On Mon, Aug 13, 2012 at 5:53 AM, Ильяс Досхожаев <teriyaki...@mail.ru>wrote:
> > i updated clamav to last 0.97.5 on debian , nevertheless it show error > #freshclam > ClamAV update process started at Mon Aug 13 15:49:41 2012 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.97.3 Recommended version: 0.97.5 > DON'T PANIC! Read http://www.clamav.net/support/faq > main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: > sven) > WARNING: Can't download daily.cvd from 10.2.3.21 > Trying again in 5 secs... > ............... > > Is it ok? > > > Sun, 12 Aug 2012 21:45:54 -0700 от Al Varnell <alvarn...@mac.com>: > > > > > > > > > > > > > > >On 8/12/12 9:01 PM, "Ильяс Досхожаев" <teriyaki...@mail.ru> wrote: > > > > > > I created local repository on 80 port of my server so other servers > which have > > > > no internet access could update from there and put files main.cvd, > > > > daily.cvd, bytecode.cvd om local repository and made one server to > update from > > > > local repository. > > > > > > > > > Then you must modify freshclam.conf with "ScriptedUpdates no" on each > > > client. > > > > > -Al- > > > > > > -- > > > Al Varnell > > > Mountain View, CA > > > > > > > > > _______________________________________________ > > > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > >http://www.clamav.net/support/ml > > > > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > >> WARNING: Can't download daily.cvd from 10.2.3.21 freshclam is complaining that it cannot get the CVD file from your private mirror. Since you are forcing the client servers to check only your private mirror, that is not okay. There is no other mirror it can try. I doubt we can help with that, but your web logs on 10.2.3.21 should show the servers requesting the CVD files. If you do not see any web requests for daily.cvd in the web logs on the mirror, then you have a firewall or network or interface issue to fight. If the requests are in the log, it could be conflicting with your own CVD update scripts. I can tell you that your first log in this thread did show a successful download and update of daily.cvd. >> daily.cvd updated (version: 15227, sigs: 250068, f-level: 63, builder: guitar) From a protection perspective, lines like these are what you want to see on your servers. I know the warnings about the diff file attempts in that first log are noisy, but the full download did lead to a successful update. Al was right about turning off the patch checks with the ScriptedUpdate setting in your client config. Dave R. -- --- Dave Raynor Sourcefire Vulnerability Research Team dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
