Mailing List Archive

[clamav-users] cvdupdate certificate verify failed
Hi,
I've been trying to resolve this for a few weeks and would really appreciate any help.

A few details:
OS: RHEL7.9
ClamAV 0.103.2/26231
Connection goes through an authenticated proxy
ca-certificates-2020.2.41-70.0.el7_8.noarch is installed
Manually imported certificates from Mozilla version 05.07.2021
It does this on the first attempt

2021-07-16 08:47:56 cvdupdate-1.0.2 DEBUG Checking for a newer version of cvdupdate.
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG cvdupdate is up-to-date: 1.0.2.
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking available versions via DNS TXT entry query of current.cvd.clamav.net
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking main.cvd for update from https://database.clamav.net/main.cvd
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking main.cvd version via DNS TXT advertisement.
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG main.cvd version advertised by DNS: 61
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Downloading CDIFFs first...
2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking for main-60.cdiff
2021-07-16 08:47:57 urllib3.connectionpool DEBUG Starting new HTTPS connection (1): database.clamav.net:443
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 696, in urlopen
self._prepare_proxy(conn)
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 964, in _prepare_proxy
conn.connect()
File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py", line 421, in connect
tls_in_tls=tls_in_tls,
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py", line 756, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py", line 574, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='database.clamav.net', port=443): Max retries exceeded with url: /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/local/bin/cvd", line 11, in <module>
sys.exit(cli())
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py", line 259, in update_alias
ctx.forward(db_update)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 784, in forward
return __self.invoke(__cmd, *args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py", line 101, in db_update
errors = m.db_update(db, debug_mode)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py", line 911, in db_update
status = update(db)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py", line 897, in update
return self._download_cvd(db, advertised_version)
File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py", line 664, in _download_cvd
'User-Agent': f'CVDUPDATE/{self.version} ({self.config["uuid"]})',
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 542, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line 655, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='database.clamav.net', port=443): Max retries exceeded with url: /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))

Thanks in advance.
Re: [clamav-users] cvdupdate certificate verify failed [ In reply to ]
Hi there,

On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:

> I've been trying to resolve this for a few weeks and would really appreciate any help.
>
> A few details:
> OS: RHEL7.9
> ClamAV 0.103.2/26231
> Connection goes through an authenticated proxy
> ca-certificates-2020.2.41-70.0.el7_8.noarch is installed
> Manually imported certificates from Mozilla version 05.07.2021
> It does this on the first attempt
> ...
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)

Sorry, I've never ysed the Python scripts so I can't call on any
experience, but the error message seems fairly clear. It might help
others if you describe what you've done to try to resolve the issue.

Have you for example tried to use freshclam directly?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] cvdupdate certificate verify failed [ In reply to ]
Hi Ged, If I run freshclam directly on the mirror, it reports the daily.cvd is out of date and then proceeds to download the full cvd 3 times. I have daily-26232.cdiff downloaded, but this is a zero byte file, hence the triple download of the cvd. main-60.cdiff is the same.

ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd


-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: 16 July 2021 10:40
To: Moyes, Steven via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] cvdupdate certificate verify failed

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

Hi there,

On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:

> I've been trying to resolve this for a few weeks and would really appreciate any help.
>
> A few details:
> OS: RHEL7.9
> ClamAV 0.103.2/26231
> Connection goes through an authenticated proxy
> ca-certificates-2020.2.41-70.0.el7_8.noarch is installed Manually
> imported certificates from Mozilla version 05.07.2021 It does this on
> the first attempt ...
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> failed (_ssl.c:877)

Sorry, I've never ysed the Python scripts so I can't call on any experience, but the error message seems fairly clear. It might help others if you describe what you've done to try to resolve the issue.

