Since updating to 0.9x I have noticed that from time to time after a cdiff update via freshclam, clamd reports a much smaller value for the number of signatures than freshclam. Some number of updates later the two then match again.
Can someone explain what is happening here? Freshclam is correctly downloading the updates, there are no apparent checksum errors. Below is a case where clamd sees fewer signatures than freshclam: Apr 3 04:40:34 ickx freshclam[815]: Received signal: wake up Apr 3 04:40:34 ickx freshclam[815]: ClamAV update process started at Tue Apr 3 04:40:33 2007 Apr 3 04:40:34 ickx freshclam[815]: main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Apr 3 04:40:34 ickx freshclam[815]: Downloading daily-3003.cdiff [100%] Apr 3 04:40:34 ickx freshclam[815]: daily.inc updated (version: 3003, sigs: 21500, f-level: 14, builder: ccordes) Apr 3 04:40:34 ickx freshclam[815]: Database updated (105451 signatures) from db.gb.clamav.net (IP: 195.92.99.99) Apr 3 04:40:34 ickx freshclam[815]: Clamd successfully notified about the update. Apr 3 04:40:34 ickx freshclam[815]: -------------------------------------- Apr 3 04:45:01 ickx clamd[806]: Reading databases from /var/lib/clamav Apr 3 04:45:03 ickx clamd[806]: Database correctly reloaded (90875 signatures) Here is a case where the two programs both see the same number: Apr 5 19:22:11 ickx freshclam[815]: Received signal: wake up Apr 5 19:22:11 ickx freshclam[815]: ClamAV update process started at Thu Apr 5 19:22:11 2007 Apr 5 19:22:12 ickx freshclam[815]: main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder: tkojm) Apr 5 19:22:12 ickx freshclam[815]: getfile: daily-3022.cdiff not found on remote server (IP: 163.1.3.8) Apr 5 19:22:12 ickx freshclam[815]: getpatch: Can't download daily-3022.cdiff from db.gb.clamav.net Apr 5 19:22:12 ickx freshclam[815]: Downloading daily-3022.cdiff [100%] Apr 5 19:22:12 ickx freshclam[815]: daily.inc updated (version: 3022, sigs: 22337, f-level: 14, builder: sven) Apr 5 19:22:12 ickx freshclam[815]: Database updated (106288 signatures) from db.gb.clamav.net (IP: 193.19.98.136) Apr 5 19:22:12 ickx freshclam[815]: Clamd successfully notified about the update. Apr 5 19:22:12 ickx freshclam[815]: -------------------------------------- Apr 5 19:25:13 ickx clamd[806]: Reading databases from /var/lib/clamav Apr 5 19:25:27 ickx clamd[806]: Database correctly reloaded (106288 signatures) Apr 5 19:27:26 ickx clamd[806]: SelfCheck: Database status OK. I'd like to understand whether this means that clamd is rejecting perfectly good signatures. FYI I'm using self-built rpms for a machine running RH9. Thanks. -- Brian Morrison bdm at fenrir dot org dot uk "Arguing with an engineer is like wrestling with a pig in the mud; after a while you realize you are muddy and the pig is enjoying it." GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html