nathan at cmpublishers
Oct 29, 2009, 9:08 AM
Post #3 of 4
(188 views)
Permalink
|
|
Re: Apparently Old .cld files block new .cvd updates. Security Fail ?
[In reply to]
|
|
* Tomasz Kojm wrote:
> On Thu, 29 Oct 2009 09:26:47 -0500 Nathan Gibbs
> <nathan[at]cmpublishers.com> wrote:
>
>> In the process of rolling out the new 0.95.3 upgrade, we noticed
>> several error messages about the virus DB's being out of date.
>> This was odd as our clam engines update from a local mirror that
>> pulls updates from the clamav infrastructure approx. every hour.
>> Upon further investigation, the outdated DB showed up in our
>> monitoring system and clamdtop. It appears that .cld files left
>> over from before the switch to a local mirror took precedence over
>> the newer .cvd files.
>
> The old .cld files don't take precedence, they get loaded together
> with the new .cvd files.
Ok, so we were running the newer cvd's although the engine was
displaying the older DB info.
> libclamav displays the outdated warning for each db separately.
>
Here are the warnings I got when manually restarted the clamd's after
the upgrade.
Oct 29 10:53:06 host1 clamd: LibClamAV Warning:
**************************************************
Oct 29 10:53:06 host1 clamd: LibClamAV Warning: *** The virus database
is older than 7 days! ***
Oct 29 10:53:06 host1 clamd: LibClamAV Warning: *** Please update it
as soon as possible. ***
Oct 29 10:53:06 host1 clamd: LibClamAV Warning:
**************************************************
It doesn't tell me where ( which file ) the problem is, just that I have
one.
I check the monitoring system to get more info and find.
System Status Engine DB Date
host1 Running 0.95.3 9874 Thu Oct 8 06:24:12 2009
Stats for host1 are POOLS: 1
host2 Running 0.95.3 9959 Thu Oct 8 06:24:12 2009
Stats for host2 are POOLS: 1
host3 Running 0.95.3 9959 Thu Oct 8 06:24:12 2009
Stats for host3 are POOLS: 1
host4 Running 0.95.3 9959 Thu Oct 29 02:55:08 2009
Stats for host4 are POOLS: 1
hostX Running 0.95.3 9961 Thu Oct 8 06:24:12 2009
Stats for hostX are POOLS: 1
...
etc.
host4 gets the updates from the clamav infrastructure. Everything else
gets them from host4. At that point, things didn't look good.
In summary, it looked really bad, but wasn't much of a big deal.
I crapped my pants for nothing. Time to go change:-)
LOL
>> 2. Modify the freshclam software to delete main.cld & daily.cld if
>> ScriptedUpdates is off.
>
> This can be done, please open a request at bugs.clamav.net
>
OK, will do.
--
But there's no sense crying over every mistake.
You just keep on trying till you run out of cake.
And the Science gets done.
And you make an income.
For the people who are still alive.
|
signature.asc
