Since updating to 0.9x I have noticed that from time to time after a
cdiff update via freshclam, clamd reports a much smaller value for the
number of signatures than freshclam. Some number of updates later
the two then match again.
Can someone explain what is happening here? Freshclam is correctly
downloading the updates, there are no apparent checksum errors.
Below is a case where clamd sees fewer signatures than freshclam:
Apr 3 04:40:34 ickx freshclam[815]: Received signal: wake up
Apr 3 04:40:34 ickx freshclam[815]: ClamAV update process started at Tue Apr
3 04:40:33 2007
Apr 3 04:40:34 ickx freshclam[815]: main.cvd is up to date (version: 42, sigs:
83951, f-level: 10, builder: tkojm)
Apr 3 04:40:34 ickx freshclam[815]: Downloading daily-3003.cdiff [100%]
Apr 3 04:40:34 ickx freshclam[815]: daily.inc updated (version: 3003, sigs:
21500, f-level: 14, builder: ccordes)
Apr 3 04:40:34 ickx freshclam[815]: Database updated (105451 signatures) from
db.gb.clamav.net (IP: 195.92.99.99)
Apr 3 04:40:34 ickx freshclam[815]: Clamd successfully notified about the
update.
Apr 3 04:40:34 ickx freshclam[815]: --------------------------------------
Apr 3 04:45:01 ickx clamd[806]: Reading databases from /var/lib/clamav
Apr 3 04:45:03 ickx clamd[806]: Database correctly reloaded (90875 signatures)
Here is a case where the two programs both see the same number:
Apr 5 19:22:11 ickx freshclam[815]: Received signal: wake up
Apr 5 19:22:11 ickx freshclam[815]: ClamAV update process started at Thu Apr
5 19:22:11 2007
Apr 5 19:22:12 ickx freshclam[815]: main.cvd is up to date (version: 42, sigs:
83951, f-level: 10, builder: tkojm)
Apr 5 19:22:12 ickx freshclam[815]: getfile: daily-3022.cdiff not found on
remote server (IP: 163.1.3.8)
Apr 5 19:22:12 ickx freshclam[815]: getpatch: Can't download daily-3022.cdiff
from db.gb.clamav.net
Apr 5 19:22:12 ickx freshclam[815]: Downloading daily-3022.cdiff [100%]
Apr 5 19:22:12 ickx freshclam[815]: daily.inc updated (version: 3022, sigs:
22337, f-level: 14, builder: sven)
Apr 5 19:22:12 ickx freshclam[815]: Database updated (106288 signatures) from
db.gb.clamav.net (IP: 193.19.98.136)
Apr 5 19:22:12 ickx freshclam[815]: Clamd successfully notified about the
update.
Apr 5 19:22:12 ickx freshclam[815]: --------------------------------------
Apr 5 19:25:13 ickx clamd[806]: Reading databases from /var/lib/clamav
Apr 5 19:25:27 ickx clamd[806]: Database correctly reloaded (106288
signatures)
Apr 5 19:27:26 ickx clamd[806]: SelfCheck: Database status OK.
I'd like to understand whether this means that clamd is rejecting
perfectly good signatures.
FYI I'm using self-built rpms for a machine running RH9.
Thanks.
--
Brian Morrison
bdm at fenrir dot org dot uk
"Arguing with an engineer is like wrestling with a pig in the mud;
after a while you realize you are muddy and the pig is enjoying it."
GnuPG key ID DE32E5C5 - http://wwwkeys.uk.pgp.net/pgpnet/wwwkeys.html
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