Have you for example tried to use freshclam directly?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=K3cd47E-KzYuqmL1GkvxfGwE_30_30iaUQYM6PlVzEU&s=CKCWAPavvUkK63rxEXK3cG5Xu92BmLeEGLQncF2-4UU&e=


Help us build a comprehensive ClamAV guide:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=K3cd47E-KzYuqmL1GkvxfGwE_30_30iaUQYM6PlVzEU&s=pBLonS_flx0pvBhwjOv8wxXXE8NnfEPzU6sMn1on2os&e=

https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwICAg&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=K3cd47E-KzYuqmL1GkvxfGwE_30_30iaUQYM6PlVzEU&s=UOzxk1yD5fVddVUm1W_uArEBvcRa2LwtAsoSNhxEmxM&e=
Re: [clamav-users] cvdupdate certificate verify failed [ In reply to ]
try following command

pip install --upgrade certifi
or

pip3 install --upgrade certifi

Eero

On Fri 16. Jul 2021 at 11.12, Moyes, Steven via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi,
> I've been trying to resolve this for a few weeks and would really
> appreciate any help.
>
> A few details:
> OS: RHEL7.9
> ClamAV 0.103.2/26231
> Connection goes through an authenticated proxy
> ca-certificates-2020.2.41-70.0.el7_8.noarch is installed
> Manually imported certificates from Mozilla version 05.07.2021
> It does this on the first attempt
>
> 2021-07-16 08:47:56 cvdupdate-1.0.2 DEBUG Checking for a newer version of
> cvdupdate.
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG cvdupdate is up-to-date: 1.0.2.
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking available versions via
> DNS TXT entry query of current.cvd.clamav.net
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking main.cvd for update
> from https://database.clamav.net/main.cvd
> 2021-07-16 <https://database.clamav.net/main.cvd2021-07-16> 08:47:57
> cvdupdate-1.0.2 DEBUG Checking main.cvd version via DNS TXT advertisement.
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG main.cvd version advertised by
> DNS: 61
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Downloading CDIFFs first...
> 2021-07-16 08:47:57 cvdupdate-1.0.2 DEBUG Checking for main-60.cdiff
> 2021-07-16 08:47:57 urllib3.connectionpool DEBUG Starting new HTTPS
> connection (1): database.clamav.net:443
> Traceback (most recent call last):
> File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py",
> line 696, in urlopen
> self._prepare_proxy(conn)
> File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py",
> line 964, in _prepare_proxy
> conn.connect()
> File "/usr/local/lib/python3.6/site-packages/urllib3/connection.py",
> line 421, in connect
> tls_in_tls=tls_in_tls,
> File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line
> 450, in ssl_wrap_socket
> sock, context, tls_in_tls, server_hostname=server_hostname
> File "/usr/local/lib/python3.6/site-packages/urllib3/util/ssl_.py", line
> 493, in _ssl_wrap_socket_impl
> return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
> File "/usr/lib64/python3.6/ssl.py", line 365, in wrap_socket
> _context=self, _session=session)
> File "/usr/lib64/python3.6/ssl.py", line 776, in __init__
> self.do_handshake()
> File "/usr/lib64/python3.6/ssl.py", line 1036, in do_handshake
> self._sslobj.do_handshake()
> File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:877)
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line
> 449, in send
> timeout=timeout
> File "/usr/local/lib/python3.6/site-packages/urllib3/connectionpool.py",
> line 756, in urlopen
> method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
> File "/usr/local/lib/python3.6/site-packages/urllib3/util/retry.py",
> line 574, in increment
> raise MaxRetryError(_pool, url, error or ResponseError(cause))
> urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='
> database.clamav.net', port=443): Max retries exceeded with url:
> /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
>
> During handling of the above exception, another exception occurred:
>
> Traceback (most recent call last):
> File "/usr/local/bin/cvd", line 11, in <module>
> sys.exit(cli())
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1137,
> in __call__
> return self.main(*args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1062,
> in main
> rv = self.invoke(ctx)
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1668,
> in invoke
> return _process_result(sub_ctx.command.invoke(sub_ctx))
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 1404,
> in invoke
> return ctx.invoke(self.callback, **ctx.params)
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763,
> in invoke
> return __callback(*args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/click/decorators.py", line
> 26, in new_func
> return f(get_current_context(), *args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py",
> line 259, in update_alias
> ctx.forward(db_update)
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 784,
> in forward
> return __self.invoke(__cmd, *args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/click/core.py", line 763,
> in invoke
> return __callback(*args, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/cvdupdate/__main__.py",
> line 101, in db_update
> errors = m.db_update(db, debug_mode)
> File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py",
> line 911, in db_update
> status = update(db)
> File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py",
> line 897, in update
> return self._download_cvd(db, advertised_version)
> File "/usr/local/lib/python3.6/site-packages/cvdupdate/cvdupdate.py",
> line 664, in _download_cvd
> 'User-Agent': f'CVDUPDATE/{self.version} ({self.config["uuid"]})',
> File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 76,
> in get
> return request('get', url, params=params, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/requests/api.py", line 61,
> in request
> return session.request(method=method, url=url, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line
> 542, in request
> resp = self.send(prep, **send_kwargs)
> File "/usr/local/lib/python3.6/site-packages/requests/sessions.py", line
> 655, in send
> r = adapter.send(request, **kwargs)
> File "/usr/local/lib/python3.6/site-packages/requests/adapters.py", line
> 514, in send
> raise SSLError(e, request=request)
> requests.exceptions.SSLError: HTTPSConnectionPool(host='
> database.clamav.net', port=443): Max retries exceeded with url:
> /main-60.cdiff (Caused by SSLError(SSLError(1, '[SSL:
> CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:877)'),))
>
> Thanks in advance.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] cvdupdate certificate verify failed [ In reply to ]
Hi there,

