Nevermind my previous question. I see that you identified that the issue was a result of Little Snitch settings.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Sep 7, 2018, at 11:26 AM, Micah Snyder (micasnyd) <***@cisco.com<mailto:***@cisco.com>> wrote:

At present, long-term ignore time is 72 hours and the short-term ignore time is 6 hours. The logic in freshclam to determine if it should ignore for the long-term or short-term length depends on what kind of error occurs and how many errors occur.

I am looking into reducing the timeout length, and simplifying some of the logic.

What version of macOS are you using? 10.10 reportedly had some issues with DNS lookups, though I don't know the specifics.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Sep 5, 2018, at 5:03 AM, Al Varnell <***@mac.com<mailto:***@mac.com>> wrote:

As previously observed, depending on installation permissions, some of us need sudo and others do not.

Anytime you see "Ignoring mirror xxx.xxx.xxx.xxx (due to previous errors)" for all available mirrors, you must trash mirrors.dat or wait for some amount of time (unknown to me) in order to recover.

-Al-

On Wed, Sep 05, 2018 at 01:33 AM, Michael Newman wrote:
This is on a Mac with a MacPorts ClamAV installation.

I previously reported that if I ran freshclam as root it failed, but worked if I ran it as me.

Now I have the exact opposite situation. It fails if I run it as me, but works if I run as root.

If I don’t use sudo, the first error I get is this:

Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Can't query current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Invalid DNS reply. Falling back to HTTP mode.

(Followed by many, many more. See below.)

If I use sudo, that error never appears.

I think this must be some sort of DNS error, but I have no idea what it might be or how to fix it.

The following works fine:

MrMuscle:clamav mnewman$ host -t txt current.cvd.clamav.net<http://current.cvd.clamav.net/>
current.cvd.clamav.net<http://current.cvd.clamav.net/> descriptive text "0.100.1:58:24903:1536132540:1:63:47832:327"

This started failing while I was away on vacation. Nothing was changed on the machine while I was away.

FWIW, I’m using Google’s DNS servers. I live in Thailand and they seem to be the fastest.

I changed permissions on the database files as follows:

MrMuscle:clamav mnewman$ pwd
/opt/local/share/clamav
MrMuscle:clamav mnewman$ ls -lea
total 329448
drwxrwxrwx 7 _clamav _clamav 224 Sep 5 15:19 .
drwxrwxr-x 115 root wheel 3680 Aug 19 10:14 ..
-rw-rw-rw- 1 _clamav _clamav 187426 Aug 19 11:08 bytecode.cvd
-rw-rw-rw- 1 _clamav _clamav 50109025 Sep 5 14:50 daily.cvd
-rw-rw-rw-@ 1 _clamav _clamav 52 Aug 22 05:48 local.ign2
-rw-rw-rw- 1 _clamav _clamav 117892267 Aug 19 11:08 main.cvd
-rw-rw-rw- 1 _clamav _clamav 260 Sep 5 15:19 mirrors.dat

I’m appending the verbose output of freshclam when run without and with sudo:

MrMuscle:bin mnewman$ /opt/local/bin/freshclam -v
Current working dir is /opt/local/share/clamav
Max retries == 3
ClamAV update process started at Wed Sep 5 14:49:53 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Can't query current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): nonblock_connect: connect(): fd=7 errno=64: Host is down
Can't connect to port 80 of host db.US.clamav.net<http://db.us.clamav.net/> (IP: 104.16.188.138)
nonblock_connect: connect(): fd=7 errno=64: Host is down
Can't connect to port 80 of host db.US.clamav.net<http://db.us.clamav.net/> (IP: 104.16.186.138)
Ignoring mirror 104.16.188.138 (due to previous errors)
Trying host db.US.clamav.net<http://db.us.clamav.net/> (104.16.187.138)...
nonblock_connect: connect(): fd=7 errno=64: Host is down
Can't connect to port 80 of host db.US.clamav.net<http://db.us.clamav.net/> (IP: 104.16.187.138)
Trying host db.US.clamav.net<http://db.us.clamav.net/> (104.16.185.138)...
nonblock_connect: connect(): fd=7 errno=64: Host is down
Can't connect to port 80 of host db.US.clamav.net<http://db.us.clamav.net/> (IP: 104.16.185.138)
Trying host db.US.clamav.net<http://db.us.clamav.net/> (104.16.189.138)...
nonblock_connect: connect(): fd=7 errno=64: Host is down
Can't connect to port 80 of host db.US.clamav.net<http://db.us.clamav.net/> (IP: 104.16.189.138)
WARNING: Can't read main.cvd header from db.US.clamav.net<http://db.us.clamav.net/> (IP: )
Trying again in 5 secs...
ClamAV update process started at Wed Sep 5 14:49:58 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Can't query current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.185.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
WARNING: Can't read main.cvd header from db.US.clamav.net<http://db.us.clamav.net/> (IP: )
Trying again in 5 secs...
ClamAV update process started at Wed Sep 5 14:50:03 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Can't query current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.185.138 (due to previous errors)
Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
WARNING: Can't read main.cvd header from db.US.clamav.net<http://db.us.clamav.net/> (IP: )
Giving up on db.US.clamav.net<http://db.us.clamav.net/>...
ClamAV update process started at Wed Sep 5 14:50:03 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Can't query current.cvd.clamav.net<http://current.cvd.clamav.net/>
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.185.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
WARNING: Can't read main.cvd header from database.clamav.net<http://database.clamav.net/> (IP: )
Giving up on database.clamav.net<http://database.clamav.net/>...
Update failed. Your network may be down or none of the mirrors listed in /opt/local/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.



MrMuscle:bin mnewman$ sudo /opt/local/bin/freshclam -v
Password:
Current working dir is /opt/local/share/clamav
Max retries == 3
ClamAV update process started at Wed Sep 5 14:50:16 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/>
TTL: 591
Software version from DNS: 0.100.1
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 24903
Retrieving http://db.US.clamav.net/daily-24903.cdiff<http://db.us.clamav.net/daily-24903.cdiff>
Ignoring mirror 104.16.185.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.185.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
WARNING: getpatch: Can't download daily-24903.cdiff from db.US.clamav.net<http://db.us.clamav.net/>
Retrieving http://db.US.clamav.net/daily-24903.cdiff<http://db.us.clamav.net/daily-24903.cdiff>
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.185.138 (due to previous errors)
WARNING: getpatch: Can't download daily-24903.cdiff from db.US.clamav.net<http://db.us.clamav.net/>
Retrieving http://db.US.clamav.net/daily-24903.cdiff<http://db.us.clamav.net/daily-24903.cdiff>
Ignoring mirror 104.16.185.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.189.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
WARNING: getpatch: Can't download daily-24903.cdiff from db.US.clamav.net<http://db.us.clamav.net/>
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://db.US.clamav.net/daily.cvd<http://db.us.clamav.net/daily.cvd>
Trying to download http://db.US.clamav.net/daily.cvd<http://db.us.clamav.net/daily.cvd> (IP: 104.16.188.138)
Downloading daily.cvd [100%]
Loading signatures from daily.cvd
Properly loaded 2074942 signatures from new daily.cvd
daily.cvd updated (version: 24903, sigs: 2074942, f-level: 63, builder: neo)
Querying daily.24903.92.1.0.6810BC8A.ping.clamav.net
bytecode.cvd version from DNS: 327
bytecode.cvd is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
Database updated (6641282 signatures) from db.US.clamav.net<http://db.us.clamav.net/> (IP: 104.16.188.138)
Clamd successfully notified about the update.


_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net<mailto:clamav-***@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-Al-
--
Al Varnell
Mountain View, CA




_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net<mailto:clamav-***@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml