Author Topic: Clamav does not update  (Read 556 times)

erotavlas

  • Zen Apprentice
  • *
  • Posts: 28
  • Karma: +3/-0
    • View Profile
Clamav does not update
« on: September 18, 2019, 06:54:36 pm »
Hi,
I'm using zentyal 6.0.1 (ubuntu 18.04.3) and I installed clamav (0.100.3+dfsg-0ubuntu0.18.04.1) and clamtk (5.25-1), but I'm not able to update the clamav signature with freshclam as usual.
Code: [Select]
Wed Sep 18 18:46:20 2019 -> ClamAV update process started at Wed Sep 18 18:46:20 2019
Wed Sep 18 18:46:20 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Sep 18 18:46:20 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 18 18:46:20 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 18 18:46:20 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 18 18:46:25 2019 -> ^getfile: daily-25478.cdiff not found on db.local.clamav.net (IP: 104.16.219.84)
Wed Sep 18 18:46:25 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:25 2019 -> *Can't query daily.25478.93.0.0.6810DB54.ping.clamav.net
Wed Sep 18 18:46:26 2019 -> ^getfile: daily-25478.cdiff not found on db.local.clamav.net (IP: 104.16.218.84)
Wed Sep 18 18:46:26 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:26 2019 -> *Can't query daily.25478.93.0.0.6810DA54.ping.clamav.net
Wed Sep 18 18:46:26 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:27 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:27 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:27 2019 -> ^Incremental update failed, trying to download daily.cvd
Wed Sep 18 18:47:42 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 18 18:47:42 2019 -> ^getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 18 18:47:42 2019 -> ^Can't download daily.cvd from db.local.clamav.net
Wed Sep 18 18:47:42 2019 -> *Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 18 18:47:42 2019 -> Trying again in 5 secs...
Wed Sep 18 18:47:47 2019 -> ClamAV update process started at Wed Sep 18 18:47:47 2019
Wed Sep 18 18:47:48 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Sep 18 18:47:48 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 18 18:47:48 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 18 18:47:48 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 18 18:47:51 2019 -> ^getfile: daily-25478.cdiff not found on db.local.clamav.net (IP: 104.16.218.84)
Wed Sep 18 18:47:51 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:51 2019 -> *Can't query daily.25478.93.0.0.6810DA54.ping.clamav.net
Wed Sep 18 18:47:51 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]

The process is repeated many times without success. I can only update the signature manually by downloading them from clamav Web site via wget (the same url present in /etc/clamav/freshclam).
I tried with a fresh install of zentyal 6.0.1 and the behaviour is the same. All works well under ubuntu 18.04.3 64 bit.
Moreover, the freshclam service does not start:
Code: [Select]
sudo systemctl status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; disabled; vendo
   Active: inactive (dead)
     Docs: man:freshclam(1)
           man:freshclam.conf(5)
           https://www.clamav.net/documents
lines 1-6/6 (END)...skipping...

Any idea about this? Could be a bug?
Thank you in advance

doncamilo

  • Zen Samurai
  • ****
  • Posts: 392
  • Karma: +112/-1
    • View Profile
Re: Clamav does not update
« Reply #1 on: September 19, 2019, 02:04:33 pm »
 :)

Could you please run this command in your Zentyal server ?

Code: [Select]
grep '104.16.218.84' /var/log/syslog*
(The goal of this command is to detect if your firewall is blocking the Cloudflare's IP address which uses ClamAV.)

Cheers!
"Tanta salud goces como bondad abrigues en tu corazón"

Don Camilo.

"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

doncamilo

  • Zen Samurai
  • ****
  • Posts: 392
  • Karma: +112/-1
    • View Profile
Re: Clamav does not update
« Reply #2 on: September 19, 2019, 03:42:49 pm »
 :)

Run this command too, please!

Code: [Select]
sudo freshclam --list-mirrors

Cheers!
"Tanta salud goces como bondad abrigues en tu corazón"

Don Camilo.

"That place... is strong with the
dark side of the Force.  A domain
of evil it is.  In you must go."

Yoda.

erotavlas

  • Zen Apprentice
  • *
  • Posts: 28
  • Karma: +3/-0
    • View Profile
Re: Clamav does not update
« Reply #3 on: September 20, 2019, 10:58:24 am »
Code: [Select]
/var/log/syslog.1:Sep 20 00:03:35 servermeteo kernel: [110493.016384] zentyal-firewall drop IN= OUT=eth0 SRC=93.187.29.77 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23792 DF PROTO=TCP SPT=40100 DPT=80 WINDOW=12386 RES=0x00 ACK FIN URGP=0 MARK=0x1
/var/log/syslog.1:Sep 20 00:04:04 servermeteo kernel: [110521.432479] zentyal-firewall drop IN= OUT=eth0 SRC=93.187.29.77 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23793 DF PROTO=TCP SPT=40100 DPT=80 WINDOW=12386 RES=0x00 ACK FIN URGP=0 MARK=0x1

Code: [Select]
sudo freshclam --list-mirrors
Mirror #1
IP: 104.16.219.84
Successes: 2
Failures: 21
Last access: Fri Sep 20 01:07:58 2019
Ignore: No
-------------------------------------
Mirror #2
IP: 104.16.218.84
Successes: 0
Failures: 19
Last access: Fri Sep 20 01:07:14 2019
Ignore: No

At the moment I solved with this script and crontab:
Code: [Select]
#!/bin/bash

# update
#freshclam

FILES="main.cvd daily.cvd bytecode.cvd";

for F in ${FILES}; do
 sudo rm -f /var/lib/clamav/$F
 wget http://database.clamav.net/$F -P /var/lib/clamav
 sudo chown clamav:clamav /var/lib/clamav/$F
 sudo chmod 644 /var/lib/clamav/$F
done

Now the clamav-daemon run again properly.
« Last Edit: September 20, 2019, 11:00:30 am by erotavlas »