Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to download diff db files #1405

Open
asark67 opened this issue Nov 13, 2024 · 5 comments
Open

Unable to download diff db files #1405

asark67 opened this issue Nov 13, 2024 · 5 comments

Comments

@asark67
Copy link

asark67 commented Nov 13, 2024

When freshclam is running it is unable to reach the diff files:

--------------------------------------
freshclam daemon 1.0.6 (OS: Linux, ARCH: x86_64, CPU: x86_64)
ClamAV update process started at Wed Nov 13 22:58:39 2024
daily database available for update (local version: 26951, remote version: 27457)
WARNING: downloadFile: file not found: https://database.clamav.net/daily-26952.cdiff
WARNING: downloadPatch: Can't download daily-26952.cdiff from https://database.clamav.net/daily-26952.cdiff
WARNING: downloadFile: file not found: https://database.clamav.net/daily-26952.cdiff
WARNING: downloadPatch: Can't download daily-26952.cdiff from https://database.clamav.net/daily-26952.cdiff
WARNING: downloadFile: file not found: https://database.clamav.net/daily-26952.cdiff
WARNING: downloadPatch: Can't download daily-26952.cdiff from https://database.clamav.net/daily-26952.cdiff
WARNING: Incremental update failed, trying to download daily.cvd
Testing database: '/opt/zimbra/data/clamav/db/tmp.c6c4bde2c0/clamav-71471ba8e88d7cef2c3289b824b9a580.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 27457, sigs: 2067892, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for update (local version: 334, remote version: 335)
Testing database: '/opt/zimbra/data/clamav/db/tmp.c6c4bde2c0/clamav-186b71904808f37c645f8065a09869ff.tmp-bytecode.cld' ...
Database test passed.
bytecode.cld updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
Clamd successfully notified about the update.

If I run a curl command from the same server I get:

curl -v https://database.clamav.net/daily-26952.cdiff
*   Trying 104.16.219.84...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=database.clamav.net
*  start date: Oct  8 10:45:45 2024 GMT
*  expire date: Jan  6 10:45:44 2025 GMT
*  subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* Using Stream ID: 1 (easy handle 0x55f339c38710)
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET /daily-26952.cdiff HTTP/2
> Host: database.clamav.net
> User-Agent: curl/7.61.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
* TLSv1.3 (OUT), TLS app data, [no content] (0):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/2 403
< date: Wed, 13 Nov 2024 23:23:27 GMT
< content-type: text/html; charset=UTF-8
< content-length: 4512
< x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
< cache-control: max-age=15
< expires: Wed, 13 Nov 2024 23:23:42 GMT
< set-cookie: __cf_bm=DM1pnr9.1BGs81K.A8P4CWowFtnF_4z9G0ma0gXwmec-1731540207-1.0.1.1-A_tXEgYYCtZFHofWgVW3ebKUozONtMyLcUUBSr9IAuftW_rAOOuEdYWyNnjzozFwxO5uZQUn8smogOeDFa.2mw; path=/; expires=Wed, 13-Nov-24 23:53:27 GMT; domain=.clamav.net; HttpOnly; Secure; SameSite=None
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 8e22827bda1f94b7-LHR
<
* TLSv1.3 (IN), TLS app data, [no content] (0):
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>


<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->


</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
* TLSv1.3 (IN), TLS app data, [no content] (0):
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> clamav.net</h2>
      </div><!-- /.header -->

      <div class="cf-section cf-highlight">
        <div class="cf-wrapper">
          <div class="cf-screenshot-container cf-screenshot-full">

              <span class="cf-no-screenshot error"></span>

          </div>
        </div>
      </div><!-- /.captcha-container -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>

            <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>

* TLSv1.3 (IN), TLS app data, [no content] (0):
            <p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
          </div>
        </div>
      </div><!-- /.section -->

      <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8e22827bda1f94b7</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
      Your IP:
      <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
      <span class="hidden" id="cf-footer-ip">88.97.91.208</span>
      <span class="cf-footer-separator sm:hidden">&bull;</span>
    </span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>

  </p>
* TLSv1.3 (IN), TLS app data, [no content] (0):
  <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->


    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->

  <script>
  window._cf_translation = {};


</script>

</body>
</html>
* TLSv1.3 (IN), TLS app data, [no content] (0):
* Connection #0 to host database.clamav.net left intact
@micahsnyder
Copy link
Contributor

We only keep the last 90 days worth of diff files on the server. If your local database version is significantly older, then the diff download will fail and you'll have to download the whole database.

