Author Topic: Clamav does not update  (Read 1618 times)

erotavlas

  • Zen Apprentice
  • *
  • Posts: 40
  • Karma: +9/-0
    • View Profile
Clamav does not update
« on: September 18, 2019, 06:54:36 pm »
Hi,
I'm using zentyal 6.0.1 (ubuntu 18.04.3) and I installed clamav (0.100.3+dfsg-0ubuntu0.18.04.1) and clamtk (5.25-1), but I'm not able to update the clamav signature with freshclam as usual.
Code: [Select]
Wed Sep 18 18:46:20 2019 -> ClamAV update process started at Wed Sep 18 18:46:20 2019
Wed Sep 18 18:46:20 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Sep 18 18:46:20 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 18 18:46:20 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 18 18:46:20 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 18 18:46:25 2019 -> ^getfile: daily-25478.cdiff not found on db.local.clamav.net (IP: 104.16.219.84)
Wed Sep 18 18:46:25 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:25 2019 -> *Can't query daily.25478.93.0.0.6810DB54.ping.clamav.net
Wed Sep 18 18:46:26 2019 -> ^getfile: daily-25478.cdiff not found on db.local.clamav.net (IP: 104.16.218.84)
Wed Sep 18 18:46:26 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:26 2019 -> *Can't query daily.25478.93.0.0.6810DA54.ping.clamav.net
Wed Sep 18 18:46:26 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:27 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:27 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:46:27 2019 -> ^Incremental update failed, trying to download daily.cvd
Wed Sep 18 18:47:42 2019 -> nonblock_recv: recv timing out (30 secs)
Wed Sep 18 18:47:42 2019 -> ^getfile: Download interrupted: Operation now in progress (IP: 104.16.219.84)
Wed Sep 18 18:47:42 2019 -> ^Can't download daily.cvd from db.local.clamav.net
Wed Sep 18 18:47:42 2019 -> *Can't query daily.0.93.0.0.6810DB54.ping.clamav.net
Wed Sep 18 18:47:42 2019 -> Trying again in 5 secs...
Wed Sep 18 18:47:47 2019 -> ClamAV update process started at Wed Sep 18 18:47:47 2019
Wed Sep 18 18:47:48 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Sep 18 18:47:48 2019 -> ^Local version: 0.100.3 Recommended version: 0.101.4
Wed Sep 18 18:47:48 2019 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Wed Sep 18 18:47:48 2019 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Wed Sep 18 18:47:51 2019 -> ^getfile: daily-25478.cdiff not found on db.local.clamav.net (IP: 104.16.218.84)
Wed Sep 18 18:47:51 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:51 2019 -> *Can't query daily.25478.93.0.0.6810DA54.ping.clamav.net
Wed Sep 18 18:47:51 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^getpatch: Can't download daily-25478.cdiff from db.local.clamav.net
Wed Sep 18 18:47:52 2019 -> ^Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]

The process is repeated many times without success. I can only update the signature manually by downloading them from clamav Web site via wget (the same url present in /etc/clamav/freshclam).
I tried with a fresh install of zentyal 6.0.1 and the behaviour is the same. All works well under ubuntu 18.04.3 64 bit.
Moreover, the freshclam service does not start:
Code: [Select]
sudo systemctl status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; disabled; vendo
   Active: inactive (dead)
     Docs: man:freshclam(1)
           man:freshclam.conf(5)
           https://www.clamav.net/documents
lines 1-6/6 (END)...skipping...

Any idea about this? Could be a bug?
Thank you in advance

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: Clamav does not update
« Reply #1 on: September 19, 2019, 02:04:33 pm »
 :)

Could you please run this command in your Zentyal server ?

Code: [Select]
grep '104.16.218.84' /var/log/syslog*
(The goal of this command is to detect if your firewall is blocking the Cloudflare's IP address which uses ClamAV.)

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: Clamav does not update
« Reply #2 on: September 19, 2019, 03:42:49 pm »
 :)

Run this command too, please!

Code: [Select]
sudo freshclam --list-mirrors

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

erotavlas

  • Zen Apprentice
  • *
  • Posts: 40
  • Karma: +9/-0
    • View Profile
Re: Clamav does not update
« Reply #3 on: September 20, 2019, 10:58:24 am »
Code: [Select]
/var/log/syslog.1:Sep 20 00:03:35 servermeteo kernel: [110493.016384] zentyal-firewall drop IN= OUT=eth0 SRC=93.187.29.77 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23792 DF PROTO=TCP SPT=40100 DPT=80 WINDOW=12386 RES=0x00 ACK FIN URGP=0 MARK=0x1
/var/log/syslog.1:Sep 20 00:04:04 servermeteo kernel: [110521.432479] zentyal-firewall drop IN= OUT=eth0 SRC=93.187.29.77 DST=104.16.218.84 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=23793 DF PROTO=TCP SPT=40100 DPT=80 WINDOW=12386 RES=0x00 ACK FIN URGP=0 MARK=0x1

Code: [Select]
sudo freshclam --list-mirrors
Mirror #1
IP: 104.16.219.84
Successes: 2
Failures: 21
Last access: Fri Sep 20 01:07:58 2019
Ignore: No
-------------------------------------
Mirror #2
IP: 104.16.218.84
Successes: 0
Failures: 19
Last access: Fri Sep 20 01:07:14 2019
Ignore: No

At the moment I solved with this script and crontab:
Code: [Select]
#!/bin/bash

# update
#freshclam

FILES="main.cvd daily.cvd bytecode.cvd";

for F in ${FILES}; do
 sudo rm -f /var/lib/clamav/$F
 wget http://database.clamav.net/$F -P /var/lib/clamav
 sudo chown clamav:clamav /var/lib/clamav/$F
 sudo chmod 644 /var/lib/clamav/$F
done

Now the clamav-daemon run again properly.
« Last Edit: September 20, 2019, 11:00:30 am by erotavlas »