ClamAV daily update fail

bear · February 8, 2022, 11:20am

recently my clamAV daily update has been failing, any pointers where to look to fix this issue. Is there no mirrors.dat file any more? As its out of date can clamAV be totally updated. I have updated the daily.cvd manually as a temp fix.
Thank you

Last Status:
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.102.3 Recommended version: 0.103.5
    DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
    daily database available for update (local version: 26445, remote version: 26446)
    WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
    WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
    daily database available for update (local version: 26445, remote version: 26446)
    WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
    WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
    daily database available for update (local version: 26445, remote version: 26446)
    ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
    ERROR: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
    ERROR: Update failed for database: daily
    WARNING: fc_update_databases: fc_update_database failed: HTTP GET failed (11)
    ERROR: Database update process failed: HTTP GET failed (11)
    ERROR: Update failed.
    Received signal: wake up

d2d4j · February 8, 2022, 11:55am

Hi bear

I hope your well

These failures to update tend to be short lived and are not as a result of IW

ClamAV changed the way the updates are fetched a year or so ago

It should or its resolve itself usually within 24 hours or less

IW do update ClamAV version but I have noticed they seem to miss a version out before updating but it’s not an issue as current version is still in support with ClamAV and not EOL

Please do not setup any update process yourself for ClamAV as that will lead to ClamAV blocking your IP address and I would strongly advise you leave freshclam update timings as standard set by IW

Many thanks

John

Nico · February 8, 2022, 12:58pm

@bear @d2d4j
The problem is that our IPs getting blocked because of the many attempts to get the updates from the CDN and partly because one setting needs to be changed:

nano /etc/freshclam.conf
ScriptedUpdates yes

Setting “ScriptedUpdates yes” in /etc/freshclam.conf also greatly reduces network load by no longer downloading the entire database each time, but just downloading a diff, saving 90% of bandwidth.

you also could change the Checks to 4 instead of every 2 hours by default
[ perhaps another reason they block us]

Hope that helps, but you need to wait for your iP ‘whitelisted’ again.

Cheers,
Nico

bear · February 8, 2022, 3:40pm

thank you for your help and advice

Nico · February 8, 2022, 4:48pm

Hi Guys, @bear @d2d4j @IWorx-Jenna
Sorry just found this on the clamav blog!

We would also like to take this opportunity to remind users that versions 0.102 and 0.101 have reached their end-of-life period. These versions exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked from downloading signature database updates.

Since we have local version 0.102.3 we need to wait that Siteworx replaces our ClamAv with more up-to-date version.

d2d4j · February 8, 2022, 6:14pm

Hi nico

Many thanks

Sorry I must have missed that EOL and yes, that will be the reason for download failure

I think IW will push it out quickly hopefully

If not it’s not hard to update which if I have time later this week might have a look at

Many thanks

John

bear · February 8, 2022, 7:07pm

Hi Nico
That explains why have been having issues,
thank you

IWorx-Jenna · February 8, 2022, 7:53pm

Hello–

Thanks for letting us know about this! I’ll submit a ticket to update ClamAV, though I don’t have an ETA.

Thanks,
-Jenna

vince · February 8, 2022, 8:05pm

Hi @IWorx-Jenna !

As this version is EOL since Jan. 3, 2022 do you think that is possible to get a hotfix quickly?

Also, suggestion for a new feature: a monitor probe to check if the db update failed In the Interworx dashboard everything is “ok” even if that process fails.

Thanks!

IWorx-Jenna · February 8, 2022, 8:25pm

Once the update is complete, it should be able to be pushed through right away, yeah. I got a dev on the case, so it should be fairly quick, I just can’t give an exact ETA. I’ll update this post when it’s out, though.

I’m not sure what dashboard you are referring to. If you mean the NodeWorx Overview page, that just checks if the service, itself, is up or down. If you mean the System Health page, that also just is a problem detector that checks if the ClamAV service, itself, is running or stopped. There isn’t any kind of problem detector to check if the virus database has updated or not. I’ll submit a feature request for that, but I can’t make any guarantees. But that is a good idea. Probably would have brought this to our attention sooner if something like that existed.

vince · February 8, 2022, 8:36pm

It might not be usefull to be on any dashboard. As you said the Overview page and the System Health are not related to any kind of “process malfunction”. However, an alert through the problem detectors would definidly be a must! The monitor and alert system seems to already be in place and peoples can opt-out if they don’t want to receive it

Exactly what I thought! I don’t personally check every logs on a regular basis and I suspect I’m not the only one! (Thanks @bear for this one! ). I rely on the systems that are supposed to “flag” and “report” those kind of problems…

IWorx-Jenna · February 8, 2022, 11:03pm

Hello folks!

The update to ClamAV 0.1.3.5 was just pushed to the Beta channels for IW6 and IW7. They will be pushed to the Release Candidate and Release channels most likely tomorrow, or the next day. But in the meantime, you can update using the following:

If IW6, run:

yum --enablerepo interworx-beta update clamav

If IW7, run:

yum --enablerepo interworx-7-beta update clamav

You may need to do a yum clean all first.

(We will be updating to 0.1.4.2, but there were some config changes in that version, which will take a bit more time, so we made this intermediary update to get everyone back up and running with updated virus databases as quickly as possible )

vince · February 8, 2022, 11:18pm

Thanks a lot! I will do the update tonight!

I would suggest to stick to 0.103.x until the next ClamAV LTS version (which should be around 2023). That would minimize the chances to have an other situation like this one.

bear · February 9, 2022, 9:24am

Good day to you all and thank you for the update and to devs sorting clamav update so quickly.

Just a small observation.
Updated ClamAV but noticed in IW6 - Mail Server Management - Virus Filtering.
daily.cld is missing from the database Virus Definition Information ?
May be because the name has changed from daily.cvd to daily.cld (cvd to cld part)

IW6 also auto updated last night, all good

Nico · February 9, 2022, 9:55am

@bear Hiya,
Perhaps you where logged in when updating, try logout and look again, or did you forget to restart clamd?

Nico

bear · February 9, 2022, 10:25am

is that from clamAV 103.5 as the daily has not updated to latest?

yes restarted and cleared cache etc after update clamAV to 103.5
Checked logs and updating now without error but as i said previously daily file has changed name.
daily.cld database is up-to-date

Nico · February 9, 2022, 10:47am

@bear,
Yes my version is 103.5
Please check if your spamfiltering [spamassassin] is stopped?

It is updated now, but as explained , i used those 2 settings [see mentioned previous] so it only checks 4 times a day

Hope that explains.

bear · February 9, 2022, 1:28pm

sorted, stopped clamav and freshclam, deleted main and daily files then restarted. finally ran freshclam -v
seems to have sorted its self out, was downloading uncompressed files for some reason.