If you're running into the CA cert problem with FreshClam because your CA certificate bundle is in a non-standard place, you can also set the CURL_CA_BUNDLE environment to point to the file holding one or more certificates. FreshClam and ClamSubmit will check that environment variable and use it instead of the default openssl CA path.
My apologies that this isn't in the documentation (yet). I will add it today. https://github.com/Cisco-Talos/clamav/issues/175 [https://opengraph.githubassets.com/3a88d2ae78ed898d56aa65df2cb4612e35e2cdff07ca8efd5d0fbb78efed4d33/Cisco-Talos/clamav/issues/175]<https://github.com/Cisco-Talos/clamav/issues/175> CURL_CA_BUNDLE environment variable missing from freshclam, clamsubmit documentation · Issue #175 · Cisco-Talos/clamav<https://github.com/Cisco-Talos/clamav/issues/175> Describe the bug Missing documentation for CURL_CA_BUNDLE option to customize the CA bundle path. How to reproduce the problem Grep the clamav source for "CURL_CA_BUNDLE". It only appears... github.com Micah Snyder ClamAV Development Talos Cisco Systems, Inc. ________________________________ From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of Jona Tallieu <j...@tnt.be> Sent: Tuesday, August 17, 2021 5:55 AM To: ClamAV users ML <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] database updates blocked Dear, Thanks for your answer. We are using Freshclam, the curl was a test to see what the problem was. The logs show a SSL CA cert problem: 13:26:22.633 5 EXTFILTER(CGPClamAV) inp(059): * ClamAV update process started at Mon Aug 16 13:26:22 2021 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(048): * WARNING: Your ClamAV installation is OUTDATED! 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(062): * WARNING: Local version: 0.103.2 Recommended version: 0.103.3 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(069): * DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav 13:26:22.634 5 EXTFILTER(CGPClamAV) inp(083): * daily database available for update (local version: 26231, remote version: 26265) 13:26:24.644 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?) 13:26:24.644 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch: Can't download daily-26232.cdiff from https://database.clamav.net/daily-26232.cdiff 13:26:24.646 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?) 13:26:24.646 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch: Can't download daily-26232.cdiff from https://database.clamav.net/daily-26232.cdiff 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?) 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(109): * WARNING: downloadPatch: Can't download daily-26232.cdiff from https://database.clamav.net/daily-26232.cdiff 13:26:24.651 5 EXTFILTER(CGPClamAV) inp(066): * WARNING: Incremental update failed, trying to download daily.cvd 13:26:24.653 5 EXTFILTER(CGPClamAV) inp(104): * WARNING: Download failed (77) * WARNING: Message: Problem with the SSL CA cert (path? access rights?) 13:26:24.653 5 EXTFILTER(CGPClamAV) inp(078): * WARNING: Can't download daily.cvd from https://database.clamav.net/daily.cvd But the ca-certificates package (which contains the CA roots) is the most recent version. Other Cloudflare hosted url’s (with the same TLS settings) work fine… Best, Jona From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of "Joel Esler (jesler) via clamav-users" <clamav-users@lists.clamav.net> Reply-To: ClamAV users ML <clamav-users@lists.clamav.net> Date: Tuesday, 17 August 2021 at 14:45 To: ClamAV users ML <clamav-users@lists.clamav.net> Cc: "Joel Esler (jesler)" <jes...@cisco.com> Subject: Re: [clamav-users] database updates blocked Resent-From: <j...@mail.tnt.be> Resent-Date: Tuesday, 17 August 2021 at 14:45 Curl is not authorized to be used to download updates. Please use Freshclam or cvdupdate to download updates.
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
