On Wednesday 16 March 2016 23:24:37 Joel Esler (jesler) wrote: > http://blog.clamav.net/2016/03/clamav-signature-interface-maintenance. >htm<http://blog.clamav.net/2016/03/clamav-signature-interface-maintenan >ce.html?m=1>l > > ClamAV Signature Interface maintenance is now complete! New Main.cvd! > Our ClamAV Signature Interface maintenance is now complete. While we > apologize for the delay, the rollout of the the new Signature > Interface inside of ClamAV will result in several new features for the > community, and I wanted to tell you about some of them: > > First, the first new “main.cvd” in about two years. This main.cvd has > been completely re-written from scratch, and while the function of the > “main” is largely the same, it’s been rewritten to not only enforce > order to the signatures, but naming convention as well. For example: > > W97M.Ethan.AK-1 has moved to Doc.Trojan.Ethan > Worm.Padowor.A-zippwd has moved to Win.Worm.Padowor > Adware.Smshoax has moved to Win.Adware.Smshoax > > Re-naming of the signatures may affect a local user’s whitelist. If > you have excluded certain signatures in the past that are now firing, > we ask that you both submit the file to us for false positive > remediation (if you believe it to be a false positive), and rename the > signature whitelist on your side. > > This new main is 109Mb in size, and contains 4 million signatures for > ClamAV. Now that the main.cvd has been rewritten, it is now easier > for us to create diffs, which means upgrading the main more often, and > making the “daily.cvd” smaller more often. > > Second, we now have the ability to offer different types of CVDs. > For instance, we now have the ability to distribute 3rd party > signatures that are officially signed by ClamAV, but updated through > the ClamAV global mirror network. If we wanted to separate out > “policy” type signatures from the daily.cvd into their own cvd, we can > now do that. > > Third, while we have not removed some of the older signature formats, > we did convert those older signatures to the newer formats to empty > those older “cvd”s out. > > For example: > “db" signatures were consolidated into “ndb" signatures > “zmd" and “rmd" archive signatures we moved to the “cdb" container > signature format > > These formats are not new, they simply have never been published > before. This includes other formats such as “hsb", “msb", “sfp", and > “crb". The older formats are supported for now, we are simply no > longer publishing them. > > Fourth, newer features, like the ability to write signatures based on > the SHA256 of a file have been added to the system, and we can now > publish that type of detection. > > We’d like to thank you for your patience. > > ClamAV team
Unfortunately as of 1:20 or so this morning, the server is probably overloaded: Thu Mar 17 01:20:25 2016 -> Received signal: wake up Thu Mar 17 01:20:25 2016 -> ClamAV update process started at Thu Mar 17 01:20:25 2016 Thu Mar 17 01:20:25 2016 -> WARNING: Your ClamAV installation is OUTDATED! Thu Mar 17 01:20:25 2016 -> WARNING: Local version: 0.99 Recommended version: 0.99.1 Thu Mar 17 01:20:25 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq Thu Mar 17 01:20:57 2016 -> nonblock_connect: connect timing out (30 secs) Thu Mar 17 01:20:57 2016 -> Can't connect to port 80 of host db.us.clamav.net (IP: 194.186.47.19) Thu Mar 17 01:20:57 2016 -> Trying host db.us.clamav.net (194.8.197.22)... Thu Mar 17 01:21:00 2016 -> Empty script main-56.cdiff, need to download entire database Thu Mar 17 01:21:42 2016 -> nonblock_recv: recv timing out (30 secs) Thu Mar 17 01:21:42 2016 -> WARNING: getfile: Download interrupted: Operation now in progress (IP: 194.8.197.22) Thu Mar 17 01:21:42 2016 -> WARNING: Can't download main.cvd from db.us.clamav.net Thu Mar 17 01:21:42 2016 -> Trying again in 5 secs... Thu Mar 17 01:21:47 2016 -> ClamAV update process started at Thu Mar 17 01:21:47 2016 Thu Mar 17 01:21:47 2016 -> WARNING: Your ClamAV installation is OUTDATED! Thu Mar 17 01:21:47 2016 -> WARNING: Local version: 0.99 Recommended version: 0.99.1 Thu Mar 17 01:21:47 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq Thu Mar 17 01:22:19 2016 -> nonblock_connect: connect timing out (30 secs) Thu Mar 17 01:22:19 2016 -> Can't connect to port 80 of host db.us.clamav.net (IP: 209.198.147.20) Thu Mar 17 01:22:19 2016 -> Trying host db.us.clamav.net (69.12.162.28)... Thu Mar 17 01:22:49 2016 -> nonblock_connect: connect timing out (30 secs) Thu Mar 17 01:22:49 2016 -> Can't connect to port 80 of host db.us.clamav.net (IP: 69.12.162.28) Thu Mar 17 01:22:49 2016 -> Trying host db.us.clamav.net (150.214.142.197)... Thu Mar 17 01:23:11 2016 -> Empty script main-56.cdiff, need to download entire database Thu Mar 17 01:23:41 2016 -> nonblock_connect: connect timing out (30 secs) Thu Mar 17 01:23:41 2016 -> Can't connect to port 80 of host 150.214.142.197 (IP: 150.214.142.197) Thu Mar 17 01:23:41 2016 -> WARNING: Can't download main.cvd from db.us.clamav.net Thu Mar 17 01:23:41 2016 -> Trying again in 5 secs... Thu Mar 17 01:23:46 2016 -> ClamAV update process started at Thu Mar 17 01:23:46 2016 Thu Mar 17 01:23:46 2016 -> WARNING: Your ClamAV installation is OUTDATED! [...] Thu Mar 17 01:27:04 2016 -> Trying host db.us.clamav.net (172.110.204.67)... Thu Mar 17 03:37:39 2016 -> Downloading main.cvd [100%] Thu Mar 17 03:37:43 2016 -> WARNING: Mirror 172.110.204.67 is not synchronized. Thu Mar 17 03:37:43 2016 -> Trying again in 5 secs... Thu Mar 17 03:37:48 2016 -> ClamAV update process started at Thu Mar 17 03:37:48 2016 Thu Mar 17 03:37:48 2016 -> WARNING: Your ClamAV installation is OUTDATED! Thu Mar 17 03:37:48 2016 -> WARNING: Local version: 0.99 Recommended version: 0.99.1 Thu Mar 17 03:37:48 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq Thu Mar 17 03:37:50 2016 -> Trying host db.us.clamav.net (78.46.82.212)... Thu Mar 17 03:37:51 2016 -> WARNING: getfile: Unknown response from remote server (IP: 78.46.82.212) Thu Mar 17 03:37:51 2016 -> WARNING: getpatch: Can't download main-56.cdiff from db.us.clamav.net Thu Mar 17 03:38:06 2016 -> WARNING: getfile: Error while reading database from db.us.clamav.net (IP: 64.22.33.90): Operation now in progress Thu Mar 17 03:38:06 2016 -> WARNING: getpatch: Can't download main-56.cdiff from db.us.clamav.net Thu Mar 17 03:38:08 2016 -> Empty script main-56.cdiff, need to download entire database But at 4:17 am, no further log entries. I do see a limited anount of net traffic, in the 20k to 50k a second range that seems to be continuous, so either some one is wgetting my web page (again) or freshclam is still working on it. But if it is, its not logging it. Found it, its yahoo's "slurp" pulling my now out of date images of Nitros9 for the trs-80 color computers. Don't you just love site suckers that ignore robots.txt? I need a robots.txt that works. Slurp gets done, so now yandex is pulling it. *&^$#@*& vacuum cleaners... Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
