As some of you may remember, I "solved" the problems of the Cloudflare mirrors being out of sync by not relying on what version the DNS TXT record reports, but double checking it by retrieving the head of the CVD file via curl.
Now that I have replaced our dead (hardware, 32-bit) Web and email server with a totally new server (virtual, 64-bit), which involved restoring most files from rsync backups, followed by *lots* of reconfiguring for the new Centos 7 and Apache 2.4.6, plus fighting with SeLinux (which makes configuring systemd seem really easy), I again have some time to deal with ClamAV. So, the curl workaround seems still to work OK. But ... Since Oct 20, we are occasionally getting the old error msgs from freshclam (although the next freshclam run usually works): Update failed. Your network may be down or none of the mirrors listed in /opt/clamav.d/clamav.0.100.1/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror\-faq for possible reasons. This is followed by a mirror report (see below). I suspect this is due to curl retrieving the head of the cvd from one mirror (IP or anycast physical) while freshclam downloads the full cvd from a different mirror. We are running ClamAV version 0.100.1. Freshclam started reporting that 0.100.1 was OUTDATED on Oct 3, but the new batch of sync errors didn't start until Oct 20, so it can't be that simple. Will these synchronization problems never end? We have seen about 2 dozen of these failures in the past 3 weeks (since Oct 20), but none before that -- once I had added the curl workaround. Here is a typical detailed freshclam error report (which happens to be the first): ------------------------------ Saturday 20 October 2018 at 09:46:01 ------------------------------ /opt/clamav/bin/testclam-external --> UPD D 25054/25054/25053 B 327/327/327 M 58/58/58 /opt/clamav/bin/freshclam -v --stdout --on-update-execute=EXIT_1 Current working dir is /opt/clamav.d/clamav.0.100.1/share/clamav Max retries == 1 ClamAV update process started at Sat Oct 20 09:46:02 2018 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1319 Software version from DNS: 0.100.2 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.100.1 Recommended version: 0.100.2 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd version from DNS: 25054 Retrieving http://database.clamav.net/daily.cvd Using ip '10.11.14.160' for fetching. Trying to download http://database.clamav.net/daily.cvd (IP: 104.16.189.138) Downloading daily.cvd [100%] WARNING: Mirror 104.16.189.138 is not synchronized. Querying daily.0.92.0.0.6810BD8A.ping.clamav.net Giving up on database.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /opt/clamav.d/clamav.0.100.1/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons. /opt/clamav/bin/freshclam --list-mirrors Mirror #1 IP: 104.16.187.138 Successes: 52 Failures: 2 Last access: Fri Oct 19 10:33:07 2018 Ignore: No ------------------------------------- Mirror #2 IP: 104.16.189.138 Successes: 70 Failures: 2 Last access: Sat Oct 20 09:46:06 2018 Ignore: Yes ------------------------------------- Mirror #3 IP: 104.16.188.138 Successes: 70 Failures: 1 Last access: Sat Oct 20 02:52:05 2018 Ignore: No ------------------------------------- Mirror #4 IP: 104.16.185.138 Successes: 70 Failures: 1 Last access: Fri Oct 19 02:49:07 2018 Ignore: No ------------------------------------- Mirror #5 IP: 104.16.186.138 Successes: 70 Failures: 1 Last access: Fri Oct 19 17:18:05 2018 Ignore: No ------------------------------ Saturday 20 October 2018 at 09:46:06 ------------------------------ _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
