Discussion:
daily.cvd update issue.
Nathan Gibbs
2011-07-19 14:48:43 UTC
Permalink
Log says
daily.cvd version from DNS: 13331

Followed by a failure to download.


http://www.clamav.net says
daily.cvd ver. 13328 released on 18 Jul 2011 05:14 :0400 (sig count: 155190)

Anyone else seeing this issue?

Thanks.
--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Michael Scheidell
2011-07-19 14:57:10 UTC
Permalink
Post by Nathan Gibbs
Log says
daily.cvd version from DNS: 13331
Followed by a failure to download.
works here.

Received signal: wake up
ClamAV update process started at Tue Jul 19 08:16:22 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
Downloading daily-13331.cdiff [100%]
daily.cld updated (version: 13331, sigs: 158126, f-level: 60, builder:
ccordes)
Downloading safebrowsing-30921.cdiff [100%]
safebrowsing.cld updated (version: 30921, sigs: 713915, f-level: 60,
builder: google)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60,
builder: edwin)
Database updated (1718296 signatures) from db.us.clamav.net (IP:
200.236.31.1)
Clamd successfully notified about the update.

freshclam -V
ClamAV 0.97.1/13331/Tue Jul 19 06:52:22 2011

su -m clamav -c 'freshclam -v'
Current working dir is /var/jails/basejail/var/db/clamav
Max retries == 3
ClamAV update process started at Tue Jul 19 10:56:31 2011
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.97.1
main.cvd version from DNS: 53
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
daily.cvd version from DNS: 13331
daily.cld is up to date (version: 13331, sigs: 158126, f-level: 60,
builder: ccordes)
safebrowsing.cvd version from DNS: 30924
Retrieving http://db.us.clamav.net/safebrowsing-30924.cdiff
Ignoring mirror 88.198.67.125 (due to previous errors)
Trying to download http://db.us.clamav.net/safebrowsing-30924.cdiff (IP:
200.236.31.1)
Downloading safebrowsing-30924.cdiff [100%]
cdiff_apply: Parsed 628 lines and executed 628 commands
Loading signatures from safebrowsing.cld
Properly loaded 714859 signatures from new safebrowsing.cld
safebrowsing.cld updated (version: 30924, sigs: 714859, f-level: 60,
builder: google)
Querying safebrowsing.30924.61.1.0.200.236.31.1.ping.clamav.net
bytecode.cvd version from DNS: 144
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60,
builder: edwin)
Database updated (1719240 signatures) from db.us.clamav.net (IP:
200.236.31.1)
Clamd successfully notified about the update.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
Post by Nathan Gibbs
*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Luca Gibelli
2011-07-19 15:20:06 UTC
Permalink
Hello Nathan,
Post by Nathan Gibbs
Log says
daily.cvd version from DNS: 13331
Followed by a failure to download.
can you post the full freshclam log?
Post by Nathan Gibbs
http://www.clamav.net says
daily.cvd ver. 13328 released on 18 Jul 2011 05:14 :0400 (sig count: 155190)
Anyone else seeing this issue?
There is a cache in front of the website, which is causing the lag
between the website and the actual daily.cvd release. I lowered the
expire timeout to 1h.

I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)

Best regards
--
Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Nathan Gibbs
2011-07-19 15:55:54 UTC
Permalink
Post by Luca Gibelli
Hello Nathan,
Post by Nathan Gibbs
Log says
daily.cvd version from DNS: 13331
Followed by a failure to download.
I wanted to be sure it wasn't a global issue.
It may be a local issue here.
I am testing a new CCEE patch set so I might have broken something in
freshclam.
:-)
Post by Luca Gibelli
can you post the full freshclam log?
Sure here it is.

Jul 19 15:05:19 host freshclam[22502]: ClamAV update process started at
Tue Jul 19 15:05:19 2011
Jul 19 15:05:19 host freshclam[22502]: Using IPv6 aware code
Jul 19 15:05:19 host freshclam[22502]: Querying current.cvd.clamav.net
Jul 19 15:05:19 host freshclam[22502]: TTL: 417
Jul 19 15:05:19 host freshclam[22502]: Software version from DNS: 0.97.1
Jul 19 15:05:19 host freshclam[22502]: main.cvd version from DNS: 53
Jul 19 15:05:19 host freshclam[22502]: main.cvd is up to date (version:
53, sigs: 846214, f-level: 53, builder: sven)
Jul 19 15:05:19 host freshclam[22502]: daily.cvd version from DNS: 13331
Jul 19 15:05:19 host freshclam[22502]: Retrieving
http://db.us.clamav.net/daily.cvd
Jul 19 15:05:20 host freshclam[22502]: Trying to download
http://db.us.clamav.net/daily.cvd (IP: 200.236.31.1)
Jul 19 15:05:33 host freshclam[22502]: Can't download daily.cvd from
db.us.clamav.net
Jul 19 15:05:33 host freshclam[22502]: Querying
daily.0.61.0.0.200.236.31.1.ping.clamav.net
Post by Luca Gibelli
Post by Nathan Gibbs
http://www.clamav.net says
daily.cvd ver. 13328 released on 18 Jul 2011 05:14 :0400 (sig count: 155190)
Anyone else seeing this issue?
There is a cache in front of the website, which is causing the lag
between the website and the actual daily.cvd release. I lowered the
expire timeout to 1h.
That explains why the versions didn't match.
:-)

