Mailing List Archive

[clamav-users] No daily sig since July 28th
Hello,

I've noticed that a daily hasn't been posted since the 28th of July. Are
daily sigs being posted?
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
On Mon, 1 Aug 2022, Shawn Iverson via clamav-users wrote:

> Date: Mon, 1 Aug 2022 09:48:01 -0400
> From: Shawn Iverson via clamav-users <clamav-users@lists.clamav.net>
> To: clamav-users@lists.clamav.net
> Cc: Shawn Iverson <shawniverson@gmail.com>
> Subject: [clamav-users] No daily sig since July 28th
>
> Hello,
>
> I've noticed that a daily hasn't been posted since the 28th of July. Are
> daily sigs being posted?
>

same here :

[hubble:root]:(/var/lib/clamav)# ll
total 349280
-rw-r--r-- 1 clamav clamav 293670 Jul 28 01:13 bytecode.cvd
-rw-r--r-- 1 clamav clamav 186877440 Jul 28 11:07 daily.cld
-rw-r--r-- 1 clamav clamav 69 Jul 28 01:12 freshclam.dat
-rw-r--r-- 1 clamav clamav 170479789 Jul 28 01:13 main.cvd
[hubble:root]:(/var/lib/clamav)# date
Mon Aug 1 15:51:53 CEST 2022
[hubble:root]:(/var/lib/clamav)#

freshclam.log.1.gz :
--------------------------------------
ClamAV update process started at Thu Jul 28 11:07:00 2022
daily database available for update (local version: 26614, remote version: 26615)
Testing database: '/var/lib/clamav/tmp.a2732d54fd/clamav-3a8cccfa9c215b7da1e072dd8e94e89a.tmp-daily.cld' ...
Database test passed.
daily.cld updated (version: 26615, sigs: 1992518, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Clamd successfully notified about the update.
--------------------------------------


--
Robert M. Stockmann - RHCE
Network Engineer - UNIX/Linux Specialist
crashrecovery.org stock@stokkie.net

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
On Mon, 1 Aug 2022, Shawn Iverson via clamav-users wrote:

> Hello,
>
> I've noticed that a daily hasn't been posted since the 28th of July. Are
> daily sigs being posted?

# clamscan --version
ClamAV 0.103.7/26615/Thu Jul 28 08:58:07 2022

# host -t txt current.cvd.clamav.net.
current.cvd.clamav.net descriptive text "0.103.7:62:26615:1659362400:1:90:49192:333"

# date -u -d "1970-01-01 UTC 1659362400 seconds"
Mon Aug 1 14:00:00 UTC 2022

... so the magic DNS timestamp is being updated,
but the daily version number has not changed since Thursday.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
On Mon, 1 Aug 2022 16:24:50 +0100 (BST)
Andrew C Aitchison via clamav-users <clamav-users@lists.clamav.net> wrote:

> On Mon, 1 Aug 2022, Shawn Iverson via clamav-users wrote:
>
> > Hello,
> >
> > I've noticed that a daily hasn't been posted since the 28th of July. Are
> > daily sigs being posted?
>
> # clamscan --version
> ClamAV 0.103.7/26615/Thu Jul 28 08:58:07 2022
>
> # host -t txt current.cvd.clamav.net.
> current.cvd.clamav.net descriptive text "0.103.7:62:26615:1659362400:1:90:49192:333"
>
> # date -u -d "1970-01-01 UTC 1659362400 seconds"
> Mon Aug 1 14:00:00 UTC 2022
>
> ... so the magic DNS timestamp is being updated,
> but the daily version number has not changed since Thursday.

=============================

Same here on the Cloudflare 'BOS' anycast mirror.


------------------------------ Thursday 28 July 2022 at 04:43:01 ------------------------------

/opt/clamav/bin/testclam-dns
--> UPD D 26615/26614 M 62/62 B 333/333

/opt/clamav/bin/freshclam -v --stdout --on-update-execute=EXIT_1
...

...

------------------------------ Monday 01 August 2022 at 12:43:01 ------------------------------

/opt/clamav/bin/testclam-dns
--> DNS D 26615/26615 M 62/62 B 333/333


P.S. Testclam-dns is something I created a few years ago (before the bandwidth abuse) when the BOS mirror was often out of date in serving the latest CVD file (which I then mirrored locally). It reports the latest vs the currently installed versions of the 3 principal signature files ("daily", "main" & "bytecode"), and whether freshclam should be invoked. I still use it for its detailed reporting, but now each freshclam instance simply uses the CDIFFs directly. This saves bandwidth compared to locally mirrored CVDs -- unless one has *lots* of ClamAV instances.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
There have been no such announcements on the [clamav-virusdb] email list since the 28th.

Sent from my iPad

-Al-
--
ClamXAV User

On Aug 1, 2022, at 06:48, Shawn Iverson via clamav-users <clamav-users@lists.clamav.net> wrote:
> Hello,
>
> I've noticed that a daily hasn't been posted since the 28th of July. Are daily sigs being posted?
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
Hi there,

On Mon, 1 Aug 2022, Al Varnell via clamav-users wrote:

> There have been no such announcements on the [clamav-virusdb] email list since the 28th.

My guess is that somebody at Talos went on holiday. :)

Al, the real reason for this post is that you mentioned the other day
that you'd also seen no viusdb mail for CVE CVE_2021_4034 although the
signature had appeared in the DB. The mail was sent on June 4th, the
sig was the first in the list:

8<----------------------------------------------------------------------
Date: Sat, 4 Jun 2022 04:05:56 -0400
From: noreply@sourcefire.com
To: clamav-virusdb@lists.clamav.net
Subject: [clamav-virusdb] Signatures Published daily - 26562
...
...

ClamAV Signature Publishing Notice

Datefile: daily
Version: 26562
Publisher: David Raynor
New Sigs: 10
Dropped Sigs: 0
Ignored Sigs: 113


New Detection Signatures:


* Osx.Exploit.CVE_2021_4034-9951522-1
...
...
8<----------------------------------------------------------------------

Maybe you trash-canned it?

--

73,
Ged.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
Hi all,

There was a server outage in our primary datacenter on Friday that left the signature database build server's database in a bad state. Unfortunately, I'm told that it also impacted the service responsible for alerting us to the problem and so we didn't realize until yesterday morning. Yesterday the incomplete build in the build server's database was cleaned up and a build was expected to work and go out this AM. That obviously didn't happen. I have teammates working on server maintenance now.

I expect that the daily signature publication will resume by tomorrow morning.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of Al Varnell via clamav-users <clamav-users@lists.clamav.net>
Sent: Monday, August 1, 2022 5:11 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Cc: Al Varnell <alvarnell@mac.com>
Subject: Re: [clamav-users] No daily sig since July 28th

There have been no such announcements on the [clamav-virusdb] email list since the 28th.

Sent from my iPad

-Al-
--
ClamXAV User

On Aug 1, 2022, at 06:48, Shawn Iverson via clamav-users <clamav-users@lists.clamav.net> wrote:
> Hello,
>
> I've noticed that a daily hasn't been posted since the 28th of July. Are daily sigs being posted?
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] No daily sig since July 28th [ In reply to ]
On Mon, Aug 01, 2022 at 11:57 PM, G.W. Haywood via clamav-users wrote:
> Al, the real reason for this post is that you mentioned the other day
> that you'd also seen no viusdb mail for CVE CVE_2021_4034 although the
> signature had appeared in the DB. The mail was sent on June 4th, the
> sig was the first in the list:
> ...
> Maybe you trash-canned it?

Thanks Ged., no it's still there. Looks like InfoClick let me down this time. Had to rebuild the database to pick it up.

-Al-