* I am hosting the ClamAV DB files on S3.
* I have a lambda routinely running as a cron job that downloads the latest DB files from S3 to a local dir and runs freshclam against said dir as its database directory.
* freshclam is correctly identifying the daily.cvd as out of date
* log: daily database available for update (local version: 27225, remote version: 27234)
* however, it is failing to unpack daily.cvd so it can be patched
* log: WARNING: Wed Apr 3 21:15:46 2024 -> [LibClamAV] cli_untgz: Wrote 0 instead of 512 (/tmp/clamav/db/tmp.21bd42c58a/clamav-1e208e14d7df16a662a09232b9ee56b8.tmp/daily.hsb)
* log: WARNING: Wed Apr 3 21:15:46 2024 -> [LibClamAV] CVD unpacking failed for: daily.cvd
* log: ERROR: Wed Apr 3 21:15:46 2024 -> mkdir_and_chdir_for_cdiff_tmp: Can't unpack daily.cvd into /tmp/clamav/db/tmp.21bd42c58a/clamav-1e208e14d7df16a662a09232b9ee56b8.tmp
* After this freshclam gives up trying to patch daily.cvd and downloads the full file again
Running the same image locally within Docker desktop everything works fine. The main difference I can see is that when running locally it's running as root.
I have tried to set total open permissions (chmod -R 777) on /tmp/clamav/db after obtaining the latest DB files from S3; didn't fix it.
I also notice that the clamav user is not present (when list users via getent passwd) when running as a lambda.
Lambda is running from a docker container; base image is alpine with clamav installed as "apk add --no-cache clamav-daemon clamav-libunrar".
Any ideas what I can look at next?
Thanks,
Matt
PRIVACY: This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify the sender immediately, and do not use, copy, or disclose to anyone any of the contents hereof.
* I have a lambda routinely running as a cron job that downloads the latest DB files from S3 to a local dir and runs freshclam against said dir as its database directory.
* freshclam is correctly identifying the daily.cvd as out of date
* log: daily database available for update (local version: 27225, remote version: 27234)
* however, it is failing to unpack daily.cvd so it can be patched
* log: WARNING: Wed Apr 3 21:15:46 2024 -> [LibClamAV] cli_untgz: Wrote 0 instead of 512 (/tmp/clamav/db/tmp.21bd42c58a/clamav-1e208e14d7df16a662a09232b9ee56b8.tmp/daily.hsb)
* log: WARNING: Wed Apr 3 21:15:46 2024 -> [LibClamAV] CVD unpacking failed for: daily.cvd
* log: ERROR: Wed Apr 3 21:15:46 2024 -> mkdir_and_chdir_for_cdiff_tmp: Can't unpack daily.cvd into /tmp/clamav/db/tmp.21bd42c58a/clamav-1e208e14d7df16a662a09232b9ee56b8.tmp
* After this freshclam gives up trying to patch daily.cvd and downloads the full file again
Running the same image locally within Docker desktop everything works fine. The main difference I can see is that when running locally it's running as root.
I have tried to set total open permissions (chmod -R 777) on /tmp/clamav/db after obtaining the latest DB files from S3; didn't fix it.
I also notice that the clamav user is not present (when list users via getent passwd) when running as a lambda.
Lambda is running from a docker container; base image is alpine with clamav installed as "apk add --no-cache clamav-daemon clamav-libunrar".
Any ideas what I can look at next?
Thanks,
Matt
PRIVACY: This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify the sender immediately, and do not use, copy, or disclose to anyone any of the contents hereof.