Mailing List Archive

[clamav-users] Virus database not updated since 14th July 2021
Hello!


I've spent last two hours trying to find a solution, but I failed. I
realized today that my virus database on my personal computer at home
(an old PC running the last version of KDE Neon) hasn't been updated
since 14th July 2021. When I tried to update manually, I've got the
information that I'm blocked by the CDN (cool-down etc.). I followed the
instructions in order to manually lower the number of times per day
Clamfresh is trying to fetch the updates from 24 to 1, increase the
Retrieve Timeout to 900,k etc. in the config file - but if the system
has been unable to fetch ANY updates for the past NINE MONTHS, I doubt
it will solve the problem... I want to emphasize that this is the only
computer at my home that connects to the internet daily... I connect
through Bouygues (one of the biggest internet providers in France)  via
ADSL - and I'm a bit afraid that ClamAV's CDN is treating all the
customers of Bouygues as if they were a single company or organization -
which renders the use of Avast for hundreds of people impossible (I'm
writing "hundreds", but I have no clue what is the proportion of Linux /
ClamAV users among the millions of customers of Bouygues)... I'm stuck
and I have absolutely no idea what to do... Please, help.


Best,

Jerzy Witwinowski


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021 [ In reply to ]
What version of ClamAV are you using? July of last year sounds about when
EOL versions of ClamAV were blocked wholesale and the 'acceptable version'
was moved up and all prior versions were blocked. EOL has moved several
times since then as well. Currently, the current stable version 0.104 and I
don't believe anything before 0.103 will get updates.

--Maarten

On Tue, Mar 8, 2022 at 4:21 PM Jerzy Witwinowski via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello!
>
>
> I've spent last two hours trying to find a solution, but I failed. I
> realized today that my virus database on my personal computer at home
> (an old PC running the last version of KDE Neon) hasn't been updated
> since 14th July 2021. When I tried to update manually, I've got the
> information that I'm blocked by the CDN (cool-down etc.). I followed the
> instructions in order to manually lower the number of times per day
> Clamfresh is trying to fetch the updates from 24 to 1, increase the
> Retrieve Timeout to 900,k etc. in the config file - but if the system
> has been unable to fetch ANY updates for the past NINE MONTHS, I doubt
> it will solve the problem... I want to emphasize that this is the only
> computer at my home that connects to the internet daily... I connect
> through Bouygues (one of the biggest internet providers in France) via
> ADSL - and I'm a bit afraid that ClamAV's CDN is treating all the
> customers of Bouygues as if they were a single company or organization -
> which renders the use of Avast for hundreds of people impossible (I'm
> writing "hundreds", but I have no clue what is the proportion of Linux /
> ClamAV users among the millions of customers of Bouygues)... I'm stuck
> and I have absolutely no idea what to do... Please, help.
>
>
> Best,
>
> Jerzy Witwinowski
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Virus database not updated since 14th July 2021 [ In reply to ]
Hi there,

On Tue, 8 Mar 2022, Jerzy Witwinowski via clamav-users wrote:

> ... I realized today that my virus database on my personal computer
> at home (an old PC running the last version of KDE Neon) hasn't been
> updated since 14th July 2021. ...

As Mr. Broekman suggests I'm sure your ClamAV installation is outdated.

Look in the freshclam log - if you have one, it likely will have been
telling you for a while, if only you'd looked at it.

Check the man page for freshclam, particularly this configuration option:

--on-update-execute

You can e.g. get freshclam to mail you when it fails to update, so you
won't be caught with your pants down again. At least not this way.

You might want to subscribe to the announcements list, it's low volume.

Look at the ClamAV blog, which has plenty of detail about this issue:

https://blog.clamav.net

And for all our sakes, please take security a little more seriously.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021 [ In reply to ]
@ Maarten Broekman - I'm using the version 0.103.5 which, I think, is
the current version in KDE Neon repos (KDE Neon being based on Ubuntu
20). But what I did yesterday (manual tuning of the configuration file,
lowering the number of times per day the updates are fetched and
increasing the receive timeout) helped. This evening, when I started my
computer after returning from work, I checked the version of the virus
database and saw that ClamAV had managed to update it.


@ G.W. Haywood - Hopefully after manual tweaking of the config file
everything works again as it should (as I explained in my answer to
Maarten Broekman above). And it's not that I've been neglecting the
security... It's just that as everything had been working smooth and
fine since I've installed ClamAV many years ago, I've stopped manually
checking if everything was still OK (because why would it stop working
after all those years?)... My bad.


Anyway, three things:


1. I would like to apologize for writing BEFORE I could verify if the
manual tweaks would work once my cool-down period lifted.

2. Thank you all for your patience and your help.

3. There is still one question that puzzles me: why the default
configuration of ClamAV (checking for updates every hour, Retrieve
Timeout set to 30) is designed in a way that leads directly to the ban
by the CDN and renders the software useless?


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021 [ In reply to ]
ReceiveTimeout=30 is probably the one causing you problems. I was
bitten by that when installing ClamAV on an Ubuntu-based system last
year. For me, on a ~16Mpbs downlink home broadband connection, it took
longer than that to download the signatures, so would repeatedly time
out and retry. I think in that case the retries occur every 5 seconds,
regardless of other settings specifying the frequency of update checks,
since it hadn't actually successfully updated. As I understand it,
checking every hour shouldn't usually be a problem - its the retries
triggered by the timeout that cause the rate-limiting to kick in.

Having mentioned it here myself almost a year ago myself, it turns out
that the default built into ClamAV sets ReceiveTimeout=0, which means no
timeout. However, the Ubuntu 16.04 and 18.04 packages create an initial
configuration with it to 30. I think the Ubuntu 20.04 packages now set
it to 0, the same as ClamAV's default, but it may be that you've
inherited a configuration from an older installation - or perhaps KDE
Neon provide their own packages with the default still set to 30. So it
seems that 30s default isn't actually the ClamAV team's fault.

What does seem to exacerbate the problem is that, when the download
times out, it retries after 5 seconds so you quickly get blocked by the
rate-limiting and have to wait for that to reset before trying again
after fixing the config. But, as was explained to me, there are some
cases where retrying immediately makes sense and freshclam can't
necessary determine that, so always waiting a longer period (or until
the next update check is due) isn't necessarily the right thing to do
either (and in its default configuration a timeout wouldn't happen anyway).

Mark.


Jerzy Witwinowski via clamav-users wrote:
> @ Maarten Broekman - I'm using the version 0.103.5 which, I think, is
> the current version in KDE Neon repos (KDE Neon being based on Ubuntu
> 20). But what I did yesterday (manual tuning of the configuration file,
> lowering the number of times per day the updates are fetched and
> increasing the receive timeout) helped. This evening, when I started my
> computer after returning from work, I checked the version of the virus
> database and saw that ClamAV had managed to update it.
>
>
> @ G.W. Haywood - Hopefully after manual tweaking of the config file
> everything works again as it should (as I explained in my answer to
> Maarten Broekman above). And it's not that I've been neglecting the
> security... It's just that as everything had been working smooth and
> fine since I've installed ClamAV many years ago, I've stopped manually
> checking if everything was still OK (because why would it stop working
> after all those years?)... My bad.
>
>
> Anyway, three things:
>
>
> 1. I would like to apologize for writing BEFORE I could verify if the
> manual tweaks would work once my cool-down period lifted.
>
> 2. Thank you all for your patience and your help.
>
> 3. There is still one question that puzzles me: why the default
> configuration of ClamAV (checking for updates every hour, Retrieve
> Timeout set to 30) is designed in a way that leads directly to the ban
> by the CDN and renders the software useless?
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021 [ In reply to ]
https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html


Sent from my ? iPhone

> On Mar 9, 2022, at 16:25, clamav.mbourne@spamgourmet.com wrote:
>
> ?ReceiveTimeout=30 is probably the one causing you problems. I was bitten by that when installing ClamAV on an Ubuntu-based system last year. For me, on a ~16Mpbs downlink home broadband connection, it took longer than that to download the signatures, so would repeatedly time out and retry. I think in that case the retries occur every 5 seconds, regardless of other settings specifying the frequency of update checks, since it hadn't actually successfully updated. As I understand it, checking every hour shouldn't usually be a problem - its the retries triggered by the timeout that cause the rate-limiting to kick in.
>
> Having mentioned it here myself almost a year ago myself, it turns out that the default built into ClamAV sets ReceiveTimeout=0, which means no timeout. However, the Ubuntu 16.04 and 18.04 packages create an initial configuration with it to 30. I think the Ubuntu 20.04 packages now set it to 0, the same as ClamAV's default, but it may be that you've inherited a configuration from an older installation - or perhaps KDE Neon provide their own packages with the default still set to 30. So it seems that 30s default isn't actually the ClamAV team's fault.
>
> What does seem to exacerbate the problem is that, when the download times out, it retries after 5 seconds so you quickly get blocked by the rate-limiting and have to wait for that to reset before trying again after fixing the config. But, as was explained to me, there are some cases where retrying immediately makes sense and freshclam can't necessary determine that, so always waiting a longer period (or until the next update check is due) isn't necessarily the right thing to do either (and in its default configuration a timeout wouldn't happen anyway).
>
> Mark.
>
>
> Jerzy Witwinowski via clamav-users wrote:
>> @ Maarten Broekman - I'm using the version 0.103.5 which, I think, is the current version in KDE Neon repos (KDE Neon being based on Ubuntu 20). But what I did yesterday (manual tuning of the configuration file, lowering the number of times per day the updates are fetched and increasing the receive timeout) helped. This evening, when I started my computer after returning from work, I checked the version of the virus database and saw that ClamAV had managed to update it.
>> @ G.W. Haywood - Hopefully after manual tweaking of the config file everything works again as it should (as I explained in my answer to Maarten Broekman above). And it's not that I've been neglecting the security... It's just that as everything had been working smooth and fine since I've installed ClamAV many years ago, I've stopped manually checking if everything was still OK (because why would it stop working after all those years?)... My bad.
>> Anyway, three things:
>> 1. I would like to apologize for writing BEFORE I could verify if the manual tweaks would work once my cool-down period lifted.
>> 2. Thank you all for your patience and your help.
>> 3. There is still one question that puzzles me: why the default configuration of ClamAV (checking for updates every hour, Retrieve Timeout set to 30) is designed in a way that leads directly to the ban by the CDN and renders the software useless?
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021 [ In reply to ]
Thank you so much, Mark, for your explanations. It is so much clearer
for me now. And your theory about the origin of my timeout set to 30
makes perfectly sense: as I said, I have KDE neon for few years now and
visibly I have inherited the settings from the Ubuntu 18 (on which the
original installation was based) which have not been modified while
upgrading to the Ubuntu 20 base.