In this case I see you're updating from: 26951
to: 27457

So that makes sense.

You should hold on to your databases for update from day to day rather than update a new install from scratch every day, so it should only happen the once.

@micahsnyder
Copy link
Contributor

Also - we explicitly only allow downloads from freshclam or cvdupdate programs becaue they have features to check if an update is actually required in order to save bandwidth. Programs like wget, curl, firefox, etc are intentionally blocked.

@jimsmith
Copy link

jimsmith commented Dec 2, 2024
edited
Loading

Fresh new clamav and clamav-daemon installed onto Ubuntu 18.04.6 LTS (x86_64) using apt (so no compliation here)

Using freshclam is not able to receive updates I note the use of curl is intentionally blocked I have used this to show that the machine is able to carry out DNS lookup and then the cloudflare blocked response is shown :

$ sudo /usr/bin/freshclam  --verbose --debug
Mon Dec  2 15:28:11 2024 -> --------------------------------------
Mon Dec  2 15:28:11 2024 -> Current working dir is /var/lib/clamav/
Mon Dec  2 15:28:11 2024 -> *Current working dir is /var/lib/clamav/
Mon Dec  2 15:28:11 2024 -> *Loaded freshclam.dat:
Mon Dec  2 15:28:11 2024 -> Loaded freshclam.dat:
Mon Dec  2 15:28:11 2024 ->   version:    1
Mon Dec  2 15:28:11 2024 -> *  version:    1
Mon Dec  2 15:28:11 2024 -> *  uuid:       b0ecd6f2-ed1c-401a-a17e-f882d6b0f9dd
Mon Dec  2 15:28:11 2024 ->   uuid:       b0ecd6f2-ed1c-401a-a17e-f882d6b0f9dd
Mon Dec  2 15:28:11 2024 -> ClamAV update process started at Mon Dec  2 15:28:11 2024
Mon Dec  2 15:28:11 2024 -> ClamAV update process started at Mon Dec  2 15:28:11 2024
Mon Dec  2 15:28:11 2024 -> *Current working dir is /var/lib/clamav/
Mon Dec  2 15:28:11 2024 -> Current working dir is /var/lib/clamav/
Mon Dec  2 15:28:11 2024 -> *Querying current.cvd.clamav.net
Mon Dec  2 15:28:11 2024 -> Querying current.cvd.clamav.net
Mon Dec  2 15:28:11 2024 -> ^Can't query current.cvd.clamav.net
Mon Dec  2 15:28:11 2024 -> WARNING: Can't query current.cvd.clamav.net
Mon Dec  2 15:28:11 2024 -> ^Invalid DNS reply. Falling back to HTTP mode.
Mon Dec  2 15:28:11 2024 -> WARNING: Invalid DNS reply. Falling back to HTTP mode.
Mon Dec  2 15:28:11 2024 -> *Current working dir is /var/lib/clamav/
Mon Dec  2 15:28:11 2024 -> Current working dir is /var/lib/clamav/
Mon Dec  2 15:28:11 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:11 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:11 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:11 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:11 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:11 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:11 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:11 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:11 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:11 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:11 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:11 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:11 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:11 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:11 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:11 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:16 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:16 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:16 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:16 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:16 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:16 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:16 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:16 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:16 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:16 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:16 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:16 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:16 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:16 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:16 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:16 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:21 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:21 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:21 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:21 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:21 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:21 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:21 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:21 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:21 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:21 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:21 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:21 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:21 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:21 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:21 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:21 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:26 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:26 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:26 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:26 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:26 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:26 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:26 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:26 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:26 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:26 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:26 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:26 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:26 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:26 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:26 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:26 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:31 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:31 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:31 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:31 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:31 2024 -> !remote_cvdhead: Download failed (6) Mon Dec  2 15:28:31 2024 -> ERROR: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:31 2024 -> ! Message: Couldn't resolve host name
Mon Dec  2 15:28:31 2024 -> ERROR:  Message: Couldn't resolve host name
Mon Dec  2 15:28:31 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:31 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:31 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:31 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:31 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:31 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:31 2024 -> Giving up on https://database.clamav.net...
Mon Dec  2 15:28:31 2024 -> Giving up on https://database.clamav.net...
Mon Dec  2 15:28:31 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:31 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:31 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:31 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:31 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:31 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:31 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:31 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:31 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:31 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:31 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:31 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:31 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:31 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:31 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:31 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:36 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:36 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:36 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:36 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:36 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:36 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:36 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:36 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:36 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:36 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:36 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:36 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:36 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:36 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:36 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:36 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:41 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:41 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:41 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:41 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:41 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:41 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:41 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:41 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:41 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:41 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:41 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:41 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:41 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:41 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:41 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:41 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:46 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:46 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:46 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:46 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:46 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:28:46 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:46 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:28:46 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:28:46 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:46 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:46 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:46 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:46 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:46 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:46 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:46 2024 -> Trying again in 5 secs...
Mon Dec  2 15:28:51 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:51 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:28:51 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:28:51 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:28:51 2024 -> !remote_cvdhead: Download failed (6) Mon Dec  2 15:28:51 2024 -> ERROR: remote_cvdhead: Download failed (6) Mon Dec  2 15:28:51 2024 -> ! Message: Couldn't resolve host name
Mon Dec  2 15:28:51 2024 -> ERROR:  Message: Couldn't resolve host name
Mon Dec  2 15:28:51 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:51 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:28:51 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:51 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:28:51 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:28:51 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:28:51 2024 -> Giving up on https://database.clamav.net...
Mon Dec  2 15:28:51 2024 -> Giving up on https://database.clamav.net...
Mon Dec  2 15:28:51 2024 -> !Update failed for database: daily
Mon Dec  2 15:28:51 2024 -> ERROR: Update failed for database: daily
Mon Dec  2 15:28:51 2024 -> !Database update process failed: HTTP GET failed
Mon Dec  2 15:28:51 2024 -> ERROR: Database update process failed: HTTP GET failed
Mon Dec  2 15:28:51 2024 -> !Update failed.
Mon Dec  2 15:28:51 2024 -> ERROR: Update failed.

