On Wed, 30 Aug 2023, Jonathan Lee via clamav-users wrote: > Date: Wed, 30 Aug 2023 17:46:48 +0000 > From: Jonathan Lee via clamav-users <clamav-users@lists.clamav.net> > To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net> > Cc: Jonathan Lee <jonathanlee...@gmail.com> > Subject: [clamav-users] Antivirus Bases showing outdated main.cvd with a > version dated year 2021 > > Hello fellow ClamAV members, > > Can you please help? > > Per ClamAV's website: > "ClamAV signatures come in a variety of formats, one for each of the > distinct detection methods that the ClamAV file scanning engine > supports. ClamAV also uses the ClamAV Virus Database (CVD) file format, > which serves as a container for the compressed and digitally-signed > official signature sets that power ClamAV daily.cvd, main.cvd, and > bytecode.cvd. Each signature set serves a different purpose: > > bytecode.cvd contains all compiled bytecode signatures evaluated by > the bytecode interpreter engine > daily.cvd contains signatures for the latest threats (updated daily) > main.cvd contains signatures previously in daily.cvd that have shown > to have a low false-positive risk." > > The main.cvd is not replacing itself with an updated version. > Squid ClamAV is not updating the main.cvd and is listing 2021 version > > Squid Version 5.7 > Antivirus Scanner ClamAV 0.105.1_1,1 C-ICAP 0.5.10,2 + SquidClamav 7.2 > Antivirus Bases > Database Date Version Builder > daily.cld 2023.03.14 26841 raynman > bytecode.cvd 2023.02.22 334 anvilleg > main.cvd 2021.09.16 62 sigmgr > Last Update Tue Mar 14 00:22:56 2023 > Statistics Found 124 virus(es) total. > > Please see attached ClamAV is functional again main is not updating > with prior daily.cvd > > It shows from 2021 still
[hubble:stock]:(/var/lib/clamav)$ ll total 357496 -rw-r--r-- 1 clamav clamav 291965 Aug 29 07:59 bytecode.cvd -rw-r--r-- 1 clamav clamav 195292672 Aug 30 10:07 daily.cld -rw-r--r-- 1 clamav clamav 69 Aug 29 07:58 freshclam.dat -rw-r--r-- 1 clamav clamav 170479789 Aug 29 07:59 main.cvd [hubble:stock]:(/var/lib/clamav)$ You can sneak peak the Database characteristic using a tool like hexedit (use with caution) : hexedit daily.cld : 00000000 43 6C 61 6D 41 56 2D 56 44 42 3A 33 30 20 41 75 ClamAV-VDB:30 Au 00000010 67 20 32 30 32 33 20 30 33 2D 33 37 20 2D 30 34 g 2023 03-37 -04 00000020 30 30 3A 32 37 30 31 36 3A 32 30 34 30 31 30 32 00:27016:2040102 00000030 3A 39 30 3A 58 3A 58 3A 72 61 79 6E 6D 61 6E 3A :90:X:X:raynman: 00000040 31 36 39 33 33 38 31 30 32 34 20 20 20 20 20 20 1693381024 00000050 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 00000060 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 hexedit main.cvd : 00000000 43 6C 61 6D 41 56 2D 56 44 42 3A 31 36 20 53 65 ClamAV-VDB:16 Se 00000010 70 20 32 30 32 31 20 30 38 2D 33 32 20 2D 30 34 p 2021 08-32 -04 00000020 30 30 3A 36 32 3A 36 36 34 37 34 32 37 3A 39 30 00:62:6647427:90 00000030 3A 31 33 37 65 63 63 63 65 33 31 61 61 63 62 32 :137eccce31aacb2 00000040 31 62 35 61 39 38 62 62 38 63 32 31 63 65 66 64 1b5a98bb8c21cefd 00000050 36 3A 74 77 61 4A 42 6C 73 38 56 35 71 36 34 52 6:twaJBls8V5q64R 00000060 37 51 59 31 30 41 61 74 45 74 50 4E 75 50 57 6F 7QY10AatEtPNuPWo 00000070 56 6F 78 54 61 4E 4F 31 6A 70 42 67 37 73 35 6A VoxTaNO1jpBg7s5j 00000080 49 4D 4D 58 70 69 74 67 47 31 30 30 30 59 4C 70 IMMXpitgG1000YLp 00000090 36 72 62 30 54 57 6B 45 4B 6A 52 71 78 6E 65 47 6rb0TWkEKjRqxneG 000000A0 54 78 75 78 57 61 57 6D 37 58 42 6A 73 67 77 58 TxuxWaWm7XBjsgwX 000000B0 32 42 52 57 68 2F 79 34 66 68 73 37 75 79 49 6D 2BRWh/y4fhs7uyIm 000000C0 64 4B 52 4C 7A 51 35 79 38 65 32 45 6B 53 43 68 dKRLzQ5y8e2EkSCh 000000D0 65 67 46 2F 69 38 63 6C 71 66 6E 2B 31 71 65 74 egF/i8clqfn+1qet 000000E0 71 39 6A 34 67 62 6B 74 4A 33 4A 5A 70 4F 58 50 q9j4gbktJ3JZpOXP 000000F0 6F 48 6C 79 72 32 44 76 39 53 2F 42 67 3A 73 69 oHlyr2Dv9S/Bg:si 00000100 67 6D 67 72 3A 31 36 33 31 37 39 35 35 36 32 20 gmgr:1631795562 00000110 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 00000120 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 hexedit bytecode.cvd : 00000000 43 6C 61 6D 41 56 2D 56 44 42 3A 32 32 20 46 65 ClamAV-VDB:22 Fe 00000010 62 20 32 30 32 33 20 31 36 2D 33 33 20 2D 30 35 b 2023 16-33 -05 00000020 30 30 3A 33 33 34 3A 39 31 3A 39 30 3A 30 34 36 00:334:91:90:046 00000030 34 30 36 37 61 32 35 32 62 31 65 39 33 37 30 31 4067a252b1e93701 00000040 32 61 64 33 34 65 38 31 31 30 36 35 66 3A 75 72 2ad34e811065f:ur 00000050 56 42 43 62 68 4A 63 7A 38 76 36 69 31 45 36 48 VBCbhJcz8v6i1E6H 00000060 65 64 44 77 61 38 54 78 42 48 6E 4A 6B 6E 71 67 edDwa8TxBHnJknqg 00000070 37 53 45 2B 36 4A 57 42 74 6F 76 41 54 70 77 38 7SE+6JWBtovATpw8 00000080 4D 57 77 53 2B 6B 76 47 41 69 2F 2F 78 35 75 30 MWwS+kvGAi//x5u0 00000090 4C 49 46 77 68 50 76 55 73 67 45 42 42 65 46 69 LIFwhPvUsgEBBeFi 000000A0 5A 45 30 51 54 54 57 61 7A 4F 68 4A 2F 4C 66 4B ZE0QTTWazOhJ/LfK 000000B0 4A 4B 2B 6E 4F 44 71 68 61 36 63 54 76 61 51 64 JK+nODqha6cTvaQd 000000C0 4B 6C 32 72 53 62 45 4F 76 36 67 72 76 37 55 4F Kl2rSbEOv6grv7UO 000000D0 4E 56 38 65 4B 69 33 38 33 57 76 30 37 77 66 53 NV8eKi383Wv07wfS 000000E0 4E 59 70 2B 6C 50 4E 70 74 30 51 6D 65 6A 4B 62 NYp+lPNpt0QmejKb 000000F0 31 54 4D 48 41 59 54 41 3A 61 6E 76 69 6C 6C 65 1TMHAYTA:anville 00000100 67 3A 31 36 37 37 31 30 31 36 30 31 20 20 20 20 g:1677101601 00000110 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 00000120 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 I think that main.cvd contains the basic stuff and definitions up and until 16 Sep 2021. bytecode.cvd contains the current database definitions which were implemented and activated on 22 Feb 2023. There's no reason to believe that such a setup doesn't work. -- Robert M. Stockmann - RHCE Network Engineer - UNIX/Linux Specialist crashrecovery.org st...@stokkie.net _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
