Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?
On Thursday 05 September 2019, Thomas Barth via clamav-users wrote: > Please, where can I change the interval value or times for loading > the databases? You can run freshclam by cron for example. -- Regards, Sergey ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
This might provide additional information. /usr/bin/freshclam *Trying to retrieve CVD header of http://%s/%s %cremote_cvdhead: write failed %cremote_cvdhead: Error while reading CVD header from %s %c%s not found on remote server %cremote_cvdhead: Unknown response from %s (IP: %s): %s %cremote_cvdhead: Unknown response from %s (IP: %s) %cremote_cvdhead: Malformed CVD header (too short) %cremote_cvdhead: Malformed CVD header (bad chars) %cremote_cvdhead: Malformed CVD header (can't parse) !getfile: Can't allocate memory for 'remotename' *Trying to download http://%s/%s *Trying to download http://%s/%s (IP: %s) %cgetfile: Can't write to socket %cgetfile: Error while reading database from %s: %s %cgetfile: Error while reading database from %s (IP: %s): %s ^getfile: %s not found on %s (IP: %s) %cgetfile: Unknown response from %s: %s %cgetfile: Unknown response from %s (IP: %s): %s %cgetfile: Unknown response from %s %cgetfile: Unknown response from %s (IP: %s) !getfile: Can't create new file %s in %s !getfile: Can't create new file %s in the current directory Hint: The database directory must be writable for UID %d or GID %d getfile: Can't write %d bytes to %s %cgetfile: Download interrupted: %s (Host: %s) %cgetfile: Download interrupted: %s (IP: %s) GET %s/%s HTTP/1.0 Host: %s %sUser-Agent: %s Connection: close %s%s%s !Can't allocate memory for filename! !Can't read CVD header of new %s database. ^Mirror %s is not synchronized. ^Mirror is more than 1 version out of date. Recording mirror failure. !updatedb: Unknown database name (%s) passed. ^Broken database version in TXT record. ^Invalid DNS reply. Falling back to HTTP mode. ^DNS record is older than 3 hours. ^No timestamp in TXT record for %s ^Broken database version in TXT record for %s HTTPProxyUsername requires HTTPProxyPassword %s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s) %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s ^Can't read %s header from %s (IP: %s) ^Current functionality level = %d, recommended = %d Please check if ClamAV tools are linked against the proper version of libclamav DON'T PANIC! Read https://www.clamav.net/documents/installing-clamav !getpatch: Can't get path of current working directory !chdir_tmp: dbname parameter value too long to create cvd file name: %s !chdir_tmp: dbname parameter value too long to create cld file name: %s !chdir_tmp: Can't access local %s database !chdir_tmp: Can't create directory %s !chdir_tmp: Can't unpack %s into %s !chdir_tmp: Can't change directory to %s Empty script %s, need to download entire database %cgetpatch: Can't download %s from %s !getpatch: Can't open %s for reading ^Incremental update failed, trying to download %s !buildcld: Can't get path of current working directory !buildcld: Can't access directory %s !buildcld: Can't open %s for writing !buildcld: Can't open directory %s !buildcld: gzopen() failed for %s !buildcld: COPYING file not found !buildcld: Can't add COPYING to new %s.cld - please check if there is enough disk space available Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space or more !buildcld: Can't add %s to new %s.cld - please check if there is enough disk space available !buildcld: Can't add daily.cfg to new %s.cld - please check if there is enough disk space available !buildcld: gzclose() failed for %s !buildcld: close() failed for %s !buildcld: Can't return to previous directory %s ^Can't unlink the old database file %s. Please remove it manually. %s updated (version: %d, sigs: %d, f-level: %d, builder: %s) ^Your ClamAV installation is OUTDATED! !Can't create temporary directory %s ClamAV update process started at %s *Software version from DNS: %s ^Local version: %s Recommended version: %s DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav !DatabaseCustomURL: URL must be shorter than %llu !DatabaseCustomURL: Incorrect URL DatabaseCustomURL: Incorrect URL %s is up to date (version: custom database) DatabaseCustomURL: file %s missing DatabaseCustomURL: Can't copy file %s into database directory !DatabaseCustomURL: Not supported protocol %s updated (version: custom database, sigs: %u) !--update-db=custom requires DatabaseCustomURL ^SafeBrowsing is disabled but can't remove old %s ^Bytecode is disabled but can't remove old %s !checkdbdir: Can't open directory %s !Corrupted database file %s: %s !Can't remove broken database file %s, please delete it manually and restart freshclam Corrupted database file renamed to %s Database updated (%d signatures) from %s Database updated (%d signatures) fro
Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?
Am 2019-09-05 09:14, schrieb Sergey: On Thursday 05 September 2019, Thomas Barth via clamav-users wrote: Please, where can I change the interval value or times for loading the databases? You can run freshclam by cron for example. ps aux | grep clam clamav 439 0.0 0.0 51152 11360 ?Ss Aug12 2:37 /usr/bin/freshclam -d --foreground=true clamav8522 2.6 8.3 1727312 1378476 ? Ssl Sep04 38:21 /usr/sbin/clamd --foreground=true freshclam just downloads the standard databases to keep them fresh. In /etc/clamav/freshclam.conf you can set the check interval. That s ok. # Check for new database 24 times a day Checks 24 But it s /usr/sbin/clamd who loads the databases into memory. In /etc/clamav/clamd.conf there should be a value of 12 for an every two hour load, right? When I look for the value 12 I only can find the variable "MaxThreads 12" It seems that the two hour loading is hardcoded in the daemon. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?
Hi there, On Thu, 5 Sep 2019, Thomas Barth via clamav-users wrote: freshclam just downloads the standard databases to keep them fresh. In /etc/clamav/freshclam.conf you can set the check interval. That s ok. # Check for new database 24 times a day Checks 24 Good so far. But it s /usr/sbin/clamd who loads the databases into memory. Yes. In /etc/clamav/clamd.conf there should be a value of 12 for an every two hour load, right? No. It seems that the two hour loading is hardcoded in the daemon. No. There are two ways to trigger reloading the databases. One is to set the 'SelfCheck' interval. The other is to send a 'RELOAD' command on the port or socket on which the daemon is listening. For example if the daemon is listening on TCP port 127.0.0.1:3311 manually I might do this at a shell prompt: $ /bin/echo 'RELOAD' | /bin/nc localhost 3311 | /usr/bin/logger -p mail.debug 2>&1 The 'SelfCheck' interval tells the daemon to reload the databases only if something has changed: mail6:~$ >>> grep 'SelfCheck' /var/log/mail.debug ... Sep 4 02:15:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 03:37:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 05:02:02 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 06:24:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 07:49:13 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 09:11:11 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 4 10:36:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 4 12:03:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 4 13:27:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 14:54:15 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 16:14:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 17:41:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 19:01:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 20:28:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 4 21:48:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 4 23:15:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 5 00:35:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 5 02:07:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 5 03:26:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 5 04:59:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 5 06:17:12 mail6 clamd[5479]: SelfCheck: Database status OK. Sep 5 07:46:14 mail6 clamd[7689]: SelfCheck: Database status OK. Sep 5 09:04:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. I PING the daemons every minute. I've patched the, er, patched daemon also to reply in lower case to PING commands, so that I can see which one replies when. Here's my *unpatched* daemon reloading this morning: Sep 5 09:02:12 mail6 root: PONG Sep 5 09:02:14 mail6 root: pong Sep 5 09:03:12 mail6 root: PONG Sep 5 09:03:14 mail6 root: pong Sep 5 09:04:12 mail6 clamd[5479]: SelfCheck: Database modification detected. Forcing reload. Sep 5 09:04:14 mail6 clamd[5479]: Reading databases from /etc/mail/clamav Sep 5 09:04:14 mail6 root: pong Sep 5 09:05:14 mail6 root: pong Sep 5 09:06:14 mail6 root: pong Sep 5 09:07:14 mail6 root: pong Sep 5 09:07:59 mail6 clamd[5479]: Database correctly reloaded (8869225 signatures) Sep 5 09:05:12 mail6 root: PONG Sep 5 09:06:12 mail6 root: PONG Sep 5 09:04:12 mail6 root: PONG Sep 5 09:07:12 mail6 root: PONG Sep 5 09:08:12 mail6 root: PONG Sep 5 09:08:14 mail6 root: pong Sep 5 09:09:12 mail6 root: PONG Sep 5 09:09:14 mail6 root: pong Sep 5 09:10:12 mail6 root: PONG Here's the *patched daemon reloading: Sep 5 02:06:12 mail6 root: PONG Sep 5 02:06:14 mail6 root: pong Sep 5 02:07:12 mail6 root: PONG Sep 5 02:07:14 mail6 clamd[7689]: SelfCheck: Database modification detected. Forcing reload. Sep 5 02:07:14 mail6 clamd[7689]: Reading databases from /etc/mail/clamav Sep 5 02:07:14 mail6 root: pong Sep 5 02:08:12 mail6 root: PONG Sep 5 02:08:14 mail6 root: pong Sep 5 02:09:12 mail6 root: PONG Sep 5 02:09:14 mail6 root: pong Sep 5 02:10:12 mail6 root: PONG Sep 5 02:10:14 mail6 root: pong Sep 5 02:11:12 mail6 root: PONG Sep 5 02:11:14 mail6 root: pong Sep 5 02:11:35 mail6 clamd[7689]: Database correctly reloaded (8871522 signatures) Sep 5 02:12:12 mail6 root: PONG Sep 5 02:12:14 mail6 root: pong Sep 5 02:13:12 mail6 root: PONG Sep 5 02:13:14 mail6 root: pong Sep 5 02:14:12 mail6 root: PONG Sep 5 02:14:14 mail6 root: pong See the difference? The patched daemon does what you want. The unpatched one doesn't. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users H
Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
Hi there, On Thu, 5 Sep 2019, Birger Birger via clamav-users wrote: This might provide additional information. /usr/bin/freshclam *Trying to retrieve CVD header of http://%s/%s %cremote_cvdhead: write failed %cremote_cvdhead: Error while reading CVD header from %s The '%c' and '%s' parts are from 'printf' calls in C and should have been replaced on the fly during execution by characters and strings. I've never seen anything like that before in ClamAV and it looks to me like your ClamAV installation is badly broken. I don't know what else might be broken. I've already suggested more than once that you install the latest version of ClamAV. If you don't want to do that, perhaps you should purge the existing installation and start again. But if there are other parts of the system which are as broken as ClamAV is, there's no way to know if even a purge and fresh install will fix it. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?
On Thursday 05 September 2019, Thomas Barth via clamav-users wrote: > It seems that the two hour loading is hardcoded in the daemon. You can use freshclam without "-d" option. You can stop freshclam daemon and create /etc/cron.d/freshclam with 22 1 * * * root/usr/bin/freshclam --quiet --daemon-notify 22 3 * * * root/usr/bin/freshclam --quiet --daemon-notify 22 5 * * * root/usr/bin/freshclam --quiet --daemon-notify 22 8 * * * root/usr/bin/freshclam --quiet --daemon-notify 22 12 * * * root/usr/bin/freshclam --quiet --daemon-notify for example. -- Regards, Sergey ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?
Am 2019-09-05 11:35, schrieb G.W. Haywood via clamav-users: It seems that the two hour loading is hardcoded in the daemon. No. There are two ways to trigger reloading the databases. One is to set the 'SelfCheck' interval. The other is to send a 'RELOAD' command on the port or socket on which the daemon is listening. For example if the daemon is listening on TCP port 127.0.0.1:3311 manually I might do this at a shell prompt: $ /bin/echo 'RELOAD' | /bin/nc localhost 3311 | /usr/bin/logger -p mail.debug 2>&1 The 'SelfCheck' interval tells the daemon to reload the databases only if something has changed: That's interesting, I was able to find out where it comes from. I could change the value in a config, that is not part of clamav itself. Thanks for making that clear. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Fwd: Fwd: Fwd: freshclam incremental update
How did you get this? Sent from my iPad > On Sep 5, 2019, at 05:06, Birger Birger via clamav-users > wrote: > > > This might provide additional information. > > /usr/bin/freshclam > *Trying to retrieve CVD header of http://%s/%s > %cremote_cvdhead: write failed > %cremote_cvdhead: Error while reading CVD header from %s >%c%s not found on remote server > %cremote_cvdhead: Unknown response from %s (IP: %s): %s > %cremote_cvdhead: Unknown response from %s (IP: %s) > %cremote_cvdhead: Malformed CVD header (too short) > %cremote_cvdhead: Malformed CVD header (bad chars) > %cremote_cvdhead: Malformed CVD header (can't parse) >!getfile: Can't allocate memory for 'remotename' >*Trying to download http://%s/%s >*Trying to download http://%s/%s (IP: %s) > %cgetfile: Can't write to socket >%cgetfile: Error while reading database from %s: %s > %cgetfile: Error while reading database from %s (IP: %s): %s >^getfile: %s not found on %s (IP: %s) > %cgetfile: Unknown response from %s: %s > %cgetfile: Unknown response from %s (IP: %s): %s >%cgetfile: Unknown response from %s > %cgetfile: Unknown response from %s (IP: %s) >!getfile: Can't create new file %s in %s >!getfile: Can't create new file %s in the current directory > Hint: The database directory must be writable for UID %d or GID %d > getfile: Can't write %d bytes to %s > %cgetfile: Download interrupted: %s (Host: %s) > %cgetfile: Download interrupted: %s (IP: %s) >GET %s/%s HTTP/1.0 > Host: %s > %sUser-Agent: %s > Connection: close > %s%s%s > !Can't allocate memory for filename! >!Can't read CVD header of new %s database. > ^Mirror %s is not synchronized. > ^Mirror is more than 1 version out of date. Recording mirror failure. > !updatedb: Unknown database name (%s) passed. > ^Broken database version in TXT record. > ^Invalid DNS reply. Falling back to HTTP mode. > ^DNS record is older than 3 hours. > ^No timestamp in TXT record for %s > ^Broken database version in TXT record for %s > HTTPProxyUsername requires HTTPProxyPassword >%s is up to date (version: %d, sigs: %d, f-level: %d, builder: %s) > %s.%u.%u.%u.%u.%s.ping.clamav.net ^Can't read %s header from %s > ^Can't read %s header from %s (IP: %s) > ^Current functionality level = %d, recommended = %d > Please check if ClamAV tools are linked against the proper version of > libclamav > DON'T PANIC! Read https://www.clamav.net/documents/installing-clamav >!getpatch: Can't get path of current working directory > !chdir_tmp: dbname parameter value too long to create cvd file name: %s > !chdir_tmp: dbname parameter value too long to create cld file name: > %s > !chdir_tmp: Can't access local %s database > !chdir_tmp: Can't create directory %s > !chdir_tmp: Can't unpack %s into %s > !chdir_tmp: Can't change directory to %s >Empty script %s, need to download entire database > %cgetpatch: Can't download %s from %s > !getpatch: Can't open %s for reading >^Incremental update failed, trying to download %s > !buildcld: Can't get path of current working directory > !buildcld: Can't access directory %s >!buildcld: Can't open %s for writing >!buildcld: Can't open directory %s > !buildcld: gzopen() failed for %s > !buildcld: COPYING file not found > !buildcld: Can't add COPYING to new %s.cld - please check if there is > enough disk space available > Updates to main.cvd or safebrowsing.cvd may require 200MB of disk space > or more > !buildcld: Can't add %s to new %s.cld - please check if there is > enough disk space available >!buildcld: Can't add daily.cfg to new %s.cld - please check if there is > enough disk space available > !buildcld: gzclose() failed for %s > !buildcld: close() failed for %s >!buildcld: Can't return to previous directory %s >^Can't unlink the old database file %s. Please remove it manually. > %s updated (version: %d, sigs: %d, f-level: %d, builder: %s) >^Your ClamAV installation is OUTDATED! > !Can't create temporary directory %s >ClamAV update process started at %s *Software version from DNS: %s > ^Local version: %s Recommended version: %s > DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav > !DatabaseCustomURL: URL must be shorter than %llu > !DatabaseCustomURL: Incorrect URL > DatabaseCustomURL: Incorrect URL >%s is up to date (version: custom database) > DatabaseCustomURL: file %s missing > DatabaseCustomURL: Can't copy file %s into database directory > !DatabaseCustomURL: Not supported protocol > %s updated (version: custom database, sigs: %u) > !--update-db=custom requires DatabaseCustomURL > ^SafeBrowsing is disabled but can't remove old %s > ^Bytecode is di