Mailing List Archive

Hi Elia,

I ran into this same problem and just deleted /var/lib/clamav/daily.c[lv]d
and ran freshclam again.

Kind Regards,
Ray



On Wed, Jul 28, 2021 at 11:16 AM Asenova, Elia via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello guys,
>
>
>
> This is related to a freshclam update problem that I have. Basically when
> running freshclam I get the following errors:
>
> ClamAV update process started at Wed Jul 28 14:30:20 2021
>
> daily database available for update (local version: 26209, remote version:
> 26246)
>
> Downloaded 22 patches for daily, which is fewer than the 37 expected
> patches.
>
> We'll settle for this partial-update, at least for now.
>
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
>
> ERROR: downloadPatch: Can't apply patch
>
> Testing database:
> '/var/lib/clamav/tmp.0c60a53c3f/clamav-c22814890a9b587d8060b5d43ce20d40.tmp-daily.cld'
> ...
>
> [LibClamAV] **************************************************
>
> [LibClamAV] *** The virus database is older than 7 days! ***
>
> [LibClamAV] *** Please update it as soon as possible. ***
>
> [LibClamAV] **************************************************
>
> Database test passed.
>
> daily.cld updated (version: 26231, sigs: 3996055, f-level: 63, builder:
> raynman)
>
> main database available for update (local version: 59, remote version: 61)
>
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
>
> ERROR: downloadPatch: Can't apply patch
>
> WARNING: Incremental update failed, trying to download main.cvd
>
> Testing database:
> '/var/lib/clamav/tmp.0c60a53c3f/clamav-abc29e83f1558f3534bfbeb8d1a81899.tmp-main.cvd'
> ...
>
> Database test passed.
>
> main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
>
> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63,
> builder: awillia2)
>
>
>
> It seems like daily.cld cannot be updated to the latest version, so it
> does a partial update. I tried running freshclam several times but same
> thing happens over and over again. Clamav version is 0.103.3 and daily db
> version is 26231 (instead of 26246).
>
> I saw an email on this topic in your mail archive (
> https://lists.clamav.net/pipermail/clamav-users/2021-July/011508.html
> <https://urldefense.com/v3/__https:/lists.clamav.net/pipermail/clamav-users/2021-July/011508.html__;!!MfzFaTml5A!wRTy_q1wySY-gPyDzwwYOQdV2UcN6jR4FGNN7xYXaDATx_zbNMz9waHWWle-9o8rjHk$>),
> but I do not see any resolution of the problem. Could you give an update on
> what is going on and when is this problem going to be resolved? Thank you!
>
>
>
> Best Regards,
>
> *Elia Asenova*
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

--
Notice: This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message and attachments without
retaining a copy.

Hi there,

On Wed, 28 Jul 2021, Lee, Raymond wrote:
> On Wed, Jul 28, 2021 at 11:16 AM Asenova, Elia wrote:
>>
>> ... when running freshclam I get the following errors ...
>> Downloaded 22 patches for daily, which is fewer than the 37 expected patches.
>> We'll settle for this partial-update, at least for now.
>> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
>
> I ran into this same problem and just deleted /var/lib/clamav/daily.c[lv]d
> and ran freshclam again.

If that doesn't help, check that the timeouts in your configuration
file for freshclam aren't very short. A long time ago the default was
30 seconds I think, but that's too short now - the default now is to
have no timeout at all. Until the recent updates to main and daily I
had ReceiveTimeout set to 1800 seconds. Even that was too short here,
so I've now set it to 3600 seconds.

>> [LibClamAV] *** The virus database is older than 7 days! ***

Can we take it that the computer's clock is set correctly?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Wed, 28 Jul 2021, Asenova, Elia via clamav-users wrote:

> Hello guys,
>
> This is related to a freshclam update problem that I have. Basically when running freshclam I get the following errors:
> ClamAV update process started at Wed Jul 28 14:30:20 2021
> daily database available for update (local version: 26209, remote version: 26246)
> Downloaded 22 patches for daily, which is fewer than the 37 expected patches.
> We'll settle for this partial-update, at least for now.
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-c22814890a9b587d8060b5d43ce20d40.tmp-daily.cld' ...
> [LibClamAV] **************************************************
> [LibClamAV] *** The virus database is older than 7 days! ***
> [LibClamAV] *** Please update it as soon as possible. ***
> [LibClamAV] **************************************************
> Database test passed.
> daily.cld updated (version: 26231, sigs: 3996055, f-level: 63, builder: raynman)
> main database available for update (local version: 59, remote version: 61)
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download main.cvd
> Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-abc29e83f1558f3534bfbeb8d1a81899.tmp-main.cvd' ...
> Database test passed.
> main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
>
> It seems like daily.cld cannot be updated to the latest version, so it does a partial update. I tried running freshclam several times but same thing happens over and over again. Clamav version is 0.103.3 and daily db version is 26231 (instead of 26246).
> I saw an email on this topic in your mail archive (https://lists.clamav.net/pipermail/clamav-users/2021-July/011508.html<https://urldefense.com/v3/__https:/lists.clamav.net/pipermail/clamav-users/2021-July/011508.html__;!!MfzFaTml5A!wRTy_q1wySY-gPyDzwwYOQdV2UcN6jR4FGNN7xYXaDATx_zbNMz9waHWWle-9o8rjHk$>), but I do not see any resolution of the problem. Could you give an update on what is going on and when is this problem going to be resolved? Thank you!

This sounds about right.
A lot of signatures in daily 26231 were removed from daily 26232 or 26233
and added to main 60. There was a glitch and main 61 was created to flush
caches on some of the mirrors.

Not sure whether you sould do something, or wait patiently ...

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> On Jul 28, 2021, at 12:30 PM, Andrew C Aitchison via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> This sounds about right.
> A lot of signatures in daily 26231 were removed from daily 26232 or 26233
> and added to main 60. There was a glitch and main 61 was created to flush
> caches on some of the mirrors.
>
> Not sure whether you sould do something, or wait patiently …
Try deleting all the cvd’s and cld’s, raising your receivetimeout to something large, and do it again.

Hi Elia,

I would need to see the log messages from your subsequent updates to be sure what's going wrong. The logs you shared in your initial email show a bug but subsequent freshclam runs _should_ work.
If you want, the verbose log may reveal something.

Like Joel suggested, it may be the ReceiveTimeout issue discussed here: https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html
Regardless, I think that deleting your daily.cld database (/var/lib/clamav/daily.cld) and trying again should get you back in business.

Sorry about the trouble.

Regards,
Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Asenova, Elia via clamav-users
Sent: Wednesday, July 28, 2021 8:15 AM
To: clamav-users@lists.clamav.net
Cc: Asenova, Elia <Elia.Asenova@experian.com>; Solakov, Panayot <Panayot.Solakov@experian.com>
Subject: [clamav-users] Freshclam - can't apply latest patch 26246

Hello guys,

This is related to a freshclam update problem that I have. Basically when running freshclam I get the following errors:
ClamAV update process started at Wed Jul 28 14:30:20 2021
daily database available for update (local version: 26209, remote version: 26246)
Downloaded 22 patches for daily, which is fewer than the 37 expected patches.
We'll settle for this partial-update, at least for now.
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-c22814890a9b587d8060b5d43ce20d40.tmp-daily.cld' ...
[LibClamAV] **************************************************
[LibClamAV] *** The virus database is older than 7 days! ***
[LibClamAV] *** Please update it as soon as possible. ***
[LibClamAV] **************************************************
Database test passed.
daily.cld updated (version: 26231, sigs: 3996055, f-level: 63, builder: raynman)
main database available for update (local version: 59, remote version: 61)
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download main.cvd
Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-abc29e83f1558f3534bfbeb8d1a81899.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

It seems like daily.cld cannot be updated to the latest version, so it does a partial update. I tried running freshclam several times but same thing happens over and over again. Clamav version is 0.103.3 and daily db version is 26231 (instead of 26246).
I saw an email on this topic in your mail archive (https://lists.clamav.net/pipermail/clamav-users/2021-July/011508.html<https://urldefense.com/v3/__https:/lists.clamav.net/pipermail/clamav-users/2021-July/011508.html__;!!MfzFaTml5A!wRTy_q1wySY-gPyDzwwYOQdV2UcN6jR4FGNN7xYXaDATx_zbNMz9waHWWle-9o8rjHk$>), but I do not see any resolution of the problem. Could you give an update on what is going on and when is this problem going to be resolved? Thank you!

Best Regards,
Elia Asenova

Hello guys,


Thanks for the replies. Yes, deleting daily.cld fixed the problem. My concern is that I'm building a docker image with clamav inside it and I have to delete daily.cld on every new build if I want freshclam to work correctly the first time. About the subsequent runs when I tried to run freshclam on two different pods after image deploy, daily.cld was updated to the latest version only on one of them. These are the logs for both pods:



#1st pod (successful update):

Connecting via dnat.genesaas.io

ClamAV update process started at Thu Jul 29 08:54:30 2021

daily database available for update (local version: 26231, remote version: 26246)

Current database is 15 versions behind.

Downloading database patch # 26232...

ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed

ERROR: downloadPatch: Can't apply patch

WARNING: Incremental update failed, trying to download daily.cvd

Time: 21.8s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB

Testing database: '/var/lib/clamav/tmp.98ba2d17af/clamav-474d295bd3248aa18d6abaf0dc93f952.tmp-daily.cvd' ...

Database test passed.

daily.cvd updated (version: 26246, sigs: 1964581, f-level: 90, builder: raynman)

main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)

bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)



2nd pod (unsuccessful update):

Connecting via dnat.genesaas.io

ClamAV update process started at Thu Jul 29 09:14:16 2021

daily database available for update (local version: 26231, remote version: 26247)

Current database is 16 versions behind.

Downloading database patch # 26232...

ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed

ERROR: downloadPatch: Can't apply patch

WARNING: Incremental update failed, trying to download daily.cvd

Time: 26.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB

Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.

daily database available for update (local version: 26231, remote version: 26247)

Current database is 16 versions behind.

Downloading database patch # 26232...

ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed

ERROR: downloadPatch: Can't apply patch

WARNING: Incremental update failed, trying to download daily.cvd

Time: 28.0s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB

Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.

daily database available for update (local version: 26231, remote version: 26247)

Current database is 16 versions behind.

Downloading database patch # 26232...

ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed

ERROR: downloadPatch: Can't apply patch

WARNING: Incremental update failed, trying to download daily.cvd

Time: 25.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB

Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.

main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)

bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)



What might be the reason of this inconsistent behavior?



And about the ReceiveTimeout this is what I have in freshclam.conf:

# Maximum time in seconds for each download operation. 0 means no timeout.

# Default: 0

#ReceiveTimeout 1800



So, it should have no timeout, right?



Best Regards,

Elia

From: Micah Snyder (micasnyd) <micasnyd@cisco.com>
Sent: Wednesday, July 28, 2021 10:02 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Asenova, Elia <Elia.Asenova@experian.com>; Solakov, Panayot <Panayot.Solakov@experian.com>
Subject: [EXTERNAL] RE: Freshclam - can't apply latest patch 26246

External email: Do not click the links. Verify legitimacy before taking action.
Hi Elia,

I would need to see the log messages from your subsequent updates to be sure what's going wrong. The logs you shared in your initial email show a bug but subsequent freshclam runs _should_ work.
If you want, the verbose log may reveal something.

Like Joel suggested, it may be the ReceiveTimeout issue discussed here: https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html<https://urldefense.com/v3/__https:/blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html__;!!MfzFaTml5A!2MTorJHo0JuGITHu3uFhqXSfGbLTDDQgOG2eWk-yezwsG62YN-5kTVIYs8dfBIE7acA$>
Regardless, I think that deleting your daily.cld database (/var/lib/clamav/daily.cld) and trying again should get you back in business.

Sorry about the trouble.

Regards,
Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net>> On Behalf Of Asenova, Elia via clamav-users
Sent: Wednesday, July 28, 2021 8:15 AM
To: clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
Cc: Asenova, Elia <Elia.Asenova@experian.com<mailto:Elia.Asenova@experian.com>>; Solakov, Panayot <Panayot.Solakov@experian.com<mailto:Panayot.Solakov@experian.com>>
Subject: [clamav-users] Freshclam - can't apply latest patch 26246

Hello guys,

This is related to a freshclam update problem that I have. Basically when running freshclam I get the following errors:
ClamAV update process started at Wed Jul 28 14:30:20 2021
daily database available for update (local version: 26209, remote version: 26246)
Downloaded 22 patches for daily, which is fewer than the 37 expected patches.
We'll settle for this partial-update, at least for now.
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-c22814890a9b587d8060b5d43ce20d40.tmp-daily.cld' ...
[LibClamAV] **************************************************
[LibClamAV] *** The virus database is older than 7 days! ***
[LibClamAV] *** Please update it as soon as possible. ***
[LibClamAV] **************************************************
Database test passed.
daily.cld updated (version: 26231, sigs: 3996055, f-level: 63, builder: raynman)
main database available for update (local version: 59, remote version: 61)
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download main.cvd
Testing database: '/var/lib/clamav/tmp.0c60a53c3f/clamav-abc29e83f1558f3534bfbeb8d1a81899.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

It seems like daily.cld cannot be updated to the latest version, so it does a partial update. I tried running freshclam several times but same thing happens over and over again. Clamav version is 0.103.3 and daily db version is 26231 (instead of 26246).
I saw an email on this topic in your mail archive (https://lists.clamav.net/pipermail/clamav-users/2021-July/011508.html<https://urldefense.com/v3/__https:/lists.clamav.net/pipermail/clamav-users/2021-July/011508.html__;!!MfzFaTml5A!wRTy_q1wySY-gPyDzwwYOQdV2UcN6jR4FGNN7xYXaDATx_zbNMz9waHWWle-9o8rjHk$>), but I do not see any resolution of the problem. Could you give an update on what is going on and when is this problem going to be resolved? Thank you!

Best Regards,
Elia Asenova

On 29.07.21 09:20, Asenova, Elia via clamav-users wrote:
>Thanks for the replies. Yes, deleting daily.cld fixed the problem. My
> concern is that I'm building a docker image with clamav inside it and I
> have to delete daily.cld on every new build if I want freshclam to work
> correctly the first time.

if you do that often, this behaviour can get you blocked.
maybe running local mirror outside of a docker?

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Thu, 29 Jul 2021, Asenova, Elia via clamav-users wrote:

> ... deleting daily.cld fixed the problem.

:)

> ... I'm building a docker image with clamav inside it ... when I
> tried to run freshclam on two different pods after image deploy,
> daily.cld was updated to the latest version only on one of them.

In the section in

https://docs.clamav.net/manual/Installing/Docker.html

headed

"The official images on Docker Hub"

there are a couple of suggestions for using ClamAV with Docker.
Did you see those?

I'd have thought the simplest approach would be to have a local ClamAV
database mirror - maybe another Docker container - which could supply
the up-to-date databases to your other containers with no CDN bandwith
issues, and no need to update the container's ClamAV after startup.
It's certainly unreasonable to expect Sourcefire to have to pay for a
fifty megabyte download every time you start a Docker container.

> And about the ReceiveTimeout this is what I have in freshclam.conf:
>
> # Maximum time in seconds for each download operation. 0 means no timeout.
> # Default: 0
> #ReceiveTimeout 1800
>
> So, it should have no timeout, right?

Right.

With regard to logging, have you checked your configurations for the
'LogVerbose' option? I think Micah meant for you to set that to give
more information about what could potentially be a fault in ClamAV.

I never saw a reply to my question about your computer's clock. Of
course I understand that there may be other issues, but it appears
that only six minutes separated the log of the failure of freshclam in
your second pod to update, and the timestamp of your mail message...

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On Thu, 29 Jul 2021, Asenova, Elia via clamav-users wrote:

> Thanks for the replies. Yes, deleting daily.cld fixed the
> problem. My concern is that I'm building a docker image with clamav
> inside it and I have to delete daily.cld on every new build if I
> want freshclam to work correctly the first time. About the
> subsequent runs when I tried to run freshclam on two different pods
> after image deploy, daily.cld was updated to the latest version only
> on one of them. These are the logs for both pods:
>
> #1st pod (successful update):
> Connecting via dnat.genesaas.io
> ClamAV update process started at Thu Jul 29 08:54:30 2021
> daily database available for update (local version: 26231, remote version: 26246)
> Current database is 15 versions behind.
> Downloading database patch # 26232...
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download daily.cvd
> Time: 21.8s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
> Testing database: '/var/lib/clamav/tmp.98ba2d17af/clamav-474d295bd3248aa18d6abaf0dc93f952.tmp-daily.cvd' ...
> Database test passed.
> daily.cvd updated (version: 26246, sigs: 1964581, f-level: 90, builder: raynman)
> main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

Start with daily 26233 (or better whatever is the latest today) and main 61.
By starting with daily 26231 and main 59 you immediately have to do a major
(once in maybe six months) update.

As Matus and Ged have suggested, you should not need to install the
database on each docker instance.
Unless you have a large anti-virus farm, you don't even need to *run* the
d clam daemon on every VM. Start up a single remote clamd server and the
other VMs can pass their scans to your clamd server with clamdscan.


> 2nd pod (unsuccessful update):
> Connecting via dnat.genesaas.io
> ClamAV update process started at Thu Jul 29 09:14:16 2021
> daily database available for update (local version: 26231, remote version: 26247)
> Current database is 16 versions behind.
> Downloading database patch # 26232...
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download daily.cvd
> Time: 26.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
> Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
> daily database available for update (local version: 26231, remote version: 26247)
> Current database is 16 versions behind.
> Downloading database patch # 26232...
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download daily.cvd
> Time: 28.0s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
> Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
> daily database available for update (local version: 26231, remote version: 26247)
> Current database is 16 versions behind.
> Downloading database patch # 26232...
> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> ERROR: downloadPatch: Can't apply patch
> WARNING: Incremental update failed, trying to download daily.cvd
> Time: 25.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
> Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
> main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

> What might be the reason of this inconsistent behavior?

From those logs it appears that daily 26247 was advertised between the two runs,
but had't reach the mirror that you downloaded from.


> And about the ReceiveTimeout this is what I have in freshclam.conf:
> # Maximum time in seconds for each download operation. 0 means no timeout.
> # Default: 0
> #ReceiveTimeout 1800

> So, it should have no timeout, right?

I would add a line
ReceiveTimeout 0
to be sure. Sometimes the commented out line reflects that actual default.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi Elia,

Regarding your inconsistent freshclam updates, did you by chance
pre-install any virus signatures before running freshclam? I found that if
I installed the clamav-data RPM package from the CentOS repository, I ran
into the freshclam update errors. To get past that, you can just delete
/var/lib/clamav/* and run freshclam again or don't install clamav-data to
begin with so that freshclam can download all the latest signatures.

Kind Regards,
Ray

On Thu, Jul 29, 2021 at 6:19 AM Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

> On Thu, 29 Jul 2021, Asenova, Elia via clamav-users wrote:
>
> > Thanks for the replies. Yes, deleting daily.cld fixed the
> > problem. My concern is that I'm building a docker image with clamav
> > inside it and I have to delete daily.cld on every new build if I
> > want freshclam to work correctly the first time. About the
> > subsequent runs when I tried to run freshclam on two different pods
> > after image deploy, daily.cld was updated to the latest version only
> > on one of them. These are the logs for both pods:
> >
> > #1st pod (successful update):
> > Connecting via dnat.genesaas.io
> > ClamAV update process started at Thu Jul 29 08:54:30 2021
> > daily database available for update (local version: 26231, remote
> version: 26246)
> > Current database is 15 versions behind.
> > Downloading database patch # 26232...
> > ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > ERROR: downloadPatch: Can't apply patch
> > WARNING: Incremental update failed, trying to download daily.cvd
> > Time: 21.8s, ETA: 0.0s [========================>]
> 54.95MiB/54.95MiB
> > Testing database:
> '/var/lib/clamav/tmp.98ba2d17af/clamav-474d295bd3248aa18d6abaf0dc93f952.tmp-daily.cvd'
> ...
> > Database test passed.
> > daily.cvd updated (version: 26246, sigs: 1964581, f-level: 90, builder:
> raynman)
> > main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level:
> 90, builder: sigmgr)
> > bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level:
> 63, builder: awillia2)
>
> Start with daily 26233 (or better whatever is the latest today) and main
> 61.
> By starting with daily 26231 and main 59 you immediately have to do a major
> (once in maybe six months) update.
>
> As Matus and Ged have suggested, you should not need to install the
> database on each docker instance.
> Unless you have a large anti-virus farm, you don't even need to *run* the
> d clam daemon on every VM. Start up a single remote clamd server and the
> other VMs can pass their scans to your clamd server with clamdscan.
>
>
> > 2nd pod (unsuccessful update):
> > Connecting via dnat.genesaas.io
> > ClamAV update process started at Thu Jul 29 09:14:16 2021
> > daily database available for update (local version: 26231, remote
> version: 26247)
> > Current database is 16 versions behind.
> > Downloading database patch # 26232...
> > ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > ERROR: downloadPatch: Can't apply patch
> > WARNING: Incremental update failed, trying to download daily.cvd
> > Time: 26.5s, ETA: 0.0s [========================>]
> 54.95MiB/54.95MiB
> > Received an older daily CVD than was advertised. We'll retry so the
> incremental update will ensure we're up-to-date.
> > daily database available for update (local version: 26231, remote
> version: 26247)
> > Current database is 16 versions behind.
> > Downloading database patch # 26232...
> > ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > ERROR: downloadPatch: Can't apply patch
> > WARNING: Incremental update failed, trying to download daily.cvd
> > Time: 28.0s, ETA: 0.0s [========================>]
> 54.95MiB/54.95MiB
> > Received an older daily CVD than was advertised. We'll retry so the
> incremental update will ensure we're up-to-date.
> > daily database available for update (local version: 26231, remote
> version: 26247)
> > Current database is 16 versions behind.
> > Downloading database patch # 26232...
> > ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
> > ERROR: downloadPatch: Can't apply patch
> > WARNING: Incremental update failed, trying to download daily.cvd
> > Time: 25.5s, ETA: 0.0s [========================>]
> 54.95MiB/54.95MiB
> > Received an older daily CVD than was advertised. We'll retry so the
> incremental update will ensure we're up-to-date.
> > main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level:
> 90, builder: sigmgr)
> > bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level:
> 63, builder: awillia2)
>
> > What might be the reason of this inconsistent behavior?
>
> From those logs it appears that daily 26247 was advertised between the two
> runs,
> but had't reach the mirror that you downloaded from.
>
>
> > And about the ReceiveTimeout this is what I have in freshclam.conf:
> > # Maximum time in seconds for each download operation. 0 means no
> timeout.
> > # Default: 0
> > #ReceiveTimeout 1800
>
> > So, it should have no timeout, right?
>
> I would add a line
> ReceiveTimeout 0
> to be sure. Sometimes the commented out line reflects that actual default.
>
> --
> Andrew C. Aitchison Kendal, UK
> andrew@aitchison.me.uk
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

