On 2020-08-13 17:21:04 [+0200], Stephan Jänecke wrote: > starting with version 0.102.3 freshclam ignores DatebaseCustomURL > options.
Are you sure about the versions? I've been looking at the changes 0.102.2..0.102.3 and there is nothing the freshclam area. That option appears to be there. It might have happen earlier when they switched to libcurl instead of doing their own http… > As this option is used to specify custom paths to update databases on > our local mirror, updates fail after upgrading from version 0.101.4. okay. Then it is a 0.101 -> 0.102 kind of thing. > Let me give you an example. Instead of downloading the database from > `http://update.dfn-cert.de/av-sigs/clamav/db/main.cvd` freshclam will > try `https://update.dfn-cert.de/main.cvd` and fail. … > Looking at the code I figured out that freshclam can be motivated to honour > the values in DatabaseCustomURL options. Once I specified the executable > parameter `--update-db=custom` freshclam happily updated the databases > from the custom paths. … > Now I'm wondering: is my site incorrectly specifying custom database > paths using `DatabaseCustomURL` and the breakage on update has been > intentionally introduced by upstream? If so, what would be the correct > way to introduce custom paths? It sounds like you want to use PrivateMirror. But then you don't have same path so it probably won't work. I don't know. You have DatabaseMirror = "update.dfn-cert.de" set which means it will look for update.dfn-cert.de/main.cvd update.dfn-cert.de/daily.cvd so it works as expected so far. You have also set DatabaseCustomURL so it should look additionally for update.dfn-cert.de/av-sigs/clamav/db/main.cvd Now the fact that it does not might have something to do with the part that it fails while looking for update.dfn-cert.de/main.cvd. But from looking at the code (in this heat) it should do so. By using "--update-db=custom" then you limit the download to the custom URL only which is what you specify with DatabaseCustomURL. This skips the download of main/daily/bytecode. > Or did I indeed find a bug? Maybe something that was not planned. It might be possible that your custom URL contained the 'main.cvd' file which then overwrote the 'main.cvd' from the official mirror. Now it does it no longer and would in your case download the main.cvd twice. If you could verify the part with PrivateMirror then I/you could open a bug with upstream asking what the recommended way is to use a private mirror with a different hierarchy. This is what you intend to do I guess. > Best regards, > > Stephan Jänecke Sebastian
