Mailing List Archive

[clamav-users] Clam updates failing
Has anyone been having trouble downloading updates for the last 20 hours or so?

I thought it might be a 429 issue (I'm in the process of setting up a local mirror to deal with that), but I'm also getting messages of the form

(RHEL6)
ERROR: getpatch: Can't download daily-26328.cdiff from db.local.clamav.net
ERROR: Can't download daily.cvd from db.local.clamav.net

or

(RHEL7)
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net/
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net/
ERROR: remote_cvdhead: Malformed CVD header (too short)
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net/
ERROR: Update failed for database: main
ERROR: Database update process failed: HTTP GET failed
ERROR: Update failed.

With thanks,

Ben

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
Hi there,

On Thu, 21 Oct 2021, Ben Argyle via clamav-users wrote:

> Has anyone been having trouble downloading updates for the last 20
> hours or so? ...

Yesterday I saw a couple of warnings about the DNS record being old,
but apart from that things seem to have been working OK here:

8<----------------------------------------------------------------------
# grep '\(WARNING\|updated\)' freshclam.log | grep Oct
Fri Oct 1 14:31:19 2021 -> daily.cld updated (version: 26309, sigs: 1938021, f-level: 90, builder: raynman)
Sat Oct 2 14:31:46 2021 -> daily.cld updated (version: 26310, sigs: 1938358, f-level: 90, builder: raynman)
Sun Oct 3 14:32:11 2021 -> daily.cld updated (version: 26311, sigs: 1938403, f-level: 90, builder: raynman)
Mon Oct 4 14:32:37 2021 -> daily.cld updated (version: 26312, sigs: 1938566, f-level: 90, builder: raynman)
Tue Oct 5 14:33:04 2021 -> daily.cld updated (version: 26313, sigs: 1938591, f-level: 90, builder: raynman)
Wed Oct 6 14:33:31 2021 -> daily.cld updated (version: 26314, sigs: 1936674, f-level: 90, builder: raynman)
Thu Oct 7 14:33:58 2021 -> daily.cld updated (version: 26315, sigs: 1937073, f-level: 90, builder: raynman)
Fri Oct 8 14:57:04 2021 -> daily.cld updated (version: 26316, sigs: 1937500, f-level: 90, builder: raynman)
Sat Oct 9 14:57:30 2021 -> daily.cld updated (version: 26317, sigs: 1937925, f-level: 90, builder: raynman)
Sun Oct 10 14:57:57 2021 -> daily.cld updated (version: 26318, sigs: 1938389, f-level: 90, builder: raynman)
Mon Oct 11 14:58:27 2021 -> daily.cld updated (version: 26319, sigs: 1938514, f-level: 90, builder: raynman)
Tue Oct 12 14:58:58 2021 -> daily.cld updated (version: 26320, sigs: 1938820, f-level: 90, builder: raynman)
Wed Oct 13 14:59:27 2021 -> daily.cld updated (version: 26321, sigs: 1937534, f-level: 90, builder: raynman)
Thu Oct 14 14:59:55 2021 -> daily.cld updated (version: 26322, sigs: 1937919, f-level: 90, builder: raynman)
Fri Oct 15 15:00:24 2021 -> daily.cld updated (version: 26323, sigs: 1938157, f-level: 90, builder: raynman)
Sat Oct 16 15:00:51 2021 -> daily.cld updated (version: 26324, sigs: 1938581, f-level: 90, builder: raynman)
Sun Oct 17 15:01:17 2021 -> daily.cld updated (version: 26325, sigs: 1938699, f-level: 90, builder: raynman)
Mon Oct 18 15:01:41 2021 -> daily.cld updated (version: 26326, sigs: 1938868, f-level: 90, builder: raynman)
Tue Oct 19 15:02:08 2021 -> daily.cld updated (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 15:02:12 2021 -> WARNING: DNS record is older than 3 hours.
Wed Oct 20 21:02:13 2021 -> WARNING: DNS record is older than 3 hours.
Thu Oct 21 03:02:36 2021 -> daily.cld updated (version: 26328, sigs: 1939034, f-level: 90, builder: raynman)
8<----------------------------------------------------------------------
# >>> grep 'Oct 20' freshclam.log
Wed Oct 20 03:02:09 2021 -> Received signal: wake up
Wed Oct 20 03:02:10 2021 -> ClamAV update process started at Wed Oct 20 03:02:09 2021
Wed Oct 20 03:02:10 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 03:02:10 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 03:02:10 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 03:02:10 2021 -> --------------------------------------
Wed Oct 20 09:02:10 2021 -> Received signal: wake up
Wed Oct 20 09:02:10 2021 -> ClamAV update process started at Wed Oct 20 09:02:10 2021
Wed Oct 20 09:02:10 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 09:02:10 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 09:02:10 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 09:02:10 2021 -> --------------------------------------
Wed Oct 20 15:02:10 2021 -> Received signal: wake up
Wed Oct 20 15:02:11 2021 -> ClamAV update process started at Wed Oct 20 15:02:10 2021
Wed Oct 20 15:02:12 2021 -> WARNING: DNS record is older than 3 hours.
Wed Oct 20 15:02:12 2021 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Wed Oct 20 15:02:13 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 15:02:13 2021 -> Trying to retrieve CVD header from https://database.clamav.net/main.cvd
Wed Oct 20 15:02:13 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 15:02:13 2021 -> Trying to retrieve CVD header from https://database.clamav.net/bytecode.cvd
Wed Oct 20 15:02:13 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 15:02:13 2021 -> --------------------------------------
Wed Oct 20 21:02:13 2021 -> Received signal: wake up
Wed Oct 20 21:02:13 2021 -> ClamAV update process started at Wed Oct 20 21:02:13 2021
Wed Oct 20 21:02:13 2021 -> WARNING: DNS record is older than 3 hours.
Wed Oct 20 21:02:14 2021 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Wed Oct 20 21:02:14 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 21:02:14 2021 -> Trying to retrieve CVD header from https://database.clamav.net/main.cvd
Wed Oct 20 21:02:15 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 21:02:15 2021 -> Trying to retrieve CVD header from https://database.clamav.net/bytecode.cvd
Wed Oct 20 21:02:15 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 21:02:15 2021 -> --------------------------------------
8<----------------------------------------------------------------------

