recently my clamAV daily update has been failing, any pointers where to look to fix this issue. Is there no mirrors.dat file any more? As its out of date can clamAV be totally updated. I have updated the daily.cvd manually as a temp fix.
Thank you
Last Status:
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.102.3 Recommended version: 0.103.5
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 26445, remote version: 26446)
WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
daily database available for update (local version: 26445, remote version: 26446)
WARNING: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
WARNING: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
daily database available for update (local version: 26445, remote version: 26446)
ERROR: downloadFile: Unexpected response (403) from https://database.clamav.net/daily.cvd
ERROR: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
ERROR: Update failed for database: daily
WARNING: fc_update_databases: fc_update_database failed: HTTP GET failed (11)
ERROR: Database update process failed: HTTP GET failed (11)
ERROR: Update failed.
Received signal: wake up
These failures to update tend to be short lived and are not as a result of IW
ClamAV changed the way the updates are fetched a year or so ago
It should or its resolve itself usually within 24 hours or less
IW do update ClamAV version but I have noticed they seem to miss a version out before updating but itās not an issue as current version is still in support with ClamAV and not EOL
Please do not setup any update process yourself for ClamAV as that will lead to ClamAV blocking your IP address and I would strongly advise you leave freshclam update timings as standard set by IW
@bear@d2d4j
The problem is that our IPs getting blocked because of the many attempts to get the updates from the CDN and partly because one setting needs to be changed:
nano /etc/freshclam.conf
ScriptedUpdates yes
Setting āScriptedUpdates yesā in /etc/freshclam.conf also greatly reduces network load by no longer downloading the entire database each time, but just downloading a diff, saving 90% of bandwidth.
you also could change the Checks to 4 instead of every 2 hours by default
[ perhaps another reason they block us]
Hope that helps, but you need to wait for your iP āwhitelistedā again.
We would also like to take this opportunity to remind users that versions 0.102 and 0.101 have reached their end-of-life period. These versions exceeded our EOL dates on Jan. 3, 2022 and will soon be actively blocked from downloading signature database updates.
Since we have local version 0.102.3 we need to wait that Siteworx replaces our ClamAv with more up-to-date version.
As this version is EOL since Jan. 3, 2022 do you think that is possible to get a hotfix quickly?
Also, suggestion for a new feature: a monitor probe to check if the db update failed In the Interworx dashboard everything is āokā even if that process fails.
Once the update is complete, it should be able to be pushed through right away, yeah. I got a dev on the case, so it should be fairly quick, I just canāt give an exact ETA. Iāll update this post when itās out, though.
Iām not sure what dashboard you are referring to. If you mean the NodeWorx Overview page, that just checks if the service, itself, is up or down. If you mean the System Health page, that also just is a problem detector that checks if the ClamAV service, itself, is running or stopped. There isnāt any kind of problem detector to check if the virus database has updated or not. Iāll submit a feature request for that, but I canāt make any guarantees. But that is a good idea. Probably would have brought this to our attention sooner if something like that existed.
It might not be usefull to be on any dashboard. As you said the Overview page and the System Health are not related to any kind of āprocess malfunctionā. However, an alert through the problem detectors would definidly be a must! The monitor and alert system seems to already be in place and peoples can opt-out if they donāt want to receive it
Exactly what I thought! I donāt personally check every logs on a regular basis and I suspect Iām not the only one! (Thanks @bear for this one! ). I rely on the systems that are supposed to āflagā and āreportā those kind of problemsā¦
The update to ClamAV 0.1.3.5 was just pushed to the Beta channels for IW6 and IW7. They will be pushed to the Release Candidate and Release channels most likely tomorrow, or the next day. But in the meantime, you can update using the following:
If IW6, run:
yum --enablerepo interworx-beta update clamav
If IW7, run:
yum --enablerepo interworx-7-beta update clamav
You may need to do a yum clean all first.
(We will be updating to 0.1.4.2, but there were some config changes in that version, which will take a bit more time, so we made this intermediary update to get everyone back up and running with updated virus databases as quickly as possible )
I would suggest to stick to 0.103.x until the next ClamAV LTS version (which should be around 2023). That would minimize the chances to have an other situation like this one.
Good day to you all and thank you for the update and to devs sorting clamav update so quickly.
Just a small observation.
Updated ClamAV but noticed in IW6 - Mail Server Management - Virus Filtering.
daily.cld is missing from the database Virus Definition Information ?
May be because the name has changed from daily.cvd to daily.cld (cvd to cld part)
is that from clamAV 103.5 as the daily has not updated to latest?
yes restarted and cleared cache etc after update clamAV to 103.5
Checked logs and updating now without error but as i said previously daily file has changed name.
daily.cld database is up-to-date
sorted, stopped clamav and freshclam, deleted main and daily files then restarted. finally ran freshclam -v
seems to have sorted its self out, was downloading uncompressed files for some reason.