--r--  1 clamav clamav    60125 Mar 11 07:45 bytecode.cvd
-rw-r--r--  1 clamav clamav 30750647 Mar 11 07:41 main.cvd
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../
[root@provue-server clamav]# rm -f /var/clamav/*
[root@provue-server clamav]# ls -laFt
total 8
drwxr-xr-x  2 clamav clamav 4096 Mar 12 08:31 ./
drwxr-xr-x 25 root   root   4096 Sep  2  2012 ../
[root@provue-server clamav]# service clamd start
Starting clamd:                                            [  OK  ]
[root@provue-server clamav]# freshclam -v --no-dns
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Tue Mar 12 08:31:11 2013
Using IPv6 aware code
Retrieving http://db.us.clamav.net/main.cvd
Trying to download http://db.us.clamav.net/main.cvd (IP: 78.46.84.244)
Downloading main.cvd [100%]
Loading signatures from main.cvd
Properly loaded 1044387 signatures from new main.cvd
main.cvd updated (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Querying main.54.67.1.0.78.46.84.244.ping.clamav.net
If-Modified-Since: Tue, 12 Mar 2013 13:40:38 GMT
Reading CVD header (daily.cvd): Connected to db.us.clamav.net (IP: 78.46.84.244).
Trying to retrieve CVD header of http://db.us.clamav.net/daily.cvd
OK (IMS)
daily.cvd is up to date (version: 16835, sigs: 933238, f-level: 63, builder: neo)
Querying daily.16835.67.1.0.78.46.84.244.ping.clamav.net
If-Modified-Since: Wed, 13 Feb 2013 15:29:15 GMT
Reading CVD header (bytecode.cvd): Connected to db.us.clamav.net (IP: 78.46.84.244).
Trying to retrieve CVD header of http://db.us.clamav.net/bytecode.cvd
OK (IMS)
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Querying bytecode.214.67.1.0.78.46.84.244.ping.clamav.net
Database updated (1977666 signatures) from db.us.clamav.net (IP: 78.46.84.244)
Clamd successfully notified about the update.
[root@provue-server clamav]# ls -laFt
total 52616
drwxr-xr-x  2 clamav clamav     4096 Mar 12 10:18 ./
-rw-------  1 clamav clamav       52 Mar 12 10:18 mirrors.dat
-rw-r--r--  1 clamav clamav 30750647 Mar 12 10:18 main.cvd
-rw-r--r--  1 clamav clamav    60125 Mar 12 08:58 bytecode.cvd
-rw-r--r--  1 clamav clamav 22979110 Mar 12 08:58 daily.cvd
srw-rw-rw-  1 clamav clamav        0 Mar 12 08:56 clamd.socket=
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../

TerryF:  here is the output from your command after the above:

[root@provue-server clamav]# ls /var/clamav
bytecode.cvd  clamd.socket  daily.cvd  main.cvd  mirrors.dat
[root@provue-server clamav]#

My server is running in servergateway mode.

Thanks and I hope this helps.

[purvis]

blcayton and others
I have a windows program that will ping locations, equipment, and etc.
I just posted in the contribs section of the forum the location some programs that I use.
Do a forum search using "financeinla".
If you think the sites are going down or two busy or your computers cannot find urls and you want to monitor those sites by pinging.
Use the program called internet. If I wanted to ping database.clamav.net. I would use

Code: [Select]

internet  database.clamav.net database.clamav.net database.clamav.net
You can set some other options, in this case you probably want to increase the loop(the default is 3 seconds-3000ms) time between pinging sites and increase the response wait(the default is 1/2 second-500ms) time from a site.
IF you think your having other kinds of issue like your internet serivce being down, you can ping a variety of locations.
The program internet looks for a no ping response. I think the standard ping response wait time is 2 seconds.
This program was written to monitor when equipment, internet sites,  or our internet net goes down.

This tool is just another tool that might come in handy when trying to solve problems.
You can also put in the ip address rather than a url name for web sites or equipment.
 

[purvis]

And also the internet program will report an UP status(green background) on any first ping returned.
All failures(red background) will cause a down status.
A partial failure(yellow background), a failure after any single pinged location, can be added as command option.
As well as audible tones too.  Audible is handy for when you are away from the computer screen or checking Ethernet wires and connections.

[bclayton]

Thanks, I'll give that a shot.

[purvis]

I am sure there was a better name other than internet for that program, maybe like pingping or something similiar.
At one location, the internet was troublesome, so that is the reason for the program. I needed a tool that would log and run 24/7.
Clicking on the window will bring up a standard windows msgbox. If you press return, that log goes to the clipboard.
If you just close the msgbox with the X box in the upper right, then nothing will go to the clipboard.
This internet program gets loaded up on all windows computers when the computer boots.
For ping locations, we ping about 8 different locations, mostly our own locations and some common well known ones.
For just running the program as a side program, you should increase the ping response time higher that the default 500ms,
so that those likely well known locations are not pinged. That will happen if your internet connection or dns servers are down.
Like I said, for each loop, a responded to ping will abort pinging the following locations in the order placed on the command tail.

If you get a down status then an up status, as you might see in the log, in the amount of time equal to your loop time. That is likely not an issue, just a lost ping signal.
This command line would be a good starting point for my internet program pinging database.clamav.net, this would give a 2 second wait time for a ping response, 2 seconds before
the next try up to two more additonal time ping trys, then a 10 second wait time before recycling the ping test.

Code: [Select]

INTERNET.EXE database.clamav.net database.clamav.net database.clamav.net -t 2000 -s 2000 -l 10000


[Michail Pappas]

Ok, let's compare the contents of your own folder:

Code: [Select]

[root@provue-server clamav]# ls -laFt
total 52616
drwxr-xr-x  2 clamav clamav     4096 Mar 12 10:18 ./
-rw-------  1 clamav clamav       52 Mar 12 10:18 mirrors.dat
-rw-r--r--  1 clamav clamav 30750647 Mar 12 10:18 main.cvd
-rw-r--r--  1 clamav clamav    60125 Mar 12 08:58 bytecode.cvd
-rw-r--r--  1 clamav clamav 22979110 Mar 12 08:58 daily.cvd
srw-rw-rw-  1 clamav clamav        0 Mar 12 08:56 clamd.socket=
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../

For the record, here's my listing:

Code: [Select]

# ls -laF /var/clamav/
total 87804
drwxr-xr-x  2 clamav clamav     4096 Mar 13 06:50 ./
drwxr-xr-x 26 root   root       4096 Sep 26 10:02 ../
-rw-r--r--  1 clamav clamav   309248 Feb 14 05:26 bytecode.cld
srw-rw-rw-  1 clamav clamav        0 Mar  8 14:45 clamd.socket=
-rw-r--r--  1 clamav clamav 58729984 Mar 12 23:49 daily.cld
-rw-r--r--  1 clamav clamav 30750647 Oct 11  2011 main.cvd
-rw-------  1 clamav clamav     1664 Mar 13 06:50 mirrors.dat

And here's from another SME 8 production server:

Code: [Select]

# ls -laFt
total 87804
drwxr-xr-x  2 clamav clamav     4096 Mar 13 07:55 ./
-rw-------  1 clamav clamav     2912 Mar 13 07:00 mirrors.dat
-rw-r--r--  1 clamav clamav 58729984 Mar 12 23:59 daily.cld
srw-rw-rw-  1 clamav clamav        0 Mar 11 07:57 clamd.socket=
-rw-r--r--  1 clamav clamav   309248 Feb 14 05:32 bytecode.cld
drwxr-xr-x 27 root   root       4096 Jan 18 11:34 ../
-rw-r--r--  1 clamav clamav 30750647 Oct 11  2011 main.cvd

Bottomline: you seem to be ok now (not an expert here though). The fact that some files are in cvd format, whereas some of mine are cld's is not an issue; see http://old.nabble.com/Re%3A-daily.cld-not-updating-on-remote-hosts-p20669224.html

To confirm, do an update (without deleting the contents of /var/clamav and without using --no-dns) and paste the output:

Code: [Select]

cd /var/clamav
freshclam -v
ls -laFt


[bclayton]

Here is the output:

[root@provue-server ~]# cd /var/clamav
[root@provue-server clamav]# freshclam -v
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Wed Mar 13 07:32:46 2013
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.97.6
main.cvd version from DNS: 54
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd version from DNS: 16838
daily.cld is up to date (version: 16838, sigs: 934542, f-level: 63, builder: guitar)
bytecode.cvd version from DNS: 214
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
[root@provue-server clamav]# ls -laFt
total 87560
drwxr-xr-x  2 clamav clamav     4096 Mar 13 07:32 ./
-rw-------  1 clamav clamav      208 Mar 13 07:32 mirrors.dat
-rw-r--r--  1 clamav clamav 58729984 Mar 13 00:06 daily.cld
srw-rw-rw-  1 clamav clamav        0 Mar 12 17:06 clamd.socket=
-rw-r--r--  1 clamav clamav 30750647 Mar 12 10:18 main.cvd
-rw-r--r--  1 clamav clamav    60125 Mar 12 08:58 bytecode.cvd
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../
[root@provue-server clamav]#

[Michail Pappas]

 Well, it seems you are OK now!

[bclayton]

Not quite.  I'm still getting hourly emails:

2013-03-13 08:27:42.472511500 ClamAV update process started at Wed Mar 13 08:27:42 2013
2013-03-13 08:27:42.472938500 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
2013-03-13 08:27:43.454311500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.455097500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.455862500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.456640500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.457447500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.458204500 ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.493520500 WARNING: Incremental update failed, trying to download daily.cvd
2013-03-13 08:27:43.494450500 ERROR: Can't download daily.cvd from database.clamav.net
2013-03-13 08:27:43.494615500 Giving up on database.clamav.net...
2013-03-13 08:27:43.494636500 Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

Is there anything else I can try?  Thanks.

[Michail Pappas]

Perhaps it's time to open a bug report for this at http://bugs.contribs.org/

Once you do it, please enter there the url of this thread here at the forums. And also post in this thread the url of the bug report, to have them reference each other.

[purvis]

If you are the online one having these specific issues.
It might be your Internet connection. Is it stable.
Being down in seconds count.
What type of set do you have again   Server or gateway.
Who is your ISP and what kind of connection.

I had a very  similar problems with Comcast and they refused to believe  it was their lines or equipment. But we did find a defective cable splitter in the process.
And also   Where is this equipment.  There are  so many questions on Internet service I could  ask.

Internet service issues can drive you mad.

[bclayton]

Thanks for the suggestion.  Does not seem to be the Internet connection.  Have tested with PingPlotter over several hours and no drop outs.  Our ISP is local and we have fiber optic service, which has been very stable and reliable.  We receive many FTP transfers daily without issues.  Server is setup as servergateway and is in a controllled office environment.  I will do a bug report.

[purvis]

bclayton

I am working on a possible issue with clamav. Right now is too early for me to tell about my problem.
But could you tell me how long it takes your system to do a full scan.
If you are doing virus scanning either daily or weekly using the setting in server-manager panel , you will then find that information in a daily or weekly email to the admin account.
Basically I want to know if your scan takes over one hour to complete and how many hours if so.
Thanks in advance.

[TerryF]

----------- SCAN SUMMARY -----------
Known viruses: 1954004
Engine version: 0.97.6
Scanned directories: 3261
Scanned files: 43537
Infected files: 0
Data scanned: 16675.01 MB
Data read: 39058.62 MB (ratio 0.43:1)
Time: 3038.650 sec (50 m 38 s)

[bclayton]

purvis,
Here are the results from my daily scan:

----------- SCAN SUMMARY -----------
Known viruses: 1982669
Engine version: 0.97.6
Scanned directories: 20417
Scanned files: 84474
Infected files: 0
Data scanned: 12136.28 MB
Data read: 21871.71 MB (ratio 0.55:1)
Time: 1731.013 sec (28 m 51 s)

[purvis]

Thanks
Your scan time is on the low time to process.
If it were high (long) time. I would make some comments.
But I have none other than I do not think scanning full files on your system has
a impact on your problem

[bclayton]

Thanks for you help.

[bclayton]

Added to bug report:  http://bugs.contribs.org/show_bug.cgi?id=7406
I am not totally sure that mine is the exact problem as the open bug report but it may be.  If I need to open a new bug report, admin, please let me know.
Thanks.

[bclayton]

Opened new bug report:  http://bugs.contribs.org/show_bug.cgi?id=7492

[purvis]

bclayton
I finally got one message like your problem early in the week.
I did work on some create some script work arounds.
The bash script i created is much smoother and only disables the freshclam service only while making the cvd updates.  That code has not been posted yet but soon I will.
ClamAV site mentioned they did have some issues in February.