AFAICT I've only seen that DNS age warning once before - early in
August 2021.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
Things _appear_ to have settled down now. It's possible it was all some fevered dream, or more likely some DNS confusion somewhere upstream of me.

For now, though, all seems well.

Ben

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: 21 October 2021 10:21
To: Ben Argyle via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] Clam updates failing

Hi there,

On Thu, 21 Oct 2021, Ben Argyle via clamav-users wrote:

> Has anyone been having trouble downloading updates for the last 20
> hours or so? ...

Yesterday I saw a couple of warnings about the DNS record being old,
but apart from that things seem to have been working OK here:

8<----------------------------------------------------------------------
# grep '\(WARNING\|updated\)' freshclam.log | grep Oct
Fri Oct 1 14:31:19 2021 -> daily.cld updated (version: 26309, sigs: 1938021, f-level: 90, builder: raynman)
Sat Oct 2 14:31:46 2021 -> daily.cld updated (version: 26310, sigs: 1938358, f-level: 90, builder: raynman)
Sun Oct 3 14:32:11 2021 -> daily.cld updated (version: 26311, sigs: 1938403, f-level: 90, builder: raynman)
Mon Oct 4 14:32:37 2021 -> daily.cld updated (version: 26312, sigs: 1938566, f-level: 90, builder: raynman)
Tue Oct 5 14:33:04 2021 -> daily.cld updated (version: 26313, sigs: 1938591, f-level: 90, builder: raynman)
Wed Oct 6 14:33:31 2021 -> daily.cld updated (version: 26314, sigs: 1936674, f-level: 90, builder: raynman)
Thu Oct 7 14:33:58 2021 -> daily.cld updated (version: 26315, sigs: 1937073, f-level: 90, builder: raynman)
Fri Oct 8 14:57:04 2021 -> daily.cld updated (version: 26316, sigs: 1937500, f-level: 90, builder: raynman)
Sat Oct 9 14:57:30 2021 -> daily.cld updated (version: 26317, sigs: 1937925, f-level: 90, builder: raynman)
Sun Oct 10 14:57:57 2021 -> daily.cld updated (version: 26318, sigs: 1938389, f-level: 90, builder: raynman)
Mon Oct 11 14:58:27 2021 -> daily.cld updated (version: 26319, sigs: 1938514, f-level: 90, builder: raynman)
Tue Oct 12 14:58:58 2021 -> daily.cld updated (version: 26320, sigs: 1938820, f-level: 90, builder: raynman)
Wed Oct 13 14:59:27 2021 -> daily.cld updated (version: 26321, sigs: 1937534, f-level: 90, builder: raynman)
Thu Oct 14 14:59:55 2021 -> daily.cld updated (version: 26322, sigs: 1937919, f-level: 90, builder: raynman)
Fri Oct 15 15:00:24 2021 -> daily.cld updated (version: 26323, sigs: 1938157, f-level: 90, builder: raynman)
Sat Oct 16 15:00:51 2021 -> daily.cld updated (version: 26324, sigs: 1938581, f-level: 90, builder: raynman)
Sun Oct 17 15:01:17 2021 -> daily.cld updated (version: 26325, sigs: 1938699, f-level: 90, builder: raynman)
Mon Oct 18 15:01:41 2021 -> daily.cld updated (version: 26326, sigs: 1938868, f-level: 90, builder: raynman)
Tue Oct 19 15:02:08 2021 -> daily.cld updated (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 15:02:12 2021 -> WARNING: DNS record is older than 3 hours.
Wed Oct 20 21:02:13 2021 -> WARNING: DNS record is older than 3 hours.
Thu Oct 21 03:02:36 2021 -> daily.cld updated (version: 26328, sigs: 1939034, f-level: 90, builder: raynman)
8<----------------------------------------------------------------------
# >>> grep 'Oct 20' freshclam.log
Wed Oct 20 03:02:09 2021 -> Received signal: wake up
Wed Oct 20 03:02:10 2021 -> ClamAV update process started at Wed Oct 20 03:02:09 2021
Wed Oct 20 03:02:10 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 03:02:10 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 03:02:10 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 03:02:10 2021 -> --------------------------------------
Wed Oct 20 09:02:10 2021 -> Received signal: wake up
Wed Oct 20 09:02:10 2021 -> ClamAV update process started at Wed Oct 20 09:02:10 2021
Wed Oct 20 09:02:10 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 09:02:10 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 09:02:10 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 09:02:10 2021 -> --------------------------------------
Wed Oct 20 15:02:10 2021 -> Received signal: wake up
Wed Oct 20 15:02:11 2021 -> ClamAV update process started at Wed Oct 20 15:02:10 2021
Wed Oct 20 15:02:12 2021 -> WARNING: DNS record is older than 3 hours.
Wed Oct 20 15:02:12 2021 -> Trying to retrieve CVD header from https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatabase.clamav.net%2Fdaily.cvd&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508954019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=TqjwRZSz68O93JqVmzl%2BZRCST2UoWcihnF2CLmWPgzc%3D&amp;reserved=0
Wed Oct 20 15:02:13 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 15:02:13 2021 -> Trying to retrieve CVD header from https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatabase.clamav.net%2Fmain.cvd&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508954019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=EXPPpeIvx%2FYosr9OWsvE0YInTWFhzgZLiRNagLk%2B1k4%3D&amp;reserved=0
Wed Oct 20 15:02:13 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 15:02:13 2021 -> Trying to retrieve CVD header from https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatabase.clamav.net%2Fbytecode.cvd&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508954019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=bMpF5cz%2F9TKa%2FAsAODb%2FmuL0NI6wCkT04RJJZwM7jtI%3D&amp;reserved=0
Wed Oct 20 15:02:13 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 15:02:13 2021 -> --------------------------------------
Wed Oct 20 21:02:13 2021 -> Received signal: wake up
Wed Oct 20 21:02:13 2021 -> ClamAV update process started at Wed Oct 20 21:02:13 2021
Wed Oct 20 21:02:13 2021 -> WARNING: DNS record is older than 3 hours.
Wed Oct 20 21:02:14 2021 -> Trying to retrieve CVD header from https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatabase.clamav.net%2Fdaily.cvd&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508954019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=TqjwRZSz68O93JqVmzl%2BZRCST2UoWcihnF2CLmWPgzc%3D&amp;reserved=0
Wed Oct 20 21:02:14 2021 -> daily.cld database is up-to-date (version: 26327, sigs: 1938950, f-level: 90, builder: raynman)
Wed Oct 20 21:02:14 2021 -> Trying to retrieve CVD header from https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatabase.clamav.net%2Fmain.cvd&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508954019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=EXPPpeIvx%2FYosr9OWsvE0YInTWFhzgZLiRNagLk%2B1k4%3D&amp;reserved=0
Wed Oct 20 21:02:15 2021 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Oct 20 21:02:15 2021 -> Trying to retrieve CVD header from https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatabase.clamav.net%2Fbytecode.cvd&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508954019%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=bMpF5cz%2F9TKa%2FAsAODb%2FmuL0NI6wCkT04RJJZwM7jtI%3D&amp;reserved=0
Wed Oct 20 21:02:15 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Oct 20 21:02:15 2021 -> --------------------------------------
8<----------------------------------------------------------------------

AFAICT I've only seen that DNS age warning once before - early in
August 2021.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508964016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=V5Uqlh9N8%2F1BwH0ZTckPNcehehwGz10wfZV%2BprCV0Ig%3D&amp;reserved=0


Help us build a comprehensive ClamAV guide:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fvrtadmin%2Fclamav-faq&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508964016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=rnCcZkKHa7wp3AfS%2FC8ND%2FWxA%2F2K%2B8wHhz%2BTZ%2FAkKgc%3D&amp;reserved=0

https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.clamav.net%2Fcontact.html%23ml&amp;data=04%7C01%7Cbda20%40admin.cam.ac.uk%7C9349a7ef4b934da5696e08d994744dba%7C49a50445bdfa4b79ade3547b4f3986e9%7C0%7C0%7C637704049508964016%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qKluEHukh%2BU7hYGiMoyiGRXnORRsNBkBSR36hQJofq4%3D&amp;reserved=0

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
On Thu, 21 Oct 2021 10:20:58 +0100 (BST)
"G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Thu, 21 Oct 2021, Ben Argyle via clamav-users wrote:
>
> > Has anyone been having trouble downloading updates for the last 20
> > hours or so? ...
>
> Yesterday I saw a couple of warnings about the DNS record being old,
> but apart from that things seem to have been working OK here:


I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).

Maybe I should also look at the DNS record's TS field. What is considered "old" for this?

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
Hi there,

On Thu, 21 Oct 2021, Paul Kosinski via clamav-users wrote:
> On Thu, 21 Oct 2021 G.W. Haywood via clamav-users wrote:
>> On Thu, 21 Oct 2021, Ben Argyle via clamav-users wrote:
>>
>>> Has anyone been having trouble downloading updates for the last 20
>>> hours or so? ...
>>
>> Yesterday I saw a couple of warnings about the DNS record being old,
>> but apart from that things seem to have been working OK here:
>
> I've never seen a DNS age warning, but that might be because, for
> several years now, I only run freshclam when the DNS TXT record
> (which I check hourly) says there is a new signature available
> compared to a local file's version number (in its header).
>
> Maybe I should also look at the DNS record's TS field. What is
> considered "old" for this?

The log warns that the record is more than three hours is old.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).

I thought freshclam did the DNS check itself. Why do it again before
running freshclam?



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
> On Oct 21, 2021, at 18:55, Kenneth Porter <shiva@sewingwitch.com> wrote:
>
> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
>> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
>
> I thought freshclam did the DNS check itself. Why do it again before running freshclam?

It does. No need to do an extra check.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
On Thu, 21 Oct 2021 15:55:54 -0700
Kenneth Porter <shiva@sewingwitch.com> wrote:

> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
> > I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
>
> I thought freshclam did the DNS check itself. Why do it again before
> running freshclam?


Because a couple of years ago I was running a local mirror using full CVDs, but Cloudflare's BOS POP/server was often out of date compared to the claimed current CVD version. So I was trying to reduce bandwidth consumption by not directly downloading the whole CVD. Now I use freshclam directly on our 3 ClamAV systems, but I kept the DNS TXT check as it still reduces bandwidth a bit (compared to hourly freshclam runs) and also provides a nice summary of available vs installed DB files.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
On Fri, 22 Oct 2021 13:27:46 +0000
"Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:

> > On Oct 21, 2021, at 18:55, Kenneth Porter <shiva@sewingwitch.com> wrote:
> >
> > On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
> >> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
> >
> > I thought freshclam did the DNS check itself. Why do it again before running freshclam?
>
> It does. No need to do an extra check.


Since checking the DNS TXT record costs almost nothing (and is UDP), I figure I can do it more often than running freshclam without ever risking triggering Cloudflare's bandwidth limits. And, although I currently do it only once per hour, if there ever was something like a SANS Threat Level RED, I could up the frequency to get the latest sigs ASAP.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
> On Oct 22, 2021, at 11:16 AM, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> On Fri, 22 Oct 2021 13:27:46 +0000
> "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:
>
>>> On Oct 21, 2021, at 18:55, Kenneth Porter <shiva@sewingwitch.com> wrote:
>>>
>>> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
>>>> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
>>>
>>> I thought freshclam did the DNS check itself. Why do it again before running freshclam?
>>
>> It does. No need to do an extra check.
>
>
> Since checking the DNS TXT record costs almost nothing (and is UDP), I figure I can do it more often than running freshclam without ever risking triggering Cloudflare's bandwidth limits. And, although I currently do it only once per hour, if there ever was something like a SANS Threat Level RED, I could up the frequency to get the latest sigs ASAP.

How would running freshclam every hour trigger Cloudflare's bandwidth limits? There is currently only one actual update per day and the first thing freshclam does is check DNS and quit if there's nothing new.

