Heh, good question. Just checked again, and it looks like that was a copy-paste error. There is only one PrivateMirror line. Kevin
On Mon, Feb 27, 2023 at 12:02 PM newcomer01 via clamav-users < clamav-users@lists.clamav.net> wrote: > why you have set two times the "PrivateMirror" with identically IP's? > Can't believe that this happens with the automated PostInst 😉 > > > Von / From: Clamav User Mailinglist <mailto:clamav-users@lists.clamav.net> > An / To: Newcomer01 <mailto:newcome...@posteo.de> > CC / CC: Kevin O'connor <mailto:kocon...@ampion.net> > Gesendet / Sent: Montag, Februar 27, 2023 um 16:58 (at 04:58 PM) +0100 > Betreff / Subject: [clamav-users] 0 length bytecode.cvd causing problems > with clamav daemon > > I am having an issue with 0 length bytecode.cvd files on my scanner > instances. This seems to have started sometime on 22 Feb, I'm afraid I > don't have an exact time. The clamav daemon produces logs like the > following: > > > > Feb 27 14:39:11 av-scan-wrhn clamd[163614]: LibClamAV Error: > cli_cvdverify: Can't read CVD header > > Feb 27 14:39:11 av-scan-wrhn clamd[163614]: LibClamAV Error: Can't load > /var/lib/clamav/bytecode.cld: Broken or not a CVD file > > Feb 27 14:39:11 av-scan-wrhn clamd[163614]: LibClamAV Error: > cli_loaddbdir(): error loading database /var/lib/clamav/bytecode.cld > > Feb 27 14:39:11 av-scan-wrhn clamd[163614]: Mon Feb 27 14:39:11 2023 -> > !Broken or not a CVD file > > Feb 27 14:39:11 av-scan-wrhn systemd[1]: clamav-daemon.service: Main > process exited, code=exited, status=1/FAILURE > > Feb 27 14:39:11 av-scan-wrhn systemd[1]: clamav-daemon.service: Failed > with result 'exit-code'. > > Feb 27 14:39:11 av-scan-wrhn systemd[1]: clamav-daemon.service: Consumed > 8.679s CPU time. > > > > > > I feel like I have narrowed the problem down to a 0 length > 'bytecode.cvd' file. Here is a listing of the definitions directory: > > > > $ ls -l /var/lib/clamav > > total 226168 > > -rw-r--r-- 1 clamav clamav 314802 Feb 27 14:06 bytecode.cld > > -rw-r--r-- 1 clamav clamav 0 Feb 27 02:00 bytecode.cvd > > -rw-r--r-- 1 clamav clamav 60787973 Feb 27 10:01 daily.cld > > -rw-r--r-- 1 clamav clamav 69 Feb 23 15:33 freshclam.dat > > -rw-r--r-- 1 clamav clamav 170479789 Feb 27 02:00 main.cvd > > > > > > My initial fix (before narrowing the problem down to bytecode.cvd) was to > > > > 1. stop freshclam > > 2. clean this directory > > 3. restart freshclam > > 4. give it time to get the definitions (from a private mirror) > > 5. start clamav daemon > > > > This would work for maybe 1/2 day then the empty bytecode.cvd file would > reappear and the daemon would fail. > > > > This morning I was able to spend some more time and find that it was > just the one file that needed to be removed. > > > > I have a local mirror because there are several instances of this > scanner in use (at least 2 instances for several environments). I have > checked the mirror and it appears to be working fine and keeping the > definitions up to date inside our environment. In addition, the scanner > instances appear to be keeping the local set of definitions up to date with > the mirror. > > > > The mirror does not have a bytecode.cvd file on it (here is a listing of > its definitions directory) > > > > $ ls -l /var/lib/clamav > > total 226172 > > -rw-r--r-- 1 clamav clamav 314802 Feb 22 22:02 bytecode.cld > > -rw-r--r-- 1 clamav clamav 60787973 Feb 27 09:06 daily.cld > > -rw-r--r-- 1 clamav clamav 69 Jan 29 2022 freshclam.dat > > -rw-r--r-- 1 clamav clamav 170479789 Jan 29 2022 main.cvd > > -rw-r--r-- 1 clamav clamav 87 Jan 29 2022 test.html > > > > > > To the best of my knowledge, the software is up to date: > > > > $ sudo freshclam -V > > ClamAV 0.103.8/26825/Mon Feb 27 08:24:38 2023 > > > > > > Here is the freshclam.conf used on all the local sanner instances > > > > $ cat /etc/clamav/freshclam.conf > > # Automatically created by the clamav-freshclam postinst > > # Comments will get lost when you reconfigure the clamav-freshclam > package > > > > DatabaseOwner clamav > > UpdateLogFile /var/log/clamav/freshclam.log > > LogVerbose false > > LogSyslog false > > LogFacility LOG_LOCAL6 > > LogFileMaxSize 0 > > LogRotate true > > LogTime true > > Foreground false > > Debug false > > MaxAttempts 5 > > DatabaseDirectory /var/lib/clamav > > DNSDatabaseInfo current.cvd.clamav.net <http://current.cvd.clamav.net > <http://current.cvd.clamav.net> > > > > ConnectTimeout 30 > > ReceiveTimeout 0 > > TestDatabases yes > > CompressLocalDatabase no > > Bytecode true > > NotifyClamd /etc/clamav/clamd.conf > > # Check for new database 24 times a day > > Checks 24 > > PrivateMirror http://10.50.0.2 > <http://10.50.0.2> > > ScriptedUpdates no > > PrivateMirror http://10.50.0.2 > <http://10.50.0.2> > > > > > > The scanner has been working fine for about 12 months, keeping the > software and the definitions up to date. The only configuration item that > seems to relate is "Bytecode true", but the description seems to discuss > just the downloading of the file, not whether it is created on the local > instance. > > > > Does anyone have any pointers? > > > > Thanks > > Kevin > > -- > > > > *Kevin O'Connor* > > Principal DevOps Engineer > > M: 617-834-1291 > > > > email-footer-logos.jpg (1000×120) > > > > STATEMENT OF CONFIDENTIALITY: The information contained in this message > and any attachments are intended solely for the addressee(s) and may > contain confidential or privileged information. If you are not the intended > recipient, or responsible for delivering the e-mail to the intended > recipient, you have received this message in error. Any use, dissemination, > forwarding, printing, or copying is strictly prohibited. Please notify > Ampion immediately at secur...@ampion.net and destroy all copies of this > message and any attachments. > > > > > > _______________________________________________ > > > > Manage your clamav-users mailing list subscription / unsubscribe: > > https://lists.clamav.net/mailman/listinfo/clamav-users > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/Cisco-Talos/clamav-documentation > <https://github.com/Cisco-Talos/clamav-documentation> > > > > https://docs.clamav.net/#mailing-lists-and-chat > <https://docs.clamav.net/#mailing-lists-and-chat> > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > <https://lists.clamav.net/mailman/listinfo/clamav-users> > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > <https://github.com/Cisco-Talos/clamav-documentation> > > https://docs.clamav.net/#mailing-lists-and-chat > <https://docs.clamav.net/#mailing-lists-and-chat> >
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