$ nslookup current.cvd.clamav.net
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
*** Can't find current.cvd.clamav.net: No answer

$ nslookup database.clamav.net
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
database.clamav.net     canonical name = database.clamav.net.cdn.cloudflare.net.
Name:   database.clamav.net.cdn.cloudflare.net
Address: 104.16.218.84
Name:   database.clamav.net.cdn.cloudflare.net
Address: 104.16.219.84
Name:   database.clamav.net.cdn.cloudflare.net
Address: 2606:4700::6810:db54
Name:   database.clamav.net.cdn.cloudflare.net
Address: 2606:4700::6810:da54

curl -v https://database.clamav.net/daily.cvd
*   Trying 104.16.218.84...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.218.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=database.clamav.net
*  start date: Oct  8 10:45:45 2024 GMT
*  expire date: Jan  6 10:45:44 2025 GMT
*  subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* Using Stream ID: 1 (easy handle 0x55ef41441620)
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET /daily.cvd HTTP/2
> Host: database.clamav.net
> User-Agent: curl/7.58.0
> Accept: */*
> 
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/2 403 
< date: Mon, 02 Dec 2024 15:30:24 GMT
< content-type: text/html; charset=UTF-8
< content-length: 4513
< x-frame-options: SAMEORIGIN
< referrer-policy: same-origin
< cache-control: max-age=15
< expires: Mon, 02 Dec 2024 15:30:39 GMT
< set-cookie: __cf_bm=5QbeZs9mzFdKlpb5iW1Zdz9Y.xoJTfRFAZSzJmKgjfc-1733153424-1.0.1.1-6gLVx95PSxr5Wp_3Fub.F4NPLDlTfFjRBlqwDnKNyKOZdOUFBuMslN_.h_u.o7C3aKmLqpkYzz.yy7yY87trWA; path=/; expires=Mon, 02-Dec-24 16:00:24 GMT; domain=.clamav.net; HttpOnly; Secure; SameSite=None
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 8ebc5ba99ed75c5b-EDI
< 
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]>    <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]>    <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<head>
<title>Attention Required! | Cloudflare</title>
<meta charset="UTF-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=Edge" />
<meta name="robots" content="noindex, nofollow" />
<meta name="viewport" content="width=device-width,initial-scale=1" />
<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />
<!--[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->
<style>body{margin:0;padding:0}</style>


<!--[if gte IE 10]><!-->
<script>
  if (!navigator.cookieEnabled) {
    window.addEventListener('DOMContentLoaded', function () {
      var cookieEl = document.getElementById('cookie-alert');
      cookieEl.style.display = 'block';
    })
  }
</script>
<!--<![endif]-->


</head>
<body>
  <div id="cf-wrapper">
    <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
    <div id="cf-error-details" class="cf-error-details-wrapper">
      <div class="cf-wrapper cf-header cf-error-overview">
        <h1 data-translate="block_headline">Sorry, you have been blocked</h1>
        <h2 class="cf-subheadline"><span data-translate="unable_to_access">You are unable to access</span> clamav.net</h2>
      </div><!-- /.header -->

      <div class="cf-section cf-highlight">
        <div class="cf-wrapper">
          <div class="cf-screenshot-container cf-screenshot-full">
            
              <span class="cf-no-screenshot error"></span>
            
          </div>
        </div>
      </div><!-- /.captcha-container -->

      <div class="cf-section cf-wrapper">
        <div class="cf-columns two">
          <div class="cf-column">
            <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2>

            <p data-translate="blocked_why_detail">This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.</p>
          </div>

          <div class="cf-column">
            <h2 data-translate="blocked_resolve_headline">What can I do to resolve this?</h2>

* TLSv1.3 (IN), TLS Unknown, Unknown (23):
            <p data-translate="blocked_resolve_detail">You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.</p>
          </div>
        </div>
      </div><!-- /.section -->

      <div class="cf-error-footer cf-wrapper w-240 lg:w-full py-10 sm:py-4 sm:px-8 mx-auto text-center sm:text-left border-solid border-0 border-t border-gray-300">
  <p class="text-13">
    <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">8ebc5ba99ed75c5b</strong></span>
    <span class="cf-footer-separator sm:hidden">&bull;</span>
    <span id="cf-footer-item-ip" class="cf-footer-item hidden sm:block sm:mb-1">
      Your IP:
      <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button>
      <span class="hidden" id="cf-footer-ip">185.7.230.119</span>
      <span class="cf-footer-separator sm:hidden">&bull;</span>
    </span>
    <span class="cf-footer-item sm:block sm:mb-1"><span>Performance &amp; security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landing" id="brand_link" target="_blank">Cloudflare</a></span>
    
  </p>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
  <script>(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-ip").classList.remove("hidden")}))}var a=document;document.addEventListener&&a.addEventListener("DOMContentLoaded",d)})();</script>
</div><!-- /.error-footer -->


    </div><!-- /#cf-error-details -->
  </div><!-- /#cf-wrapper -->

  <script>
  window._cf_translation = {};
  
  
</script>

</body>
</html>
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
* Connection #0 to host database.clamav.net left intact
*

@jimsmith
Copy link

jimsmith commented Dec 2, 2024

Moving freshclam.dat to another name then re-running freshclam

:/var/lib/clamav$ ls -la 
total 16
drwxr-xr-x  2 clamav clamav 4096 Dec  2 15:39 .
drwxr-xr-x 53 root   root   4096 Dec  2 15:15 ..
-rw-r--r--  1 clamav clamav   69 Dec  2 15:39 freshclam.dat
-rw-r--r--  1 clamav clamav   69 Dec  2 15:15 freshclam.dat.original

:/var/lib/clamav$ diff freshclam.dat freshclam.dat.original 
Binary files freshclam.dat and freshclam.dat.original differ

$ sudo /usr/bin/freshclam  --verbose --debug
Mon Dec  2 15:39:01 2024 -> *Current working dir is /var/lib/clamav/
Mon Dec  2 15:39:01 2024 -> --------------------------------------
Mon Dec  2 15:39:01 2024 -> Current working dir is /var/lib/clamav/
Mon Dec  2 15:39:01 2024 -> *Can't open freshclam.dat in /var/lib/clamav
Mon Dec  2 15:39:01 2024 -> Can't open freshclam.dat in /var/lib/clamav
Mon Dec  2 15:39:01 2024 -> *It probably doesn't exist yet. That's ok.
Mon Dec  2 15:39:01 2024 -> It probably doesn't exist yet. That's ok.
Mon Dec  2 15:39:01 2024 -> *Failed to load freshclam.dat; will create a new freshclam.dat
Mon Dec  2 15:39:01 2024 -> Failed to load freshclam.dat; will create a new freshclam.dat
Mon Dec  2 15:39:01 2024 -> *Creating new freshclam.dat
Mon Dec  2 15:39:01 2024 -> Creating new freshclam.dat
Mon Dec  2 15:39:01 2024 -> *Saved freshclam.dat
Mon Dec  2 15:39:01 2024 -> Saved freshclam.dat
Mon Dec  2 15:39:01 2024 -> ClamAV update process started at Mon Dec  2 15:39:01 2024
Mon Dec  2 15:39:01 2024 -> ClamAV update process started at Mon Dec  2 15:39:01 2024
Mon Dec  2 15:39:01 2024 -> *Current working dir is /var/lib/clamav/
Mon Dec  2 15:39:01 2024 -> Current working dir is /var/lib/clamav/
Mon Dec  2 15:39:01 2024 -> *Querying current.cvd.clamav.net
Mon Dec  2 15:39:01 2024 -> Querying current.cvd.clamav.net
Mon Dec  2 15:39:01 2024 -> ^Can't query current.cvd.clamav.net
Mon Dec  2 15:39:01 2024 -> WARNING: Can't query current.cvd.clamav.net
Mon Dec  2 15:39:01 2024 -> ^Invalid DNS reply. Falling back to HTTP mode.
Mon Dec  2 15:39:01 2024 -> WARNING: Invalid DNS reply. Falling back to HTTP mode.
Mon Dec  2 15:39:01 2024 -> *Current working dir is /var/lib/clamav/
Mon Dec  2 15:39:01 2024 -> Current working dir is /var/lib/clamav/
Mon Dec  2 15:39:01 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:01 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:01 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:39:01 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:39:01 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:39:01 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:39:01 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:39:01 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:39:01 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:39:01 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:39:01 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:39:01 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:39:01 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:39:01 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:39:01 2024 -> Trying again in 5 secs...
Mon Dec  2 15:39:01 2024 -> Trying again in 5 secs...
Mon Dec  2 15:39:06 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:06 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:06 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:39:06 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:39:06 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:39:06 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:39:06 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:39:06 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:39:06 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:39:06 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:39:06 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:39:06 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:39:06 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:39:06 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:39:06 2024 -> Trying again in 5 secs...
Mon Dec  2 15:39:06 2024 -> Trying again in 5 secs...
Mon Dec  2 15:39:11 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:11 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:11 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:39:11 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net
* Closing connection 0
Mon Dec  2 15:39:11 2024 -> ^remote_cvdhead: Download failed (6) Mon Dec  2 15:39:11 2024 -> WARNING: remote_cvdhead: Download failed (6) Mon Dec  2 15:39:11 2024 -> WARNING:  Message: Couldn't resolve host name
Mon Dec  2 15:39:11 2024 -> ^ Message: Couldn't resolve host name
Mon Dec  2 15:39:11 2024 -> ^Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:39:11 2024 -> WARNING: Failed to get daily database version information from server: https://database.clamav.net
Mon Dec  2 15:39:11 2024 -> !check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:39:11 2024 -> ERROR: check_for_new_database_version: Failed to find daily database using server https://database.clamav.net.
Mon Dec  2 15:39:11 2024 -> *updatedb: daily database update failed.
Mon Dec  2 15:39:11 2024 -> Trying again in 5 secs...
Mon Dec  2 15:39:11 2024 -> updatedb: daily database update failed.
Mon Dec  2 15:39:11 2024 -> Trying again in 5 secs...
Mon Dec  2 15:39:16 2024 -> *check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:16 2024 -> check_for_new_database_version: No local copy of "daily" database.
Mon Dec  2 15:39:16 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
Mon Dec  2 15:39:16 2024 -> Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
* Could not resolve host: database.clamav.net

@jimsmith
Copy link

jimsmith commented Dec 2, 2024
edited
Loading

Update: After doing a deeper dive I was able to resolve freshclam the server I am using has a bespoke resolv.conf after adding an override to /etc/apparmor.d/local/usr.bin.freshclam

Dec  2 07:58:55 server kernel: [77659.861256] audit: type=1400 audit(1733126335.461:32): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache" name="/home/test/resolv.conf" pid=26124 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Dec  2 15:15:40 server kernel: [103864.486576] audit: type=1400 audit(1733152540.231:35): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache" name="/home/test/resolv.conf" pid=4982 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Dec  2 15:15:54 server kernel: [103879.122762] audit: type=1400 audit(1733152554.867:37): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=6282 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000
Dec  2 15:17:02 server kernel: [103947.081089] audit: type=1400 audit(1733152622.823:41): apparmor="DENIED" operation="open" profile="ubuntu_pro_esm_cache" name="/home/test/resolv.conf" pid=9043 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=1000
Dec  2 15:24:51 server kernel: [104415.435786] audit: type=1400 audit(1733153091.181:42): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=14744 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000
Dec  2 15:26:10 server kernel: [104494.779617] audit: type=1400 audit(1733153170.533:43): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=15271 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000
Dec  2 15:28:11 server kernel: [104615.622556] audit: type=1400 audit(1733153291.378:44): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=16140 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000
Dec  2 15:39:01 server kernel: [105265.774821] audit: type=1400 audit(1733153941.530:45): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=20808 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000
Dec  2 15:50:50 server kernel: [105974.262274] audit: type=1400 audit(1733154650.014:46): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=25841 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000
Dec  2 16:03:25 server kernel: [   18.086997] audit: type=1400 audit(1733155405.289:31): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/home/test/resolv.conf" pid=1527 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=115 ouid=1000

$ /usr/bin/freshclam -d --foreground=true
==> /var/log/clamav/freshclam.log <==
Mon Dec  2 16:33:24 2024 -> --------------------------------------
Mon Dec  2 16:33:24 2024 -> ClamAV update process started at Mon Dec  2 16:33:24 2024
Mon Dec  2 16:33:24 2024 -> freshclam daemon 0.103.8 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Dec  2 16:33:24 2024 -> ClamAV update process started at Mon Dec  2 16:33:24 2024
Mon Dec  2 16:33:24 2024 -> ^Your ClamAV installation is OUTDATED!
Mon Dec  2 16:33:24 2024 -> ^Local version: 0.103.8 Recommended version: 0.103.12
Mon Dec  2 16:33:24 2024 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Mon Dec  2 16:33:24 2024 -> WARNING: Your ClamAV installation is OUTDATED!
Mon Dec  2 16:33:24 2024 -> WARNING: Local version: 0.103.8 Recommended version: 0.103.12
Mon Dec  2 16:33:24 2024 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
Mon Dec  2 16:33:24 2024 -> daily database available for download (remote version: 27475)
Mon Dec  2 16:33:24 2024 -> daily database available for download (remote version: 27475)
Time:    0.7s, ETA:    0.0s [========================>]   61.33MiB/61.33MiB
Mon Dec  2 16:33:26 2024 -> Testing database: '/var/lib/clamav/tmp.4305e02f38/clamav-7d2c0ec22371ec0ed5e615a9d3d8f52b.tmp-daily.cvd' ...
Mon Dec  2 16:33:26 2024 -> Testing database: '/var/lib/clamav/tmp.4305e02f38/clamav-7d2c0ec22371ec0ed5e615a9d3d8f52b.tmp-daily.cvd' ..

