Mailing List Archive: ClamAV: users

Freshclam updates failing

1 2

View All

Index | Next | Previous | View Threaded

denismfmcmahon at gmail

Jun 21, 2013, 5:45 AM

Post #1 of 26 (364 views)
Permalink

Freshclam updates failing

Log at:

http://www.sined.co.uk/tmp/freshclam.log.htm

All the tests suggested at:

https://github.com/vrtadmin/clamav-faq/blob/master/mirrors/MirrorProblems.md

appear to suggest that my dns is fine (these are included in the log). I
have another machine on the LAN which updates fine.

I did a sudo apt-get purge of clamav and related files, rm -rf of
/etc/clamav and /var/lib/clamav, and then reinstalled, and the problem
persists.

Any additional checks that could be suggested beyond those in the above
trouble shooting document would be appreciated.

Rgds

Denis McMahon
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

swebb at sourcefire

Jun 21, 2013, 7:04 AM

Post #2 of 26 (347 views)
Permalink

Re: Freshclam updates failing [In reply to]

On Fri, Jun 21, 2013 at 8:45 AM, Denis McMahon <denismfmcmahon [at] gmail>wrote:

> Log at:
>
> http://www.sined.co.uk/tmp/freshclam.log.htm
>
> All the tests suggested at:
>
>
> https://github.com/vrtadmin/clamav-faq/blob/master/mirrors/MirrorProblems.md
>
>
> appear to suggest that my dns is fine (these are included in the log). I
> have another machine on the LAN which updates fine.
>
> I did a sudo apt-get purge of clamav and related files, rm -rf of
> /etc/clamav and /var/lib/clamav, and then reinstalled, and the problem
> persists.
>
> Any additional checks that could be suggested beyond those in the above
> trouble shooting document would be appreciated.
>
> Rgds
>
> Denis McMahon
>

Hey Denis,

Can you paste your freshclam.conf file? I suspect something is wrong with
your DNS server, but we can run through some basic debugging steps first.
I'll need to know how your Freshclam instance is configured in order to do
those debugging steps.

Thanks,

Shawn
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 21, 2013, 7:36 AM

Post #3 of 26 (346 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 21/06/13 15:04, Shawn Webb wrote:
> On Fri, Jun 21, 2013 at 8:45 AM, Denis McMahon <denismfmcmahon [at] gmail>wrote:
>
>> Log at:
>>
>> http://www.sined.co.uk/tmp/freshclam.log.htm
>>
>> All the tests suggested at:
>>
>> https://github.com/vrtadmin/clamav-faq/blob/master/mirrors/MirrorProblems.md
>>
>> appear to suggest that my dns is fine (these are included in the log). I
>> have another machine on the LAN which updates fine.
>>
>> I did a sudo apt-get purge of clamav and related files, rm -rf of
>> /etc/clamav and /var/lib/clamav, and then reinstalled, and the problem
>> persists.
>>
>> Any additional checks that could be suggested beyond those in the above
>> trouble shooting document would be appreciated.

> Can you paste your freshclam.conf file? I suspect something is wrong with
> your DNS server, but we can run through some basic debugging steps first.
> I'll need to know how your Freshclam instance is configured in order to do
> those debugging steps.

$ cat /etc/clamav/freshclam.conf
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dennispe at inetnw

Jun 21, 2013, 8:10 PM

Post #4 of 26 (341 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 6/21/13 5:45 AM, Denis McMahon wrote:

>
> appear to suggest that my dns is fine (these are included in the log). I
> have another machine on the LAN which updates fine.
>

>
> Denis McMahon

What do you get if you run freshclam --list-mirrors ?

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 22, 2013, 5:52 AM

Post #5 of 26 (340 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 22/06/13 04:10, Dennis Peterson wrote:
> On 6/21/13 5:45 AM, Denis McMahon wrote:

>> appear to suggest that my dns is fine (these are included in the log). I
>> have another machine on the LAN which updates fine.

> What do you get if you run freshclam --list-mirrors ?

$ sudo freshclam --list-mirrors
Can't read mirrors.dat
$

Rgds

Denis
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

tshaw at oitc

Jun 22, 2013, 5:55 AM

Post #6 of 26 (340 views)
Permalink

Re: Freshclam updates failing [In reply to]

On Jun 22, 2013, at 8:52 AM, Denis McMahon wrote:

> On 22/06/13 04:10, Dennis Peterson wrote:
>> On 6/21/13 5:45 AM, Denis McMahon wrote:
>
>>> appear to suggest that my dns is fine (these are included in the log). I
>>> have another machine on the LAN which updates fine.
>
>> What do you get if you run freshclam --list-mirrors ?
>
> $ sudo freshclam --list-mirrors
> Can't read mirrors.dat
> $

Permissions?

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

swebb at sourcefire

Jun 22, 2013, 5:58 AM

Post #7 of 26 (337 views)
Permalink

Re: Freshclam updates failing [In reply to]

On Sat, Jun 22, 2013 at 8:52 AM, Denis McMahon <denismfmcmahon [at] gmail>wrote:

> On 22/06/13 04:10, Dennis Peterson wrote:
> > On 6/21/13 5:45 AM, Denis McMahon wrote:
>
> >> appear to suggest that my dns is fine (these are included in the log). I
> >> have another machine on the LAN which updates fine.
>
> > What do you get if you run freshclam --list-mirrors ?
>
> $ sudo freshclam --list-mirrors
> Can't read mirrors.dat
> $
>

Can you paste the output of this command: dig +short txt
current.cvd.clamav.net

Thanks,

Shawn
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 22, 2013, 6:59 AM

Post #8 of 26 (339 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 22/06/13 13:58, Shawn Webb wrote:
> On Sat, Jun 22, 2013 at 8:52 AM, Denis McMahon <denismfmcmahon [at] gmail>wrote:

>> On 22/06/13 04:10, Dennis Peterson wrote:
>>> On 6/21/13 5:45 AM, Denis McMahon wrote:

>>>> appear to suggest that my dns is fine (these are included in the log). I
>>>> have another machine on the LAN which updates fine.

>>> What do you get if you run freshclam --list-mirrors ?

>> $ sudo freshclam --list-mirrors
>> Can't read mirrors.dat
>> $

> Can you paste the output of this command: dig +short txt
> current.cvd.clamav.net

$ dig +short txt current.cvd.clamav.net
"0.97.8:54:17396:1371907740:1:63:40661:214"
$

Rgds

Denis
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 22, 2013, 7:01 AM

Post #9 of 26 (341 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 22/06/13 13:55, TR Shaw wrote:
>
> On Jun 22, 2013, at 8:52 AM, Denis McMahon wrote:
>
>> On 22/06/13 04:10, Dennis Peterson wrote:
>>> On 6/21/13 5:45 AM, Denis McMahon wrote:
>>
>>>> appear to suggest that my dns is fine (these are included in the log). I
>>>> have another machine on the LAN which updates fine.
>>
>>> What do you get if you run freshclam --list-mirrors ?
>>
>> $ sudo freshclam --list-mirrors
>> Can't read mirrors.dat
>> $

> Permissions?

$ sudo find / -name mirrors.dat

returned nothing

I purged the old installation and fresh installed to try and solve this,
so there's been no successful update since the reinstall.

If the install is meant to generate a mirrors.dat, then something failed
in the install ... install was done with root privs so I doubt it didn't
have permission to write the file?

Rgds

Denis

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

bonivart at opencsw

Jun 22, 2013, 7:50 AM

Post #10 of 26 (339 views)
Permalink

Re: Freshclam updates failing [In reply to]

On Sat, Jun 22, 2013 at 2:55 PM, TR Shaw <tshaw [at] oitc> wrote:
>
> On Jun 22, 2013, at 8:52 AM, Denis McMahon wrote:
>
>> On 22/06/13 04:10, Dennis Peterson wrote:
>>> On 6/21/13 5:45 AM, Denis McMahon wrote:
>>
>>>> appear to suggest that my dns is fine (these are included in the log). I
>>>> have another machine on the LAN which updates fine.
>>
>>> What do you get if you run freshclam --list-mirrors ?
>>
>> $ sudo freshclam --list-mirrors
>> Can't read mirrors.dat
>> $
>
>
> Permissions?

