Re: [clamav-users] Virus database not updated since 14th July 2021
Thank you so much, Mark, for your explanations. It is so much clearer for me now. And your theory about the origin of my timeout set to 30 makes perfectly sense: as I said, I have KDE neon for few years now and visibly I have inherited the settings from the Ubuntu 18 (on which the original installation was based) which have not been modified while upgrading to the Ubuntu 20 base. Thanks again! Best wishes, Jerzy Le 09/03/2022 à 22:25, clamav.mbou...@spamgourmet.com a écrit : ReceiveTimeout=30 is probably the one causing you problems. I was bitten by that when installing ClamAV on an Ubuntu-based system last year. For me, on a ~16Mpbs downlink home broadband connection, it took longer than that to download the signatures, so would repeatedly time out and retry. I think in that case the retries occur every 5 seconds, regardless of other settings specifying the frequency of update checks, since it hadn't actually successfully updated. As I understand it, checking every hour shouldn't usually be a problem - its the retries triggered by the timeout that cause the rate-limiting to kick in. Having mentioned it here myself almost a year ago myself, it turns out that the default built into ClamAV sets ReceiveTimeout=0, which means no timeout. However, the Ubuntu 16.04 and 18.04 packages create an initial configuration with it to 30. I think the Ubuntu 20.04 packages now set it to 0, the same as ClamAV's default, but it may be that you've inherited a configuration from an older installation - or perhaps KDE Neon provide their own packages with the default still set to 30. So it seems that 30s default isn't actually the ClamAV team's fault. What does seem to exacerbate the problem is that, when the download times out, it retries after 5 seconds so you quickly get blocked by the rate-limiting and have to wait for that to reset before trying again after fixing the config. But, as was explained to me, there are some cases where retrying immediately makes sense and freshclam can't necessary determine that, so always waiting a longer period (or until the next update check is due) isn't necessarily the right thing to do either (and in its default configuration a timeout wouldn't happen anyway). Mark. Jerzy Witwinowski via clamav-users wrote: @ Maarten Broekman - I'm using the version 0.103.5 which, I think, is the current version in KDE Neon repos (KDE Neon being based on Ubuntu 20). But what I did yesterday (manual tuning of the configuration file, lowering the number of times per day the updates are fetched and increasing the receive timeout) helped. This evening, when I started my computer after returning from work, I checked the version of the virus database and saw that ClamAV had managed to update it. @ G.W. Haywood - Hopefully after manual tweaking of the config file everything works again as it should (as I explained in my answer to Maarten Broekman above). And it's not that I've been neglecting the security... It's just that as everything had been working smooth and fine since I've installed ClamAV many years ago, I've stopped manually checking if everything was still OK (because why would it stop working after all those years?)... My bad. Anyway, three things: 1. I would like to apologize for writing BEFORE I could verify if the manual tweaks would work once my cool-down period lifted. 2. Thank you all for your patience and your help. 3. There is still one question that puzzles me: why the default configuration of ClamAV (checking for updates every hour, Retrieve Timeout set to 30) is designed in a way that leads directly to the ban by the CDN and renders the software useless? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021
https://blog.clamav.net/2021/07/psa-freshclam-database-download-issue.html — Sent from my iPhone > On Mar 9, 2022, at 16:25, clamav.mbou...@spamgourmet.com wrote: > > ReceiveTimeout=30 is probably the one causing you problems. I was bitten by > that when installing ClamAV on an Ubuntu-based system last year. For me, on > a ~16Mpbs downlink home broadband connection, it took longer than that to > download the signatures, so would repeatedly time out and retry. I think in > that case the retries occur every 5 seconds, regardless of other settings > specifying the frequency of update checks, since it hadn't actually > successfully updated. As I understand it, checking every hour shouldn't > usually be a problem - its the retries triggered by the timeout that cause > the rate-limiting to kick in. > > Having mentioned it here myself almost a year ago myself, it turns out that > the default built into ClamAV sets ReceiveTimeout=0, which means no timeout. > However, the Ubuntu 16.04 and 18.04 packages create an initial configuration > with it to 30. I think the Ubuntu 20.04 packages now set it to 0, the same > as ClamAV's default, but it may be that you've inherited a configuration from > an older installation - or perhaps KDE Neon provide their own packages with > the default still set to 30. So it seems that 30s default isn't actually the > ClamAV team's fault. > > What does seem to exacerbate the problem is that, when the download times > out, it retries after 5 seconds so you quickly get blocked by the > rate-limiting and have to wait for that to reset before trying again after > fixing the config. But, as was explained to me, there are some cases where > retrying immediately makes sense and freshclam can't necessary determine > that, so always waiting a longer period (or until the next update check is > due) isn't necessarily the right thing to do either (and in its default > configuration a timeout wouldn't happen anyway). > > Mark. > > > Jerzy Witwinowski via clamav-users wrote: >> @ Maarten Broekman - I'm using the version 0.103.5 which, I think, is the >> current version in KDE Neon repos (KDE Neon being based on Ubuntu 20). But >> what I did yesterday (manual tuning of the configuration file, lowering the >> number of times per day the updates are fetched and increasing the receive >> timeout) helped. This evening, when I started my computer after returning >> from work, I checked the version of the virus database and saw that ClamAV >> had managed to update it. >> @ G.W. Haywood - Hopefully after manual tweaking of the config file >> everything works again as it should (as I explained in my answer to Maarten >> Broekman above). And it's not that I've been neglecting the security... It's >> just that as everything had been working smooth and fine since I've >> installed ClamAV many years ago, I've stopped manually checking if >> everything was still OK (because why would it stop working after all those >> years?)... My bad. >> Anyway, three things: >> 1. I would like to apologize for writing BEFORE I could verify if the manual >> tweaks would work once my cool-down period lifted. >> 2. Thank you all for your patience and your help. >> 3. There is still one question that puzzles me: why the default >> configuration of ClamAV (checking for updates every hour, Retrieve Timeout >> set to 30) is designed in a way that leads directly to the ban by the CDN >> and renders the software useless? >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-users >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/contact.html#ml > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021
ReceiveTimeout=30 is probably the one causing you problems. I was bitten by that when installing ClamAV on an Ubuntu-based system last year. For me, on a ~16Mpbs downlink home broadband connection, it took longer than that to download the signatures, so would repeatedly time out and retry. I think in that case the retries occur every 5 seconds, regardless of other settings specifying the frequency of update checks, since it hadn't actually successfully updated. As I understand it, checking every hour shouldn't usually be a problem - its the retries triggered by the timeout that cause the rate-limiting to kick in. Having mentioned it here myself almost a year ago myself, it turns out that the default built into ClamAV sets ReceiveTimeout=0, which means no timeout. However, the Ubuntu 16.04 and 18.04 packages create an initial configuration with it to 30. I think the Ubuntu 20.04 packages now set it to 0, the same as ClamAV's default, but it may be that you've inherited a configuration from an older installation - or perhaps KDE Neon provide their own packages with the default still set to 30. So it seems that 30s default isn't actually the ClamAV team's fault. What does seem to exacerbate the problem is that, when the download times out, it retries after 5 seconds so you quickly get blocked by the rate-limiting and have to wait for that to reset before trying again after fixing the config. But, as was explained to me, there are some cases where retrying immediately makes sense and freshclam can't necessary determine that, so always waiting a longer period (or until the next update check is due) isn't necessarily the right thing to do either (and in its default configuration a timeout wouldn't happen anyway). Mark. Jerzy Witwinowski via clamav-users wrote: @ Maarten Broekman - I'm using the version 0.103.5 which, I think, is the current version in KDE Neon repos (KDE Neon being based on Ubuntu 20). But what I did yesterday (manual tuning of the configuration file, lowering the number of times per day the updates are fetched and increasing the receive timeout) helped. This evening, when I started my computer after returning from work, I checked the version of the virus database and saw that ClamAV had managed to update it. @ G.W. Haywood - Hopefully after manual tweaking of the config file everything works again as it should (as I explained in my answer to Maarten Broekman above). And it's not that I've been neglecting the security... It's just that as everything had been working smooth and fine since I've installed ClamAV many years ago, I've stopped manually checking if everything was still OK (because why would it stop working after all those years?)... My bad. Anyway, three things: 1. I would like to apologize for writing BEFORE I could verify if the manual tweaks would work once my cool-down period lifted. 2. Thank you all for your patience and your help. 3. There is still one question that puzzles me: why the default configuration of ClamAV (checking for updates every hour, Retrieve Timeout set to 30) is designed in a way that leads directly to the ban by the CDN and renders the software useless? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021
@ Maarten Broekman - I'm using the version 0.103.5 which, I think, is the current version in KDE Neon repos (KDE Neon being based on Ubuntu 20). But what I did yesterday (manual tuning of the configuration file, lowering the number of times per day the updates are fetched and increasing the receive timeout) helped. This evening, when I started my computer after returning from work, I checked the version of the virus database and saw that ClamAV had managed to update it. @ G.W. Haywood - Hopefully after manual tweaking of the config file everything works again as it should (as I explained in my answer to Maarten Broekman above). And it's not that I've been neglecting the security... It's just that as everything had been working smooth and fine since I've installed ClamAV many years ago, I've stopped manually checking if everything was still OK (because why would it stop working after all those years?)... My bad. Anyway, three things: 1. I would like to apologize for writing BEFORE I could verify if the manual tweaks would work once my cool-down period lifted. 2. Thank you all for your patience and your help. 3. There is still one question that puzzles me: why the default configuration of ClamAV (checking for updates every hour, Retrieve Timeout set to 30) is designed in a way that leads directly to the ban by the CDN and renders the software useless? ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021
Hi there, On Tue, 8 Mar 2022, Jerzy Witwinowski via clamav-users wrote: ... I realized today that my virus database on my personal computer at home (an old PC running the last version of KDE Neon) hasn't been updated since 14th July 2021. ... As Mr. Broekman suggests I'm sure your ClamAV installation is outdated. Look in the freshclam log - if you have one, it likely will have been telling you for a while, if only you'd looked at it. Check the man page for freshclam, particularly this configuration option: --on-update-execute You can e.g. get freshclam to mail you when it fails to update, so you won't be caught with your pants down again. At least not this way. You might want to subscribe to the announcements list, it's low volume. Look at the ClamAV blog, which has plenty of detail about this issue: https://blog.clamav.net And for all our sakes, please take security a little more seriously. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Virus database not updated since 14th July 2021
What version of ClamAV are you using? July of last year sounds about when EOL versions of ClamAV were blocked wholesale and the 'acceptable version' was moved up and all prior versions were blocked. EOL has moved several times since then as well. Currently, the current stable version 0.104 and I don't believe anything before 0.103 will get updates. --Maarten On Tue, Mar 8, 2022 at 4:21 PM Jerzy Witwinowski via clamav-users < clamav-users@lists.clamav.net> wrote: > Hello! > > > I've spent last two hours trying to find a solution, but I failed. I > realized today that my virus database on my personal computer at home > (an old PC running the last version of KDE Neon) hasn't been updated > since 14th July 2021. When I tried to update manually, I've got the > information that I'm blocked by the CDN (cool-down etc.). I followed the > instructions in order to manually lower the number of times per day > Clamfresh is trying to fetch the updates from 24 to 1, increase the > Retrieve Timeout to 900,k etc. in the config file - but if the system > has been unable to fetch ANY updates for the past NINE MONTHS, I doubt > it will solve the problem... I want to emphasize that this is the only > computer at my home that connects to the internet daily... I connect > through Bouygues (one of the biggest internet providers in France) via > ADSL - and I'm a bit afraid that ClamAV's CDN is treating all the > customers of Bouygues as if they were a single company or organization - > which renders the use of Avast for hundreds of people impossible (I'm > writing "hundreds", but I have no clue what is the proportion of Linux / > ClamAV users among the millions of customers of Bouygues)... I'm stuck > and I have absolutely no idea what to do... Please, help. > > > Best, > > Jerzy Witwinowski > > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
