Topic: workaround for clamav update problem

[Michail Pappas]

Can you do the steps below? Please paste the output of the commands:

Code: [Select]

service clamd stop
cd /var/clamav
ls -laFt
rm -f /var/clamav/*
ls -laFt
service clamd start
freshclam -v --no-dns
ls -laFt


[purvis]

Not sure. Just a jabb. My SME is in server mode. Once I set the DNS of the server to my router or the DNS of my local provider. A SME person told me to not do that. So I reconfigured the server by looking into the admin account from the prompt.

Also routers cn get messed up. Reboot routers to clear the cached DNS in them at least once a month.

[TerryF]

Please show results of following
[root@sme8vm ~]# ls /var/clamav

[bclayton]

Thanks to all for your help.  Michail, here is the output of your command:
[root@provue-server ~]# service clamd stop
Stopping clamd:                                            [  OK  ]
[root@provue-server ~]# cd /var/clamav
[root@provue-server clamav]# ls -laFt
total 86472
drwxr-xr-x  2 clamav clamav     4096 Mar 12 08:31 ./
-rw-------  1 clamav clamav      364 Mar 12 07:51 mirrors.dat
-rw-r--r--  1 clamav clamav 57616896 Mar 12 07:50 daily.cld
-rw-r--r--  1 clamav clamav    60125 Mar 11 07:45 bytecode.cvd
-rw-r--r--  1 clamav clamav 30750647 Mar 11 07:41 main.cvd
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../
[root@provue-server clamav]# rm -f /var/clamav/*
[root@provue-server clamav]# ls -laFt
total 8
drwxr-xr-x  2 clamav clamav 4096 Mar 12 08:31 ./
drwxr-xr-x 25 root   root   4096 Sep  2  2012 ../
[root@provue-server clamav]# service clamd start
Starting clamd:                                            [  OK  ]
[root@provue-server clamav]# freshclam -v --no-dns
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Tue Mar 12 08:31:11 2013
Using IPv6 aware code
Retrieving http://db.us.clamav.net/main.cvd
Trying to download http://db.us.clamav.net/main.cvd (IP: 78.46.84.244)
Downloading main.cvd [100%]
Loading signatures from main.cvd
Properly loaded 1044387 signatures from new main.cvd
main.cvd updated (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Querying main.54.67.1.0.78.46.84.244.ping.clamav.net
If-Modified-Since: Tue, 12 Mar 2013 13:40:38 GMT
Reading CVD header (daily.cvd): Connected to db.us.clamav.net (IP: 78.46.84.244).
Trying to retrieve CVD header of http://db.us.clamav.net/daily.cvd
OK (IMS)
daily.cvd is up to date (version: 16835, sigs: 933238, f-level: 63, builder: neo)
Querying daily.16835.67.1.0.78.46.84.244.ping.clamav.net
If-Modified-Since: Wed, 13 Feb 2013 15:29:15 GMT
Reading CVD header (bytecode.cvd): Connected to db.us.clamav.net (IP: 78.46.84.244).
Trying to retrieve CVD header of http://db.us.clamav.net/bytecode.cvd
OK (IMS)
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Querying bytecode.214.67.1.0.78.46.84.244.ping.clamav.net
Database updated (1977666 signatures) from db.us.clamav.net (IP: 78.46.84.244)
Clamd successfully notified about the update.
[root@provue-server clamav]# ls -laFt
total 52616
drwxr-xr-x  2 clamav clamav     4096 Mar 12 10:18 ./
-rw-------  1 clamav clamav       52 Mar 12 10:18 mirrors.dat
-rw-r--r--  1 clamav clamav 30750647 Mar 12 10:18 main.cvd
-rw-r--r--  1 clamav clamav    60125 Mar 12 08:58 bytecode.cvd
-rw-r--r--  1 clamav clamav 22979110 Mar 12 08:58 daily.cvd
srw-rw-rw-  1 clamav clamav        0 Mar 12 08:56 clamd.socket=
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../

TerryF:  here is the output from your command after the above:

[root@provue-server clamav]# ls /var/clamav
bytecode.cvd  clamd.socket  daily.cvd  main.cvd  mirrors.dat
[root@provue-server clamav]#

My server is running in servergateway mode.

Thanks and I hope this helps.

[purvis]

blcayton and others
I have a windows program that will ping locations, equipment, and etc.
I just posted in the contribs section of the forum the location some programs that I use.
Do a forum search using "financeinla".
If you think the sites are going down or two busy or your computers cannot find urls and you want to monitor those sites by pinging.
Use the program called internet. If I wanted to ping database.clamav.net. I would use

Code: [Select]

internet  database.clamav.net database.clamav.net database.clamav.net
You can set some other options, in this case you probably want to increase the loop(the default is 3 seconds-3000ms) time between pinging sites and increase the response wait(the default is 1/2 second-500ms) time from a site.
IF you think your having other kinds of issue like your internet serivce being down, you can ping a variety of locations.
The program internet looks for a no ping response. I think the standard ping response wait time is 2 seconds.
This program was written to monitor when equipment, internet sites,  or our internet net goes down.

This tool is just another tool that might come in handy when trying to solve problems.
You can also put in the ip address rather than a url name for web sites or equipment.
 

[purvis]

And also the internet program will report an UP status(green background) on any first ping returned.
All failures(red background) will cause a down status.
A partial failure(yellow background), a failure after any single pinged location, can be added as command option.
As well as audible tones too.  Audible is handy for when you are away from the computer screen or checking Ethernet wires and connections.

[bclayton]

Thanks, I'll give that a shot.

[purvis]

I am sure there was a better name other than internet for that program, maybe like pingping or something similiar.
At one location, the internet was troublesome, so that is the reason for the program. I needed a tool that would log and run 24/7.
Clicking on the window will bring up a standard windows msgbox. If you press return, that log goes to the clipboard.
If you just close the msgbox with the X box in the upper right, then nothing will go to the clipboard.
This internet program gets loaded up on all windows computers when the computer boots.
For ping locations, we ping about 8 different locations, mostly our own locations and some common well known ones.
For just running the program as a side program, you should increase the ping response time higher that the default 500ms,
so that those likely well known locations are not pinged. That will happen if your internet connection or dns servers are down.
Like I said, for each loop, a responded to ping will abort pinging the following locations in the order placed on the command tail.

If you get a down status then an up status, as you might see in the log, in the amount of time equal to your loop time. That is likely not an issue, just a lost ping signal.
This command line would be a good starting point for my internet program pinging database.clamav.net, this would give a 2 second wait time for a ping response, 2 seconds before
the next try up to two more additonal time ping trys, then a 10 second wait time before recycling the ping test.

Code: [Select]

INTERNET.EXE database.clamav.net database.clamav.net database.clamav.net -t 2000 -s 2000 -l 10000


[Michail Pappas]

Ok, let's compare the contents of your own folder:

Code: [Select]

[root@provue-server clamav]# ls -laFt
total 52616
drwxr-xr-x  2 clamav clamav     4096 Mar 12 10:18 ./
-rw-------  1 clamav clamav       52 Mar 12 10:18 mirrors.dat
-rw-r--r--  1 clamav clamav 30750647 Mar 12 10:18 main.cvd
-rw-r--r--  1 clamav clamav    60125 Mar 12 08:58 bytecode.cvd
-rw-r--r--  1 clamav clamav 22979110 Mar 12 08:58 daily.cvd
srw-rw-rw-  1 clamav clamav        0 Mar 12 08:56 clamd.socket=
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../

For the record, here's my listing:

Code: [Select]

# ls -laF /var/clamav/
total 87804
drwxr-xr-x  2 clamav clamav     4096 Mar 13 06:50 ./
drwxr-xr-x 26 root   root       4096 Sep 26 10:02 ../
-rw-r--r--  1 clamav clamav   309248 Feb 14 05:26 bytecode.cld
srw-rw-rw-  1 clamav clamav        0 Mar  8 14:45 clamd.socket=
-rw-r--r--  1 clamav clamav 58729984 Mar 12 23:49 daily.cld
-rw-r--r--  1 clamav clamav 30750647 Oct 11  2011 main.cvd
-rw-------  1 clamav clamav     1664 Mar 13 06:50 mirrors.dat

And here's from another SME 8 production server:

Code: [Select]

# ls -laFt
total 87804
drwxr-xr-x  2 clamav clamav     4096 Mar 13 07:55 ./
-rw-------  1 clamav clamav     2912 Mar 13 07:00 mirrors.dat
-rw-r--r--  1 clamav clamav 58729984 Mar 12 23:59 daily.cld
srw-rw-rw-  1 clamav clamav        0 Mar 11 07:57 clamd.socket=
-rw-r--r--  1 clamav clamav   309248 Feb 14 05:32 bytecode.cld
drwxr-xr-x 27 root   root       4096 Jan 18 11:34 ../
-rw-r--r--  1 clamav clamav 30750647 Oct 11  2011 main.cvd

Bottomline: you seem to be ok now (not an expert here though). The fact that some files are in cvd format, whereas some of mine are cld's is not an issue; see http://old.nabble.com/Re%3A-daily.cld-not-updating-on-remote-hosts-p20669224.html

To confirm, do an update (without deleting the contents of /var/clamav and without using --no-dns) and paste the output:

Code: [Select]

cd /var/clamav
freshclam -v
ls -laFt


[bclayton]

Here is the output:

[root@provue-server ~]# cd /var/clamav
[root@provue-server clamav]# freshclam -v
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Wed Mar 13 07:32:46 2013
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.97.6
main.cvd version from DNS: 54
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cvd version from DNS: 16838
daily.cld is up to date (version: 16838, sigs: 934542, f-level: 63, builder: guitar)
bytecode.cvd version from DNS: 214
bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
[root@provue-server clamav]# ls -laFt
total 87560
drwxr-xr-x  2 clamav clamav     4096 Mar 13 07:32 ./
-rw-------  1 clamav clamav      208 Mar 13 07:32 mirrors.dat
-rw-r--r--  1 clamav clamav 58729984 Mar 13 00:06 daily.cld
srw-rw-rw-  1 clamav clamav        0 Mar 12 17:06 clamd.socket=
-rw-r--r--  1 clamav clamav 30750647 Mar 12 10:18 main.cvd
-rw-r--r--  1 clamav clamav    60125 Mar 12 08:58 bytecode.cvd
drwxr-xr-x 25 root   root       4096 Sep  2  2012 ../
[root@provue-server clamav]#

[Michail Pappas]

 Well, it seems you are OK now!

[bclayton]

Not quite.  I'm still getting hourly emails:

2013-03-13 08:27:42.472511500 ClamAV update process started at Wed Mar 13 08:27:42 2013
2013-03-13 08:27:42.472938500 main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
2013-03-13 08:27:43.454311500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.455097500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.455862500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.456640500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.457447500 WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.458204500 ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net
2013-03-13 08:27:43.493520500 WARNING: Incremental update failed, trying to download daily.cvd
2013-03-13 08:27:43.494450500 ERROR: Can't download daily.cvd from database.clamav.net
2013-03-13 08:27:43.494615500 Giving up on database.clamav.net...
2013-03-13 08:27:43.494636500 Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

Is there anything else I can try?  Thanks.

[Michail Pappas]

Perhaps it's time to open a bug report for this at http://bugs.contribs.org/

Once you do it, please enter there the url of this thread here at the forums. And also post in this thread the url of the bug report, to have them reference each other.

[purvis]

If you are the online one having these specific issues.
It might be your Internet connection. Is it stable.
Being down in seconds count.
What type of set do you have again   Server or gateway.
Who is your ISP and what kind of connection.

I had a very  similar problems with Comcast and they refused to believe  it was their lines or equipment. But we did find a defective cable splitter in the process.
And also   Where is this equipment.  There are  so many questions on Internet service I could  ask.

Internet service issues can drive you mad.

[bclayton]

Thanks for the suggestion.  Does not seem to be the Internet connection.  Have tested with PingPlotter over several hours and no drop outs.  Our ISP is local and we have fiber optic service, which has been very stable and reliable.  We receive many FTP transfers daily without issues.  Server is setup as servergateway and is in a controllled office environment.  I will do a bug report.