Thanks.
--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Nathan Gibbs
2011-07-19 16:31:36 UTC
Permalink
Post by Nathan Gibbs
Post by Luca Gibelli
Hello Nathan,
Post by Nathan Gibbs
Log says
daily.cvd version from DNS: 13331
Followed by a failure to download.
I wanted to be sure it wasn't a global issue.
It may be a local issue here.
I am testing a new CCEE patch set so I might have broken something in
freshclam.
:-)
LOL
:-)

I broke my own freshclam.
Guilty as charged.

Thanks.
--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
Dan
2011-07-19 17:57:39 UTC
Permalink
Post by Luca Gibelli
Post by Nathan Gibbs
Anyone else seeing this issue?
There is a cache in front of the website, which is causing the lag
between the website and the actual daily.cvd release. I lowered the
expire timeout to 1h.
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
The feed saying 13334 is available is an hour+ old.

But I'm getting this:

ClamAV update process started at Tue Jul 19 13:40:36 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-13332.cdiff not found on remote server (IP:
69.163.100.14)
WARNING: getpatch: Can't download daily-13332.cdiff from database.clamav.net
Downloading daily-13332.cdiff [100%]
Downloading daily-13333.cdiff [100%]
daily.cld updated (version: 13333, sigs: 159245, f-level: 60, builder: ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60,
builder: edwin)
Database updated (1005500 signatures) from database.clamav.net (IP:
194.47.250.218)
Clamd successfully notified about the update.
--------------------------------------
ClamAV update process started at Tue Jul 19 13:55:26 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cld is up to date (version: 13333, sigs: 159245, f-level: 60,
builder: ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60,
builder: edwin)

fwiw,
- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2011-07-19 18:39:38 UTC
Permalink
Post by Dan
Post by Luca Gibelli
Post by Nathan Gibbs
Anyone else seeing this issue?
There is a cache in front of the website, which is causing the lag
between the website and the actual daily.cvd release. I lowered the
expire timeout to 1h.
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
The feed saying 13334 is available is an hour+ old.
ClamAV update process started at Tue Jul 19 13:40:36 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-13332.cdiff not found on remote server (IP: 69.163.100.14)
WARNING: getpatch: Can't download daily-13332.cdiff from database.clamav.net
Downloading daily-13332.cdiff [100%]
Downloading daily-13333.cdiff [100%]
daily.cld updated (version: 13333, sigs: 159245, f-level: 60, builder: ccordes)
What does 'host -t TXT current.cvd.clamav.net' output? Does it say :13334: or :13333:?
Also whats the TTL on it? Should be something like 15m, if larger your DNS server might be caching these entries longer than its supposed to.
Post by Dan
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)
Database updated (1005500 signatures) from database.clamav.net (IP: 194.47.250.218)
Clamd successfully notified about the update.
--------------------------------------
ClamAV update process started at Tue Jul 19 13:55:26 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
daily.cld is up to date (version: 13333, sigs: 159245, f-level: 60, builder: ccordes)
bytecode.cld is up to date (version: 144, sigs: 41, f-level: 60, builder: edwin)
fwiw,
- Dan.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dan
2011-07-20 13:14:45 UTC
Permalink
Post by Török Edwin
What does 'host -t TXT current.cvd.clamav.net'
output? Does it say :13334: or :13333:?
Also whats the TTL on it? Should be something
like 15m, if larger your DNS server might be
caching these entries longer than its supposed
to.
It was a few hours later, by the time I got your reply.

current.cvd.clamav.net descriptive text
"0.97.1:53:13335:1311107341:1:60:30929:144"


Ok. Today, it's doing it again, but with the
connect error instead of the file not found.

Twitter says:
clamav ClamAV
Daily CVD 13338 (sigs: 159451; new: 37 author:
ccordes) on 20 Jul 2011 08-46 -0400
17 minutes ago

Freshclam did this:

ClamAV update process started at Wed Jul 20 09:00:17 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
connect_error: getsockopt(SO_ERROR): fd=6 error=61: Connection refused
Can't connect to port 80 of host database.clamav.net (IP: 88.198.67.125)
Downloading daily-13336.cdiff [100%]
Downloading daily-13337.cdiff [100%]
daily.cld updated (version: 13337, sigs: 159414, f-level: 60, builder: guitar)
bytecode.cld is up to date (version: 144, sigs:
41, f-level: 60, builder: edwin)
Database updated (1005669 signatures) from
database.clamav.net (IP: 168.143.19.95)
Clamd successfully notified about the update.

And dig says:
current.cvd.clamav.net. 259 IN TXT
"0.97.1:53:13337:1311166444:1:60:30946:144"

- Dan.
--
- Psychoceramic Emeritus; South Jersey, USA, Earth.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Dennis Peterson
2011-07-19 20:02:26 UTC
Permalink
Post by Luca Gibelli
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
In my opinion, if twitter is a requirement for using ClamAV then this project is doomed. I don't see our 'business' endorsing our NOC playing with twitter as part of the job. I hope they don't read this list as I've just removed a lot of McAfee for Linux and replaced it with ClamAV instances in our production DC and I don't want to have to talk to them about twitter.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Török Edwin
2011-07-19 20:18:44 UTC
Permalink
Post by Dennis Peterson
Post by Luca Gibelli
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
In my opinion, if twitter is a requirement for using ClamAV then this project is doomed. I don't see our 'business' endorsing our NOC playing with twitter as part of the job. I hope they don't read this list as I've just removed a lot of McAfee for Linux and replaced it with ClamAV instances in our production DC and I don't want to have to talk to them about twitter.
It is not a requirement, you can check DNS (which is what freshclam does):

$ host -t TXT current.cvd.clamav.net
current.cvd.clamav.net descriptive text "0.97.1:53:13335:1311105238:1:60:30929:144"

Or if you're worried about stale DNS:
$ for i in `seq 3 7`; do host -t TXT current.cvd.clamav.net ns$i.clamav.net; done|grep text

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Nathan Gibbs
2011-07-19 21:13:14 UTC
Permalink
Post by Dennis Peterson
In my opinion, if twitter is a requirement for using ClamAV then
this project is doomed. I don't see our 'business' endorsing our NOC
playing with twitter as part of the job.
SNORT :-)
I was thinking that, but usually when I snarl in the general direction
of the clamav team, I make a fool of myself.
So, I sat on my hands till they cooled off.
:-)
Post by Dennis Peterson
I hope they don't read this list as I've just removed a lot of McAfee
for Linux and replaced it with ClamAV instances in our production DC
and I don't want to have to talk to them about twitter.
Yeah, You'd get all twitterpated explaining the business case for it,
then they'd get all twittery and confused.
:-)
--
Sincerely,

Nathan Gibbs

Systems Administrator
Christ Media
http://www.cmpublishers.com
George Kasica
2011-07-20 13:18:47 UTC
Permalink
Post by Dennis Peterson
In my opinion, if twitter is a requirement for using ClamAV then
this project is doomed. I don't see our 'business' endorsing our NOC
playing with twitter as part of the job.
There is ZERO chance of that getting allowed here. If this becomes a true
requirement to use clamav then we need to start looking for a replacement
for the 200+ Linux instances that are running. They are less then happy to
see a GPL/Free product out there now, become less happy when it went to
rsync to MANY foreign (Non-US) sites (used in a more or less random style
for the updates), this would just about put the nail in the coffin for it
here.

Please say that this is NOT happening, I really don't want to re-engineer
a solution because someone decides they like a social media tool for
support. It was hard enough getting the email lists allowed after 3 years
on my internal mail vs. home email.

_______________________________________
George R. Kasica | Systems Analyst – Technical Services | Mortgage
Guaranty Insurance Corporation
270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6491(work)
1.414.732.8503 (cell) | 7 1.888.601.4440 or 1.414.347.2601 (fax) | *
***@MGIC.com or ***@MGIC.com
P Please consider the environment before printing this email.

This message is intended for use only by the person(s) addressed above and
may contain privileged and confidential information. Disclosure or use of
this message by any other person is strictly prohibited. If this message
is received in error, please notify the sender immediately and delete this
message.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net
Tomasz Kojm
2011-07-20 13:28:57 UTC
Permalink
On Wed, 20 Jul 2011 08:18:47 -0500 George Kasica
Post by George Kasica
Post by Dennis Peterson
In my opinion, if twitter is a requirement for using ClamAV then
this project is doomed. I don't see our 'business' endorsing our NOC
playing with twitter as part of the job.
There is ZERO chance of that getting allowed here. If this becomes a true
requirement to use clamav then we need to start looking for a replacement
for the 200+ Linux instances that are running. They are less then happy to
see a GPL/Free product out there now, become less happy when it went to
rsync to MANY foreign (Non-US) sites (used in a more or less random style
for the updates), this would just about put the nail in the coffin for it
here.
Please say that this is NOT happening, I really don't want to re-engineer
a solution because someone decides they like a social media tool for
support. It was hard enough getting the email lists allowed after 3 years
on my internal mail vs. home email.
This is NOT happening. Twitter is just another way to deliver
information about the updates to our *users*, not to our software.
--
oo ..... Tomasz Kojm <***@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Wed Jul 20 15:26:51 CEST 2011
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Luca Gibelli
2011-07-20 19:32:37 UTC
Permalink
Hello George,
Post by George Kasica
Please say that this is NOT happening, I really don't want to re-engineer
a solution because someone decides they like a social media tool for
support. It was hard enough getting the email lists allowed after 3 years
on my internal mail vs. home email.
It's not a requirement.
--
Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jim Preston
2011-07-19 21:36:05 UTC
Permalink
Post by Dennis Peterson
Post by Luca Gibelli
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
In my opinion, if twitter is a requirement for using ClamAV then this project is doomed. I don't see our 'business' endorsing our NOC playing with twitter as part of the job. I hope they don't read this list as I've just removed a lot of McAfee for Linux and replaced it with ClamAV instances in our production DC and I don't want to have to talk to them about twitter.
dp
I have to agree, I have enough Social media to deal with in my work
without adding Twitter......
--
Jim Preston


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Mike Grau
2011-07-19 21:34:49 UTC
Permalink
Post by Dennis Peterson
Post by Luca Gibelli
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
In my opinion, if twitter is a requirement for using ClamAV then this project is doomed. I don't see our 'business' endorsing our NOC playing with twitter as part of the job. I hope they don't read this list as I've just removed a lot of McAfee for Linux and replaced it with ClamAV instances in our production DC and I don't want to have to talk to them about twitter.
+1
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Luca Gibelli
2011-07-19 23:02:34 UTC
Permalink
Hello Dennis,
Post by Dennis Peterson
Post by Luca Gibelli
I suggest that you rely on our twitter feed for real time info
(twitter.com/clamav)
In my opinion, if twitter is a requirement for using ClamAV then this project is doomed. I don't see our 'business' endorsing our NOC playing with twitter as part of the job. I hope they don't read this list as I've just removed a lot of McAfee for Linux and replaced it with ClamAV instances in our production DC and I don't want to have to talk to them about twitter.
It's not a requirement.

Best regards
--
Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Jan-Pieter Cornet
2011-07-19 21:58:55 UTC
Permalink
Post by Michael Scheidell
http://www.clamav.net/support/ml
What? If websites are a requirement for ClamAV then this project is doomed. I don't see our NOC surfin the interwebz as part of the job.

(Sarcasm alert).
--
Jan-Pieter Cornet <***@xs4all.nl>
"People are continuously reinventing the flat tyre".
Erwan David
2011-07-20 13:40:45 UTC
Permalink
Le Tue 19/07/2011, Jan-Pieter Cornet disait
Post by Jan-Pieter Cornet
Post by Michael Scheidell
http://www.clamav.net/support/ml
What? If websites are a requirement for ClamAV then this project is doomed. I don't see our NOC surfin the interwebz as part of the job.
(Sarcasm alert).
Websites do not require signing an illegal contract with a third-party.
(And twitter contract IS illegal with regards to EU privacy protection
directive)
--
Erwan
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Luca Gibelli
2011-07-20 19:33:18 UTC
Permalink
Hello Erwan,
Post by Erwan David
Post by Jan-Pieter Cornet
What? If websites are a requirement for ClamAV then this project is doomed. I don't see our NOC surfin the interwebz as part of the job.
(Sarcasm alert).
Websites do not require signing an illegal contract with a third-party.
(And twitter contract IS illegal with regards to EU privacy protection
directive)
twitter is not a requirement.

Best regards
--
Luca Gibelli (luca _at_ clamav.net) ClamAV, a GPL anti-virus toolkit
[Tel] +39 0187 1851862 [Fax] +39 0187 1852252 [IM] nervous/jabber.linux.it
PGP key id 5EFC5582 @ any key-server || http://www.clamav.net/gpg/luca.gpg
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
m***@smtp.fakessh.eu
2011-07-20 20:56:19 UTC
Permalink
Post by Luca Gibelli
Hello Erwan,
Post by Erwan David
Post by Jan-Pieter Cornet
What? If websites are a requirement for ClamAV then this project is
doomed. I don't see our NOC surfin the interwebz as part of the job.
(Sarcasm alert).
Websites do not require signing an illegal contract with a third-party.
(And twitter contract IS illegal with regards to EU privacy protection
directive)
twitter is not a requirement.
Best regards
the trip reporting LAW is some


as yes or not
--
 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
 gpg --keyserver pgp.mit.edu --recv-key 092164A7
Continue reading on narkive:
Loading...