> ----- Original Message ----- > From: "Noel Jones" <[EMAIL PROTECTED]> > To: "ClamAV users ML" <clamav-users@lists.clamav.net> > Subject: Re: [Clamav-users] Freshclam to ClamAV sig parity count mismatch > Date: Thu, 04 Sep 2008 13:10:33 -0500 > > > Oscar Usifer wrote: > >> ----- Original Message ----- > >> From: "Noel Jones" <[EMAIL PROTECTED]> > >> To: "ClamAV users ML" <clamav-users@lists.clamav.net> > >> Subject: Re: [Clamav-users] Freshclam to ClamAV sig parity count mismatch > >> Date: Thu, 04 Sep 2008 12:45:41 -0500 > >> > >> > >> Oscar Usifer wrote: > >>> Folks, > >>> > >>> I am seeing freshclam report more signatures than clamav is > >>> reloading in the logs files. For example freshclam says, > >>> 'Database updated (413786 signatures)...' and 'Clamd > >>> successfully notified about the update.', but clamd says, > >>> 'Database correctly reloaded (312304 signatures)'. Why does it > >>> do that? > >>> > >>> ==> /var/log/clamav/freshclam.log <== > >>> Thu Sep 4 09:34:07 2008 -> Received signal: wake up > >>> Thu Sep 4 09:34:07 2008 -> ClamAV update process started at > >>> Thu Sep 4 09:34:07 2008 > >>> Thu Sep 4 09:34:07 2008 -> main.cvd is up to date (version: > >>> 47, sigs: 312304, f-level: 31, builder: sven) > >>> Thu Sep 4 09:34:07 2008 -> Trying host db.us.clamav.net > (208.67.80.27)... > >>> Thu Sep 4 09:34:07 2008 -> Downloading daily-8161.cdiff [100%] > >>> Thu Sep 4 09:34:08 2008 -> daily.cld updated (version: 8161, > >>> sigs: 101482, f-level: 35, builder: arnaud) > >>> Thu Sep 4 09:34:08 2008 -> Database updated (413786 > >>> signatures) from db.us.clamav.net (IP: 208.67.80.27) > >>> Thu Sep 4 09:34:08 2008 -> Clamd successfully notified about > the update. > >>> Thu Sep 4 09:34:08 2008 -> -------------------------------------- > >>> > >>> ==> /var/log/clamav/clamd.log <== > >>> Thu Sep 4 09:47:02 2008 -> SelfCheck: Database modification > >>> detected. Forcing reload. > >>> Thu Sep 4 09:47:02 2008 -> Reading databases from /var/lib/clamav > >>> Thu Sep 4 09:47:05 2008 -> Database correctly reloaded > (312304 signatures) > > > >> Probably the DatabaseDirectory directives in clamd.conf and > >> freshclam.conf don't match. > >> > > > > I don't see this is the case. > > > > > > > > [EMAIL PROTECTED] ~]$ clamconf -n > > /etc/clamd.conf: clamd directives > > ------------------------------ > > LogFile = "/var/log/clamav/clamd.log" > > LogFileMaxSize = 0 > > LogTime = yes > > LogSyslog = yes > > PidFile = "/var/run/clamav/clamd.pid" > > TemporaryDirectory = "/var/tmp" > > ScanPDF = yes > > DatabaseDirectory = "/var/lib/clamav" > > LocalSocket = "/var/run/clamav/clamd.sock" > > User = "clamav" > > AllowSupplementaryGroups = yes > > > > /etc/freshclam.conf: freshclam directives > > ------------------------------ > > LogFileMaxSize = 0 > > LogTime = yes > > LogSyslog = yes > > PidFile = "/var/run/clamav/freshclam.pid" > > DatabaseDirectory = "/var/lib/clamav" > > AllowSupplementaryGroups = yes > > Checks = 24 > > UpdateLogFile = "/var/log/clamav/freshclam.log" > > DatabaseMirror = "db.us.clamav.net" > > DatabaseMirror = "database.clamav.net" > > CompressLocalDatabase = yes > > NotifyClamd = "/etc/clamd.conf" > > > > Engine and signature databases > > ------------------------------ > > Engine version: 0.94 > > Database directory: /var/lib/clamav > > main db: Format: .cvd, Version: 47, Build time: Mon Jun 23 11:20:53 2008 > > daily db: Format: .cld, Version: 8162, Build time: Thu Sep 4 > 09:38:45 2008 > > [EMAIL PROTECTED] ~]$ > > Maybe more than one freshclam.conf?
[EMAIL PROTECTED] ~]$ find / -type f -name freshclam.conf ... /etc/freshclam.conf > Do the files in /var/lib/clamav have a recent timestamp? Appears main.cvd has older time stamp. [EMAIL PROTECTED] ~]$ ls -l /var/lib/clamav/ total 17472 -rw-r--r-- 1 clamav clamav 2656538 Sep 4 09:53 daily.cld -rw-r--r-- 1 clamav clamav 15200793 Jul 11 16:01 main.cvd -rw------- 1 clamav clamav 572 Sep 4 10:53 mirrors.dat > Search for another daily.cld somewhere? [EMAIL PROTECTED] ~]$ find / -type f -name daily.cld .. /var/lib/clamav/daily.cld > File ownership problems? [EMAIL PROTECTED] ~]$ ls -l /var/lib/clamav/ total 17472 -rw-r--r-- 1 clamav clamav 2656538 Sep 4 09:53 daily.cld -rw-r--r-- 1 clamav clamav 15200793 Jul 11 16:01 main.cvd -rw------- 1 clamav clamav 572 Sep 4 10:53 mirrors.dat [EMAIL PROTECTED] ~]$ ps -ef | grep clam .. clamav 32066 1 0 Sep02 ? 00:00:41 /usr/sbin/clamd clamav 32091 1 0 Sep02 ? 00:00:15 /usr/bin/freshclam --checks=24 --on-update-execute= --on-error-execute= --daemon --config-file=/etc/freshclam.conf --log=/var/log/clamav/freshclam.log clamav 14610 32066 0 Sep02 ? 00:00:00 /usr/sbin/clamd .. > Change CompressLocalDatabase back to the default "no" After this change is the following. If it updates and shows parities, then I'll repost. ==> /var/log/clamav/clamd.log <== Thu Sep 4 11:29:48 2008 -> Socket file removed. Thu Sep 4 11:29:48 2008 -> Pid file removed. Thu Sep 4 11:29:48 2008 -> --- Stopped at Thu Sep 4 11:29:48 2008 Thu Sep 4 11:29:49 2008 -> +++ Started at Thu Sep 4 11:29:49 2008 Thu Sep 4 11:29:49 2008 -> clamd daemon 0.94 (OS: linux-gnu, ARCH: i386, CPU: i686) Thu Sep 4 11:29:49 2008 -> Running as user clamav (UID 977, GID 977) Thu Sep 4 11:29:49 2008 -> Log file size limit disabled. Thu Sep 4 11:29:49 2008 -> Reading databases from /var/lib/clamav Thu Sep 4 11:29:49 2008 -> Not loading PUA signatures. Thu Sep 4 11:29:51 2008 -> Loaded 312304 signatures. Thu Sep 4 11:29:51 2008 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock Thu Sep 4 11:29:51 2008 -> LOCAL: Setting connection queue length to 15 Thu Sep 4 11:29:51 2008 -> Limits: Global size limit set to 104857600 bytes. Thu Sep 4 11:29:51 2008 -> Limits: File size limit set to 26214400 bytes. Thu Sep 4 11:29:51 2008 -> WARNING: System limit for file size is lower than maxfilesize or maxscansize Thu Sep 4 11:29:51 2008 -> Limits: Recursion level limit set to 16. Thu Sep 4 11:29:51 2008 -> Limits: Files limit set to 10000. Thu Sep 4 11:29:51 2008 -> Archive support enabled. Thu Sep 4 11:29:51 2008 -> Algorithmic detection enabled. Thu Sep 4 11:29:51 2008 -> Portable Executable support enabled. Thu Sep 4 11:29:51 2008 -> ELF support enabled. Thu Sep 4 11:29:51 2008 -> Mail files support enabled. Thu Sep 4 11:29:51 2008 -> OLE2 support enabled. Thu Sep 4 11:29:51 2008 -> PDF support enabled. Thu Sep 4 11:29:51 2008 -> HTML support enabled. Thu Sep 4 11:29:51 2008 -> Self checking every 1800 seconds. ==> /var/log/clamav/freshclam.log <== Thu Sep 4 11:29:51 2008 -> -------------------------------------- Thu Sep 4 11:29:51 2008 -> freshclam daemon 0.94 (OS: linux-gnu, ARCH: i386, CPU: i686) Thu Sep 4 11:29:51 2008 -> ClamAV update process started at Thu Sep 4 11:29:51 2008 Thu Sep 4 11:29:51 2008 -> main.cvd is up to date (version: 47, sigs: 312304, f-level: 31, builder: sven) Thu Sep 4 11:29:51 2008 -> daily.cld is up to date (version: 8162, sigs: 101510, f-level: 35, builder: neo) Thu Sep 4 11:29:51 2008 -> -------------------------------------- -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
