Hi there, On Fri, 25 Feb 2022, fergus mcmenemie wrote:
Hi - first posting here
Welcome. :)
Brand new install of clamav ...
Exactly which version, installed from what (package, tarball, ...)?
first thing I ran was "sudo freshclam" which gave the following.
So I assume it's Linux, but which distribution/version? They aren't all created equal when it come to certificates. :/
... WARNING: Download failed (60) WARNING: Message: SSL peer certificate or SSH remote key was not OK ...
This happens only occasionally. It's most unlikely to be a problem at the servers because if it were, this list would quickly go ballistic.
... openssl s_client -connect database.clamav.net:443 ... Looks like the cert expired months ago. .... Or am I doing something wrong. Is there an alternate mirror I can try. I am UK based.
Don't worry about that. I'm using the same mirrors. It's a content delivery network so there's only one name but many servers. I see the same here but updates work OK, as they do for many thousands of other users. I feel sure the problem is certificate-related, at your end. There are a few possibilities. First check that your system time and date are accurate. For keeping it right automatically my experience is that the best results are from chrony, but ntpd is an alternative. By 'best' I mean least aggravation, not necessarily most accurate - a few milliseconds is more than good enough for anything I do but it's seemed to me that chronyd copes better with e.g. breaks in connection even if it doesn't offer nanosecond precision. If (as is likely) the corrrect time wasn't an issue look at for example https://www.mail-archive.com/clamav-users@lists.clamav.net/msg48856.html https://yhetil.org/guix-user/877dyw4i2g.fsf@nckx/t/ https://github.com/Cisco-Talos/clamav/issues/404 https://community.cloudflare.com/t/clamav-freshclam-cannot-download-any-file-using-cloudflare-inc-ecc-ca-3-certificate-due-to-a-cookie-alert/252406/9 https://github.com/solita/clamav-rest/issues/25 https://stackoverflow.com/questions/24372942/ssl-error-unable-to-get-local-issuer-certificate and if nothing there helps please get back to us. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml