Mailing List Archive

Fwd: Fwd: Fwd: freshclam incremental update
/etc/apparmor.d/usr.bin.freshclam
# vim:syntax=apparmor
# Author: Jamie Strandboge <jamie@ubuntu.com>
# Last Modified: Sun Aug 3 09:39:03 2008

#include <tunables/global>

/usr/bin/freshclam {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>

capability setgid,
capability setuid,

@{PROC}/filesystems r,
owner @{PROC}/[0-9]*/status r,

/etc/clamav/clamd.conf r,
/etc/clamav/freshclam.conf r,
/etc/clamav/onerrorexecute.d/* mr,
/etc/clamav/onupdateexecute.d/* mr,
/etc/clamav/virusevent.d/* mr,

owner @{HOME}/.clamtk/db/ rw,
owner @{HOME}/.clamtk/db/** rwk,

owner @{HOME}/.klamav/database/ rw,
owner @{HOME}/.klamav/database/** rwk,

/usr/bin/freshclam mr,

/var/lib/clamav/ r,
/var/lib/clamav/** krw,

/var/log/clamav/* krw,
/{,var/}run/clamav/freshclam.pid w,
/{,var/}run/clamav/clamd.ctl rw,

deny /{,var/}run/samba/{gencache,unexpected}.tdb mrwkl,

# Site-specific additions and overrides. See local/README for details.
#include <local/usr.bin.freshclam>

---------- Forwarded message ---------
Från: Birger Birger <birger.solna@gmail.com>
Date: tis 3 sep. 2019 kl 15:12
Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
To: ClamAV users ML <clamav-users@lists.clamav.net>


SSH Port 22 has been opened by me for purpose of troubleshooting the ClamAV
issues. Will ask for a specific IP from the Zentyal support. Closing it
now.

Den tis 3 sep. 2019 14:48Gene Heskett via clamav-users <
clamav-users@lists.clamav.net> skrev:

> On Tuesday 03 September 2019 06:20:58 G.W. Haywood via clamav-users
> wrote:
>
> > Hi there,
> >
> > On Tue, 3 Sep 2019, Birger Birger via clamav-users wrote:
> > > Sep 3 10:43:22 zentyal kernel: [266193.080510] zentyal-firewall
> > > drop IN= OUT=eth0 SRC=192.168.1.30 DST=104.16.218.84 LEN=40 TOS=0x00
> > > PREC=0x00 TTL=64 ID=52480 DF PROTO=TCP SPT=51666 DPT=80 WINDOW=9057
> > > RES=0x00 ACK FIN URGP=0 MARK=0x1
> >
> > That's a Cloudflare destination IP. You see it in your freshclam log.
> > Cloudflare delivers the ClamAV data and you're dropping packets sent
> > to it from 192.168.1.30. I guess that's your immediate problem.
> >
> > Another question about "Ubuntu Syslog".
> >
> > > Sep 3 10:41:17 zentyal kernel: [266068.432972] zentyal-firewall
> > > drop IN=eth0 OUT= MAC=00:0c:29:be:5d:f2:00:1d:aa:69:86:78:08:00
> > > SRC=112.85.42.229 DST=192.168.1.30 LEN=67 TOS=0x00 PREC=0x00 TTL=46
> > > ID=58277 DF PROTO=TCP SPT=14305 DPT=22 WINDOW=229 RES=0x00 ACK PSH
> > > UR$
> >
> > The IP address 112.85.42.229 appears to be in Shanghai, and it appears
> > that it's trying to make SSH connections to 192.168.1.30. If that
> > were my router, I would not let these attempts through it.
> >
> That router is passing stuff that should never get past it UNLESS you
> have set a Port Forward NAT. If you have NOT set that up, it will get
> you hacked, so apply a hammer to "take it out of the gene pool" and
> deposit the remains in the outgoing trash forthwith and replace it with
> something you can reflash to dd-wrt. Nothing comes in thru dd-wrt that
> you don't specifically allow, and has stood guard here for nearly 20
> years now. Unlike guard dogs, it never sleeps.
>
> > I repeat that I sugggest you upgrade ClamAV to the latest version.
>
>
> Cheers, Gene Heskett
> --
> "There are four boxes to be used in defense of liberty:
> soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> If we desire respect for the law, we must first make the law respectable.
> - Louis D. Brandeis
> Genes Web page <http://geneslinuxbox.net:6309/gene>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
This might provide additional information.