cat clamav.log 
Mon Dec  2 16:35:29 2024 -> +++ Started at Mon Dec  2 16:35:29 2024
Mon Dec  2 16:35:29 2024 -> Received 0 file descriptor(s) from systemd.
Mon Dec  2 16:35:29 2024 -> clamd daemon 0.103.8 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Mon Dec  2 16:35:29 2024 -> Log file size limited to 10485760 bytes.
Mon Dec  2 16:35:29 2024 -> Reading databases from /var/lib/clamav
Mon Dec  2 16:35:29 2024 -> Not loading PUA signatures.
Mon Dec  2 16:35:29 2024 -> Bytecode: Security mode set to "TrustSigned".
Mon Dec  2 16:35:54 2024 -> Loaded 8700441 signatures.
Mon Dec  2 16:36:01 2024 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Dec  2 16:36:01 2024 -> LOCAL: Setting connection queue length to 200
Mon Dec  2 16:36:01 2024 -> Limits: Global time limit set to 120000 milliseconds.
Mon Dec  2 16:36:01 2024 -> Limits: Global size limit set to 419430400 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: File size limit set to 104857600 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: Recursion level limit set to 17.
Mon Dec  2 16:36:01 2024 -> Limits: Files limit set to 10000.
Mon Dec  2 16:36:01 2024 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Mon Dec  2 16:36:01 2024 -> Limits: MaxPartitions limit set to 50.
Mon Dec  2 16:36:01 2024 -> Limits: MaxIconsPE limit set to 100.
Mon Dec  2 16:36:01 2024 -> Limits: MaxRecHWP3 limit set to 16.
Mon Dec  2 16:36:01 2024 -> Limits: PCREMatchLimit limit set to 100000.
Mon Dec  2 16:36:01 2024 -> Limits: PCRERecMatchLimit limit set to 2000.
Mon Dec  2 16:36:01 2024 -> Limits: PCREMaxFileSize limit set to 104857600.
Mon Dec  2 16:36:01 2024 -> Archive support enabled.
Mon Dec  2 16:36:01 2024 -> AlertExceedsMax heuristic detection disabled.
Mon Dec  2 16:36:01 2024 -> Heuristic alerts enabled.
Mon Dec  2 16:36:01 2024 -> Portable Executable support enabled.
Mon Dec  2 16:36:01 2024 -> ELF support enabled.
Mon Dec  2 16:36:01 2024 -> Alerting on broken executables enabled.
Mon Dec  2 16:36:01 2024 -> Media (Graphics) Format Validatation enabled
Mon Dec  2 16:36:01 2024 -> Mail files support disabled.
Mon Dec  2 16:36:01 2024 -> OLE2 support enabled.
Mon Dec  2 16:36:01 2024 -> PDF support enabled.
Mon Dec  2 16:36:01 2024 -> SWF support enabled.
Mon Dec  2 16:36:01 2024 -> HTML support enabled.
Mon Dec  2 16:36:01 2024 -> XMLDOCS support enabled.
Mon Dec  2 16:36:01 2024 -> HWP3 support enabled.
Mon Dec  2 16:36:01 2024 -> Raw DMG: Alert on partitions intersections
Mon Dec  2 16:36:01 2024 -> Heuristic: precedence enabled
Mon Dec  2 16:36:01 2024 -> Self checking every 3600 seconds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jimsmith @micahsnyder @asark67