freshclam failing

Questions and answers about how to do stuff
Post Reply
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

freshclam failing

Post by henk »

Freshclam updates generate errors. You receice mail like:

Code: Select all

/etc/cron.daily/freshclam:

ERROR: getpatch: Can't download daily-24292.cdiff from db.nl.clamav.net
ERROR: Can't download daily.cvd from db.nl.clamav.net
ERROR: getpatch: Can't download daily-24292.cdiff from db.local.clamav.net
ERROR: Can't download daily.cvd from db.local.clamav.net
ERROR: getpatch: Can't download daily-24292.cdiff from db.local.clamav.net
ERROR: Can't download daily.cvd from db.local.clamav.net
Manual freshclam

Code: Select all

[root@sansspam conf.d]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Thu Feb  8 13:02:58 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1722
Software version from DNS: 0.99.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 58
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 24296
Retrieving http://db.nl.clamav.net/daily-24292.cdiff
Ignoring mirror 145.58.29.83 (due to previous errors)
Ignoring mirror 194.109.6.97 (due to previous errors)
Ignoring mirror 145.58.29.83 (due to previous errors)
Ignoring mirror 194.109.6.97 (due to previous errors)
WARNING: getpatch: Can't download daily-24292.cdiff from db.nl.clamav.net
etcetcetc
Reason: Long story in clickable link :D https://www.clamav.net/documents/official-mirror-faq
Solution:
move /var/lib/clamav/main.cld to /tmp
move /var/lib/clamav/morrors.dat to /tmp

Run

Code: Select all

freshclam -v

Code: Select all

Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Thu Feb  8 13:12:15 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1165
Software version from DNS: 0.99.3
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 24296
daily.cld is up to date (version: 24296, sigs: 1847795, f-level: 63, builder: neo)
bytecode.cvd version from DNS: 319
bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
Done :violin:

Now delete tmp files
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
ayh20
Posts: 13
Joined: 13 May 2015 13:01

Re: freshclam failing

Post by ayh20 »

Thanks Henk ... just had this problem after a network outage .

Problem is fixed i think, update is done.

But i notice that the main.cld file was not recreated like the mirrors.dat was, is that correct ?
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: freshclam failing

Post by henk »

Should be ok. Just run

Code: Select all

freshclam -v
to check again

Code: Select all

ls -l /var/lib/clamav/*.c??
-rw-r--r-- 1 clam clam 153228 Jan 9 01:24 /var/lib/clamav/bytecode.cvd
-rw-r--r-- 1 clam clam 139491840 May 18 13:34 /var/lib/clamav/daily.cld
-rw-r--r-- 1 clam clam 121906 May 11 12:15 /var/lib/clamav/foxhole_filename.cdb
-rw-r--r-- 1 clam clam 51613 Mar 26 15:11 /var/lib/clamav/foxhole_generic.cdb
-rw-r--r-- 1 clam clam 117892267 Jan 9 01:28 /var/lib/clamav/main.cvd
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: freshclam failing

Post by AITCS »

We've been getting the following errors for the last 3 days:

Code: Select all

ClamAV update process started at Thu Mar  4 10:33:34 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.au.clamav.net
WARNING: getpatch: Can't download daily-26096.cdiff from db.au.clamav.net
WARNING: getpatch: Can't download daily-26096.cdiff from db.au.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.au.clamav.net (IP: 2606:4700::6810:db54)
Trying host db.au.clamav.net (2606:4700::6810:da54)...
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
Can't connect to port 80 of host db.au.clamav.net (IP: 2606:4700::6810:da54)
WARNING: Can't download daily.cvd from db.au.clamav.net
Trying again in 5 secs...
Pings to db.au.clamav.net are successful, and browsing to the address from another machine on the network also succeeds.
I have tried the fix in this thread, but it hasn't worked for us unfortunately. We run EFA-3.0.2.6 still.

Changing DatabaseMirror in /etc/freshclam.conf doesn't seem to help either. I have tried several other servers and they all fail as well.
db.us.clamav.net, db.uk.clamav.net, database.clamav.net all fail as well.

Any ideas on what else we can check?

Edit: Just reading the logs a bit more carefully. It seems that freshclam is trying to resolve IPv6 for all of the server names. We do not have an IPv6 enabled network, and CentOS is configured to disable IPv6 completely with net.ipv6.conf.eth0.disable_ipv6 = 1 in /etc/sysctl.conf

Edit 2: This is now happening at 3 different physical sites, all using different ISPs.
phideauxx
Posts: 17
Joined: 26 Feb 2015 18:21

Re: freshclam failing

Post by phideauxx »

We are having this same issue also running EFA 3.0.2.6. Also started March 1st. We are also unable to use any of the fixes above to resolve the issue.

Seems like changes were made to Clamav site as of that date. Seems like ClamAV 0.99.2 is not being supported any more and would need to update to 0.103.1. I'm not sure how to make that update happen on the EFA 3 system. Simple Yum updates don't seem to work.
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: freshclam failing

Post by AITCS »

Two months later and the issue still persists. Nothing we've tried has resolved the issues. Getting a bit anxious that we aren't getting updates any more.
Hopefully someone with more knowledge would be able to share. Thanks.
henk
Posts: 517
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: freshclam failing

Post by henk »

Hi AITCS,

As I use efa4 on Centos7 with ipv6 disabled for a while now and I think you should migrate asap too, will try to help on the EFA 3.0.2.6 issue.

Need to mention its longer then a week ago I used efa3, so all from memory..... ;)
We do not have an IPv6 enabled network, and CentOS is configured to disable IPv6 completely with net.ipv6.conf.eth0.disable_ipv6 = 1 in /etc/sysctl.conf
Did you use the efa-configure menu to disable ipv6?

As your efa is clearly trying to use ipv6 to resolve, checkout this post for some EFA4 settings related to IPV6.
Just setting net.ipv6.conf.eth0.disable_ipv6 = 1 in /etc/sysctl.conf is not enough.

viewtopic.php?t=3351

the clamav faq checks: https://www.clamav.net/documents/freshclam-faq
Last edited by henk on 10 May 2021 11:21, edited 2 times in total.
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
AITCS
Posts: 45
Joined: 13 Mar 2017 11:12

Re: freshclam failing

Post by AITCS »

Thanks henk. Currently battling with a failing VM server, so I'll check this out in a couple of days :pray:
Post Reply