On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> On Fri, 16 Jul 2021, G.W. Haywood via clamav-users wrote:
> > On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> >
> >> I've been trying to resolve this for a few weeks and would really appreciate any help.
> >>
> >> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> >> failed (_ssl.c:877)
> >
> > Sorry, I've never ysed the Python scripts so I can't call on any
> > experience, but the error message seems fairly clear. It might help
> > others if you describe what you've done to try to resolve the issue.
> >
> > Have you for example tried to use freshclam directly?
>
> If I run freshclam directly on the mirror, it reports the daily.cvd
> is out of date and then proceeds to download the full cvd 3 times.
> I have daily-26232.cdiff downloaded, but this is a zero byte file,
> hence the triple download of the cvd. main-60.cdiff is the same.

That sounds a little odd. Are you saying that it downloads the full
CVDs for both main and daily? Can we see a bit more from the log?

> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download daily.cvd

This is normal at the moment, see other correspondence on the list in
the past couple of days about the new releases of 'main' and 'daily'.
You might need to check that your freshclam download timeout settings
aren't too short - half an hour wasn't long enough here - but none of
that has anything to do with your SSL certificate issue.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] cvdupdate certificate verify failed [ In reply to ]
check this:

https://stackoverflow.com/questions/42982143/python-requests-how-to-use-system-ca-certificates-debian-ubuntu


Eero

On Fri 16. Jul 2021 at 15.38, G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> > On Fri, 16 Jul 2021, G.W. Haywood via clamav-users wrote:
> > > On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> > >
> > >> I've been trying to resolve this for a few weeks and would really
> appreciate any help.
> > >>
> > >> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> > >> failed (_ssl.c:877)
> > >
> > > Sorry, I've never ysed the Python scripts so I can't call on any
> > > experience, but the error message seems fairly clear. It might help
> > > others if you describe what you've done to try to resolve the issue.
> > >
> > > Have you for example tried to use freshclam directly?
> >
> > If I run freshclam directly on the mirror, it reports the daily.cvd
> > is out of date and then proceeds to download the full cvd 3 times.
> > I have daily-26232.cdiff downloaded, but this is a zero byte file,
> > hence the triple download of the cvd. main-60.cdiff is the same.
>
> That sounds a little odd. Are you saying that it downloads the full
> CVDs for both main and daily? Can we see a bit more from the log?
>
> > ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > ERROR: downloadPatch: Can't apply patch
> > WARNING: Incremental update failed, trying to download daily.cvd
>
> This is normal at the moment, see other correspondence on the list in
> the past couple of days about the new releases of 'main' and 'daily'.
> You might need to check that your freshclam download timeout settings
> aren't too short - half an hour wasn't long enough here - but none of
> that has anything to do with your SSL certificate issue.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] cvdupdate certificate verify failed [ In reply to ]
EERO! You absolute beauty! Thank you so much! That fixed it.



From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Eero Volotinen
Sent: 16 July 2021 13:41
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] cvdupdate certificate verify failed



CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

check this:



https://stackoverflow.com/questions/42982143/python-requests-how-to-use-system-ca-certificates-debian-ubuntu <https://urldefense.proofpoint.com/v2/url?u=https-3A__stackoverflow.com_questions_42982143_python-2Drequests-2Dhow-2Dto-2Duse-2Dsystem-2Dca-2Dcertificates-2Ddebian-2Dubuntu&d=DwMFaQ&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=TDbXaSBDblERpVUDYnZCDb2BFZ2gxQgMWyZakLNPyQI&s=Ns_uUA4RwVXcqT7DifqqR7ZamepIm_meYVAORC2-1-8&e=>





Eero



On Fri 16. Jul 2021 at 15.38, G.W. Haywood via clamav-users <clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net> > wrote:

Hi there,

On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> On Fri, 16 Jul 2021, G.W. Haywood via clamav-users wrote:
> > On Fri, 16 Jul 2021, Moyes, Steven via clamav-users wrote:
> >
> >> I've been trying to resolve this for a few weeks and would really appreciate any help.
> >>
> >> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify
> >> failed (_ssl.c:877)
> >
> > Sorry, I've never ysed the Python scripts so I can't call on any
> > experience, but the error message seems fairly clear. It might help
> > others if you describe what you've done to try to resolve the issue.
> >
> > Have you for example tried to use freshclam directly?
>
> If I run freshclam directly on the mirror, it reports the daily.cvd
> is out of date and then proceeds to download the full cvd 3 times.
> I have daily-26232.cdiff downloaded, but this is a zero byte file,
> hence the triple download of the cvd. main-60.cdiff is the same.

That sounds a little odd. Are you saying that it downloads the full
CVDs for both main and daily? Can we see a bit more from the log?

> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download daily.cvd

This is normal at the moment, see other correspondence on the list in
the past couple of days about the new releases of 'main' and 'daily'.
You might need to check that your freshclam download timeout settings
aren't too short - half an hour wasn't long enough here - but none of
that has anything to do with your SSL certificate issue.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net <mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwMFaQ&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=TDbXaSBDblERpVUDYnZCDb2BFZ2gxQgMWyZakLNPyQI&s=lHUU4SiP_NFEy3l84Ter4oBbjQDPzSx1i2aghKQsWtg&e=>


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfaq&d=DwMFaQ&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=TDbXaSBDblERpVUDYnZCDb2BFZ2gxQgMWyZakLNPyQI&s=qquyLkZP-wJgZVLDlv8jv4tWJLR-9mQfDmd8TvPRVw0&e=>

http://www.clamav.net/contact.html#ml <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml&d=DwMFaQ&c=7gn0PlAmraV3zr-k385KhKAz9NTx0dwockj5vIsr5Sw&r=l2soVWNMHiXPTijkCRpVbHEdDmtLsA1SAPDrfAyZPKk&m=TDbXaSBDblERpVUDYnZCDb2BFZ2gxQgMWyZakLNPyQI&s=9A45sOMHSP0s_TQY1MGAzJGGlYLsjaD8RpxdoK2Q9jU&e=>