-Al-
--
ClamXav User

Powered by Mailbutler <https://www.mailbutler.io/?utm_source=watermark&utm_medium=email&utm_campaign=watermark-variant-primary>, the email extension that does it all
Re: [clamav-users] Clam updates failing [ In reply to ]
> On Oct 22, 2021, at 14:16, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
>
> On Fri, 22 Oct 2021 13:27:46 +0000
> "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:
>
>>> On Oct 21, 2021, at 18:55, Kenneth Porter <shiva@sewingwitch.com> wrote:
>>>
>>> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
>>>> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
>>>
>>> I thought freshclam did the DNS check itself. Why do it again before running freshclam?
>>
>> It does. No need to do an extra check.
>
>
> Since checking the DNS TXT record costs almost nothing (and is UDP), I figure I can do it more often than running freshclam without ever risking triggering Cloudflare's bandwidth limits. And, although I currently do it only once per hour, if there ever was something like a SANS Threat Level RED, I could up the frequency to get the latest sigs ASAP.
>
>

DNS is unrestricted. That’s why I am saying it’s unnecessary. The restrictions are on the files themselves.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
On Fri, 22 Oct 2021 18:47:01 +0000
"Joel Esler (jesler)" <jesler@cisco.com> wrote:

> > On Oct 22, 2021, at 14:16, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
> >
> > On Fri, 22 Oct 2021 13:27:46 +0000
> > "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:
> >
> >>> On Oct 21, 2021, at 18:55, Kenneth Porter <shiva@sewingwitch.com> wrote:
> >>>
> >>> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
> >>>> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
> >>>
> >>> I thought freshclam did the DNS check itself. Why do it again before running freshclam?
> >>
> >> It does. No need to do an extra check.
> >
> >
> > Since checking the DNS TXT record costs almost nothing (and is UDP), I figure I can do it more often than running freshclam without ever risking triggering Cloudflare's bandwidth limits. And, although I currently do it only once per hour, if there ever was something like a SANS Threat Level RED, I could up the frequency to get the latest sigs ASAP.
> >
> >
>
> DNS is unrestricted. That’s why I am saying it’s unnecessary. The restrictions are on the files themselves.


So you're saying that if -- because I wanted to get an update ASAP in the face of a severe virus alert -- I upped the running of freshclam to every 5 minutes on each of my 3 systems, there is no chance that I would be blocked, because freshclam doesn't do any actual (restricted) file access until after it checks the DNS TXT record?

Even if that's the case, I think it would generate a lot more junk in the log files than my current approach does (since I run freshclam with the "-v" option).

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam updates failing [ In reply to ]
> On Oct 23, 2021, at 11:49, Paul Kosinski <clamav-users@iment.com> wrote:
>
> ?On Fri, 22 Oct 2021 18:47:01 +0000
> "Joel Esler (jesler)" <jesler@cisco.com> wrote:
>
>>>> On Oct 22, 2021, at 14:16, Paul Kosinski via clamav-users <clamav-users@lists.clamav.net> wrote:
>>>
>>> On Fri, 22 Oct 2021 13:27:46 +0000
>>> "Joel Esler \(jesler\) via clamav-users" <clamav-users@lists.clamav.net> wrote:
>>>
>>>>> On Oct 21, 2021, at 18:55, Kenneth Porter <shiva@sewingwitch.com> wrote:
>>>>>
>>>>> On 10/21/2021 10:14 AM, Paul Kosinski via clamav-users wrote:
>>>>>> I've never seen a DNS age warning, but that might be because, for several years now, I only run freshclam when the DNS TXT record (which I check hourly) says there is a new signature available compared to a local file's version number (in its header).
>>>>>
>>>>> I thought freshclam did the DNS check itself. Why do it again before running freshclam?
>>>>
>>>> It does. No need to do an extra check.
>>>
>>>
>>> Since checking the DNS TXT record costs almost nothing (and is UDP), I figure I can do it more often than running freshclam without ever risking triggering Cloudflare's bandwidth limits. And, although I currently do it only once per hour, if there ever was something like a SANS Threat Level RED, I could up the frequency to get the latest sigs ASAP.
>>>
>>>
>>
>> DNS is unrestricted. That’s why I am saying it’s unnecessary. The restrictions are on the files themselves.
>
>
> So you're saying that if -- because I wanted to get an update ASAP in the face of a severe virus alert -- I upped the running of freshclam to every 5 minutes on each of my 3 systems, there is no chance that I would be blocked, because freshclam doesn't do any actual (restricted) file access until after it checks the DNS TXT record?

Correct.
>
> Even if that's the case, I think it would generate a lot more junk in the log files than my current approach does (since I run freshclam with the "-v" option).

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml