[clamav-users] freshclam: Verification: Can't verify database integrity
What the heck could be causing freshclam verification problems for the past 2 days? I'm getting rate-limited over and over because freshclam fails to verify daily.cvd (and then retries over and over). Is there a known problem with daily.cvd downloads being corrupt? Google says to "wget http://database.clamav.net/daily.cvd"; but that no longer works. What should I be doing differently? ~$ grep freshclam /var/log/syslog Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. Dec 25 18:29:29 mx3 freshclam[1013]: 1. Verify that you're running a supported ClamAV version. Dec 25 18:29:29 mx3 freshclam[1013]: See https://docs.clamav.net/faq/faq-eol.html for details. Dec 25 18:29:29 mx3 freshclam[1013]: 2. Run FreshClam no more than once an hour to check for updates. Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam should check DNS first to see if an update is needed. Dec 25 18:29:29 mx3 freshclam[1013]: 3. If you have more than 10 hosts on your network attempting to download, Dec 25 18:29:29 mx3 freshclam[1013]: 1. Verify that you're running a supported ClamAV version. Dec 25 18:29:29 mx3 freshclam[1013]: it is recommended that you set up a private mirror on your network using Dec 25 18:29:29 mx3 freshclam[1013]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Dec 25 18:29:29 mx3 freshclam[1013]: CDN and your own network. Dec 25 18:29:29 mx3 freshclam[1013]: 4. Please do not open a ticket asking for an exemption from the rate limit, Dec 25 18:29:29 mx3 freshclam[1013]: it will not be granted. Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: You are still on cool-down until after: 2022-12-25 20:05:17 Dec 25 18:29:29 mx3 freshclam[1013]: See https://docs.clamav.net/faq/faq-eol.html for details. Dec 25 18:29:29 mx3 freshclam[1013]: 2. Run FreshClam no more than once an hour to check for updates. Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam should check DNS first to see if an update is needed. Dec 25 18:29:29 mx3 freshclam[1013]: 3. If you have more than 10 hosts on your network attempting to download, Dec 25 18:29:29 mx3 freshclam[1013]: it is recommended that you set up a private mirror on your network using Dec 25 18:29:29 mx3 freshclam[1013]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Dec 25 18:29:29 mx3 freshclam[1013]: CDN and your own network. Dec 25 18:29:29 mx3 freshclam[1013]: 4. Please do not open a ticket asking for an exemption from the rate limit, Dec 25 18:29:29 mx3 freshclam[1013]: it will not be granted. Dec 25 18:29:29 mx3 freshclam[1013]: You are still on cool-down until after: 2022-12-25 20:05:17 Dec 25 18:29:29 mx3 freshclam[1013]: -- Dec 25 20:29:29 mx3 freshclam[1013]: Received signal: wake up Dec 25 20:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 20:29:29 2022 Dec 25 20:29:29 mx3 freshclam[1013]: Received signal: wake up Dec 25 20:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 20:29:29 2022 Dec 25 20:29:29 mx3 freshclam[1013]: WARNING: Cool-down expired, ok to try again. Dec 25 20:29:29 mx3 freshclam[1013]: daily database available for download (remote version: 26761) Dec 25 20:29:29 mx3 freshclam[1013]: Cool-down expired, ok to try again. Dec 25 20:29:29 mx3 freshclam[1013]: daily database available for download (remote version: 26761) Dec 25 20:29:30 mx3 freshclam[1013]: ERROR: Verification: Can't verify database integrity Dec 25 20:29:30 mx3 freshclam[1013]: Verification: Can't verify database integrity Dec 25 20:29:30 mx3 freshclam[1013]: Trying again in 5 secs... Dec 25 20:29:30 mx3 freshclam[1013]: Trying again in 5 secs... Dec 25 20:29:35 mx3 freshclam[1013]: daily database available for download (remote version: 26761) Dec 25 20:29:35 mx3 freshclam[1013]: daily database available for download (remote version: 26761) Dec 25 20:29:36 mx3 freshclam[1013]: ERROR: Verification: Can't verify database integrity Dec 25 20:29:36 mx3 freshclam[1013]: Verification: Can't verify database integrity Dec 25 20:29:36 mx3 freshclam[1013]: Trying again in 5 secs... Dec 25 20:29:36 mx3 freshclam[1013]: Trying again in 5 secs... Dec 25 20:29:41 mx3 freshclam
[clamav-users] freshclam: Verification: Can't verify database integrity
Hello, > It's a Debian issue. I haven't figured it out yet as nothing changed that > seems like a likely source. In the meantime, the 0.103.7 package in Stable > works on Testing/Unstable, so you can use that The problem seems to be caused by `libtfm1` library, more percisely v0.13, or anything before 0.13.1-1. Upgrading that fixes the issue. As a sidenote: the mirror network happily block freshclam for a day due to rate limiting, no matter what's in the freshclam config. It is rather hard to resolve since it is not possible to download the database files manually anymore (I had to realise that the hard way.) g --- Begin Message --- Hello, I'm not subscribed but maybe mods will let this through: > It's a Debian issue. I haven't figured it out yet as nothing changed that > seems like a likely source. In the meantime, the 0.103.7 package in Stable > works on Testing/Unstable, so you can use that The problem seems to be caused by `libtfm1` library, more percisely v0.13, or anything before 0.13.1-1. Upgrading that fixes the issue. As a sidenote: the mirror network happily block freshclam for a day due to rate limiting, no matter what's in the freshclam config. It is rather hard to resolve since it is not possible to download the database files manually anymore (I had to realise that the hard way.) Peter --- End Message --- ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
[clamav-users] freshclam Verification: Can't verify database integrity
Hello Since upgrading from 0.97 to 0.97.3 it's been less then satisfying on a fedora c3 server, I have a 7.3 server without issues Every time (it seems) i run freshclam on the FC3 machine it wants to redownload the main.cvd database over and over, not sure why as that database doesn't appear to change, but it keeps giving me messages such as Malformed database and Can't verify database integrity. Happens after it was successful once before. Note: this sporadically happens with daily.cvd and occasionally bytecode.cvd Every once in a while the download works as expected, but then it starts over again with the same issues. I've had to turn off freshclam and just wget databases to get clamd to function at all without barking. This is also not 100% After freshclam update clamd log: 2012-01-23 11:45:05.642977500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.mdb 2012-01-23 11:45:05.643019500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 11:45:05.643089500 ERROR: Malformed database 2012-01-23 11:45:05.643131500 Closing the main socket. 2012-01-23 11:45:06.256845500 LibClamAV Error: cli_tgzload: Invalid checksum for file daily.mdb 2012-01-23 11:45:06.256924500 LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database 2012-01-23 11:45:06.257038500 ERROR: Malformed database 2012-01-23 11:45:06.257105500 Closing the main socket. 2012-01-23 11:45:07.763592500 LibClamAV Error: cli_tgzload: Invalid checksum for file daily.mdb 2012-01-23 11:45:07.763664500 LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database 2012-01-23 11:45:07.763800500 ERROR: Malformed database 2012-01-23 11:45:07.763864500 Closing the main socket. 2012-01-23 11:45:07.806658500 LibClamAV Error: cli_tgzload: Invalid checksum for file 850930.cbc 2012-01-23 11:45:07.806729500 LibClamAV Error: Can't load /usr/local/share/clamav/bytecode.cvd: Malformed database 2012-01-23 11:45:07.806838500 ERROR: Malformed database 2012-01-23 11:45:07.806902500 Closing the main socket. After wget (wget http://db.us.clamav.net/main.cvd) clamd log: 2012-01-23 12:17:40.927911500 Reading databases from /usr/local/share/clamav 2012-01-23 12:17:47.314079500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.mdb 2012-01-23 12:17:47.314162500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 12:17:47.314275500 ERROR: reload db failed: Malformed database 2012-01-23 12:17:47.524431500 Terminating because of a fatal error. 2012-01-23 12:17:48.150505500 LibClamAV Error: cli_tgzload: Invalid checksum for file daily.mdb 2012-01-23 12:17:48.150583500 LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database 2012-01-23 12:17:48.150711500 ERROR: Malformed database 2012-01-23 12:17:48.150776500 Closing the main socket. 2012-01-23 12:17:49.193302500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Can't verify database integrity 2012-01-23 12:17:49.193458500 ERROR: Can't verify database integrity 2012-01-23 12:17:49.193524500 Closing the main socket. 2012-01-23 12:17:50.996123500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Can't verify database integrity 2012-01-23 12:17:50.996278500 ERROR: Can't verify database integrity 2012-01-23 12:17:50.996349500 Closing the main socket. 2012-01-23 12:17:52.557196500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.db 2012-01-23 12:17:52.582467500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 12:17:52.582473500 ERROR: Malformed database 2012-01-23 12:17:52.582479500 Closing the main socket. 2012-01-23 12:17:59.584094500 Limits: Global size limit set to 104857600 bytes. 2012-01-23 12:17:59.584126500 Limits: File size limit set to 26214400 bytes. 2012-01-23 12:17:59.584156500 Limits: Recursion level limit set to 16. 2012-01-23 12:17:59.584187500 Limits: Files limit set to 1. 2012-01-23 12:17:59.584216500 Limits: Core-dump limit is 0. 2012-01-23 12:17:59.584246500 Archive support enabled. 2012-01-23 12:17:59.584277500 Algorithmic detection enabled. 2012-01-23 12:17:59.584306500 Portable Executable support enabled. 2012-01-23 12:17:59.584335500 ELF support enabled. 2012-01-23 12:17:59.584372500 Mail files support enabled. 2012-01-23 12:17:59.584402500 OLE2 support enabled. 2012-01-23 12:17:59.584432500 PDF support enabled. 2012-01-23 12:17:59.584461500 HTML support enabled. 2012-01-23 12:17:59.584497500 Self checking every 600 seconds. 2012-01-23 12:17:59.584529500 Listening daemon: PID: 25777 2012-01-23 12:17:59.584568500 MaxQueue set to: 100 clamscan --detect-broken LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Can't verify database integrity ERROR: Can't verify database integrity --- SCAN SUMMARY --- Known viruses: 74989 Engine version: 0.97.3 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read:
[clamav-users] freshclam Verification: Can't verify database integrity
Here is the clamd log with no changes except I had lunch 2012-01-23 12:17:59.584529500 Listening daemon: PID: 25777 2012-01-23 12:17:59.584568500 MaxQueue set to: 100 2012-01-23 12:28:00.034109500 No stats for Database check - forcing reload 2012-01-23 12:28:00.318747500 Reading databases from /usr/local/share/clamav 2012-01-23 12:28:04.330376500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.hdb 2012-01-23 12:28:04.330458500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 12:28:04.330566500 ERROR: reload db failed: Malformed database 2012-01-23 12:28:04.373648500 Terminating because of a fatal error. 2012-01-23 12:28:09.737290500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.mdb 2012-01-23 12:28:09.737333500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 12:28:09.737403500 ERROR: Malformed database 2012-01-23 12:28:09.737444500 Closing the main socket. 2012-01-23 12:28:16.676138500 Limits: Global size limit set to 104857600 bytes. 2012-01-23 12:28:16.676170500 Limits: File size limit set to 26214400 bytes. 2012-01-23 12:28:16.676207500 Limits: Recursion level limit set to 16. 2012-01-23 12:28:16.676238500 Limits: Files limit set to 1. 2012-01-23 12:28:16.676268500 Limits: Core-dump limit is 0. 2012-01-23 12:28:16.676297500 Archive support enabled. 2012-01-23 12:28:16.676328500 Algorithmic detection enabled. 2012-01-23 12:28:16.676357500 Portable Executable support enabled. 2012-01-23 12:28:16.676391500 ELF support enabled. 2012-01-23 12:28:16.676421500 Mail files support enabled. 2012-01-23 12:28:16.676452500 OLE2 support enabled. 2012-01-23 12:28:16.676482500 PDF support enabled. 2012-01-23 12:28:16.676510500 HTML support enabled. 2012-01-23 12:28:16.676546500 Self checking every 600 seconds. 2012-01-23 12:28:16.676578500 Listening daemon: PID: 32757 2012-01-23 12:28:16.676616500 MaxQueue set to: 100 2012-01-23 12:38:20.307033500 No stats for Database check - forcing reload 2012-01-23 12:38:20.517357500 Reading databases from /usr/local/share/clamav 2012-01-23 12:38:27.147959500 Database correctly reloaded (1119366 signatures) 2012-01-23 12:48:29.232337500 SelfCheck: Database status OK. 2012-01-23 12:58:32.896595500 SelfCheck: Database status OK. 2012-01-23 13:08:32.542060500 SelfCheck: Database status OK. 2012-01-23 13:18:34.916892500 SelfCheck: Database status OK. This makes little sense to me Best Regards Greg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
you can try to delete all files in lib folder and start freshclam again. by the way: you should maximum once per day refresh your signature files otherwise the cdn will block you for 24 hours. Do you habe seen this page? https://docs.clamav.net/faq/faq-troubleshoot.html Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Jim Popovitch <mailto:jim...@domainmail.org> Gesendet / Sent: Sonntag, Dezember 25, 2022 um 22:16 (at 10:16 PM) +0100 Betreff / Subject: [clamav-users] freshclam: Verification: Can't verify database integrity What the heck could be causing freshclam verification problems for the past 2 days? I'm getting rate-limited over and over because freshclam fails to verify daily.cvd (and then retries over and over). Is there a known problem with daily.cvd downloads being corrupt? Google says to "wget http://database.clamav.net/daily.cvd"; but that no longer works. What should I be doing differently? ~$ grep freshclam /var/log/syslog Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. Dec 25 18:29:29 mx3 freshclam[1013]: 1. Verify that you're running a supported ClamAV version. Dec 25 18:29:29 mx3 freshclam[1013]: See https://docs.clamav.net/faq/faq-eol.html for details. Dec 25 18:29:29 mx3 freshclam[1013]: 2. Run FreshClam no more than once an hour to check for updates. Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam should check DNS first to see if an update is needed. Dec 25 18:29:29 mx3 freshclam[1013]: 3. If you have more than 10 hosts on your network attempting to download, Dec 25 18:29:29 mx3 freshclam[1013]: 1. Verify that you're running a supported ClamAV version. Dec 25 18:29:29 mx3 freshclam[1013]: it is recommended that you set up a private mirror on your network using Dec 25 18:29:29 mx3 freshclam[1013]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Dec 25 18:29:29 mx3 freshclam[1013]: CDN and your own network. Dec 25 18:29:29 mx3 freshclam[1013]: 4. Please do not open a ticket asking for an exemption from the rate limit, Dec 25 18:29:29 mx3 freshclam[1013]: it will not be granted. Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: You are still on cool-down until after: 2022-12-25 20:05:17 Dec 25 18:29:29 mx3 freshclam[1013]: See https://docs.clamav.net/faq/faq-eol.html for details. Dec 25 18:29:29 mx3 freshclam[1013]: 2. Run FreshClam no more than once an hour to check for updates. Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam should check DNS first to see if an update is needed. Dec 25 18:29:29 mx3 freshclam[1013]: 3. If you have more than 10 hosts on your network attempting to download, Dec 25 18:29:29 mx3 freshclam[1013]: it is recommended that you set up a private mirror on your network using Dec 25 18:29:29 mx3 freshclam[1013]: cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Dec 25 18:29:29 mx3 freshclam[1013]: CDN and your own network. Dec 25 18:29:29 mx3 freshclam[1013]: 4. Please do not open a ticket asking for an exemption from the rate limit, Dec 25 18:29:29 mx3 freshclam[1013]: it will not be granted. Dec 25 18:29:29 mx3 freshclam[1013]: You are still on cool-down until after: 2022-12-25 20:05:17 Dec 25 18:29:29 mx3 freshclam[1013]: -- Dec 25 20:29:29 mx3 freshclam[1013]: Received signal: wake up Dec 25 20:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 20:29:29 2022 Dec 25 20:29:29 mx3 freshclam[1013]: Received signal: wake up Dec 25 20:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 20:29:29 2022 Dec 25 20:29:29 mx3 freshclam[1013]: WARNING: Cool-down expired, ok to try again. Dec 25 20:29:29 mx3 freshclam[1013]: daily database available for download (remote version: 26761) Dec 25 20:29:29 mx3 freshclam[1013]: Cool-down expired, ok to try again. Dec 25 20:29:29 mx3 freshclam[1013]: daily database available for download (remote version: 26761) Dec 25 20:29:30 mx3 freshclam[1013]: ERROR: Verification: Can't verify database integrity Dec 25 20:29:30 mx3 freshclam[1013]: Verification: Can't ver
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
On Mon, 2022-12-26 at 13:15 +, newcomer01 via clamav-users wrote: > you can try to delete all files in lib folder and start freshclam again. I tried that on the 24th, it had had no affect. > by the way: you should maximum once per day refresh your signature files > otherwise the cdn will block you for 24 hours. If freshclam is trying more than once per day than that is a freshclam bug, no? > Do you habe seen this page? > https://docs.clamav.net/faq/faq-troubleshoot.html Yes, and a few others, they are of no help with the specific problem in the subject. I suspect that this particular CDN endpoint is serving a corrupt file. (why isn't there a freshclam logged entry indicating which CDN mirror is giving the error, after all the CDN can log the cooldown specifics) -Jim P. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
i mean the default setting in freshclam.conf is set to every hour (12x at day) will start an update process for virus databases ... maybe you can sing up for the otter mailing-list clamav-viru...@lists.clamav.net with this special topic Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> An / To: Newcomer01 <mailto:newcome...@posteo.de> CC / CC: Jim Popovitch <mailto:jim...@domainmail.org> Gesendet / Sent: Montag, Dezember 26, 2022 um 15:13 (at 03:13 PM) +0100 Betreff / Subject: Re: [clamav-users] freshclam: Verification: Can't verify database integrity On Mon, 2022-12-26 at 13:15 +, newcomer01 via clamav-users wrote: you can try to delete all files in lib folder and start freshclam again. I tried that on the 24th, it had had no affect. by the way: you should maximum once per day refresh your signature files otherwise the cdn will block you for 24 hours. If freshclam is trying more than once per day than that is a freshclam bug, no? Do you habe seen this page? https://docs.clamav.net/faq/faq-troubleshoot.html Yes, and a few others, they are of no help with the specific problem in the subject. I suspect that this particular CDN endpoint is serving a corrupt file. (why isn't there a freshclam logged entry indicating which CDN mirror is giving the error, after all the CDN can log the cooldown specifics) -Jim P. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
On Mon, 2022-12-26 at 14:28 +, newcomer01 via clamav-users wrote: > i mean the default setting in freshclam.conf is set to every hour (12x > at day) will start an update process for virus databases ... It's perfectly fine to have Checks set to any number less than 96. > maybe you can sing up for the otter mailing-list clamav- > viru...@lists.clamav.net with this special topic Why?, that's an announcement list for virusdb changes. -Jim P. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
On 25.12.22 16:16, Jim Popovitch via clamav-users wrote: What the heck could be causing freshclam verification problems for the past 2 days? I'm getting rate-limited over and over because freshclam fails to verify daily.cvd (and then retries over and over). Is there a known problem with daily.cvd downloads being corrupt? Google says to "wget http://database.clamav.net/daily.cvd"; but that no longer works. What should I be doing differently? ~$ grep freshclam /var/log/syslog Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun Dec 25 18:29:29 2022 this looks like you are running two concurrent update processes. This may or may not cause the problem. Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN). Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate limited or blocked by the CDN. do you have single dedicated IP address for this server? DatabaseOwner clamav DatabaseDirectory /var/lib/clamav does the freshclam process run with permissions required to update the /var/lib/clamav directory? is it all owned by clamav user? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. On the other hand, you have different fingers. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
On Mon, 2022-12-26 at 15:51 +0100, Matus UHLAR - fantomas wrote: > On 25.12.22 16:16, Jim Popovitch via clamav-users wrote: > > What the heck could be causing freshclam verification problems for the > > past 2 days? I'm getting rate-limited over and over because freshclam > > fails to verify daily.cvd (and then retries over and over). Is there a > > known problem with daily.cvd downloads being corrupt? Google says to > > "wget http://database.clamav.net/daily.cvd"; but that no longer works. > > What should I be doing differently? > > > > ~$ grep freshclam /var/log/syslog > > Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: > > linux-gnu, ARCH: x86_64, CPU: x86_64) > > Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun > > Dec 25 18:29:29 2022 > > Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun > > Dec 25 18:29:29 2022 > > this looks like you are running two concurrent update processes. > This may or may not cause the problem. I can't explain the 2 identical logged lines, freshclam has been logging dups that for a while now: Dec 19 08:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 08:19:34 2022 Dec 19 08:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 08:19:34 2022 Dec 19 10:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 10:19:34 2022 Dec 19 10:19:34 mx3 freshclam[49]: ClamAV update process started at Mon Dec 19 10:19:34 2022 but there is only 1 instance running: ~$ ps -ef|grep clamav clamav1013 1 0 Dec25 ?00:00:02 /usr/bin/freshclam -d --foreground=true $ dpkg --list |grep clamav-freshclam ii clamav-freshclam 0.103.7+dfsg-1+b2 amd64 anti-virus utility for Unix - virus database update utility > > Dec 25 18:29:29 mx3 freshclam[1013]: WARNING: FreshClam previously received > > error code 429 or 403 from the ClamAV Content Delivery Network (CDN). > Dec 25 18:29:29 mx3 freshclam[1013]: FreshClam previously received error code > 429 or 403 from the ClamAV Content Delivery Network (CDN). > Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate > limited or blocked by the CDN. > Dec 25 18:29:29 mx3 freshclam[1013]: This means that you have been rate > limited or blocked by the CDN. do you have single dedicated IP address for this server? Yes, both IPv4 and IPv6. > DatabaseOwner clamav > DatabaseDirectory /var/lib/clamav does the freshclam process run with permissions required to update the /var/lib/clamav directory? is it all owned by clamav user? Yes, freshclam previously created this one file: $ ll /var/lib/clamav/ total 4 -rw-r--r-- 1 clamav clamav 69 Dec 25 20:29 freshclam.dat Very odd situation indeed. -Jim P. ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
On Mon, 2022-12-26 at 10:14 -0500, Jim Popovitch via clamav-users wrote: > On Mon, 2022-12-26 at 15:51 +0100, Matus UHLAR - fantomas wrote: > > On 25.12.22 16:16, Jim Popovitch via clamav-users wrote: > > > What the heck could be causing freshclam verification problems for the > > > past 2 days? I'm getting rate-limited over and over because freshclam > > > fails to verify daily.cvd (and then retries over and over). Is there a > > > known problem with daily.cvd downloads being corrupt? Google says to > > > "wget http://database.clamav.net/daily.cvd"; but that no longer works. > > > What should I be doing differently? > > > > > > > ~$ grep freshclam /var/log/syslog > > > Dec 25 18:29:29 mx3 freshclam[1013]: freshclam daemon 0.103.7 (OS: > > > linux-gnu, ARCH: x86_64, CPU: x86_64) > > > Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun > > > Dec 25 18:29:29 2022 > > > Dec 25 18:29:29 mx3 freshclam[1013]: ClamAV update process started at Sun > > > Dec 25 18:29:29 2022 > > > > this looks like you are running two concurrent update processes. > > This may or may not cause the problem. > > I can't explain the 2 identical logged lines, freshclam has been logging > dups that for a while now: It just occurred to me, with this latest round of errors, that there are not 2 processes running. The PID is 1807 for all logged errors. This means that freshclam is making 2 connections. Any thoughts on debugging these problems with freshclam? All my googling suggest that it's a mirror problem, is there a place to report mirror problems? Dec 26 21:15:06 mx3 freshclam[1807]: freshclam daemon 0.103.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Dec 26 21:15:06 mx3 freshclam[1807]: ClamAV update process started at Mon Dec 26 21:15:06 2022 Dec 26 21:15:06 mx3 freshclam[1807]: ClamAV update process started at Mon Dec 26 21:15:06 2022 Dec 26 21:15:06 mx3 freshclam[1807]: WARNING: Cool-down expired, ok to try again. Dec 26 21:15:06 mx3 freshclam[1807]: Cool-down expired, ok to try again. Dec 26 21:15:06 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:06 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:07 mx3 freshclam[1807]: ERROR: Verification: Can't verify database integrity Dec 26 21:15:07 mx3 freshclam[1807]: Verification: Can't verify database integrity Dec 26 21:15:07 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:07 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:12 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:12 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:13 mx3 freshclam[1807]: ERROR: Verification: Can't verify database integrity Dec 26 21:15:13 mx3 freshclam[1807]: Verification: Can't verify database integrity Dec 26 21:15:13 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:13 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:18 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:18 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:18 mx3 freshclam[1807]: ERROR: Verification: Can't verify database integrity Dec 26 21:15:18 mx3 freshclam[1807]: Verification: Can't verify database integrity Dec 26 21:15:18 mx3 freshclam[1807]: Giving up on https://database.clamav.net... Dec 26 21:15:18 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:18 mx3 freshclam[1807]: Giving up on https://database.clamav.net... Dec 26 21:15:18 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:19 mx3 freshclam[1807]: ERROR: Verification: Can't verify database integrity Dec 26 21:15:19 mx3 freshclam[1807]: Verification: Can't verify database integrity Dec 26 21:15:19 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:19 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:24 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:24 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:25 mx3 freshclam[1807]: ERROR: Verification: Can't verify database integrity Dec 26 21:15:25 mx3 freshclam[1807]: Verification: Can't verify database integrity Dec 26 21:15:25 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:25 mx3 freshclam[1807]: Trying again in 5 secs... Dec 26 21:15:30 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:30 mx3 freshclam[1807]: daily database available for download (remote version: 26762) Dec 26 21:15:30 mx3 freshclam[1807]: ERROR: Can't download daily.cvd from https://database.clamav.net/daily.cvd Dec 26 21:15:30 mx3 freshclam[1807]: WARNING: FreshClam received error code 429 from the ClamAV Content De
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
Hi all! I'm seeing the same issue with ClamAV 0.103.7 on Debian Testing (Bookworm). The freshclam.conf is as provided by the Debian package. Any news on this issue? Regards, Alex___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
It's a Debian issue. I haven't figured it out yet as nothing changed that seems like a likely source. In the meantime, the 0.103.7 package in Stable works on Testing/Unstable, so you can use that Scott K On December 28, 2022 10:31:40 PM UTC, Alexander Lochmann wrote: >Hi all! > >I'm seeing the same issue with ClamAV 0.103.7 on Debian Testing (Bookworm). >The freshclam.conf is as provided by the Debian package. > >Any news on this issue? > >Regards, >Alex ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
It's a Debian issue. I haven't figured it out yet as nothing changed that seems like a likely source. In the meantime, the 0.103.7 package in Stable works on Testing/Unstable, so you can use that On 06.02.23 16:00, grin via clamav-users wrote: The problem seems to be caused by `libtfm1` library, more percisely v0.13, or anything before 0.13.1-1. Upgrading that fixes the issue. good to know. As a sidenote: the mirror network happily block freshclam for a day due to rate limiting, no matter what's in the freshclam config. It is rather hard to resolve since it is not possible to download the database files manually anymore (I had to realise that the hard way.) don't you run multiple clients behind the same IP address? If so, set up private mirror. The clamav network was abused by multiple clients downloading whole databases too often, so quite drastic measures were set up. I'm not subscribed but maybe mods will let this through: sending private copy. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam: Verification: Can't verify database integrity
Ahoj, On Mon, Feb 6, 2023 at 4:49 PM Matus UHLAR - fantomas wrote: > >As a sidenote: the mirror network happily block freshclam for a day due to > >rate limiting, > >no matter what's in the freshclam config. It is rather hard to resolve since > >it is > >not possible to download the database files manually anymore (I had to > >realise that > >the hard way.) > > don't you run multiple clients behind the same IP address? Nope. (Not one the machine in question anyway.) But frashclam tried to access the default list of mirrors, which is 5-6 calls per 10 minutes or about. > If so, set up private mirror. Indeed, on the _other_ systems I'll do that before upgrading, already checked that it works well. > The clamav network was abused by multiple clients downloading whole databases > too often, so quite drastic measures were set up. I guessed but there could be a captcha-protected manual download to ease the pain. I have cvdupdate'd it, but took some time to find the tool. Thanks, Peter ___ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] freshclam Verification: Can't verify database integrity
On 01/23/2012 07:29 PM, Greg Cirino wrote: > Hello > > Since upgrading from 0.97 to 0.97.3 it's been less then satisfying on a > fedora c3 server, I have a 7.3 server without issues > > Every time (it seems) i run freshclam on the FC3 machine it wants to > redownload the main.cvd database over and over, not sure why as that > database doesn't appear to change, but it keeps giving me messages such as > Malformed database and Can't verify database integrity. Happens after it > was successful once before. > > Note: this sporadically happens with daily.cvd and occasionally bytecode.cvd Might be bad RAM, run a memtest to make sure thats not the case. > > > configure command option --disable-zlib-vcheck the actual version is 1.2.1 Thats quite old, do you still have problems if you upgrade to latest version? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] freshclam Verification: Can't verify database integrity
On 23/01/12 18:27, Greg Cirino wrote: Here is the clamd log with no changes except I had lunch 2012-01-23 12:17:59.584529500 Listening daemon: PID: 25777 2012-01-23 12:17:59.584568500 MaxQueue set to: 100 2012-01-23 12:28:00.034109500 No stats for Database check - forcing reload 2012-01-23 12:28:00.318747500 Reading databases from /usr/local/share/clamav 2012-01-23 12:28:04.330376500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.hdb 2012-01-23 12:28:04.330458500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 12:28:04.330566500 ERROR: reload db failed: Malformed database 2012-01-23 12:28:04.373648500 Terminating because of a fatal error. 2012-01-23 12:28:09.737290500 LibClamAV Error: cli_tgzload: Invalid checksum for file main.mdb 2012-01-23 12:28:09.737333500 LibClamAV Error: Can't load /usr/local/share/clamav/main.cvd: Malformed database 2012-01-23 12:28:09.737403500 ERROR: Malformed database 2012-01-23 12:28:09.737444500 Closing the main socket. 2012-01-23 12:28:16.676138500 Limits: Global size limit set to 104857600 bytes. 2012-01-23 12:28:16.676170500 Limits: File size limit set to 26214400 bytes. 2012-01-23 12:28:16.676207500 Limits: Recursion level limit set to 16. 2012-01-23 12:28:16.676238500 Limits: Files limit set to 1. 2012-01-23 12:28:16.676268500 Limits: Core-dump limit is 0. 2012-01-23 12:28:16.676297500 Archive support enabled. 2012-01-23 12:28:16.676328500 Algorithmic detection enabled. 2012-01-23 12:28:16.676357500 Portable Executable support enabled. 2012-01-23 12:28:16.676391500 ELF support enabled. 2012-01-23 12:28:16.676421500 Mail files support enabled. 2012-01-23 12:28:16.676452500 OLE2 support enabled. 2012-01-23 12:28:16.676482500 PDF support enabled. 2012-01-23 12:28:16.676510500 HTML support enabled. 2012-01-23 12:28:16.676546500 Self checking every 600 seconds. 2012-01-23 12:28:16.676578500 Listening daemon: PID: 32757 2012-01-23 12:28:16.676616500 MaxQueue set to: 100 2012-01-23 12:38:20.307033500 No stats for Database check - forcing reload 2012-01-23 12:38:20.517357500 Reading databases from /usr/local/share/clamav 2012-01-23 12:38:27.147959500 Database correctly reloaded (1119366 signatures) 2012-01-23 12:48:29.232337500 SelfCheck: Database status OK. 2012-01-23 12:58:32.896595500 SelfCheck: Database status OK. 2012-01-23 13:08:32.542060500 SelfCheck: Database status OK. 2012-01-23 13:18:34.916892500 SelfCheck: Database status OK. This makes little sense to me I would suggest that this is incipient hardware failure, could be memory, hard drive or even nic, if the box is more than 2 or 3 years old I would replace it with a new one ASAP. Best Regards Greg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -- - Bob Hutchinson Midwales dot com - ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] freshclam Verification: Can't verify database integrity
|> 2012-01-23 12:28:16.676546500 Self checking every 600 seconds. |> 2012-01-23 12:28:16.676578500 Listening daemon: PID: 32757 |> 2012-01-23 12:28:16.676616500 MaxQueue set to: 100 |> 2012-01-23 12:38:20.307033500 No stats for Database check - forcing |> reload |> 2012-01-23 12:38:20.517357500 Reading databases from |> /usr/local/share/clamav |> 2012-01-23 12:38:27.147959500 Database correctly reloaded (1119366 |> signatures) |> 2012-01-23 12:48:29.232337500 SelfCheck: Database status OK. |> 2012-01-23 12:58:32.896595500 SelfCheck: Database status OK. |> 2012-01-23 13:08:32.542060500 SelfCheck: Database status OK. |> 2012-01-23 13:18:34.916892500 SelfCheck: Database status OK. |> |> This makes little sense to me | | I would suggest that this is incipient hardware failure, could be | memory, hard drive or even nic, if the box is more than 2 or 3 years old | I would replace it with a new one ASAP. | Thank you for your response, but I'm not 100% sure it's hardware It may well be, but it isn't responding that way server wide, just with clam which raises doubts about the hardware approach in my mind. Thanks tho Best Regards Greg ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
