On Monday 16 March 2015 09:14:36 Joel Esler (jesler) wrote: > David, > > I forwarded this on to the ops team for a look. > I cannot prove its the same address Joel, my expiry rules clean up this folder in about 30 day but this looks like a previous such request that has been made before, possibly more than once before. So please follow up, get a report back and put it on the list so we know its been done.
FWIW, I just ran that command, and then stat'd the file, which does not reside anywhere in my install as my /var/lib/clamav only contains .cld's except for main.cvd. I got: gene@coyote:~$ stat daily.cvd File: `daily.cvd' Size: 33765882 Blocks: 65952 IO Block: 4096 regular file Device: 801h/2049d Inode: 57696146 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 1000/ gene) Gid: ( 1000/ gene) Access: 2015-03-16 10:57:16.000000000 -0400 Modify: 2015-03-15 16:28:00.000000000 -0400 Change: 2015-03-16 10:57:16.137624052 -0400 Birth: - Which freshclam is not servicing so I put it in /var/lib /clamav as follows. gene@coyote:~$ sudo cp daily.cvd /var/lib/clamav/daily.cvd gene@coyote:~$ ls -l /var/lib/clamav total 180848 -rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld -rw-r--r-- 1 root root 33765882 Mar 16 11:02 daily.cvd -rw-r----- 1 clamav clamav 45334 Mar 16 09:37 freshclam.log -rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd -rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat gene@coyote:~$ sudo chown clamav:clamav /var/lib/clamav/daily.cvd gene@coyote:~$ ls -l /var/lib/clamav total 180848 -rw-r--r-- 1 clamav clamav 346624 Feb 27 15:32 bytecode.cld -rw-r--r-- 1 clamav clamav 86291456 Mar 15 17:30 daily.cld -rw-r--r-- 1 clamav clamav 33765882 Mar 16 11:02 daily.cvd -rw-r----- 1 clamav clamav 45334 Mar 16 09:37 freshclam.log -rw-r--r-- 1 clamav clamav 64720632 Feb 4 20:15 main.cvd -rw------- 1 clamav clamav 988 Mar 16 10:31 mirrors.dat gene@coyote:~$ sudo less /var/lib/clamav/freshclam.log Is something broken in my freshclam configuration, or is the daily.cld the same thing? A curious user here. > -- > Joel Esler > Open Source Manager > Threat Intelligence Team Lead > Talos Group > > On Mar 16, 2015, at 8:51 AM, Smith, David > <drsm...@fsu.edu<mailto:drsm...@fsu.edu>> wrote: > > Jason, > Can you PLEASE pull mirror 150.214.142.197 out of your lists??? Note > the modify date on the daily.cvd > > [root@rhn cron]# wget http://150.214.142.197/daily.cvd > --2015-03-16 08:47:15-- http://150.214.142.197/daily.cvd > Connecting to 150.214.142.197:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: 27596102 (26M) [text/plain] > Saving to: `daily.cvd' > > 100%[================================================================= >=================================================================>] > 27,596,102 2.35M/s in 13s > > 2015-03-16 08:47:29 (2.05 MB/s) - `daily.cvd' saved > [27596102/27596102] > > [root@rhn cron]# stat daily.cvd > File: `daily.cvd' > Size: 27596102 Blocks: 53976 IO Block: 4096 regular > file Device: fd00h/64768d Inode: 1310864 Links: 1 > Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ > root) Access: 2015-03-16 08:47:29.000000000 -0400 > Modify: 2014-08-28 13:26:00.000000000 -0400 > Change: 2015-03-16 08:47:29.000000000 -0400 > > > WITH the Pragma: No-cache > > [root@rhn cron]# wget --header="Pragma: no-cache" > http://150.214.142.197/daily.cvd --2015-03-16 08:49:37-- > http://150.214.142.197/daily.cvd > Connecting to 150.214.142.197:80... connected. > HTTP request sent, awaiting response... 200 OK > Length: 27596102 (26M) [text/plain] > Saving to: `daily.cvd.1' > > 100%[================================================================= >=================================================================>] > 27,596,102 4.41M/s in 7.0s > > 2015-03-16 08:49:44 (3.75 MB/s) - `daily.cvd.1' saved > [27596102/27596102] > > [root@rhn cron]# stat daily.cvd.1 > File: `daily.cvd.1' > Size: 27596102 Blocks: 53976 IO Block: 4096 regular > file Device: fd00h/64768d Inode: 1310865 Links: 1 > Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ > root) Access: 2015-03-16 08:49:44.000000000 -0400 > Modify: 2014-08-28 13:26:00.000000000 -0400 > Change: 2015-03-16 08:49:44.000000000 -0400 > > > Thanks! > > Dave Smith > drsm...@fsu.edu<mailto:drsm...@fsu.edu> > (850)645-8024 Linux Administrators > its-unixadm...@fsu.edu<mailto:its-unixadm...@fsu.edu> > (850)644-2591 Information Technology Services Florida > State University > > > -----Original Message----- > From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On > Behalf Of Jason Haar Sent: Sunday, March 1, 2015 6:29 PM > To: > clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> > Subject: Re: [clamav-users] daily.cvd out of date? > > On 27/02/15 08:49, Smith, David wrote: > Nope .. not yet! :) > Try > > wget --header="Pragma: no-cache" > http://database.clamav.net/daily.cvd > > I say that because I'm wondering if you have a transparent proxy in > between you and the server, so that extra Pragma header should force > the proxy to re-download it instead of feeding out of cache. If the > file ends up with a newer date, then that confirms there's a proxy in > between (and as a side effect should have replaced the stale cached > entry - so freshclam will be happy again - at least for a short while) > > > -- > Cheers > > Jason Haar > Corporate Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
