On Thu, 29 Jul 2021, Asenova, Elia via clamav-users wrote:
Thanks for the replies. Yes, deleting daily.cld fixed the
problem. My concern is that I'm building a docker image with clamav
inside it and I have to delete daily.cld on every new build if I
want freshclam to work correctly the first time. About the
subsequent runs when I tried to run freshclam on two different pods
after image deploy, daily.cld was updated to the latest version only
on one of them. These are the logs for both pods:
#1st pod (successful update):
Connecting via dnat.genesaas.io
ClamAV update process started at Thu Jul 29 08:54:30 2021
daily database available for update (local version: 26231, remote version:
26246)
Current database is 15 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 21.8s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Testing database:
'/var/lib/clamav/tmp.98ba2d17af/clamav-474d295bd3248aa18d6abaf0dc93f952.tmp-daily.cvd'
...
Database test passed.
daily.cvd updated (version: 26246, sigs: 1964581, f-level: 90, builder: raynman)
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90,
builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63,
builder: awillia2)
Start with daily 26233 (or better whatever is the latest today) and main 61.
By starting with daily 26231 and main 59 you immediately have to do a major
(once in maybe six months) update.
As Matus and Ged have suggested, you should not need to install the
database on each docker instance.
Unless you have a large anti-virus farm, you don't even need to *run* the
d clam daemon on every VM. Start up a single remote clamd server and the
other VMs can pass their scans to your clamd server with clamdscan.
2nd pod (unsuccessful update):
Connecting via dnat.genesaas.io
ClamAV update process started at Thu Jul 29 09:14:16 2021
daily database available for update (local version: 26231, remote version:
26247)
Current database is 16 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 26.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Received an older daily CVD than was advertised. We'll retry so the incremental
update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version:
26247)
Current database is 16 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 28.0s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Received an older daily CVD than was advertised. We'll retry so the incremental
update will ensure we're up-to-date.
daily database available for update (local version: 26231, remote version:
26247)
Current database is 16 versions behind.
Downloading database patch # 26232...
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Time: 25.5s, ETA: 0.0s [========================>] 54.95MiB/54.95MiB
Received an older daily CVD than was advertised. We'll retry so the incremental
update will ensure we're up-to-date.
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90,
builder: sigmgr)
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63,
builder: awillia2)
What might be the reason of this inconsistent behavior?
From those logs it appears that daily 26247 was advertised between the two runs,
but had't reach the mirror that you downloaded from.
And about the ReceiveTimeout this is what I have in freshclam.conf:
# Maximum time in seconds for each download operation. 0 means no timeout.
# Default: 0
#ReceiveTimeout 1800
So, it should have no timeout, right?
I would add a line
ReceiveTimeout 0
to be sure. Sometimes the commented out line reflects that actual default.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