/usr/bin/freshclam
*Trying to retrieve CVD header of http://%s/%s
%cremote_cvdhead: write failed
%cremote_cvdhead: Error while reading CVD header from %s
%c%s not found on remote server
%cremote_cvdhead: Unknown response from %s (IP: %s): %s
%cremote_cvdhead: Unknown response from %s (IP: %s)
%cremote_cvdhead: Malformed CVD header (too short)
%cremote_cvdhead: Malformed CVD header (bad chars)
%cremote_cvdhead: Malformed CVD header (can't parse)
!getfile: Can't allocate memory for 'remotename'
*Trying to download http://%s/%s
*Trying to download http://%s/%s (IP: %s)
%cgetfile: Can't write to socket
%cgetfile: Error while reading database from %s: %s
%cgetfile: Error while reading database from %s (IP: %s): %s
^getfile: %s not found on %s (IP: %s)
%cgetfile: Unknown response from %s: %s
%cgetfile: Unknown response from %s (IP: %s): %s
%cgetfile: Unknown response from %s
%cgetfile: Unknown response from %s (IP: %s)
!getfile: Can't create new file %s in %s
!getfile: Can't create new file %s in the current directory
Hint: The database directory must be writable for UID %d or GID %d
getfile: Can't write %d bytes to %s
%cgetfile: Download interrupted: %s (Host: %s)
%cgetfile: Download interrupted: %s (IP: %s)
GET %s/%s HTTP/1.0
Host: %s
%sUser-Agent: %s
Connection: close
%s%s%s
!Can't allocate memory for filename!
!Can't read CVD header of new %s database.
^Mirror %s is not synchronized.
^Mirror is more than 1 version out of date. Recording mirror
failure.
!updatedb: Unknown database name (%s) passed.
^Broken database version in TXT record.
^Invalid DNS reply. Falling back to HTTP mode.
^DNS record is older than 3 hours.
^No timestamp in TXT record for %s
^Broken database version in TXT record for %s
HTTPProxyUsername requires HTTPProxyPassword
%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
%s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s
^Can't read %s header from %s (IP: %s)
^Current functionality level = %d, recommended = %d
Please check if ClamAV tools are linked against the proper version of
libclamav
DON'T PANIC! Read https://www.clamav.net/documents/installing-clamav
!getpatch: Can't get path of current working directory
!chdir_tmp: dbname parameter value too long to create cvd file name: %s
!chdir_tmp: dbname parameter value too long to create cld file
name: %s
!chdir_tmp: Can't access local %s database
!chdir_tmp: Can't create directory %s
!chdir_tmp: Can't unpack %s into %s
!chdir_tmp: Can't change directory to %s
Empty script %s, need to download entire database
%cgetpatch: Can't download %s from %s
!getpatch: Can't open %s for reading
^Incremental update failed, trying to download %s
!buildcld: Can't get path of current working directory
!buildcld: Can't access directory %s
!buildcld: Can't open %s for writing
!buildcld: Can't open directory %s
!buildcld: gzopen() failed for %s
!buildcld: COPYING file not found
!buildcld: Can't add COPYING to new %s.cld - please check if there is
enough disk space available
Updates to main.cvd or safebrowsing.cvd may require 200MB of disk
space or more
!buildcld: Can't add %s to new %s.cld - please check if there is
enough disk space available
!buildcld: Can't add daily.cfg to new %s.cld - please check if there is
enough disk space available
!buildcld: gzclose() failed for %s
!buildcld: close() failed for %s
!buildcld: Can't return to previous directory %s
^Can't unlink the old database file %s. Please remove it manually.
%s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
^Your ClamAV installation is OUTDATED!
!Can't create temporary directory %s
ClamAV update process started at %s *Software version from DNS: %s
^Local version: %s Recommended version: %s
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
!DatabaseCustomURL: URL must be shorter than %llu
!DatabaseCustomURL: Incorrect URL
DatabaseCustomURL: Incorrect URL
%s is up to date (version: custom database)
DatabaseCustomURL: file %s missing
DatabaseCustomURL: Can't copy file %s into database directory
!DatabaseCustomURL: Not supported protocol
%s updated (version: custom database, sigs: %u)
!--update-db=custom requires DatabaseCustomURL
^SafeBrowsing is disabled but can't remove old %s
^Bytecode is disabled but can't remove old %s
!checkdbdir: Can't open directory %s
!Corrupted database file %s: %s
!Can't remove broken database file %s, please delete it manually
and restart freshclam
Corrupted database file renamed to %s
Database updated (%d signatures) from %s
Database updated (%d signatures) from %s (IP: %s)
!downloadmanager: OnOutdatedExecute: Incorrect version number string
!downloadmanager: Can't allocate memory for buffer
%s:%s *Loading signatures from %s
[...] ^pipe() failed: %s
^dup2() failed: %s
^fork() failed: %s
LibClamAV Warning: *%s ^waitpid() failed: %s
gmtime: %s
%a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
Trying host %s (%s)...
!Can't create new socket: %s
^Using default client ip.
*Using ip '%s' for fetching.
http://%s *If-Modified-Since: %s
Reading CVD header (%s): *Connected to %s.
*Connected to %s (IP: %s).
HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK

---------- Forwarded message ---------
Från: Joel Esler (jesler) <jesler@cisco.com>
Date: ons 4 sep. 2019 kl 12:20
Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
Cc: Birger Birger <birger.solna@gmail.com>


This looks promising to troubleshoot.

Sent from my ? iPhone

> On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <
clamav-users@lists.clamav.net> wrote:
>
> Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400
audit(1567579201.044:83): apparmor="DENIED" operation="connect"
profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269
comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Re: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
Hi there,

On Thu, 5 Sep 2019, Birger Birger via clamav-users wrote:

> This might provide additional information.
>
> /usr/bin/freshclam
> *Trying to retrieve CVD header of http://%s/%s
> %cremote_cvdhead: write failed
> %cremote_cvdhead: Error while reading CVD header from %s
> ....

The '%c' and '%s' parts are from 'printf' calls in C and should have
been replaced on the fly during execution by characters and strings.
I've never seen anything like that before in ClamAV and it looks to me
like your ClamAV installation is badly broken. I don't know what else
might be broken.

I've already suggested more than once that you install the latest
version of ClamAV.

If you don't want to do that, perhaps you should purge the existing
installation and start again. But if there are other parts of the
system which are as broken as ClamAV is, there's no way to know if
even a purge and fresh install will fix it.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
How did you get this?

Sent from my ? iPad

> On Sep 5, 2019, at 05:06, Birger Birger via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> ?
> This might provide additional information.
>
> /usr/bin/freshclam
> *Trying to retrieve CVD header of http://%s/%s
> %cremote_cvdhead: write failed
> %cremote_cvdhead: Error while reading CVD header from %s
> %c%s not found on remote server
> %cremote_cvdhead: Unknown response from %s (IP: %s): %s
> %cremote_cvdhead: Unknown response from %s (IP: %s)
> %cremote_cvdhead: Malformed CVD header (too short)
> %cremote_cvdhead: Malformed CVD header (bad chars)
> %cremote_cvdhead: Malformed CVD header (can't parse)
> !getfile: Can't allocate memory for 'remotename'
> *Trying to download http://%s/%s
> *Trying to download http://%s/%s (IP: %s)
> %cgetfile: Can't write to socket
> %cgetfile: Error while reading database from %s: %s
> %cgetfile: Error while reading database from %s (IP: %s): %s
> ^getfile: %s not found on %s (IP: %s)
> %cgetfile: Unknown response from %s: %s
> %cgetfile: Unknown response from %s (IP: %s): %s
> %cgetfile: Unknown response from %s
> %cgetfile: Unknown response from %s (IP: %s)
> !getfile: Can't create new file %s in %s
> !getfile: Can't create new file %s in the current directory
> Hint: The database directory must be writable for UID %d or GID %d
> getfile: Can't write %d bytes to %s
> %cgetfile: Download interrupted: %s (Host: %s)
> %cgetfile: Download interrupted: %s (IP: %s)
> GET %s/%s HTTP/1.0
> Host: %s
> %sUser-Agent: %s
> Connection: close
> %s%s%s
> !Can't allocate memory for filename!
> !Can't read CVD header of new %s database.
> ^Mirror %s is not synchronized.
> ^Mirror is more than 1 version out of date. Recording mirror failure.
> !updatedb: Unknown database name (%s) passed.
> ^Broken database version in TXT record.
> ^Invalid DNS reply. Falling back to HTTP mode.
> ^DNS record is older than 3 hours.
> ^No timestamp in TXT record for %s
> ^Broken database version in TXT record for %s
> HTTPProxyUsername requires HTTPProxyPassword
> %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
> %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s
> ^Can't read %s header from %s (IP: %s)
> ^Current functionality level = %d, recommended = %d
> Please check if ClamAV tools are linked against the proper version of libclamav
> DON'T PANIC! Read https://www.clamav.net/documents/installing-clamav
> !getpatch: Can't get path of current working directory
> !chdir_tmp: dbname parameter value too long to create cvd file name: %s
> !chdir_tmp: dbname parameter value too long to create cld file name: %s
> !chdir_tmp: Can't access local %s database
> !chdir_tmp: Can't create directory %s
> !chdir_tmp: Can't unpack %s into %s
> !chdir_tmp: Can't change directory to %s
> Empty script %s, need to download entire database
> %cgetpatch: Can't download %s from %s
> !getpatch: Can't open %s for reading
> ^Incremental update failed, trying to download %s
> !buildcld: Can't get path of current working directory
> !buildcld: Can't access directory %s
> !buildcld: Can't open %s for writing
> !buildcld: Can't open directory %s
> !buildcld: gzopen() failed for %s
> !buildcld: COPYING file not found
> !buildcld: Can't add COPYING to new %s.cld - please check if there is enough disk space available
> Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space or more
> !buildcld: Can't add %s to new %s.cld - please check if there is enough disk space available
> !buildcld: Can't add daily.cfg to new %s.cld - please check if there is enough disk space available
> !buildcld: gzclose() failed for %s
> !buildcld: close() failed for %s
> !buildcld: Can't return to previous directory %s
> ^Can't unlink the old database file %s. Please remove it manually.
> %s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
> ^Your ClamAV installation is OUTDATED!
> !Can't create temporary directory %s
> ClamAV update process started at %s *Software version from DNS: %s
> ^Local version: %s Recommended version: %s
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> !DatabaseCustomURL: URL must be shorter than %llu
> !DatabaseCustomURL: Incorrect URL
> DatabaseCustomURL: Incorrect URL
> %s is up to date (version: custom database)
> DatabaseCustomURL: file %s missing
> DatabaseCustomURL: Can't copy file %s into database directory
> !DatabaseCustomURL: Not supported protocol
> %s updated (version: custom database, sigs: %u)
> !--update-db=custom requires DatabaseCustomURL
> ^SafeBrowsing is disabled but can't remove old %s
> ^Bytecode is disabled but can't remove old %s
> !checkdbdir: Can't open directory %s
> !Corrupted database file %s: %s
> !Can't remove broken database file %s, please delete it manually and restart freshclam
> Corrupted database file renamed to %s
> Database updated (%d signatures) from %s
> Database updated (%d signatures) from %s (IP: %s)
> !downloadmanager: OnOutdatedExecute: Incorrect version number string
> !downloadmanager: Can't allocate memory for buffer
> %s:%s *Loading signatures from %s
> [...] ^pipe() failed: %s
> ^dup2() failed: %s
> ^fork() failed: %s
> LibClamAV Warning: *%s ^waitpid() failed: %s
> gmtime: %s
> %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
> Trying host %s (%s)...
> !Can't create new socket: %s
> ^Using default client ip.
> *Using ip '%s' for fetching.
> http://%s *If-Modified-Since: %s
> Reading CVD header (%s): *Connected to %s.
> *Connected to %s (IP: %s).
> HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
> HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK
>
> ---------- Forwarded message ---------
> Från: Joel Esler (jesler) <jesler@cisco.com>
> Date: ons 4 sep. 2019 kl 12:20
> Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
> To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
> Cc: Birger Birger <birger.solna@gmail.com>
>
>
> This looks promising to troubleshoot.
>
> Sent from my ? iPhone
>
> > On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <clamav-users@lists.clamav.net> wrote:
> >
> > Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400 audit(1567579201.044:83): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269 comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Re: Fwd: Fwd: Fwd: freshclam incremental update [ In reply to ]
Tried to delete and install ClamAV again. No difference in behaviour from
what I can see. Downloads with freshclam still halts, appearantly because
of apparmor.

Den tors 5 sep. 2019 21:54Joel Esler (jesler) <jesler@cisco.com> skrev:

> How did you get this?
>
> Sent from my ? iPad
>
> On Sep 5, 2019, at 05:06, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> ?
> This might provide additional information.
>
> /usr/bin/freshclam
> *Trying to retrieve CVD header of http://%s/%s
> %cremote_cvdhead: write failed
> %cremote_cvdhead: Error while reading CVD header from %s
> %c%s not found on remote server
> %cremote_cvdhead: Unknown response from %s (IP: %s): %s
> %cremote_cvdhead: Unknown response from %s (IP: %s)
> %cremote_cvdhead: Malformed CVD header (too short)
> %cremote_cvdhead: Malformed CVD header (bad chars)
> %cremote_cvdhead: Malformed CVD header (can't parse)
> !getfile: Can't allocate memory for 'remotename'
> *Trying to download http://%s/%s
> *Trying to download http://%s/%s (IP: %s)
> %cgetfile: Can't write to socket
> %cgetfile: Error while reading database from %s: %s
> %cgetfile: Error while reading database from %s (IP: %s): %s
> ^getfile: %s not found on %s (IP: %s)
> %cgetfile: Unknown response from %s: %s
> %cgetfile: Unknown response from %s (IP: %s): %s
> %cgetfile: Unknown response from %s
> %cgetfile: Unknown response from %s (IP: %s)
> !getfile: Can't create new file %s in %s
> !getfile: Can't create new file %s in the current directory
> Hint: The database directory must be writable for UID %d or GID %d
> getfile: Can't write %d bytes to %s
> %cgetfile: Download interrupted: %s (Host: %s)
> %cgetfile: Download interrupted: %s (IP: %s)
> GET %s/%s HTTP/1.0
> Host: %s
> %sUser-Agent: %s
> Connection: close
> %s%s%s
> !Can't allocate memory for filename!
> !Can't read CVD header of new %s database.
> ^Mirror %s is not synchronized.
> ^Mirror is more than 1 version out of date. Recording mirror
> failure.
> !updatedb: Unknown database name (%s) passed.
> ^Broken database version in TXT record.
> ^Invalid DNS reply. Falling back to HTTP mode.
> ^DNS record is older than 3 hours.
> ^No timestamp in TXT record for %s
> ^Broken database version in TXT record for %s
> HTTPProxyUsername requires HTTPProxyPassword
> %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s)
> %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s
> ^Can't read %s header from %s (IP: %s)
> ^Current functionality level = %d, recommended = %d
> Please check if ClamAV tools are linked against the proper version of
> libclamav
> DON'T PANIC! Read
> https://www.clamav.net/documents/installing-clamav
> !getpatch: Can't get path of current working directory
> !chdir_tmp: dbname parameter value too long to create cvd file name: %s
> !chdir_tmp: dbname parameter value too long to create cld file
> name: %s
> !chdir_tmp: Can't access local %s database
> !chdir_tmp: Can't create directory %s
> !chdir_tmp: Can't unpack %s into %s
> !chdir_tmp: Can't change directory to %s
> Empty script %s, need to download entire database
> %cgetpatch: Can't download %s from %s
> !getpatch: Can't open %s for reading
> ^Incremental update failed, trying to download %s
> !buildcld: Can't get path of current working directory
> !buildcld: Can't access directory %s
> !buildcld: Can't open %s for writing
> !buildcld: Can't open directory %s
> !buildcld: gzopen() failed for %s
> !buildcld: COPYING file not found
> !buildcld: Can't add COPYING to new %s.cld - please check if there
> is enough disk space available
> Updates to main.cvd or safebrowsing.cvd may require 200MB of disk
> space or more
> !buildcld: Can't add %s to new %s.cld - please check if there is
> enough disk space available
> !buildcld: Can't add daily.cfg to new %s.cld - please check if there is
> enough disk space available
> !buildcld: gzclose() failed for %s
> !buildcld: close() failed for %s
> !buildcld: Can't return to previous directory %s
> ^Can't unlink the old database file %s. Please remove it manually.
> %s updated (version: %d, sigs: %d, f-level: %d, builder: %s)
> ^Your ClamAV installation is OUTDATED!
> !Can't create temporary directory %s
> ClamAV update process started at %s *Software version from DNS: %s
> ^Local version: %s Recommended version: %s
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> !DatabaseCustomURL: URL must be shorter than %llu
> !DatabaseCustomURL: Incorrect URL
> DatabaseCustomURL: Incorrect URL
> %s is up to date (version: custom database)
> DatabaseCustomURL: file %s missing
> DatabaseCustomURL: Can't copy file %s into database directory
> !DatabaseCustomURL: Not supported protocol
> %s updated (version: custom database, sigs: %u)
> !--update-db=custom requires DatabaseCustomURL
> ^SafeBrowsing is disabled but can't remove old %s
> ^Bytecode is disabled but can't remove old %s
> !checkdbdir: Can't open directory %s
> !Corrupted database file %s: %s
> !Can't remove broken database file %s, please delete it manually
> and restart freshclam
> Corrupted database file renamed to %s
> Database updated (%d signatures) from %s
> Database updated (%d signatures) from %s (IP: %s)
> !downloadmanager: OnOutdatedExecute: Incorrect version number string
> !downloadmanager: Can't allocate memory for buffer
> %s:%s *Loading signatures from %s
> [...] ^pipe() failed: %s
> ^dup2() failed: %s
> ^fork() failed: %s
> LibClamAV Warning: *%s ^waitpid() failed: %s
> gmtime: %s
> %a, %d %b %Y %X GMT TCP webcache %cinet_ntop() failed
> Trying host %s (%s)...
> !Can't create new socket: %s
> ^Using default client ip.
> *Using ip '%s' for fetching.
> http://%s *If-Modified-Since: %s
> Reading CVD header (%s): *Connected to %s.
> *Connected to %s (IP: %s).
> HTTP/1.1 404 HTTP/1.0 404 HTTP/1.1 304 HTTP/1.0 304 OK (IMS)
> HTTP/1.1 200 HTTP/1.0 200 HTTP/1.1 206 HTTP/1.0 206 HTTP/1.0 HTTP/1.1 OK
>
> ---------- Forwarded message ---------
> Från: Joel Esler (jesler) <jesler@cisco.com>
> Date: ons 4 sep. 2019 kl 12:20
> Subject: Re: [clamav-users] Fwd: Fwd: freshclam incremental update
> To: Birger Birger via clamav-users <clamav-users@lists.clamav.net>
> Cc: Birger Birger <birger.solna@gmail.com>
>
>
> This looks promising to troubleshoot.
>
> Sent from my ? iPhone
>
> > On Sep 4, 2019, at 03:01, Birger Birger via clamav-users <
> clamav-users@lists.clamav.net> wrote:
> >
> > Sep 4 08:40:01 zentyal kernel: [345190.998397] audit: type=1400
> audit(1567579201.044:83): apparmor="DENIED" operation="connect"
> profile="/usr/bin/freshclam" name="/run/samba/winbindd/pipe" pid=1269
> comm="freshclam" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>