Thanks again!

Best wishes,
Jerzy

Le 09/03/2022 à 22:25, clamav.mbourne@spamgourmet.com a écrit :
> ReceiveTimeout=30 is probably the one causing you problems.  I was
> bitten by that when installing ClamAV on an Ubuntu-based system last
> year.  For me, on a ~16Mpbs downlink home broadband connection, it
> took longer than that to download the signatures, so would repeatedly
> time out and retry.  I think in that case the retries occur every 5
> seconds, regardless of other settings specifying the frequency of
> update checks, since it hadn't actually successfully updated. As I
> understand it, checking every hour shouldn't usually be a problem -
> its the retries triggered by the timeout that cause the rate-limiting
> to kick in.
>
> Having mentioned it here myself almost a year ago myself, it turns out
> that the default built into ClamAV sets ReceiveTimeout=0, which means
> no timeout.  However, the Ubuntu 16.04 and 18.04 packages create an
> initial configuration with it to 30.  I think the Ubuntu 20.04
> packages now set it to 0, the same as ClamAV's default, but it may be
> that you've inherited a configuration from an older installation - or
> perhaps KDE Neon provide their own packages with the default still set
> to 30.  So it seems that 30s default isn't actually the ClamAV team's
> fault.
>
> What does seem to exacerbate the problem is that, when the download
> times out, it retries after 5 seconds so you quickly get blocked by
> the rate-limiting and have to wait for that to reset before trying
> again after fixing the config.  But, as was explained to me, there are
> some cases where retrying immediately makes sense and freshclam can't
> necessary determine that, so always waiting a longer period (or until
> the next update check is due) isn't necessarily the right thing to do
> either (and in its default configuration a timeout wouldn't happen
> anyway).
>
> Mark.
>
>
> Jerzy Witwinowski via clamav-users wrote:
>> @ Maarten Broekman - I'm using the version 0.103.5 which, I think, is
>> the current version in KDE Neon repos (KDE Neon being based on Ubuntu
>> 20). But what I did yesterday (manual tuning of the configuration
>> file, lowering the number of times per day the updates are fetched
>> and increasing the receive timeout) helped. This evening, when I
>> started my computer after returning from work, I checked the version
>> of the virus database and saw that ClamAV had managed to update it.
>>
>>
>> @ G.W. Haywood - Hopefully after manual tweaking of the config file
>> everything works again as it should (as I explained in my answer to
>> Maarten Broekman above). And it's not that I've been neglecting the
>> security... It's just that as everything had been working smooth and
>> fine since I've installed ClamAV many years ago, I've stopped
>> manually checking if everything was still OK (because why would it
>> stop working after all those years?)... My bad.
>>
>>
>> Anyway, three things:
>>
>>
>> 1. I would like to apologize for writing BEFORE I could verify if the
>> manual tweaks would work once my cool-down period lifted.
>>
>> 2. Thank you all for your patience and your help.
>>
>> 3. There is still one question that puzzles me: why the default
>> configuration of ClamAV (checking for updates every hour, Retrieve
>> Timeout set to 30) is designed in a way that leads directly to the
>> ban by the CDN and renders the software useless?
>>
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml