date:20150316

Re: [clamav-users] daily.cvd out of date?

2015-03-16 Thread Al Varnell

It would certainly seem so.  A few users either prefer or must disable scripted 
updates and download the full daily.cvd each time.  I would have to guess the 
major reason is to provide a local mirror to service a network of computers, 
all using ClamAV®.  In those cases they rely on the daily.cvd being up-to-date 
with the latest releases included.  I don’t know what method the mirror network 
uses to make sure all servers are in sync, but something must have failed with 
regard to 150.214.142.197.

-Al-


On Mon, Mar 16, 2015 at 06:04PM, Gene Heskett wrote:
> 
> On Monday 16 March 2015 12:46:56 Al Varnell wrote:
>> daily.cvd is compressed to save time and bandwidth when you need the
>> entire daily database downloaded.  If you use scripted update
>> (default) then it’s decompressed to become daily.cld and each
>> daily.cdiff is then added to it.  So yes, at any given point in time
>> for the same version number, they are the same thing, but different
>> sizes.
> 
> I see, so I won't waste the effort to add it to the freshclam refresh.
> 
> Thank you.  But I have to assume the Original Posters problem still 
> exists as his is not being refreshed.
> 
> Any SWAG's?
> 
> Thanks Al.
> 
>> -Al—
>> 
>> On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:
>>> On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
 David,
 
 I forwarded this on to the ops team for a look.
>>> 
>>> I cannot prove its the same address Joel, my expiry rules clean up
>>> this folder in about 30 day but this looks like a previous such
>>> request that has been made before, possibly more than once before. 
>>> So please follow up, get a report back and put it on the list so we
>>> know its been done.
>>> 
>>> FWIW, I just ran that command, and then stat'd the file, which does
>>> not reside anywhere in my install as my /var/lib/clamav only
>>> contains .cld's except for main.cvd.
>>> 
>>> I got:
>>> gene@coyote:~$ stat daily.cvd
>>> File: `daily.cvd'
>>> Size: 33765882  Blocks: 65952  IO Block: 4096   regular file
>>> Device: 801h/2049d  Inode: 57696146Links: 1
>>> Access: (0644/-rw-r--r--)  Uid: ( 1000/gene)   Gid: ( 1000/   
>>> gene) Access: 2015-03-16 10:57:16.0 -0400
>>> Modify: 2015-03-15 16:28:00.0 -0400
>>> Change: 2015-03-16 10:57:16.137624052 -0400
>>> Birth: -
>>> 
>>> Which freshclam is not servicing so I put it in /var/lib /clamav as
>>> follows.
>>> 
>>> gene@coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
>>> gene@coyote:~$ ls -l /var/lib/clamav
>>> total 180848
>>> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
>>> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
>>> -rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
>>> -rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
>>> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
>>> -rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
>>> gene@coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
>>> gene@coyote:~$ ls -l /var/lib/clamav
>>> total 180848
>>> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
>>> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
>>> -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
>>> -rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
>>> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
>>> -rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
>>> gene@coyote:~$ sudo less /var/lib/clamav/freshclam.log
>>> 
>>> Is something broken in my freshclam configuration, or is the
>>> daily.cld the same thing?
>>> 
>>> A curious user here.
>>> 
 --
 Joel Esler
 Open Source Manager
 Threat Intelligence Team Lead
 Talos Group
 
 On Mar 16, 2015, at 8:51 AM, Smith, David
 mailto:drsm...@fsu.edu>> wrote:
 
 Jason,
 Can you PLEASE pull mirror 150.214.142.197 out of your lists??? 
 Note the modify date on the daily.cvd
 
 [root@rhn cron]# wget http://150.214.142.197/daily.cvd
 --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
 Connecting to 150.214.142.197:80... connected.
 HTTP request sent, awaiting response... 200 OK
 Length: 27596102 (26M) [text/plain]
 Saving to: `daily.cvd'
 
 100%[==
 ===
 =>]
 27,596,102  2.35M/s   in 13s
 
 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
 [27596102/27596102]
 
 [root@rhn cron]# stat daily.cvd
 File: `daily.cvd'
 Size: 27596102Blocks: 53976  IO Block: 4096   regular
 file Device: fd00h/64768dInode: 1310864 Links: 1
 Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/
 root) Access: 2015-03-16 08:47:29.0 -0400
 Modify: 2014-08-28 13:26:00.0 -0400
 Change: 2015-03-16 08:47:29.0 -0400
 
 
 WITH the Pr

Re: [clamav-users] daily.cvd out of date?

2015-03-16 Thread Gene Heskett

On Monday 16 March 2015 12:46:56 Al Varnell wrote:
> daily.cvd is compressed to save time and bandwidth when you need the
> entire daily database downloaded.  If you use scripted update
> (default) then it’s decompressed to become daily.cld and each
> daily.cdiff is then added to it.  So yes, at any given point in time
> for the same version number, they are the same thing, but different
> sizes.

I see, so I won't waste the effort to add it to the freshclam refresh.

Thank you.  But I have to assume the Original Posters problem still 
exists as his is not being refreshed.

Any SWAG's?

Thanks Al.

> -Al—
>
> On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:
> > On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
> >> David,
> >>
> >> I forwarded this on to the ops team for a look.
> >
> > I cannot prove its the same address Joel, my expiry rules clean up
> > this folder in about 30 day but this looks like a previous such
> > request that has been made before, possibly more than once before. 
> > So please follow up, get a report back and put it on the list so we
> > know its been done.
> >
> > FWIW, I just ran that command, and then stat'd the file, which does
> > not reside anywhere in my install as my /var/lib/clamav only
> > contains .cld's except for main.cvd.
> >
> > I got:
> > gene@coyote:~$ stat daily.cvd
> >  File: `daily.cvd'
> >  Size: 33765882 Blocks: 65952  IO Block: 4096   regular file
> > Device: 801h/2049d  Inode: 57696146Links: 1
> > Access: (0644/-rw-r--r--)  Uid: ( 1000/gene)   Gid: ( 1000/   
> > gene) Access: 2015-03-16 10:57:16.0 -0400
> > Modify: 2015-03-15 16:28:00.0 -0400
> > Change: 2015-03-16 10:57:16.137624052 -0400
> > Birth: -
> >
> > Which freshclam is not servicing so I put it in /var/lib /clamav as
> > follows.
> >
> > gene@coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
> > gene@coyote:~$ ls -l /var/lib/clamav
> > total 180848
> > -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> > -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> > -rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
> > -rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
> > -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> > -rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
> > gene@coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
> > gene@coyote:~$ ls -l /var/lib/clamav
> > total 180848
> > -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> > -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> > -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
> > -rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
> > -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> > -rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
> > gene@coyote:~$ sudo less /var/lib/clamav/freshclam.log
> >
> > Is something broken in my freshclam configuration, or is the
> > daily.cld the same thing?
> >
> > A curious user here.
> >
> >> --
> >> Joel Esler
> >> Open Source Manager
> >> Threat Intelligence Team Lead
> >> Talos Group
> >>
> >> On Mar 16, 2015, at 8:51 AM, Smith, David
> >> mailto:drsm...@fsu.edu>> wrote:
> >>
> >> Jason,
> >> Can you PLEASE pull mirror 150.214.142.197 out of your lists??? 
> >> Note the modify date on the daily.cvd
> >>
> >> [root@rhn cron]# wget http://150.214.142.197/daily.cvd
> >> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
> >> Connecting to 150.214.142.197:80... connected.
> >> HTTP request sent, awaiting response... 200 OK
> >> Length: 27596102 (26M) [text/plain]
> >> Saving to: `daily.cvd'
> >>
> >> 100%[==
> >>===
> >> =>]
> >> 27,596,102  2.35M/s   in 13s
> >>
> >> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
> >> [27596102/27596102]
> >>
> >> [root@rhn cron]# stat daily.cvd
> >> File: `daily.cvd'
> >> Size: 27596102Blocks: 53976  IO Block: 4096   regular
> >> file Device: fd00h/64768dInode: 1310864 Links: 1
> >> Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/
> >> root) Access: 2015-03-16 08:47:29.0 -0400
> >> Modify: 2014-08-28 13:26:00.0 -0400
> >> Change: 2015-03-16 08:47:29.0 -0400
> >>
> >>
> >> WITH the Pragma: No-cache
> >>
> >> [root@rhn cron]# wget --header="Pragma: no-cache"
> >> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37--
> >> http://150.214.142.197/daily.cvd
> >> Connecting to 150.214.142.197:80... connected.
> >> HTTP request sent, awaiting response... 200 OK
> >> Length: 27596102 (26M) [text/plain]
> >> Saving to: `daily.cvd.1'
> >>
> >> 100%[==
> >>===
> >> =>]
> >> 27,596,102  4.41M/s   in 7.0s
> >>
> >> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
> >> [27596

Re: [clamav-users] daily.cvd out of date?

2015-03-16 Thread Al Varnell

daily.cvd is compressed to save time and bandwidth when you need the entire 
daily database downloaded.  If you use scripted update (default) then it’s 
decompressed to become daily.cld and each daily.cdiff is then added to it.  So 
yes, at any given point in time for the same version number, they are the same 
thing, but different sizes.

-Al—

On Mon, Mar 16, 2015 at 08:16AM, Gene Heskett wrote:
> 
> On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
>> David,
>> 
>> I forwarded this on to the ops team for a look.
>> 
> I cannot prove its the same address Joel, my expiry rules clean up this 
> folder in about 30 day but this looks like a previous such request that 
> has been made before, possibly more than once before.  So please follow 
> up, get a report back and put it on the list so we know its been done.
> 
> FWIW, I just ran that command, and then stat'd the file, which does not 
> reside anywhere in my install as my /var/lib/clamav only contains .cld's 
> except for main.cvd.
> 
> I got:
> gene@coyote:~$ stat daily.cvd
>  File: `daily.cvd'
>  Size: 33765882   Blocks: 65952  IO Block: 4096   regular file
> Device: 801h/2049dInode: 57696146Links: 1
> Access: (0644/-rw-r--r--)  Uid: ( 1000/gene)   Gid: ( 1000/gene)
> Access: 2015-03-16 10:57:16.0 -0400
> Modify: 2015-03-15 16:28:00.0 -0400
> Change: 2015-03-16 10:57:16.137624052 -0400
> Birth: -
> 
> Which freshclam is not servicing so I put it in /var/lib /clamav as 
> follows.
> 
> gene@coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
> gene@coyote:~$ ls -l /var/lib/clamav
> total 180848
> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> -rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
> -rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> -rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
> gene@coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
> gene@coyote:~$ ls -l /var/lib/clamav
> total 180848
> -rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
> -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
> -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
> -rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
> -rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
> -rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
> gene@coyote:~$ sudo less /var/lib/clamav/freshclam.log
> 
> Is something broken in my freshclam configuration, or is the daily.cld 
> the same thing?
> 
> A curious user here.
> 
>> --
>> Joel Esler
>> Open Source Manager
>> Threat Intelligence Team Lead
>> Talos Group
>> 
>> On Mar 16, 2015, at 8:51 AM, Smith, David
>> mailto:drsm...@fsu.edu>> wrote:
>> 
>> Jason,
>> Can you PLEASE pull mirror 150.214.142.197 out of your lists???  Note
>> the modify date on the daily.cvd
>> 
>> [root@rhn cron]# wget http://150.214.142.197/daily.cvd
>> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
>> Connecting to 150.214.142.197:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: 27596102 (26M) [text/plain]
>> Saving to: `daily.cvd'
>> 
>> 100%[=
>> =>]
>> 27,596,102  2.35M/s   in 13s
>> 
>> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
>> [27596102/27596102]
>> 
>> [root@rhn cron]# stat daily.cvd
>> File: `daily.cvd'
>> Size: 27596102Blocks: 53976  IO Block: 4096   regular
>> file Device: fd00h/64768dInode: 1310864 Links: 1
>> Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/   
>> root) Access: 2015-03-16 08:47:29.0 -0400
>> Modify: 2014-08-28 13:26:00.0 -0400
>> Change: 2015-03-16 08:47:29.0 -0400
>> 
>> 
>> WITH the Pragma: No-cache
>> 
>> [root@rhn cron]# wget --header="Pragma: no-cache"
>> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37-- 
>> http://150.214.142.197/daily.cvd
>> Connecting to 150.214.142.197:80... connected.
>> HTTP request sent, awaiting response... 200 OK
>> Length: 27596102 (26M) [text/plain]
>> Saving to: `daily.cvd.1'
>> 
>> 100%[=
>> =>]
>> 27,596,102  4.41M/s   in 7.0s
>> 
>> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
>> [27596102/27596102]
>> 
>> [root@rhn cron]# stat daily.cvd.1
>> File: `daily.cvd.1'
>> Size: 27596102Blocks: 53976  IO Block: 4096   regular
>> file Device: fd00h/64768dInode: 1310865 Links: 1
>> Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/   
>> root) Access: 2015-03-16 08:49:44.0 -0400
>> Modify: 2014-08-28 13:26:00.0 -0400
>> Change: 2015-03-16 08:49:44.0 -0400
>> 
>> 
>> Thanks!
>> 
>> Dave S

Re: [clamav-users] daily.cvd out of date?

2015-03-16 Thread Gene Heskett

On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote:
> David,
>
> I forwarded this on to the ops team for a look.
>
I cannot prove its the same address Joel, my expiry rules clean up this 
folder in about 30 day but this looks like a previous such request that 
has been made before, possibly more than once before.  So please follow 
up, get a report back and put it on the list so we know its been done.

FWIW, I just ran that command, and then stat'd the file, which does not 
reside anywhere in my install as my /var/lib/clamav only contains .cld's 
except for main.cvd.

I got:
gene@coyote:~$ stat daily.cvd
  File: `daily.cvd'
  Size: 33765882Blocks: 65952  IO Block: 4096   regular file
Device: 801h/2049d  Inode: 57696146Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/gene)   Gid: ( 1000/gene)
Access: 2015-03-16 10:57:16.0 -0400
Modify: 2015-03-15 16:28:00.0 -0400
Change: 2015-03-16 10:57:16.137624052 -0400
 Birth: -

Which freshclam is not servicing so I put it in /var/lib /clamav as 
follows.

gene@coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd
gene@coyote:~$ ls -l /var/lib/clamav
total 180848
-rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
-rw-r--r-- 1 root   root   33765882 Mar 16 11:02 daily.cvd
-rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
-rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
-rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
gene@coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd
gene@coyote:~$ ls -l /var/lib/clamav
total 180848
-rw-r--r-- 1 clamav clamav   346624 Feb 27 15:32 bytecode.cld
-rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld
-rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd
-rw-r- 1 clamav clamav45334 Mar 16 09:37 freshclam.log
-rw-r--r-- 1 clamav clamav 64720632 Feb  4 20:15 main.cvd
-rw--- 1 clamav clamav  988 Mar 16 10:31 mirrors.dat
gene@coyote:~$ sudo less /var/lib/clamav/freshclam.log

Is something broken in my freshclam configuration, or is the daily.cld 
the same thing?

A curious user here.

> --
> Joel Esler
> Open Source Manager
> Threat Intelligence Team Lead
> Talos Group
>
> On Mar 16, 2015, at 8:51 AM, Smith, David
> mailto:drsm...@fsu.edu>> wrote:
>
> Jason,
> Can you PLEASE pull mirror 150.214.142.197 out of your lists???  Note
> the modify date on the daily.cvd
>
> [root@rhn cron]# wget http://150.214.142.197/daily.cvd
> --2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
> Connecting to 150.214.142.197:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27596102 (26M) [text/plain]
> Saving to: `daily.cvd'
>
> 100%[=
>=>]
> 27,596,102  2.35M/s   in 13s
>
> 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved
> [27596102/27596102]
>
> [root@rhn cron]# stat daily.cvd
>  File: `daily.cvd'
>  Size: 27596102Blocks: 53976  IO Block: 4096   regular
> file Device: fd00h/64768dInode: 1310864 Links: 1
> Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/   
> root) Access: 2015-03-16 08:47:29.0 -0400
> Modify: 2014-08-28 13:26:00.0 -0400
> Change: 2015-03-16 08:47:29.0 -0400
>
>
> WITH the Pragma: No-cache
>
> [root@rhn cron]# wget --header="Pragma: no-cache"
> http://150.214.142.197/daily.cvd --2015-03-16 08:49:37-- 
> http://150.214.142.197/daily.cvd
> Connecting to 150.214.142.197:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 27596102 (26M) [text/plain]
> Saving to: `daily.cvd.1'
>
> 100%[=
>=>]
> 27,596,102  4.41M/s   in 7.0s
>
> 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved
> [27596102/27596102]
>
> [root@rhn cron]# stat daily.cvd.1
>  File: `daily.cvd.1'
>  Size: 27596102Blocks: 53976  IO Block: 4096   regular
> file Device: fd00h/64768dInode: 1310865 Links: 1
> Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/   
> root) Access: 2015-03-16 08:49:44.0 -0400
> Modify: 2014-08-28 13:26:00.0 -0400
> Change: 2015-03-16 08:49:44.0 -0400
>
>
> Thanks!
>
> Dave Smith
> drsm...@fsu.edu   
> (850)645-8024 Linux Administrators
>  its-unixadm...@fsu.edu 
> (850)644-2591 Information Technology Services Florida
> State University
>
>
> -Original Message-
> From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On
> Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM
> To:
> clamav-users@lists.clamav.net

Re: [clamav-users] daily.cvd out of date?

2015-03-16 Thread Joel Esler (jesler)

David,

I forwarded this on to the ops team for a look.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group

On Mar 16, 2015, at 8:51 AM, Smith, David 
mailto:drsm...@fsu.edu>> wrote:

Jason,
Can you PLEASE pull mirror 150.214.142.197 out of your lists???  Note the 
modify date on the daily.cvd

[root@rhn cron]# wget http://150.214.142.197/daily.cvd
--2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
Connecting to 150.214.142.197:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27596102 (26M) [text/plain]
Saving to: `daily.cvd'

100%[==>]
 27,596,102  2.35M/s   in 13s

2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved [27596102/27596102]

[root@rhn cron]# stat daily.cvd
 File: `daily.cvd'
 Size: 27596102Blocks: 53976  IO Block: 4096   regular file
Device: fd00h/64768dInode: 1310864 Links: 1
Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/root)
Access: 2015-03-16 08:47:29.0 -0400
Modify: 2014-08-28 13:26:00.0 -0400
Change: 2015-03-16 08:47:29.0 -0400


WITH the Pragma: No-cache

[root@rhn cron]# wget --header="Pragma: no-cache" 
http://150.214.142.197/daily.cvd
--2015-03-16 08:49:37--  http://150.214.142.197/daily.cvd
Connecting to 150.214.142.197:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27596102 (26M) [text/plain]
Saving to: `daily.cvd.1'

100%[==>]
 27,596,102  4.41M/s   in 7.0s

2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved [27596102/27596102]

[root@rhn cron]# stat daily.cvd.1
 File: `daily.cvd.1'
 Size: 27596102Blocks: 53976  IO Block: 4096   regular file
Device: fd00h/64768dInode: 1310865 Links: 1
Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/root)
Access: 2015-03-16 08:49:44.0 -0400
Modify: 2014-08-28 13:26:00.0 -0400
Change: 2015-03-16 08:49:44.0 -0400


Thanks!

Dave Smith 
drsm...@fsu.edu(850)645-8024
Linux Administrators  
its-unixadm...@fsu.edu  (850)644-2591
Information Technology Services Florida State University


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Jason Haar
Sent: Sunday, March 1, 2015 6:29 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] daily.cvd out of date?

On 27/02/15 08:49, Smith, David wrote:
Nope .. not yet!  :)
Try

wget --header="Pragma: no-cache"   http://database.clamav.net/daily.cvd

I say that because I'm wondering if you have a transparent proxy in
between you and the server, so that extra Pragma header should force the
proxy to re-download it instead of feeding out of cache. If the file
ends up with a newer date, then that confirms there's a proxy in between
(and as a side effect should have replaced the stale cached entry - so
freshclam will be happy again - at least for a short while)


--
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] daily.cvd out of date?

2015-03-16 Thread Smith, David

Jason, 
Can you PLEASE pull mirror 150.214.142.197 out of your lists???  Note the 
modify date on the daily.cvd  

[root@rhn cron]# wget http://150.214.142.197/daily.cvd
--2015-03-16 08:47:15--  http://150.214.142.197/daily.cvd
Connecting to 150.214.142.197:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27596102 (26M) [text/plain]
Saving to: `daily.cvd'

100%[==>]
 27,596,102  2.35M/s   in 13s

2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved [27596102/27596102]

[root@rhn cron]# stat daily.cvd
  File: `daily.cvd'
  Size: 27596102Blocks: 53976  IO Block: 4096   regular file
Device: fd00h/64768dInode: 1310864 Links: 1
Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/root)
Access: 2015-03-16 08:47:29.0 -0400
Modify: 2014-08-28 13:26:00.0 -0400
Change: 2015-03-16 08:47:29.0 -0400


WITH the Pragma: No-cache 

[root@rhn cron]# wget --header="Pragma: no-cache" 
http://150.214.142.197/daily.cvd
--2015-03-16 08:49:37--  http://150.214.142.197/daily.cvd
Connecting to 150.214.142.197:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27596102 (26M) [text/plain]
Saving to: `daily.cvd.1'

100%[==>]
 27,596,102  4.41M/s   in 7.0s

2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved [27596102/27596102]

[root@rhn cron]# stat daily.cvd.1
  File: `daily.cvd.1'
  Size: 27596102Blocks: 53976  IO Block: 4096   regular file
Device: fd00h/64768dInode: 1310865 Links: 1
Access: (0644/-rw-r--r--)  Uid: (0/root)   Gid: (0/root)
Access: 2015-03-16 08:49:44.0 -0400
Modify: 2014-08-28 13:26:00.0 -0400
Change: 2015-03-16 08:49:44.0 -0400


Thanks!

Dave Smith     
drsm...@fsu.edu        (850)645-8024
Linux Administrators      
its-unixadm...@fsu.edu      (850)644-2591
Information Technology Services     Florida State University


-Original Message-
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of 
Jason Haar
Sent: Sunday, March 1, 2015 6:29 PM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] daily.cvd out of date?

On 27/02/15 08:49, Smith, David wrote:
> Nope .. not yet!  :) 
Try

wget --header="Pragma: no-cache"   http://database.clamav.net/daily.cvd

I say that because I'm wondering if you have a transparent proxy in
between you and the server, so that extra Pragma header should force the
proxy to re-download it instead of feeding out of cache. If the file
ends up with a newer date, then that confirms there's a proxy in between
(and as a side effect should have replaced the stale cached entry - so
freshclam will be happy again - at least for a short while)


-- 
Cheers

Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can clamscan report the file extension?

2015-03-16 Thread Rishabh Shah

Sure. Thank you so much!

Regards,
Rishabh.

On Mon, Mar 16, 2015 at 3:54 PM, Arnaud Jacques / SecuriteInfo.com <
webmas...@securiteinfo.com> wrote:

> Hello Rishabh,
>
> > root@fwuser-virtual-machine:/home/fwuser# clamscan electricity\ bill.pdf
> > --debug 2>&1 | grep "Recognized"
> > LibClamAV debug: Recognized PDF document file
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: Recognized binary data
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: Recognized binary data
> > LibClamAV debug: Recognized ASCII text
> > LibClamAV debug: Recognized binary data
> > LibClamAV debug: Recognized ASCII text
> >
> > In this case, should I rely on the first line of output?
>
> Short answer : Yes !
>
> Long answer :
> PDF are containers like zip, rar, tar, etc... Different kind of files are
> emmbedded wintin.
> So the first ligne is the real file format (=file extension)
>
> --
> Best regards,
>
> Arnaud Jacques
> SecuriteInfo.com
>
> https://www.facebook.com/pages/SecuriteInfocom/132872523492286
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



-- 
Regards,
Rishabh Shah.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can clamscan report the file extension?

2015-03-16 Thread Arnaud Jacques / SecuriteInfo.com

Hello Rishabh,

> root@fwuser-virtual-machine:/home/fwuser# clamscan electricity\ bill.pdf
> --debug 2>&1 | grep "Recognized"
> LibClamAV debug: Recognized PDF document file
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> LibClamAV debug: Recognized binary data
> LibClamAV debug: Recognized ASCII text
> 
> In this case, should I rely on the first line of output?

Short answer : Yes !

Long answer :
PDF are containers like zip, rar, tar, etc... Different kind of files are 
emmbedded wintin.
So the first ligne is the real file format (=file extension)

-- 
Best regards,

Arnaud Jacques
SecuriteInfo.com

https://www.facebook.com/pages/SecuriteInfocom/132872523492286
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Can clamscan report the file extension?

2015-03-16 Thread Rishabh Shah

Hi Arnaud,

I just saw your reply. It seems I didn't get the message on email due to
some odd settings.
Sure, your command is helpful to me. I issued this on a pdf file and this
is how the output looks like:

root@fwuser-virtual-machine:/home/fwuser# clamscan electricity\ bill.pdf
--debug 2>&1 | grep "Recognized"
LibClamAV debug: Recognized PDF document file
LibClamAV debug: Recognized ASCII text
LibClamAV debug: Recognized ASCII text
LibClamAV debug: Recognized ASCII text
LibClamAV debug: Recognized binary data
LibClamAV debug: Recognized ASCII text
LibClamAV debug: Recognized binary data
LibClamAV debug: Recognized ASCII text
LibClamAV debug: Recognized binary data
LibClamAV debug: Recognized ASCII text

In this case, should I rely on the first line of output?

Thanks,
Rishabh.

*Author: *Arnaud Jacques / SecuriteInfo.com 
*Date: *2015-03-12 13:14 +5.530
*To: *ClamAV users ML 
*Subject: *Re: [clamav-users] Can clamscan report the file extension?
Hello Rishabh,

Le jeudi 12 mars 2015, 12:30:26 Rishabh Shah a écrit :


* > Hi Clamav Team, > > Can clamscan detect the file type/extension as
well?*

Yes. Clamav has build-in file type detection.

Try :

clamscan --debug
67792ACE824606664CE51973800D6B952CA4733CAF6F03CCF5F636768EFB39B1 2>&1|grep
"Recognized"

-- 
Best regards,



Arnaud Jacques

On Thu, Mar 12, 2015 at 12:30 PM, Rishabh Shah  wrote:

> Hi Clamav Team,
>
> Can clamscan detect the file type/extension as well?
>
> root@fwuser-virtual-machine:/home/file_capture/tmp# clamscan
> 67792ACE824606664CE51973800D6B952CA4733CAF6F03CCF5F636768EFB39B1 --verbose
> Scanning 67792ACE824606664CE51973800D6B952CA4733CAF6F03CCF5F636768EFB39B1
> 67792ACE824606664CE51973800D6B952CA4733CAF6F03CCF5F636768EFB39B1: OK
>
> --- SCAN SUMMARY ---
> Known viruses: 3764910
> Engine version: 0.98.6
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.04 MB
> Data read: 0.02 MB (ratio 1.80:1)
> Time: 14.291 sec (0 m 14 s)
>
> The reason I am asking is in my case, my file name generated is SHA256 of
> the original file. I lose the file extension as well. After clamav detects
> the file as clean/virus, I need to report the file extension along with
> it's detection result.
> Thanks in advance!
>
> Regards,
> Rishabh Shah.
>



-- 
Regards,
Rishabh Shah.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] daily.cvd out of date?

Re: [clamav-users] daily.cvd out of date?

Re: [clamav-users] daily.cvd out of date?

Re: [clamav-users] daily.cvd out of date?

Re: [clamav-users] daily.cvd out of date?

Re: [clamav-users] daily.cvd out of date?

Re: [clamav-users] Can clamscan report the file extension?

Re: [clamav-users] Can clamscan report the file extension?

Re: [clamav-users] Can clamscan report the file extension?

9 matches

Site Navigation

Mail list logo

Footer information