SELinux or similar?
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 22, 2013, 9:08 AM

Post #11 of 26 (340 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 22/06/13 15:50, Peter Bonivart wrote:
> On Sat, Jun 22, 2013 at 2:55 PM, TR Shaw <tshaw [at] oitc> wrote:
>>
>> On Jun 22, 2013, at 8:52 AM, Denis McMahon wrote:
>>
>>> On 22/06/13 04:10, Dennis Peterson wrote:
>>>> On 6/21/13 5:45 AM, Denis McMahon wrote:
>>>
>>>>> appear to suggest that my dns is fine (these are included in the log). I
>>>>> have another machine on the LAN which updates fine.
>>>
>>>> What do you get if you run freshclam --list-mirrors ?
>>>
>>> $ sudo freshclam --list-mirrors
>>> Can't read mirrors.dat
>>> $

>> Permissions?

> SELinux or similar?

Not as far as I know:

$ sestatus
The program 'sestatus' is currently not installed. You can install it
by typing:
sudo apt-get install policycoreutils
$

$ sudo find / -name mirrors.dat

..... nothing

Rgds

Denis

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dennispe at inetnw

Jun 22, 2013, 9:36 AM

Post #12 of 26 (338 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 6/22/13 9:08:48AM, Denis McMahon wrote:
> $ sudo find / -name mirrors.dat ..... nothing

> Rgds Denis

Show the output of these commands:
id clamav
ls -ld /var/lib/clamav
ls -l /var/lib/clamav/
clamconf

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 22, 2013, 11:01 AM

Post #13 of 26 (339 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 22/06/13 17:36, Dennis Peterson wrote:
> On 6/22/13 9:08:48AM, Denis McMahon wrote:
>> $ sudo find / -name mirrors.dat ..... nothing
>
>> Rgds Denis
>
> Show the output of these commands:
> id clamav
> ls -ld /var/lib/clamav
> ls -l /var/lib/clamav/
> clamconf

$ id clamav
uid=107(clamav) gid=121(clamav) groups=121(clamav)
$ ls -ld /var/lib/clamav
drwxr-xr-x 2 clamav clamav 4096 Jun 22 18:54 /var/lib/clamav
$ ls -l /var/lib/clamav/
total 0
$ clamconf
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
ClamAuth disabled
ClamukoScanOnAccess disabled
ClamukoScannerCount = "3"
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoExcludeUID disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled
DevLiblog disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.97.8
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
BZIP2 RAR JIT

Database information
--------------------
Database directory: /var/lib/clamav
Total number of signatures: 0

Platform information
--------------------
uname: Linux 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:45:16 UTC 2013
i686
OS: linux-gnu, ARCH: i386, CPU: i686
Full OS version: Ubuntu 12.04.2 LTS
zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55
Triple: i386-pc-linux-gnu
CPU: athlon-tbird, Little-endian
platform id: 0x0a1145450404060301040603

Build information
-----------------
GNU C: 4.6.3 (4.6.3)
GNU C++: 4.6.3 (4.6.3)
CPPFLAGS: -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security -Wall
CXXFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Wformat-security -Werror=format-security -Wall
LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro
Configure: 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
-Wformat -Wformat-security -Werror=format-security -Wall'
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Wformat-security
-Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions
-Wl,-z,relro' '--build=i686-linux-gnu' '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav'
'--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav'
'--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix'
'--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath'
'--without-included-ltdl' 'build_alias=i686-linux-gnu'
sizeof(void*) = 4
Engine flevel: 69, dconf: 69
$

Note - I could copy bytecode.cld daily.cld main.cld mirrors.dat
across from another system on the lan, but I figure it would be better
to try and solve the problem rather than patch round it?

Rgds

Denis

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

swebb at sourcefire

Jun 22, 2013, 12:43 PM

Post #14 of 26 (337 views)
Permalink

Re: Freshclam updates failing [In reply to]

What does your /etc/resolv.conf and /etc/nsswitch.conf look like?

On Sat, Jun 22, 2013 at 2:01 PM, Denis McMahon <denismfmcmahon [at] gmail>wrote:

> On 22/06/13 17:36, Dennis Peterson wrote:
> > On 6/22/13 9:08:48AM, Denis McMahon wrote:
> >> $ sudo find / -name mirrors.dat ..... nothing
> >
> >> Rgds Denis
> >
> > Show the output of these commands:
> > id clamav
> > ls -ld /var/lib/clamav
> > ls -l /var/lib/clamav/
> > clamconf
>
> $ id clamav
> uid=107(clamav) gid=121(clamav) groups=121(clamav)
> $ ls -ld /var/lib/clamav
> drwxr-xr-x 2 clamav clamav 4096 Jun 22 18:54 /var/lib/clamav
> $ ls -l /var/lib/clamav/
> total 0
> $ clamconf
> Checking configuration files in /etc/clamav
>
> Config file: clamd.conf
> -----------------------
> LogFile = "/var/log/clamav/clamav.log"
> LogFileUnlock disabled
> LogFileMaxSize = "4294967295"
> LogTime = "yes"
> LogClean disabled
> LogSyslog disabled
> LogFacility = "LOG_LOCAL6"
> LogVerbose disabled
> ExtendedDetectionInfo = "yes"
> PidFile = "/var/run/clamav/clamd.pid"
> TemporaryDirectory disabled
> DatabaseDirectory = "/var/lib/clamav"
> OfficialDatabaseOnly disabled
> LocalSocket = "/var/run/clamav/clamd.ctl"
> LocalSocketGroup = "clamav"
> LocalSocketMode = "666"
> FixStaleSocket = "yes"
> TCPSocket disabled
> TCPAddr disabled
> MaxConnectionQueueLength = "15"
> StreamMaxLength = "26214400"
> StreamMinPort = "1024"
> StreamMaxPort = "2048"
> MaxThreads = "12"
> ReadTimeout = "180"
> CommandReadTimeout = "5"
> SendBufTimeout = "200"
> MaxQueue = "100"
> IdleTimeout = "30"
> ExcludePath disabled
> MaxDirectoryRecursion = "15"
> FollowDirectorySymlinks disabled
> FollowFileSymlinks disabled
> CrossFilesystems = "yes"
> SelfCheck = "3600"
> VirusEvent disabled
> ExitOnOOM disabled
> Foreground disabled
> Debug disabled
> LeaveTemporaryFiles disabled
> User = "clamav"
> AllowSupplementaryGroups = "yes"
> Bytecode = "yes"
> BytecodeSecurity = "TrustSigned"
> BytecodeTimeout = "60000"
> BytecodeUnsigned disabled
> BytecodeMode = "Auto"
> DetectPUA disabled
> ExcludePUA disabled
> IncludePUA disabled
> AlgorithmicDetection = "yes"
> ScanPE = "yes"
> ScanELF = "yes"
> DetectBrokenExecutables disabled
> ScanMail = "yes"
> ScanPartialMessages disabled
> PhishingSignatures = "yes"
> PhishingScanURLs = "yes"
> PhishingAlwaysBlockCloak disabled
> PhishingAlwaysBlockSSLMismatch disabled
> HeuristicScanPrecedence disabled
> StructuredDataDetection disabled
> StructuredMinCreditCardCount = "3"
> StructuredMinSSNCount = "3"
> StructuredSSNFormatNormal = "yes"
> StructuredSSNFormatStripped disabled
> ScanHTML = "yes"
> ScanOLE2 = "yes"
> OLE2BlockMacros disabled
> ScanPDF = "yes"
> ScanArchive = "yes"
> ArchiveBlockEncrypted disabled
> MaxScanSize = "104857600"
> MaxFileSize = "26214400"
> MaxRecursion = "16"
> MaxFiles = "10000"
> ClamAuth disabled
> ClamukoScanOnAccess disabled
> ClamukoScannerCount = "3"
> ClamukoScanOnOpen disabled
> ClamukoScanOnClose disabled
> ClamukoScanOnExec disabled
> ClamukoIncludePath disabled
> ClamukoExcludePath disabled
> ClamukoExcludeUID disabled
> ClamukoMaxFileSize = "5242880"
> DevACOnly disabled
> DevACDepth disabled
> DevLiblog disabled
>
> Config file: freshclam.conf
> ---------------------------
> LogFileMaxSize = "4294967295"
> LogTime = "yes"
> LogSyslog disabled
> LogFacility = "LOG_LOCAL6"
> LogVerbose disabled
> PidFile = "/var/run/clamav/freshclam.pid"
> DatabaseDirectory = "/var/lib/clamav"
> Foreground disabled
> Debug disabled
> AllowSupplementaryGroups disabled
> UpdateLogFile = "/var/log/clamav/freshclam.log"
> DatabaseOwner = "clamav"
> Checks = "24"
> DNSDatabaseInfo = "current.cvd.clamav.net"
> DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
> MaxAttempts = "5"
> ScriptedUpdates = "yes"
> TestDatabases = "yes"
> CompressLocalDatabase disabled
> ExtraDatabase disabled
> DatabaseCustomURL disabled
> HTTPProxyServer disabled
> HTTPProxyPort disabled
> HTTPProxyUsername disabled
> HTTPProxyPassword disabled
> HTTPUserAgent disabled
> NotifyClamd = "/etc/clamav/clamd.conf"
> OnUpdateExecute disabled
> OnErrorExecute disabled
> OnOutdatedExecute disabled
> LocalIPAddress disabled
> ConnectTimeout = "30"
> ReceiveTimeout = "30"
> SubmitDetectionStats disabled
> DetectionStatsCountry disabled
> DetectionStatsHostID disabled
> SafeBrowsing disabled
> Bytecode = "yes"
>
> clamav-milter.conf not found
>
> Software settings
> -----------------
> Version: 0.97.8
> Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
> BZIP2 RAR JIT
>
> Database information
> --------------------
> Database directory: /var/lib/clamav
> Total number of signatures: 0
>
> Platform information
> --------------------
> uname: Linux 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:45:16 UTC 2013
> i686
> OS: linux-gnu, ARCH: i386, CPU: i686
> Full OS version: Ubuntu 12.04.2 LTS
> zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55
> Triple: i386-pc-linux-gnu
> CPU: athlon-tbird, Little-endian
> platform id: 0x0a1145450404060301040603
>
> Build information
> -----------------
> GNU C: 4.6.3 (4.6.3)
> GNU C++: 4.6.3 (4.6.3)
> CPPFLAGS: -D_FORTIFY_SOURCE=2
> CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
> -Wformat-security -Werror=format-security -Wall
> CXXFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
> -Wformat-security -Werror=format-security -Wall
> LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro
> Configure: 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
> -Wformat -Wformat-security -Werror=format-security -Wall'
> 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector
> --param=ssp-buffer-size=4 -Wformat -Wformat-security
> -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions
> -Wl,-z,relro' '--build=i686-linux-gnu' '--prefix=/usr'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav'
> '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav'
> '--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix'
> '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath'
> '--without-included-ltdl' 'build_alias=i686-linux-gnu'
> sizeof(void*) = 4
> Engine flevel: 69, dconf: 69
> $
>
> Note - I could copy bytecode.cld daily.cld main.cld mirrors.dat
> across from another system on the lan, but I figure it would be better
> to try and solve the problem rather than patch round it?
>
> Rgds
>
> Denis
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 22, 2013, 5:17 PM

Post #15 of 26 (337 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 22/06/13 20:43, Shawn Webb wrote:
> What does your /etc/resolv.conf and /etc/nsswitch.conf look like?

$ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 158.152.1.43
nameserver 192.168.1.254

$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: compat
group: compat
shadow: compat

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis
$

> On Sat, Jun 22, 2013 at 2:01 PM, Denis McMahon <denismfmcmahon [at] gmail>wrote:
>
>> On 22/06/13 17:36, Dennis Peterson wrote:
>>> On 6/22/13 9:08:48AM, Denis McMahon wrote:
>>>> $ sudo find / -name mirrors.dat ..... nothing
>>>
>>>> Rgds Denis
>>>
>>> Show the output of these commands:
>>> id clamav
>>> ls -ld /var/lib/clamav
>>> ls -l /var/lib/clamav/
>>> clamconf
>>
>> $ id clamav
>> uid=107(clamav) gid=121(clamav) groups=121(clamav)
>> $ ls -ld /var/lib/clamav
>> drwxr-xr-x 2 clamav clamav 4096 Jun 22 18:54 /var/lib/clamav
>> $ ls -l /var/lib/clamav/
>> total 0
>> $ clamconf
>> Checking configuration files in /etc/clamav
>>
>> Config file: clamd.conf
>> -----------------------
>> LogFile = "/var/log/clamav/clamav.log"
>> LogFileUnlock disabled
>> LogFileMaxSize = "4294967295"
>> LogTime = "yes"
>> LogClean disabled
>> LogSyslog disabled
>> LogFacility = "LOG_LOCAL6"
>> LogVerbose disabled
>> ExtendedDetectionInfo = "yes"
>> PidFile = "/var/run/clamav/clamd.pid"
>> TemporaryDirectory disabled
>> DatabaseDirectory = "/var/lib/clamav"
>> OfficialDatabaseOnly disabled
>> LocalSocket = "/var/run/clamav/clamd.ctl"
>> LocalSocketGroup = "clamav"
>> LocalSocketMode = "666"
>> FixStaleSocket = "yes"
>> TCPSocket disabled
>> TCPAddr disabled
>> MaxConnectionQueueLength = "15"
>> StreamMaxLength = "26214400"
>> StreamMinPort = "1024"
>> StreamMaxPort = "2048"
>> MaxThreads = "12"
>> ReadTimeout = "180"
>> CommandReadTimeout = "5"
>> SendBufTimeout = "200"
>> MaxQueue = "100"
>> IdleTimeout = "30"
>> ExcludePath disabled
>> MaxDirectoryRecursion = "15"
>> FollowDirectorySymlinks disabled
>> FollowFileSymlinks disabled
>> CrossFilesystems = "yes"
>> SelfCheck = "3600"
>> VirusEvent disabled
>> ExitOnOOM disabled
>> Foreground disabled
>> Debug disabled
>> LeaveTemporaryFiles disabled
>> User = "clamav"
>> AllowSupplementaryGroups = "yes"
>> Bytecode = "yes"
>> BytecodeSecurity = "TrustSigned"
>> BytecodeTimeout = "60000"
>> BytecodeUnsigned disabled
>> BytecodeMode = "Auto"
>> DetectPUA disabled
>> ExcludePUA disabled
>> IncludePUA disabled
>> AlgorithmicDetection = "yes"
>> ScanPE = "yes"
>> ScanELF = "yes"
>> DetectBrokenExecutables disabled
>> ScanMail = "yes"
>> ScanPartialMessages disabled
>> PhishingSignatures = "yes"
>> PhishingScanURLs = "yes"
>> PhishingAlwaysBlockCloak disabled
>> PhishingAlwaysBlockSSLMismatch disabled
>> HeuristicScanPrecedence disabled
>> StructuredDataDetection disabled
>> StructuredMinCreditCardCount = "3"
>> StructuredMinSSNCount = "3"
>> StructuredSSNFormatNormal = "yes"
>> StructuredSSNFormatStripped disabled
>> ScanHTML = "yes"
>> ScanOLE2 = "yes"
>> OLE2BlockMacros disabled
>> ScanPDF = "yes"
>> ScanArchive = "yes"
>> ArchiveBlockEncrypted disabled
>> MaxScanSize = "104857600"
>> MaxFileSize = "26214400"
>> MaxRecursion = "16"
>> MaxFiles = "10000"
>> ClamAuth disabled
>> ClamukoScanOnAccess disabled
>> ClamukoScannerCount = "3"
>> ClamukoScanOnOpen disabled
>> ClamukoScanOnClose disabled
>> ClamukoScanOnExec disabled
>> ClamukoIncludePath disabled
>> ClamukoExcludePath disabled
>> ClamukoExcludeUID disabled
>> ClamukoMaxFileSize = "5242880"
>> DevACOnly disabled
>> DevACDepth disabled
>> DevLiblog disabled
>>
>> Config file: freshclam.conf
>> ---------------------------
>> LogFileMaxSize = "4294967295"
>> LogTime = "yes"
>> LogSyslog disabled
>> LogFacility = "LOG_LOCAL6"
>> LogVerbose disabled
>> PidFile = "/var/run/clamav/freshclam.pid"
>> DatabaseDirectory = "/var/lib/clamav"
>> Foreground disabled
>> Debug disabled
>> AllowSupplementaryGroups disabled
>> UpdateLogFile = "/var/log/clamav/freshclam.log"
>> DatabaseOwner = "clamav"
>> Checks = "24"
>> DNSDatabaseInfo = "current.cvd.clamav.net"
>> DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
>> MaxAttempts = "5"
>> ScriptedUpdates = "yes"
>> TestDatabases = "yes"
>> CompressLocalDatabase disabled
>> ExtraDatabase disabled
>> DatabaseCustomURL disabled
>> HTTPProxyServer disabled
>> HTTPProxyPort disabled
>> HTTPProxyUsername disabled
>> HTTPProxyPassword disabled
>> HTTPUserAgent disabled
>> NotifyClamd = "/etc/clamav/clamd.conf"
>> OnUpdateExecute disabled
>> OnErrorExecute disabled
>> OnOutdatedExecute disabled
>> LocalIPAddress disabled
>> ConnectTimeout = "30"
>> ReceiveTimeout = "30"
>> SubmitDetectionStats disabled
>> DetectionStatsCountry disabled
>> DetectionStatsHostID disabled
>> SafeBrowsing disabled
>> Bytecode = "yes"
>>
>> clamav-milter.conf not found
>>
>> Software settings
>> -----------------
>> Version: 0.97.8
>> Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
>> BZIP2 RAR JIT
>>
>> Database information
>> --------------------
>> Database directory: /var/lib/clamav
>> Total number of signatures: 0
>>
>> Platform information
>> --------------------
>> uname: Linux 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:45:16 UTC 2013
>> i686
>> OS: linux-gnu, ARCH: i386, CPU: i686
>> Full OS version: Ubuntu 12.04.2 LTS
>> zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55
>> Triple: i386-pc-linux-gnu
>> CPU: athlon-tbird, Little-endian
>> platform id: 0x0a1145450404060301040603
>>
>> Build information
>> -----------------
>> GNU C: 4.6.3 (4.6.3)
>> GNU C++: 4.6.3 (4.6.3)
>> CPPFLAGS: -D_FORTIFY_SOURCE=2
>> CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>> -Wformat-security -Werror=format-security -Wall
>> CXXFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>> -Wformat-security -Werror=format-security -Wall
>> LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro
>> Configure: 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
>> -Wformat -Wformat-security -Werror=format-security -Wall'
>> 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector
>> --param=ssp-buffer-size=4 -Wformat -Wformat-security
>> -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions
>> -Wl,-z,relro' '--build=i686-linux-gnu' '--prefix=/usr'
>> '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav'
>> '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav'
>> '--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix'
>> '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath'
>> '--without-included-ltdl' 'build_alias=i686-linux-gnu'
>> sizeof(void*) = 4
>> Engine flevel: 69, dconf: 69
>> $
>>
>> Note - I could copy bytecode.cld daily.cld main.cld mirrors.dat
>> across from another system on the lan, but I figure it would be better
>> to try and solve the problem rather than patch round it?
>>
>> Rgds
>>
>> Denis
>>
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dennispe at inetnw

Jun 23, 2013, 3:10 PM

Post #16 of 26 (334 views)
Permalink

Re: Freshclam updates failing [In reply to]

One 'stupid' question and another test. Do you have any host table
entries that can be confusing your resolver?

Try running (via sudo or as root)

strace -f freshclam >/tmp/freshclam.txt 2>&1

then post the result on your web page - it will be quite long and will
clutter the mail list.

You're not running any proxies so there should be no passwords in the
output, but check anyway before posting it on the web. What to look for
here are successful socket operations to external DNS servers. All
indications are there will be none, but it will help to see what is
going on in your stack.

On 6/22/13 5:17:31PM, Denis McMahon wrote:
> On 22/06/13 20:43, Shawn Webb wrote:
>> What does your /etc/resolv.conf and /etc/nsswitch.conf look like?
> $ cat /etc/resolv.conf
> nameserver 8.8.8.8
> nameserver 158.152.1.43
> nameserver 192.168.1.254
>
> $ cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat
> group: compat
> shadow: compat
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
> $
>
>> On Sat, Jun 22, 2013 at 2:01 PM, Denis McMahon <denismfmcmahon [at] gmail>wrote:
>>
>>> On 22/06/13 17:36, Dennis Peterson wrote:
>>>> On 6/22/13 9:08:48AM, Denis McMahon wrote:
>>>>> $ sudo find / -name mirrors.dat ..... nothing
>>>>> Rgds Denis
>>>> Show the output of these commands:
>>>> id clamav
>>>> ls -ld /var/lib/clamav
>>>> ls -l /var/lib/clamav/
>>>> clamconf
>>> $ id clamav
>>> uid=107(clamav) gid=121(clamav) groups=121(clamav)
>>> $ ls -ld /var/lib/clamav
>>> drwxr-xr-x 2 clamav clamav 4096 Jun 22 18:54 /var/lib/clamav
>>> $ ls -l /var/lib/clamav/
>>> total 0
>>> $ clamconf
>>> Checking configuration files in /etc/clamav
>>>
>>> Config file: clamd.conf
>>> -----------------------
>>> LogFile = "/var/log/clamav/clamav.log"
>>> LogFileUnlock disabled
>>> LogFileMaxSize = "4294967295"
>>> LogTime = "yes"
>>> LogClean disabled
>>> LogSyslog disabled
>>> LogFacility = "LOG_LOCAL6"
>>> LogVerbose disabled
>>> ExtendedDetectionInfo = "yes"
>>> PidFile = "/var/run/clamav/clamd.pid"
>>> TemporaryDirectory disabled
>>> DatabaseDirectory = "/var/lib/clamav"
>>> OfficialDatabaseOnly disabled
>>> LocalSocket = "/var/run/clamav/clamd.ctl"
>>> LocalSocketGroup = "clamav"
>>> LocalSocketMode = "666"
>>> FixStaleSocket = "yes"
>>> TCPSocket disabled
>>> TCPAddr disabled
>>> MaxConnectionQueueLength = "15"
>>> StreamMaxLength = "26214400"
>>> StreamMinPort = "1024"
>>> StreamMaxPort = "2048"
>>> MaxThreads = "12"
>>> ReadTimeout = "180"
>>> CommandReadTimeout = "5"
>>> SendBufTimeout = "200"
>>> MaxQueue = "100"
>>> IdleTimeout = "30"
>>> ExcludePath disabled
>>> MaxDirectoryRecursion = "15"
>>> FollowDirectorySymlinks disabled
>>> FollowFileSymlinks disabled
>>> CrossFilesystems = "yes"
>>> SelfCheck = "3600"
>>> VirusEvent disabled
>>> ExitOnOOM disabled
>>> Foreground disabled
>>> Debug disabled
>>> LeaveTemporaryFiles disabled
>>> User = "clamav"
>>> AllowSupplementaryGroups = "yes"
>>> Bytecode = "yes"
>>> BytecodeSecurity = "TrustSigned"
>>> BytecodeTimeout = "60000"
>>> BytecodeUnsigned disabled
>>> BytecodeMode = "Auto"
>>> DetectPUA disabled
>>> ExcludePUA disabled
>>> IncludePUA disabled
>>> AlgorithmicDetection = "yes"
>>> ScanPE = "yes"
>>> ScanELF = "yes"
>>> DetectBrokenExecutables disabled
>>> ScanMail = "yes"
>>> ScanPartialMessages disabled
>>> PhishingSignatures = "yes"
>>> PhishingScanURLs = "yes"
>>> PhishingAlwaysBlockCloak disabled
>>> PhishingAlwaysBlockSSLMismatch disabled
>>> HeuristicScanPrecedence disabled
>>> StructuredDataDetection disabled
>>> StructuredMinCreditCardCount = "3"
>>> StructuredMinSSNCount = "3"
>>> StructuredSSNFormatNormal = "yes"
>>> StructuredSSNFormatStripped disabled
>>> ScanHTML = "yes"
>>> ScanOLE2 = "yes"
>>> OLE2BlockMacros disabled
>>> ScanPDF = "yes"
>>> ScanArchive = "yes"
>>> ArchiveBlockEncrypted disabled
>>> MaxScanSize = "104857600"
>>> MaxFileSize = "26214400"
>>> MaxRecursion = "16"
>>> MaxFiles = "10000"
>>> ClamAuth disabled
>>> ClamukoScanOnAccess disabled
>>> ClamukoScannerCount = "3"
>>> ClamukoScanOnOpen disabled
>>> ClamukoScanOnClose disabled
>>> ClamukoScanOnExec disabled
>>> ClamukoIncludePath disabled
>>> ClamukoExcludePath disabled
>>> ClamukoExcludeUID disabled
>>> ClamukoMaxFileSize = "5242880"
>>> DevACOnly disabled
>>> DevACDepth disabled
>>> DevLiblog disabled
>>>
>>> Config file: freshclam.conf
>>> ---------------------------
>>> LogFileMaxSize = "4294967295"
>>> LogTime = "yes"
>>> LogSyslog disabled
>>> LogFacility = "LOG_LOCAL6"
>>> LogVerbose disabled
>>> PidFile = "/var/run/clamav/freshclam.pid"
>>> DatabaseDirectory = "/var/lib/clamav"
>>> Foreground disabled
>>> Debug disabled
>>> AllowSupplementaryGroups disabled
>>> UpdateLogFile = "/var/log/clamav/freshclam.log"
>>> DatabaseOwner = "clamav"
>>> Checks = "24"
>>> DNSDatabaseInfo = "current.cvd.clamav.net"
>>> DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
>>> MaxAttempts = "5"
>>> ScriptedUpdates = "yes"
>>> TestDatabases = "yes"
>>> CompressLocalDatabase disabled
>>> ExtraDatabase disabled
>>> DatabaseCustomURL disabled
>>> HTTPProxyServer disabled
>>> HTTPProxyPort disabled
>>> HTTPProxyUsername disabled
>>> HTTPProxyPassword disabled
>>> HTTPUserAgent disabled
>>> NotifyClamd = "/etc/clamav/clamd.conf"
>>> OnUpdateExecute disabled
>>> OnErrorExecute disabled
>>> OnOutdatedExecute disabled
>>> LocalIPAddress disabled
>>> ConnectTimeout = "30"
>>> ReceiveTimeout = "30"
>>> SubmitDetectionStats disabled
>>> DetectionStatsCountry disabled
>>> DetectionStatsHostID disabled
>>> SafeBrowsing disabled
>>> Bytecode = "yes"
>>>
>>> clamav-milter.conf not found
>>>
>>> Software settings
>>> -----------------
>>> Version: 0.97.8
>>> Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
>>> BZIP2 RAR JIT
>>>
>>> Database information
>>> --------------------
>>> Database directory: /var/lib/clamav
>>> Total number of signatures: 0
>>>
>>> Platform information
>>> --------------------
>>> uname: Linux 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:45:16 UTC 2013
>>> i686
>>> OS: linux-gnu, ARCH: i386, CPU: i686
>>> Full OS version: Ubuntu 12.04.2 LTS
>>> zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55
>>> Triple: i386-pc-linux-gnu
>>> CPU: athlon-tbird, Little-endian
>>> platform id: 0x0a1145450404060301040603
>>>
>>> Build information
>>> -----------------
>>> GNU C: 4.6.3 (4.6.3)
>>> GNU C++: 4.6.3 (4.6.3)
>>> CPPFLAGS: -D_FORTIFY_SOURCE=2
>>> CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>>> -Wformat-security -Werror=format-security -Wall
>>> CXXFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>>> -Wformat-security -Werror=format-security -Wall
>>> LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro
>>> Configure: 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
>>> -Wformat -Wformat-security -Werror=format-security -Wall'
>>> 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector
>>> --param=ssp-buffer-size=4 -Wformat -Wformat-security
>>> -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions
>>> -Wl,-z,relro' '--build=i686-linux-gnu' '--prefix=/usr'
>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav'
>>> '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav'
>>> '--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix'
>>> '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath'
>>> '--without-included-ltdl' 'build_alias=i686-linux-gnu'
>>> sizeof(void*) = 4
>>> Engine flevel: 69, dconf: 69
>>> $
>>>
>>> Note - I could copy bytecode.cld daily.cld main.cld mirrors.dat
>>> across from another system on the lan, but I figure it would be better
>>> to try and solve the problem rather than patch round it?
>>>
>>> Rgds
>>>
>>> Denis
>>>
>>>
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 23, 2013, 6:28 PM

Post #17 of 26 (334 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 23/06/13 23:10, Dennis Peterson wrote:
> One 'stupid' question and another test. Do you have any host table
> entries that can be confusing your resolver?
>
> Try running (via sudo or as root)
>
> strace -f freshclam >/tmp/freshclam.txt 2>&1
>
> then post the result on your web page - it will be quite long and will
> clutter the mail list.

http://www.sined.co.uk/tmp/freshclam.txt

> You're not running any proxies so there should be no passwords in the
> output, but check anyway before posting it on the web. What to look for
> here are successful socket operations to external DNS servers. All
> indications are there will be none, but it will help to see what is
> going on in your stack.

As I said before, I have two machines on the LAN, one (with dhcp)
appears to update fine, the other with static ip doesn't. All the manual
tests I try from the system that doesn't update seem to suggest it
should be fine. DNS appears to resolve. I've just enabled apache reverse
dns lookups for logging on the problem system, and a quick test suggests
they're working. Here are the last few lines of the freshclam log from
the good machine:

Sun Jun 23 23:30:58 2013 -> --------------------------------------
Mon Jun 24 00:30:58 2013 -> Received signal: wake up
Mon Jun 24 00:30:58 2013 -> ClamAV update process started at Mon Jun 24
00:30:58 2013
Mon Jun 24 00:30:58 2013 -> main.cld is up to date (version: 54, sigs:
1044387, f-level: 60, builder: sven)
Mon Jun 24 00:30:59 2013 -> Downloading daily-17402.cdiff [100%]
Mon Jun 24 00:31:03 2013 -> daily.cld updated (version: 17402, sigs:
1363570, f-level: 63, builder: neo)
Mon Jun 24 00:31:03 2013 -> bytecode.cld is up to date (version: 214,
sigs: 41, f-level: 63, builder: neo)
Mon Jun 24 00:31:05 2013 -> Database updated (2407998 signatures) from
db.local.clamav.net (IP: 62.245.181.53)
Mon Jun 24 00:31:05 2013 -> --------------------------------------
Mon Jun 24 01:31:05 2013 -> Received signal: wake up
Mon Jun 24 01:31:05 2013 -> ClamAV update process started at Mon Jun 24
01:31:05 2013
Mon Jun 24 01:31:05 2013 -> main.cld is up to date (version: 54, sigs:
1044387, f-level: 60, builder: sven)
Mon Jun 24 01:31:05 2013 -> daily.cld is up to date (version: 17402,
sigs: 1363570, f-level: 63, builder: neo)
Mon Jun 24 01:31:05 2013 -> bytecode.cld is up to date (version: 214,
sigs: 41, f-level: 63, builder: neo)
Mon Jun 24 01:31:07 2013 -> --------------------------------------
d

Which to my mind tends to rule out any issues upstream of my lan router.
Apache seems able to resolve dns just fine for it's log entries, and I
can manually request the cvd files with wget on the problem machine
(although at present I have the cld's copied from the good machine).

> On 6/22/13 5:17:31PM, Denis McMahon wrote:
>> On 22/06/13 20:43, Shawn Webb wrote:
>>> What does your /etc/resolv.conf and /etc/nsswitch.conf look like?
>> $ cat /etc/resolv.conf
>> nameserver 8.8.8.8
>> nameserver 158.152.1.43
>> nameserver 192.168.1.254
>>
>> $ cat /etc/nsswitch.conf
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages installed,
>> try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd: compat
>> group: compat
>> shadow: compat
>>
>> hosts: files dns
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>> netgroup: nis
>> $
>>
>>> On Sat, Jun 22, 2013 at 2:01 PM, Denis McMahon
>>> <denismfmcmahon [at] gmail>wrote:
>>>
>>>> On 22/06/13 17:36, Dennis Peterson wrote:
>>>>> On 6/22/13 9:08:48AM, Denis McMahon wrote:
>>>>>> $ sudo find / -name mirrors.dat ..... nothing
>>>>>> Rgds Denis
>>>>> Show the output of these commands:
>>>>> id clamav
>>>>> ls -ld /var/lib/clamav
>>>>> ls -l /var/lib/clamav/
>>>>> clamconf
>>>> $ id clamav
>>>> uid=107(clamav) gid=121(clamav) groups=121(clamav)
>>>> $ ls -ld /var/lib/clamav
>>>> drwxr-xr-x 2 clamav clamav 4096 Jun 22 18:54 /var/lib/clamav
>>>> $ ls -l /var/lib/clamav/
>>>> total 0
>>>> $ clamconf
>>>> Checking configuration files in /etc/clamav
>>>>
>>>> Config file: clamd.conf
>>>> -----------------------
>>>> LogFile = "/var/log/clamav/clamav.log"
>>>> LogFileUnlock disabled
>>>> LogFileMaxSize = "4294967295"
>>>> LogTime = "yes"
>>>> LogClean disabled
>>>> LogSyslog disabled
>>>> LogFacility = "LOG_LOCAL6"
>>>> LogVerbose disabled
>>>> ExtendedDetectionInfo = "yes"
>>>> PidFile = "/var/run/clamav/clamd.pid"
>>>> TemporaryDirectory disabled
>>>> DatabaseDirectory = "/var/lib/clamav"
>>>> OfficialDatabaseOnly disabled
>>>> LocalSocket = "/var/run/clamav/clamd.ctl"
>>>> LocalSocketGroup = "clamav"
>>>> LocalSocketMode = "666"
>>>> FixStaleSocket = "yes"
>>>> TCPSocket disabled
>>>> TCPAddr disabled
>>>> MaxConnectionQueueLength = "15"
>>>> StreamMaxLength = "26214400"
>>>> StreamMinPort = "1024"
>>>> StreamMaxPort = "2048"
>>>> MaxThreads = "12"
>>>> ReadTimeout = "180"
>>>> CommandReadTimeout = "5"
>>>> SendBufTimeout = "200"
>>>> MaxQueue = "100"
>>>> IdleTimeout = "30"
>>>> ExcludePath disabled
>>>> MaxDirectoryRecursion = "15"
>>>> FollowDirectorySymlinks disabled
>>>> FollowFileSymlinks disabled
>>>> CrossFilesystems = "yes"
>>>> SelfCheck = "3600"
>>>> VirusEvent disabled
>>>> ExitOnOOM disabled
>>>> Foreground disabled
>>>> Debug disabled
>>>> LeaveTemporaryFiles disabled
>>>> User = "clamav"
>>>> AllowSupplementaryGroups = "yes"
>>>> Bytecode = "yes"
>>>> BytecodeSecurity = "TrustSigned"
>>>> BytecodeTimeout = "60000"
>>>> BytecodeUnsigned disabled
>>>> BytecodeMode = "Auto"
>>>> DetectPUA disabled
>>>> ExcludePUA disabled
>>>> IncludePUA disabled
>>>> AlgorithmicDetection = "yes"
>>>> ScanPE = "yes"
>>>> ScanELF = "yes"
>>>> DetectBrokenExecutables disabled
>>>> ScanMail = "yes"
>>>> ScanPartialMessages disabled
>>>> PhishingSignatures = "yes"
>>>> PhishingScanURLs = "yes"
>>>> PhishingAlwaysBlockCloak disabled
>>>> PhishingAlwaysBlockSSLMismatch disabled
>>>> HeuristicScanPrecedence disabled
>>>> StructuredDataDetection disabled
>>>> StructuredMinCreditCardCount = "3"
>>>> StructuredMinSSNCount = "3"
>>>> StructuredSSNFormatNormal = "yes"
>>>> StructuredSSNFormatStripped disabled
>>>> ScanHTML = "yes"
>>>> ScanOLE2 = "yes"
>>>> OLE2BlockMacros disabled
>>>> ScanPDF = "yes"
>>>> ScanArchive = "yes"
>>>> ArchiveBlockEncrypted disabled
>>>> MaxScanSize = "104857600"
>>>> MaxFileSize = "26214400"
>>>> MaxRecursion = "16"
>>>> MaxFiles = "10000"
>>>> ClamAuth disabled
>>>> ClamukoScanOnAccess disabled
>>>> ClamukoScannerCount = "3"
>>>> ClamukoScanOnOpen disabled
>>>> ClamukoScanOnClose disabled
>>>> ClamukoScanOnExec disabled
>>>> ClamukoIncludePath disabled
>>>> ClamukoExcludePath disabled
>>>> ClamukoExcludeUID disabled
>>>> ClamukoMaxFileSize = "5242880"
>>>> DevACOnly disabled
>>>> DevACDepth disabled
>>>> DevLiblog disabled
>>>>
>>>> Config file: freshclam.conf
>>>> ---------------------------
>>>> LogFileMaxSize = "4294967295"
>>>> LogTime = "yes"
>>>> LogSyslog disabled
>>>> LogFacility = "LOG_LOCAL6"
>>>> LogVerbose disabled
>>>> PidFile = "/var/run/clamav/freshclam.pid"
>>>> DatabaseDirectory = "/var/lib/clamav"
>>>> Foreground disabled
>>>> Debug disabled
>>>> AllowSupplementaryGroups disabled
>>>> UpdateLogFile = "/var/log/clamav/freshclam.log"
>>>> DatabaseOwner = "clamav"
>>>> Checks = "24"
>>>> DNSDatabaseInfo = "current.cvd.clamav.net"
>>>> DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
>>>> MaxAttempts = "5"
>>>> ScriptedUpdates = "yes"
>>>> TestDatabases = "yes"
>>>> CompressLocalDatabase disabled
>>>> ExtraDatabase disabled
>>>> DatabaseCustomURL disabled
>>>> HTTPProxyServer disabled
>>>> HTTPProxyPort disabled
>>>> HTTPProxyUsername disabled
>>>> HTTPProxyPassword disabled
>>>> HTTPUserAgent disabled
>>>> NotifyClamd = "/etc/clamav/clamd.conf"
>>>> OnUpdateExecute disabled
>>>> OnErrorExecute disabled
>>>> OnOutdatedExecute disabled
>>>> LocalIPAddress disabled
>>>> ConnectTimeout = "30"
>>>> ReceiveTimeout = "30"
>>>> SubmitDetectionStats disabled
>>>> DetectionStatsCountry disabled
>>>> DetectionStatsHostID disabled
>>>> SafeBrowsing disabled
>>>> Bytecode = "yes"
>>>>
>>>> clamav-milter.conf not found
>>>>
>>>> Software settings
>>>> -----------------
>>>> Version: 0.97.8
>>>> Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06
>>>> BZIP2 RAR JIT
>>>>
>>>> Database information
>>>> --------------------
>>>> Database directory: /var/lib/clamav
>>>> Total number of signatures: 0
>>>>
>>>> Platform information
>>>> --------------------
>>>> uname: Linux 3.2.0-48-generic #74-Ubuntu SMP Thu Jun 6 19:45:16 UTC
>>>> 2013
>>>> i686
>>>> OS: linux-gnu, ARCH: i386, CPU: i686
>>>> Full OS version: Ubuntu 12.04.2 LTS
>>>> zlib version: 1.2.3.4 (1.2.3.4), compile flags: 55
>>>> Triple: i386-pc-linux-gnu
>>>> CPU: athlon-tbird, Little-endian
>>>> platform id: 0x0a1145450404060301040603
>>>>
>>>> Build information
>>>> -----------------
>>>> GNU C: 4.6.3 (4.6.3)
>>>> GNU C++: 4.6.3 (4.6.3)
>>>> CPPFLAGS: -D_FORTIFY_SOURCE=2
>>>> CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>>>> -Wformat-security -Werror=format-security -Wall
>>>> CXXFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat
>>>> -Wformat-security -Werror=format-security -Wall
>>>> LDFLAGS: -Wl,-Bsymbolic-functions -Wl,-z,relro
>>>> Configure: 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4
>>>> -Wformat -Wformat-security -Werror=format-security -Wall'
>>>> 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector
>>>> --param=ssp-buffer-size=4 -Wformat -Wformat-security
>>>> -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions
>>>> -Wl,-z,relro' '--build=i686-linux-gnu' '--prefix=/usr'
>>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>>>> '--disable-clamav'
>>>> '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav'
>>>> '--enable-milter' '--disable-clamuko' '--with-gnu-ld'
>>>> '--enable-dns-fix'
>>>> '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath'
>>>> '--without-included-ltdl' 'build_alias=i686-linux-gnu'
>>>> sizeof(void*) = 4
>>>> Engine flevel: 69, dconf: 69
>>>> $
>>>>
>>>> Note - I could copy bytecode.cld daily.cld main.cld mirrors.dat
>>>> across from another system on the lan, but I figure it would be better
>>>> to try and solve the problem rather than patch round it?
>>>>
>>>> Rgds
>>>>
>>>> Denis
>>>>
>>>>
>>>> _______________________________________________
>>>> Help us build a comprehensive ClamAV guide: visit
>>>> http://wiki.clamav.net
>>>> http://www.clamav.net/support/ml
>>>>
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>>> http://www.clamav.net/support/ml
>>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
>> http://www.clamav.net/support/ml
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dennispe at inetnw

Jun 24, 2013, 10:34 AM

Post #18 of 26 (333 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 6/23/13 6:28:23PM, Denis McMahon wrote:
> On 23/06/13 23:10, Dennis Peterson wrote:
>> One 'stupid' question and another test. Do you have any host table
>> entries that can be confusing your resolver?
>>
>> Try running (via sudo or as root)
>>
>> strace -f freshclam >/tmp/freshclam.txt 2>&1
>>
>> then post the result on your web page - it will be quite long and will
>> clutter the mail list.
> http://www.sined.co.uk/tmp/freshclam.txt
>
>> You're not running any proxies so there should be no passwords in the
>> output, but check anyway before posting it on the web. What to look for
>> here are successful socket operations to external DNS servers. All
>> indications are there will be none, but it will help to see what is
>> going on in your stack.
> As I said before, I have two machines on the LAN, one (with dhcp)
> appears to update fine, the other with static ip doesn't. All the manual
> tests I try from the system that doesn't update seem to suggest it
> should be fine. DNS appears to resolve. I've just enabled apache reverse
> dns lookups for logging on the problem system, and a quick test suggests
> they're working. Here are the last few lines of the freshclam log from
> the good machine:
>
>
We're pretty well into the "Something we're sure of is wrong" territory,
so nothing can be overlooked. I see no attempt in your strace dump to
create a TCPIP socket, nor any attempt to resolve
current.cvd.clamav.net. What was the result of examining your host
table? How many instances of freshclam are running at the present time?
What do you suppose is responsible for this:

write(1, "ERROR: /var/log/clamav/freshclam"..., 66ERROR: /var/log/clamav/freshclam.log is locked by another process) = 66

What do you see if you run this command?

lsof |grep clam

I'm still wondering what would have prevented your seeing something like
this DNS query in your strace dump.

uname({sys="Linux", node="example.com", ...}) = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("xx.xxx.xxx.xx")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "\1\335\1\0\0\1\0\0\0\0\0\0\7current\3cvd\6clamav\3"..., 40,
MSG_NOSIGNAL, NULL, 0) = 40
poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "\1\335\201\200\0\1\0\1\0\5\0\7\7current\3cvd\6clamav\3"...,
512, 0, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("xx.xxx.xxx.xx")}, [16]) = 320
close(4) = 0

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dgoddard at sourcefire

Jun 24, 2013, 10:48 AM

Post #19 of 26 (333 views)
Permalink

Re: Freshclam updates failing [In reply to]

I often get the locked by another process error when freshclam is running
in daemon mode.

$ sudo freshclam
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log)

$ ps aux | grep clam
clamav 2733 0.0 0.0 46180 1560 ? Ss May20 32:59
/usr/bin/freshclam -d --quiet

On Mon, Jun 24, 2013 at 1:34 PM, Dennis Peterson <dennispe [at] inetnw>wrote:

> On 6/23/13 6:28:23PM, Denis McMahon wrote:
>
>> On 23/06/13 23:10, Dennis Peterson wrote:
>>
>>> One 'stupid' question and another test. Do you have any host table
>>> entries that can be confusing your resolver?
>>>
>>> Try running (via sudo or as root)
>>>
>>> strace -f freshclam >/tmp/freshclam.txt 2>&1
>>>
>>> then post the result on your web page - it will be quite long and will
>>> clutter the mail list.
>>>
>> http://www.sined.co.uk/tmp/**freshclam.txt<http://www.sined.co.uk/tmp/freshclam.txt>
>>
>> You're not running any proxies so there should be no passwords in the
>>> output, but check anyway before posting it on the web. What to look for
>>> here are successful socket operations to external DNS servers. All
>>> indications are there will be none, but it will help to see what is
>>> going on in your stack.
>>>
>> As I said before, I have two machines on the LAN, one (with dhcp)
>> appears to update fine, the other with static ip doesn't. All the manual
>> tests I try from the system that doesn't update seem to suggest it
>> should be fine. DNS appears to resolve. I've just enabled apache reverse
>> dns lookups for logging on the problem system, and a quick test suggests
>> they're working. Here are the last few lines of the freshclam log from
>> the good machine:
>>
>>
>> We're pretty well into the "Something we're sure of is wrong" territory,
> so nothing can be overlooked. I see no attempt in your strace dump to
> create a TCPIP socket, nor any attempt to resolve current.cvd.clamav.net.
> What was the result of examining your host table? How many instances of
> freshclam are running at the present time? What do you suppose is
> responsible for this:
>
> write(1, "ERROR: /var/log/clamav/freshclam"..., 66ERROR:
> /var/log/clamav/freshclam.log is locked by another process) = 66
>
> What do you see if you run this command?
>
> lsof |grep clam
>
>
> I'm still wondering what would have prevented your seeing something like
> this DNS query in your strace dump.
>
> uname({sys="Linux", node="example.com", ...}) = 0
> socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
> connect(4, {sa_family=AF_INET, sin_port=htons(53),
> sin_addr=inet_addr("xx.xxx.**xxx.xx")}, 16) = 0
> poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
> sendto(4, "\1\335\1\0\0\1\0\0\0\0\0\0\**7current\3cvd\6clamav\3"..., 40,
> MSG_NOSIGNAL, NULL, 0) = 40
> poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
> recvfrom(4, "\1\335\201\200\0\1\0\1\0\5\0\**7\7current\3cvd\6clamav\3"...,
> 512, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("xx.xxx.
> **xxx.xx")}, [16]) = 320
> close(4) = 0
>
> dp
>
> ______________________________**_________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml>
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 25, 2013, 8:19 AM

Post #20 of 26 (310 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 24/06/13 18:34, Dennis Peterson wrote:
> On 6/23/13 6:28:23PM, Denis McMahon wrote:
>> On 23/06/13 23:10, Dennis Peterson wrote:
>>> One 'stupid' question and another test. Do you have any host table
>>> entries that can be confusing your resolver?
>>>
>>> Try running (via sudo or as root)
>>>
>>> strace -f freshclam >/tmp/freshclam.txt 2>&1
>>>
>>> then post the result on your web page - it will be quite long and will
>>> clutter the mail list.
>> http://www.sined.co.uk/tmp/freshclam.txt
>>
>>> You're not running any proxies so there should be no passwords in the
>>> output, but check anyway before posting it on the web. What to look for
>>> here are successful socket operations to external DNS servers. All
>>> indications are there will be none, but it will help to see what is
>>> going on in your stack.
>> As I said before, I have two machines on the LAN, one (with dhcp)
>> appears to update fine, the other with static ip doesn't. All the manual
>> tests I try from the system that doesn't update seem to suggest it
>> should be fine. DNS appears to resolve. I've just enabled apache reverse
>> dns lookups for logging on the problem system, and a quick test suggests
>> they're working. Here are the last few lines of the freshclam log from
>> the good machine:
>>
>>
> We're pretty well into the "Something we're sure of is wrong" territory,
> so nothing can be overlooked. I see no attempt in your strace dump to
> create a TCPIP socket, nor any attempt to resolve
> current.cvd.clamav.net. What was the result of examining your host
> table? How many instances of freshclam are running at the present time?
> What do you suppose is responsible for this:
>
> write(1, "ERROR: /var/log/clamav/freshclam"..., 66ERROR:
> /var/log/clamav/freshclam.log is locked by another process) = 66
>
> What do you see if you run this command?
>
> lsof |grep clam

I suspect that's a consequence of running freshclam on the command line
while freshclam is also running as a daemon.

> I'm still wondering what would have prevented your seeing something like
> this DNS query in your strace dump.
>
> uname({sys="Linux", node="example.com", ...}) = 0
> socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
> connect(4, {sa_family=AF_INET, sin_port=htons(53),
> sin_addr=inet_addr("xx.xxx.xxx.xx")}, 16) = 0
> poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
> sendto(4, "\1\335\1\0\0\1\0\0\0\0\0\0\7current\3cvd\6clamav\3"..., 40,
> MSG_NOSIGNAL, NULL, 0) = 40
> poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
> recvfrom(4, "\1\335\201\200\0\1\0\1\0\5\0\7\7current\3cvd\6clamav\3"...,
> 512, 0, {sa_family=AF_INET, sin_port=htons(53),
> sin_addr=inet_addr("xx.xxx.xxx.xx")}, [16]) = 320
> close(4) = 0

I think I see these (I'm no expert on interpreting the output) in this
trace:

http://www.sined.co.uk/tmp/fcbiglog.txt

This has verbose and debug flags to freshclam as well as being made
using strace ... (I hope that was a valid command) and was carried out
while the freshclam daemon was halted:

uname({sys="Linux", node="server.lan", ...}) = 0
stat64("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640,
st_size=251671, ...}) = 0
time(NULL) = 1372098561
write(3, "Mon Jun 24 19:29:21 2013 -> Quer"..., 60) = 60
write(1, "Querying current.cvd.clamav.net\n", 32Querying
current.cvd.clamav.net
) = 32
stat64("/etc/resolv.conf", {st_mode=S_IFREG|0777, st_size=69, ...}) = 0
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)

socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
gettimeofday({1372098561, 362090}, NULL) = 0
poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
send(4, "\375\325\1\0\0\1\0\0\0\0\0\0\7current\3cvd\6clamav\3"..., 40,
MSG_NOSIGNAL) = 40
poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLERR}])
close(4) = 0

stat64("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640,
st_size=251731, ...}) = 0
time(NULL) = 1372098561

The bit in the middle occurs 8 times.

$ ls -l /etc/resolv.conf
lrwxrwxrwx 1 root root 24 Oct 9 2012 /etc/resolv.conf ->
/etc/network/nameservers

$ ls -l /etc/network/nameservers
-rwxrwxr-x 1 root root 75 Jun 24 19:54 /etc/network/nameservers

$ cat /etc/network/nameservers
nameserver 8.8.4.4
nameserver 8.8.8.8
nameserver 192.168.1.254
search lan

$

I'm guessing that the interesting data here is:

open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)

and

sin_addr=inet_addr("127.0.0.1")}, 16) = 0

which, at a guess, I'd say meant that freshclam had been unable to open
/etc/resolv.conf to get a list of nameservers, was using localhost as a
nameserver, and was getting nothing back from localhost?

$ host current.cvd.clamav.net localhost
;; connection timed out; no servers could be reached
$ host current.cvd.clamav.net 127.0.0.1
;; connection timed out; no servers could be reached
$

Tends to confirm the latter ....

So I installed dnsproxy, that didn't seem to help.

Then looking in syslog I saw a lot of:

Jun 25 15:55:34 server kernel: [883159.006897] type=1400
audit(1372172134.934:1143): apparmor="DENIED" operation="open"
parent=25929 profile="/usr/bin/freshclam"
name="/etc/network/nameservers" pid=25930 comm="freshclam"
requested_mask="r" denied_mask="r" fsuid=107 ouid=0

So the issue is that apparmor is blocking freshclam?

After adding:

/etc/resolv.conf r,
/etc/network/nameservers r,

in:

/etc/apparmor.d/local/usr.bin.freshclam

freshclam updated fine!

Why dnsproxy didn't fix it I have no idea, but I'll remove it as I don't
seem to need it anyway.

Rgds

Denis McMahon

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

bonivart at opencsw

Jun 25, 2013, 8:37 AM

Post #21 of 26 (312 views)
Permalink

Re: Freshclam updates failing [In reply to]

On Tue, Jun 25, 2013 at 5:19 PM, Denis McMahon <denismfmcmahon [at] gmail> wrote:
> So the issue is that apparmor is blocking freshclam?
>
> After adding:
>
> /etc/resolv.conf r,
> /etc/network/nameservers r,
>
> in:
>
> /etc/apparmor.d/local/usr.bin.freshclam
>
> freshclam updated fine!

I asked you a few days ago "SELinux or similar?"...
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dennispe at inetnw

Jun 25, 2013, 12:07 PM

Post #22 of 26 (309 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 6/25/13 8:19:50AM, Denis McMahon wrote:

> I'm guessing that the interesting data here is:
>
> open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
>
> and
>
> sin_addr=inet_addr("127.0.0.1")}, 16) = 0
>
> which, at a guess, I'd say meant that freshclam had been unable to open
> /etc/resolv.conf to get a list of nameservers, was using localhost as a
> nameserver, and was getting nothing back from localhost?
>
> $ host current.cvd.clamav.net localhost
> ;; connection timed out; no servers could be reached
> $ host current.cvd.clamav.net 127.0.0.1
> ;; connection timed out; no servers could be reached
> $
>
> Tends to confirm the latter ....
>
> So I installed dnsproxy, that didn't seem to help.
>
> Then looking in syslog I saw a lot of:
>
> Jun 25 15:55:34 server kernel: [883159.006897] type=1400
> audit(1372172134.934:1143): apparmor="DENIED" operation="open"
> parent=25929 profile="/usr/bin/freshclam"
> name="/etc/network/nameservers" pid=25930 comm="freshclam"
> requested_mask="r" denied_mask="r" fsuid=107 ouid=0
>
> So the issue is that apparmor is blocking freshclam?
>
> After adding:
>
> /etc/resolv.conf r,
> /etc/network/nameservers r,
>
> in:
>
> /etc/apparmor.d/local/usr.bin.freshclam
>
> freshclam updated fine!
>
> Why dnsproxy didn't fix it I have no idea, but I'll remove it as I don't
> seem to need it anyway.
>
> Rgds
>
> Denis McMahon

This looks like Ubuntu which I don't have a version of or experience
with - I've never seen it in any production data centers I've worked in.
I didn't even know they made a server version :). I'm curious enough to
install it as a vm though. Freshclam is binding to the local interface.
That by itself is not a bad thing depending on what happens next (eg if
a proxy is present and working). What does your /etc/network/interfaces
file look like? Cloak IP's as needed.

SELinux has been mentioned and there may be a better test of that than
what you performed, but that is an Ubuntuism I'm not familiar with. I'm
also curious what your default route is as seen with netstat -rn and the
result of pinging current.cvd.clamav.net.

dp

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 25, 2013, 12:28 PM

Post #23 of 26 (309 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 25/06/13 20:07, Dennis Peterson wrote:
> On 6/25/13 8:19:50AM, Denis McMahon wrote:
>
>> I'm guessing that the interesting data here is:
>>
>> open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission
>> denied)
>>
>> and
>>
>> sin_addr=inet_addr("127.0.0.1")}, 16) = 0
>>
>> which, at a guess, I'd say meant that freshclam had been unable to open
>> /etc/resolv.conf to get a list of nameservers, was using localhost as a
>> nameserver, and was getting nothing back from localhost?
>>
>> $ host current.cvd.clamav.net localhost
>> ;; connection timed out; no servers could be reached
>> $ host current.cvd.clamav.net 127.0.0.1
>> ;; connection timed out; no servers could be reached
>> $
>>
>> Tends to confirm the latter ....
>>
>> So I installed dnsproxy, that didn't seem to help.
>>
>> Then looking in syslog I saw a lot of:
>>
>> Jun 25 15:55:34 server kernel: [883159.006897] type=1400
>> audit(1372172134.934:1143): apparmor="DENIED" operation="open"
>> parent=25929 profile="/usr/bin/freshclam"
>> name="/etc/network/nameservers" pid=25930 comm="freshclam"
>> requested_mask="r" denied_mask="r" fsuid=107 ouid=0
>>
>> So the issue is that apparmor is blocking freshclam?
>>
>> After adding:
>>
>> /etc/resolv.conf r,
>> /etc/network/nameservers r,
>>
>> in:
>>
>> /etc/apparmor.d/local/usr.bin.freshclam
>>
>> freshclam updated fine!
>>
>> Why dnsproxy didn't fix it I have no idea, but I'll remove it as I don't
>> seem to need it anyway.
>>
>> Rgds
>>
>> Denis McMahon
>
> This looks like Ubuntu which I don't have a version of or experience
> with - I've never seen it in any production data centers I've worked in.
> I didn't even know they made a server version :). I'm curious enough to
> install it as a vm though. Freshclam is binding to the local interface.
> That by itself is not a bad thing depending on what happens next (eg if
> a proxy is present and working). What does your /etc/network/interfaces
> file look like? Cloak IP's as needed.

It is, and they do, although this server is only hosting a couple of
sites and is running in a domestic environment.

> SELinux has been mentioned and there may be a better test of that than
> what you performed, but that is an Ubuntuism I'm not familiar with. I'm
> also curious what your default route is as seen with netstat -rn and the
> result of pinging current.cvd.clamav.net.

$ cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.254
dns-nameservers 192.168.1.254 158.152.1.43 8.8.8.8

$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
$ ping current.cvd.clamav.net
ping: unknown host current.cvd.clamav.net
$ host current.cvd.clamav.net
$ host -t txt current.cvd.clamav.net
current.cvd.clamav.net descriptive text
"0.97.8:54:17414:1372184941:1:63:40666:214"
$

Rgds

Denis McMahon

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

dennispe at inetnw

Jun 25, 2013, 5:43 PM

Post #24 of 26 (309 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 6/25/13 12:28:39PM, Denis McMahon wrote:
> $ ping current.cvd.clamav.net
> ping: unknown host current.cvd.clamav.net
My error - that should have been ping database.clamav.net. I blame my
cut/paster :). I've installed Ubuntu server and can't replicate (yet)
your error.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

denismfmcmahon at gmail

Jun 26, 2013, 3:14 AM

Post #25 of 26 (306 views)
Permalink

Re: Freshclam updates failing [In reply to]

On 26/06/13 01:43, Dennis Peterson wrote:
> On 6/25/13 12:28:39PM, Denis McMahon wrote:
>> $ ping current.cvd.clamav.net
>> ping: unknown host current.cvd.clamav.net
> My error - that should have been ping database.clamav.net. I blame my
> cut/paster :). I've installed Ubuntu server and can't replicate (yet)
> your error.

OK - I'm using static IP on the server, and /etc/resolv.conf points to
/etc/network/nameservers, on the dynamic IP Ubuntu client
/etc/resolv.conf points to ../run/resolvconf/resolv.conf (which is
actually /run/resolvconf/resolv.conf)

Not sure how much difference this makes.

Rgds

Denis McMahon

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads