Koozali.org: home of the SME Server

[SOLVED] freshclam does not update

Offline Michail Pappas

  • *
  • 339
  • +1/-0
[SOLVED] freshclam does not update
« on: May 17, 2018, 10:26:26 AM »
SME 9.2 in server-only mode, fully patched, no contribs. The server is hosted in a IPv4 environment, I don't recall if I had to disable IPv6 specifically somewhere.

Today I've been starting to get a ton of freshclam-related connection errors, due possibly to the fact that database.clamav.net is IPv6-connected as well:

Code: [Select]
2018-05-17 09:45:02.855962500 ClamAV update process started at Thu May 17 09:45:02 2018
2018-05-17 09:45:02.856149500 WARNING: Your ClamAV installation is OUTDATED!
2018-05-17 09:45:02.856150500 WARNING: Local version: 0.99.3 Recommended version: 0.100.0
2018-05-17 09:45:02.856163500 DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
2018-05-17 09:45:02.856276500 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
2018-05-17 09:45:03.309847500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 09:45:03.310284500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 09:45:03.310686500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 09:45:03.311112500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 09:45:03.311537500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 09:45:03.311966500 ERROR: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 09:45:03.346048500 WARNING: Incremental update failed, trying to download daily.cvd
2018-05-17 09:45:03.346795500 Trying host database.clamav.net (2400:cb00:2048:1::6810:ba8a)...
2018-05-17 09:45:03.346839500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 09:45:03.346851500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
2018-05-17 09:45:03.346861500 Trying host database.clamav.net (2400:cb00:2048:1::6810:bb8a)...
2018-05-17 09:45:03.346871500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 09:45:03.346881500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:bb8a)
2018-05-17 09:45:03.346891500 Trying host database.clamav.net (2400:cb00:2048:1::6810:bc8a)...
2018-05-17 09:45:03.346901500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 09:45:03.346911500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:bc8a)
2018-05-17 09:45:03.346920500 Trying host database.clamav.net (2400:cb00:2048:1::6810:bd8a)...
2018-05-17 09:45:03.346930500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 09:45:03.346931500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:bd8a)
2018-05-17 09:45:03.346941500 Trying host database.clamav.net (2400:cb00:2048:1::6810:b98a)...
2018-05-17 09:45:03.346962500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 09:45:03.346973500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:b98a)
2018-05-17 09:45:03.346983500 ERROR: Can't download daily.cvd from database.clamav.net
2018-05-17 09:45:03.347162500 Giving up on database.clamav.net...
2018-05-17 09:45:03.347162500 Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

Dig'ing for database.clamav.net:
Code: [Select]
# dig database.clamav.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> database.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39520
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;database.clamav.net.           IN      A

;; ANSWER SECTION:
database.clamav.net.    60      IN      CNAME   db.local.clamav.net.
db.local.clamav.net.    2158    IN      CNAME   db.southeu.clamav.net.
db.southeu.clamav.net.  60      IN      CNAME   db.eu.big.clamav.net.
db.eu.big.clamav.net.   60      IN      CNAME   db.eu.big.clamav.net.cdn.cloudflare.net.
db.eu.big.clamav.net.cdn.cloudflare.net. 7 IN A 104.16.185.138
db.eu.big.clamav.net.cdn.cloudflare.net. 7 IN A 104.16.186.138
db.eu.big.clamav.net.cdn.cloudflare.net. 7 IN A 104.16.187.138
db.eu.big.clamav.net.cdn.cloudflare.net. 7 IN A 104.16.188.138
db.eu.big.clamav.net.cdn.cloudflare.net. 7 IN A 104.16.189.138

;; Query time: 367 msec
;; SERVER: 192.168.1.2#53(192.168.1.2)
;; WHEN: Thu May 17 11:25:35 2018
;; MSG SIZE  rcvd: 239


# freshclam --list-mirrors
Mirror #1
IP: 104.16.188.138
Successes: 0
Failures: 2
Last access: Thu May 17 03:37:04 2018
Ignore: Yes
-------------------------------------
Mirror #2
IP: 104.16.189.138
Successes: 0
Failures: 2
Last access: Thu May 17 03:37:10 2018
Ignore: Yes
-------------------------------------
Mirror #3
IP: 104.16.185.138
Successes: 0
Failures: 2
Last access: Thu May 17 03:37:04 2018
Ignore: Yes
-------------------------------------
Mirror #4
IP: 104.16.186.138
Successes: 0
Failures: 2
Last access: Thu May 17 03:37:10 2018
Ignore: Yes
-------------------------------------
Mirror #5
IP: 104.16.187.138
Successes: 0
Failures: 2
Last access: Thu May 17 03:37:10 2018
Ignore: Yes
-------------------------------------
Mirror #6
IP: 2400:cb00:2048:1::6810:bd8a
Successes: 0
Failures: 49
Last access: Thu May 17 10:45:31 2018
Ignore: Yes
-------------------------------------
Mirror #7
IP: 2400:cb00:2048:1::6810:b98a
Successes: 0
Failures: 49
Last access: Thu May 17 10:45:31 2018
Ignore: Yes
-------------------------------------
Mirror #8
IP: 2400:cb00:2048:1::6810:ba8a
Successes: 0
Failures: 49
Last access: Thu May 17 10:45:31 2018
Ignore: Yes
-------------------------------------
Mirror #9
IP: 2400:cb00:2048:1::6810:bb8a
Successes: 0
Failures: 49
Last access: Thu May 17 10:45:31 2018
Ignore: Yes
-------------------------------------
Mirror #10
IP: 2400:cb00:2048:1::6810:bc8a
Successes: 0
Failures: 49
Last access: Thu May 17 10:45:31 2018
Ignore: Yes

Can I somehow suppress ipv6 altogether?

EDIT: from the output of freshclam --list-mirrors above, all ipv4 became blacklisted too, will have to reset them.
« Last Edit: May 21, 2018, 06:30:02 AM by Michail Pappas »

Offline Michail Pappas

  • *
  • 339
  • +1/-0
Re: freshclam can not reach IPv6 database.clamav.net
« Reply #1 on: May 17, 2018, 10:33:56 AM »
Followed the instructions in https://bugs.contribs.org/show_bug.cgi?id=2349#c11

From the looks of it, I still have problems downloading the files:
Code: [Select]
2018-05-17 11:31:30.051848500 ClamAV update process started at Thu May 17 11:31:30 2018
2018-05-17 11:31:30.052056500 WARNING: Your ClamAV installation is OUTDATED!
2018-05-17 11:31:30.052057500 WARNING: Local version: 0.99.3 Recommended version: 0.100.0
2018-05-17 11:31:30.052057500 DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
2018-05-17 11:31:30.052158500 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
2018-05-17 11:31:30.731439500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 11:31:30.731914500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 11:31:30.732339500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 11:31:30.732763500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 11:31:30.733340500 WARNING: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 11:31:30.733838500 ERROR: getpatch: Can't download daily-24576.cdiff from database.clamav.net
2018-05-17 11:31:30.769059500 WARNING: Incremental update failed, trying to download daily.cvd
2018-05-17 11:31:30.769591500 Trying host database.clamav.net (2400:cb00:2048:1::6810:bb8a)...
2018-05-17 11:31:30.769608500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 11:31:30.769620500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:bb8a)
2018-05-17 11:31:30.769632500 Trying host database.clamav.net (2400:cb00:2048:1::6810:bc8a)...
2018-05-17 11:31:30.769643500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 11:31:30.769654500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:bc8a)
2018-05-17 11:31:30.769665500 Trying host database.clamav.net (2400:cb00:2048:1::6810:bd8a)...
2018-05-17 11:31:30.769676500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 11:31:30.769698500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:bd8a)
2018-05-17 11:31:30.769699500 Trying host database.clamav.net (2400:cb00:2048:1::6810:b98a)...
2018-05-17 11:31:30.769710500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 11:31:30.769711500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:b98a)
2018-05-17 11:31:30.769722500 Trying host database.clamav.net (2400:cb00:2048:1::6810:ba8a)...
2018-05-17 11:31:30.769733500 nonblock_connect: connect(): fd=3 errno=101: Network is unreachable
2018-05-17 11:31:30.769744500 Can't connect to port 80 of host database.clamav.net (IP: 2400:cb00:2048:1::6810:ba8a)
2018-05-17 11:31:30.769755500 ERROR: Can't download daily.cvd from database.clamav.net
2018-05-17 11:31:30.769982500 Giving up on database.clamav.net...
2018-05-17 11:31:30.769982500 Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: freshclam can not reach IPv6 database.clamav.net
« Reply #2 on: May 17, 2018, 11:20:47 AM »
Another x and y problem methinks.

http://xyproblem.info/

No idea why it is trying to connect via IPv6 unless you have manually set it up yourself.

SME v9 does not have IPv6 set up by default.

The referenced bug is old. Search the wiki first.

https://wiki.contribs.org/Clamav:freshclam_update

/usr/bin/refreshclam

But I suggest you figure out what is happening with your IPv6 first as this was not enabled by default.

When I run

freshclam --list-mirrors

I only get a list of IPv4 mirrors

So, please go back to the beginning and tell us what you have done to your server previously as I think you have missed out some important information.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Michail Pappas

  • *
  • 339
  • +1/-0
Re: freshclam can not reach IPv6 database.clamav.net
« Reply #3 on: May 17, 2018, 01:25:23 PM »
Another x and y problem methinks.

http://xyproblem.info/
Funny one ^_^

Quote
No idea why it is trying to connect via IPv6 unless you have manually set it up yourself.
Never have and (due to the way the network I'm connected to works) never will.

Quote
SME v9 does not have IPv6 set up by default.

The referenced bug is old. Search the wiki first.

https://wiki.contribs.org/Clamav:freshclam_update

/usr/bin/refreshclam
I am aware of refreshclam. I've used in the past, forgot to mention I've already used it unsuccessfully, before opening this thread:
Code: [Select]
# /usr/bin/refreshclam
Current working dir is /var/clamav
Max retries == 6
ClamAV update process started at Thu May 17 14:21:28 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 322
Software version from DNS: 0.100.0
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.100.0
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Retrieving http://db.gr.clamav.net/main.cvd
Trying to download http://db.gr.clamav.net/main.cvd (IP: 104.16.186.138)
WARNING: getfile: Unknown response from db.gr.clamav.net (IP: 104.16.186.138)
WARNING: Can't download main.cvd from db.gr.clamav.net
Querying main.0.84.0.0.6810BA8A.ping.clamav.net
Can't query main.0.84.0.0.6810BA8A.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu May 17 14:21:34 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 316
Software version from DNS: 0.100.0
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.100.0
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Retrieving http://db.gr.clamav.net/main.cvd
Trying to download http://db.gr.clamav.net/main.cvd (IP: 104.16.188.138)
WARNING: getfile: Unknown response from db.gr.clamav.net (IP: 104.16.188.138)
WARNING: Can't download main.cvd from db.gr.clamav.net
Querying main.0.84.0.0.6810BC8A.ping.clamav.net
Trying again in 5 secs...
ClamAV update process started at Thu May 17 14:21:39 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 311
...

Quote
But I suggest you figure out what is happening with your IPv6 first as this was not enabled by default.

I did no changes to my SME box, apart from the usual (production) "yum update"'s. IIRC, the last ones involved the kernel and DHCP.

Quote
When I run

freshclam --list-mirrors

I only get a list of IPv4 mirrors

So, please go back to the beginning and tell us what you have done to your server previously as I think you have missed out some important information.

^^ No changes at all...

Offline Michail Pappas

  • *
  • 339
  • +1/-0
Re: freshclam does not update
« Reply #4 on: May 18, 2018, 07:24:54 AM »
Seems the issue was related to IPv6 at all, but rather to some issue with the db.gr.clamav.net DatabaseMirror. Switched it to db.uk.clamav.net, did a refreshclam and all seems to be working fine (for the time being).

I'll set this as [SOLVED] after a day or two, if all goes well.