--
Notice: This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the
sender by reply e-mail and destroy the message and attachments without
retaining a copy.

G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Wed, 28 Jul 2021, Lee, Raymond wrote:
>> On Wed, Jul 28, 2021 at 11:16 AM Asenova, Elia wrote:
>>>
>>> ... when running freshclam I get the following errors ...
>>> Downloaded 22 patches for daily, which is fewer than the 37 expected
>>> patches.
>>> We'll settle for this partial-update, at least for now.
>>> ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
>>
>> I ran into this same problem and just deleted
>> /var/lib/clamav/daily.c[lv]d
>> and ran freshclam again.
>
> If that doesn't help, check that the timeouts in your configuration
> file for freshclam aren't very short.  A long time ago the default was
> 30 seconds I think, but that's too short now - the default now is to
> have no timeout at all.  Until the recent updates to main and daily I
> had ReceiveTimeout set to 1800 seconds.  Even that was too short here,
> so I've now set it to 3600 seconds.

Unfortunately, it seems the ClamAV package from the Ubuntu 18.04
repositories still has a 30 second timeout by default. Having been
bitten by this myself when first installing ClamAV a few months ago, and
discussed on this list, I reported it on Ubuntu's bug tracker
<https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1927777>. But
they seem reluctant to remove the timeout as an update to a stable
release (preferring that pretty much everyone installing the package
gets a non-functional default configuration?) and don't consider it a
problem since there's an "easy workaround" (well, it's easy once you
figure out that their default configuration has a stupidly short timeout!)

The ClamAV maintainers can't do much about Ubuntu's update policy, of
course, but it does seem to have lead to a lot of issues discussed here,
particularly after the recent update to the main database.

--
Mark.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Tue, 3 Aug 2021, clamav.mbourne@spamgourmet.com wrote:
>
> Unfortunately, it seems the ClamAV package from the Ubuntu 18.04 repositories
> still has a 30 second timeout by default. Having been bitten by this myself
> when first installing ClamAV a few months ago, and discussed on this list, I
> reported it on Ubuntu's bug tracker
> <https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1927777>. But they
> seem reluctant to remove the timeout as an update to a stable release
> (preferring that pretty much everyone installing the package gets a
> non-functional default configuration?) and don't consider it a problem since
> there's an "easy workaround" (well, it's easy once you figure out that their
> default configuration has a stupidly short timeout!)

The package manager has a feature which can display a warning message
after an update is performed. Perhaps that could say something like

"The Ubuntu maintainers are unwilling to shoulder the responsibility
for fixing this broken package. You can fix it yourself by commenting
out the ReceiveTimeout line in the freshclam configuration file." :)

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml