Re: Sebastian Andrzej Siewior 2019-12-11 <20191211141451.tn2u64ssgarpgz25@flow> > > The test fails in my sid chroot as well because freshclam can't > > download the database, /var/lib/clamav/ is empty except for a "tmp" > > directory. > > Do you have a special inet setup? Kind of web proxy or something like > that.
Nothing special, and the test started failing on ci.debian.net as well as in my local sid chroot. > Could you start `freshclam' by hand with --verbose (not sure if --debug > works) and provide more output? It appears that the version downloaded > is one less than available and that is where things go south. In the sid chroot, with an empty /var/lib/clamav/: $ sudo -u clamav freshclam --verbose Wed Dec 18 11:56:09 2019 -> ClamAV update process started at Wed Dec 18 11:56:09 2019 Wed Dec 18 11:56:09 2019 -> *Current working dir is /var/lib/clamav/ Wed Dec 18 11:56:09 2019 -> *Querying current.cvd.clamav.net Wed Dec 18 11:56:09 2019 -> *TTL: 503 Wed Dec 18 11:56:09 2019 -> *fc_dns_query_update_info: Software version from DNS: 0.102.1 Wed Dec 18 11:56:09 2019 -> *Current working dir is /var/lib/clamav/ Wed Dec 18 11:56:09 2019 -> *check_for_new_database_version: No local copy of "daily" database. Wed Dec 18 11:56:09 2019 -> *query_remote_database_version: daily.cvd version from DNS: 25667 Wed Dec 18 11:56:09 2019 -> daily database available for download (remote version: 25667) Wed Dec 18 11:56:09 2019 -> *Retrieving https://database.clamav.net/daily.cvd Wed Dec 18 11:56:09 2019 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd Wed Dec 18 11:56:09 2019 -> *downloadFile: Download destination: /var/lib/clamav/tmp/clamav-88ed61b7591f35acdee87b5b900326e2.tmp * Trying 2606:4700::6810:db54:443... * TCP_NODELAY set * Connected to database.clamav.net (2606:4700::6810:db54) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com * start date: Aug 24 00:00:00 2019 GMT * expire date: Mar 1 23:59:59 2020 GMT * subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x561ac8280980) > GET /daily.cvd HTTP/2 Host: database.clamav.net user-agent: ClamAV/0.102.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) accept: */* connection: close * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS == 256)! < HTTP/2 200 < date: Wed, 18 Dec 2019 10:56:10 GMT < content-type: application/octet-stream < content-length: 55374037 < set-cookie: __cfduid=da44da730a0bfc7a34a8990f54f1610a41576666570; expires=Fri, 17-Jan-20 10:56:10 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax < last-modified: Tue, 17 Dec 2019 09:54:00 GMT < etag: "5df8a5b8-34cf0d5" < expires: Wed, 18 Dec 2019 14:56:10 GMT < cache-control: public, max-age=14400 < cf-cache-status: HIT < age: 10753 < accept-ranges: bytes < strict-transport-security: max-age=15552000 < x-content-type-options: nosniff < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"; < server: cloudflare < cf-ray: 54709bcece3a40ce-HAM < Time: 2.4s, ETA; 0.0s [=======================================>] 52.81MiB/52.81MiB * Connection #0 to host database.clamav.net left intact Wed Dec 18 11:56:13 2019 -> ^Mirror https://database.clamav.net is not synchronized. Wed Dec 18 11:56:13 2019 -> !Unexpected error when attempting to update database: daily Wed Dec 18 11:56:13 2019 -> ^fc_update_databases: fc_update_database failed: Up-to-date (1) Wed Dec 18 11:56:13 2019 -> !Database update process failed: Up-to-date (1) Wed Dec 18 11:56:13 2019 -> !Update failed. > > Using a smaller database instead of downloading the whole thing for > > each test run makes sense. We implemented that now, the pg_snakeoil 1.3 testsuite will now look for the "The Quick Brown Fox" virus: https://github.com/credativ/pg_snakeoil/tree/master/testfiles Thanks for the tip! Christoph
