[Clamav-users] cdiff errors: clamav db update failed, mirror is not synchronized.
ok, I've searched through previous posts and have not been satisfied that my situation is similar to others, or maybe I didn't read enough of them, so I'm posting a new message. I'm running a local mirror, that currently is not connected to the internet (it will be eventually, but not yet) and my client updates are failing if they have existing local main/daily.cvd files. I assume that once my mirror is connected to the internet and running freshclam (pointing to clamav's db mirror) that this issue will be resolved, however until then: I'm manually downloading (daily) the main/daily cvd files and putting them on my mirror. Then I run freshclam (for the first time) from my client's and the update is successful: [host:~] # freshclam ClamAV update process started at Mon Feb 15 06:18:08 2010 Downloading main.cvd [100%] main.cvd updated (version: 51, sigs: 545035, f-level: 42, builder: sven) Downloading daily.cvd [100%] daily.cvd updated (version: 10387, sigs: 168504, f-level: 44, builder: ccordes) Database updated (713539 signatures) from dbMirror (IP: 192.168.0.1) Clamd successfully notified about the update. However, if I run successive updates (when there are existing main/daily.cvd files) they fail with the following: [host:~] # freshclam ClamAV update process started at Mon Feb 15 06:19:25 2010 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) WARNING: getpatch: Can't download daily-10388.cdiff from dbMirror WARNING: getfile: daily-10388.cdiff not found on remote server (IP: 192.168.0.1) WARNING: getpatch: Can't download daily-10388.cdiff from dbMirror WARNING: getpatch: Can't download daily-10388.cdiff from dbMirror WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: Mirror 192.168.0.1 is not synchronized. Trying again in 5 secs... Again, I can remove the existing client's main/daily.cvd files and the update is successful. My question is until I get the mirror connected to the internet and running freshclam will I always get these cdiff errors along with the update failing? Thanks. -- View this message in context: http://old.nabble.com/cdiff-errors%3A--clamav-db-update-failed%2C-mirror-is-not-synchronized.-tp27591680p27591680.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cdiff errors: clamav db update failed, mirror is not synchronized.
On 02/15/2010 01:24 PM, omonte wrote: > ok, I've searched through previous posts and have not been satisfied that my > situation is similar to others, or maybe I didn't read enough of them, so > I'm posting a new message. > > I'm running a local mirror, that currently is not connected to the internet > (it will be eventually, but not yet) and my client updates are failing if > they have existing local main/daily.cvd files. I assume that once my mirror > is connected to the internet and running freshclam (pointing to clamav's db > mirror) that this issue will be resolved, however until then: I'm manually > downloading (daily) the main/daily cvd files and putting them on my mirror. > Then I run freshclam (for the first time) from my client's and the update is > successful: > > [host:~] # freshclam > ClamAV update process started at Mon Feb 15 06:18:08 2010 > Downloading main.cvd [100%] > main.cvd updated (version: 51, sigs: 545035, f-level: 42, builder: sven) > Downloading daily.cvd [100%] > daily.cvd updated (version: 10387, sigs: 168504, f-level: 44, builder: > ccordes) > Database updated (713539 signatures) from dbMirror (IP: 192.168.0.1) > Clamd successfully notified about the update. > > > However, if I run successive updates (when there are existing main/daily.cvd > files) they fail with the following: > > [host:~] # freshclam > ClamAV update process started at Mon Feb 15 06:19:25 2010 > main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: > sven) > WARNING: getpatch: Can't download daily-10388.cdiff from dbMirror > WARNING: getfile: daily-10388.cdiff not found on remote server (IP: > 192.168.0.1) > WARNING: getpatch: Can't download daily-10388.cdiff from dbMirror > WARNING: getpatch: Can't download daily-10388.cdiff from dbMirror > WARNING: Incremental update failed, trying to download daily.cvd > Turn ScriptedUpdates off in the clients' freshclam.conf. > Downloading daily.cvd [100%] > WARNING: Mirror 192.168.0.1 is not synchronized. > Trying again in 5 secs... > Is the daily.cvd on your local mirror out of date? Freshclam checks the DNS TXT record of current.cvd.clamav.net to determine the version of daily. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cdiff errors: clamav db update failed, mirror is not synchronized.
> Turn ScriptedUpdates off in the clients' freshclam.conf. the client's don't have ScriptedUpdates turned on: [host:~] # grep -v ^# /etc/clamav/freshclam.conf|grep . DatabaseDirectory /opt/clamav/db UpdateLogFile /opt/clamav/var/log/freshclam.log LogSyslog yes DatabaseOwner clamav DatabaseMirror dbMirror NotifyClamd /opt/clamav/etc/clamd.conf >Is the daily.cvd on your local mirror out of date? >Freshclam checks the DNS TXT record of current.cvd.clamav.net to >determine the version of daily. no, I downloaded today's daily.cvd file from http://db.local.clamav.net/daily.cvd and placed it on my mirror in the /opt/clamav/db directory. Like I said, I will be eventually connecting my mirror to the internet (through freshclam) when I'm assuming these errors will go away. But until then I'd like to continue manually downloading the daily updates to my mirror and run freshclam on my clients, if this is possible. -- View this message in context: http://old.nabble.com/cdiff-errors%3A--clamav-db-update-failed%2C-mirror-is-not-synchronized.-tp27591680p27593013.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cdiff errors: clamav db update failed, mirror is not synchronized.
On 02/15/2010 02:11 PM, omonte wrote: >> Turn ScriptedUpdates off in the clients' freshclam.conf. >> > the client's don't have ScriptedUpdates turned on: > [host:~] # grep -v ^# /etc/clamav/freshclam.conf|grep . > DatabaseDirectory /opt/clamav/db > UpdateLogFile /opt/clamav/var/log/freshclam.log > LogSyslog yes > DatabaseOwner clamav > DatabaseMirror dbMirror > NotifyClamd /opt/clamav/etc/clamd.conf > The default is on, so you must explicitly turn it off. See 'clamconf | grep ScriptedUpdates'. > >> Is the daily.cvd on your local mirror out of date? >> Freshclam checks the DNS TXT record of current.cvd.clamav.net to >> determine the version of daily. >> > > no, I downloaded today's daily.cvd file from > http://db.local.clamav.net/daily.cvd and placed it on my mirror in the > /opt/clamav/db directory. > Version 10392? > Like I said, I will be eventually connecting my mirror to the internet > (through freshclam) when I'm assuming these errors will go away. But until > then I'd like to continue manually downloading the daily updates to my > mirror and run freshclam on my clients, if this is possible. > > If freshclam keeps saying its not synchronized, use --no-dns, that will only check the version of daily.cvd on your mirror vs the one in DBDIR. With --no-dns it shouldn't complain that the version of daily.cvd on your local mirror is out of date. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] cdiff errors: clamav db update failed, mirror is not synchronized.
>The default is on, so you must explicitly turn it off. >See 'clamconf | grep ScriptedUpdates'. ok, I set it to no. Still errors that daily is not sych'd: [host:~] # freshclam ClamAV update process started at Mon Feb 15 07:41:30 2010 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) Downloading daily.cvd [100%] WARNING: Mirror 192.168.0.1 is not synchronized. Trying again in 5 secs... >> Is the daily.cvd on your local mirror out of date? >Version 10392? yes, I have 10392: [host ~]# /opt/clamav/bin/sigtool --info=/opt/clamav/db/daily.cvd File: /opt/clamav/db/daily.cvd Build time: 14 Feb 2010 20:31 -0500 Version: 10392 Signatures: 168531 Functionality level: 44 Builder: acab MD5: d6ab08bc2271847d06ebcfe95a2b6bfc Digital signature: lamlVM3R8gXfEFFGQTQ0ptug07l6p1zkr40HyRgi9/g1rvIiBTP7I1N/XDwsMzEb9QwKv0HkMQyRneCYc7VE5PU8Eysg1kp3LM/AnqpyfTGcZ2NKfFaUPOuaRkfjSF8z7iExR1bY3miLzKlVmT/ZM/7Dr4ofa3NOpM6cXqr1Gyj Verification OK. >If freshclam keeps saying its not synchronized, use --no-dns, that will >only check the version of daily.cvd >on your mirror vs the one in DBDIR. >With --no-dns it shouldn't complain that the version of daily.cvd on >your local mirror is out of date. SUCCESSFUL UPDATE: [host:~] # freshclam --no-dns ClamAV update process started at Mon Feb 15 07:51:01 2010 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) Reading CVD header (daily.cvd): OK Downloading daily.cvd [100%] daily.cvd updated (version: 10392, sigs: 168531, f-level: 44, builder: acab) Database updated (713566 signatures) from dbMirror (IP: 192.168.0.1) Clamd successfully notified about the update. [host:~] # echo $? 0 ALREADY UPDATED: [host:~] # freshclam --no-dns ClamAV update process started at Mon Feb 15 07:51:19 2010 Reading CVD header (main.cvd): OK main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) Reading CVD header (daily.cvd): OK daily.cvd is up to date (version: 10392, sigs: 168531, f-level: 44, builder: acab) [host:~] # echo $? 1 That did it, thanks so much Edwin, once again YOU ROCK! -- View this message in context: http://old.nabble.com/cdiff-errors%3A--clamav-db-update-failed%2C-mirror-is-not-synchronized.-tp27591680p27593432.html Sent from the clamav-users mailing list archive at Nabble.com. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Update Virus Definitions Using SSL
Hi, I was wondering if there is a way to connect to the Update Servers (not mirrors) using SSL/HTTPS instead of standard HTTP. I couldn't find any information regarding that so far. Has anyone tried that before or knows how it can be configured? By the way, I'm running the software on Solaris. Thanks, Sokratis This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update Virus Definitions Using SSL
On 15/02/2010, at 13.54, wrote: > Hi, > > I was wondering if there is a way to connect to the Update Servers (not > mirrors) using SSL/HTTPS instead of standard HTTP. I couldn't find any > information regarding that so far. Has anyone tried that before or knows how > it can be configured? Why do you want to do that? ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update Virus Definitions Using SSL
On 02/15/2010 02:54 PM, sokratis.kapetan...@accenture.com wrote: > Hi, > > I was wondering if there is a way to connect to the Update Servers (not > mirrors) using SSL/HTTPS instead of standard HTTP. That would be a waste of resources on the mirrors. > I couldn't find any information regarding that so far. Has anyone tried that > before or knows how it can be configured? > The databases, and updates are digitally signed, so you don't need SSL/HTTPS. Freshclam and libclamav check the digital signatures when loading the databases. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] How can i scan the POST data
> On Tue, 9 Feb 2010 beshoo wrote: > > > i need to scan the post data , not the POST uploaded files On 09.02.10 11:27, G.W. Haywood wrote: > man clamd > > Look for 'INSTREAM'. he is apparently searching for http server module that would scan POST data for viruses... -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update Virus Definitions Using SSL
> On 02/15/2010 02:54 PM, sokratis.kapetan...@accenture.com wrote: > > I was wondering if there is a way to connect to the Update Servers (not > > mirrors) using SSL/HTTPS instead of standard HTTP. On 15.02.10 15:34, Török Edwin wrote: > The databases, and updates are digitally signed, so you don't need > SSL/HTTPS. > Freshclam and libclamav check the digital signatures when loading the > databases. hmmm, signed by whom? And where are public keys stored? How are 3rd party databases checked? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] [Fwd: Re: TargetType]
Lets not forget clamav-users out of the CC. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Update Virus Definitions Using SSL
On 02/15/2010 03:45 PM, Matus UHLAR - fantomas wrote: >> On 02/15/2010 02:54 PM, sokratis.kapetan...@accenture.com wrote: >> >>> I was wondering if there is a way to connect to the Update Servers (not >>> mirrors) using SSL/HTTPS instead of standard HTTP. >>> > > On 15.02.10 15:34, Török Edwin wrote: > >> The databases, and updates are digitally signed, so you don't need >> SSL/HTTPS. >> Freshclam and libclamav check the digital signatures when loading the >> databases. >> > > hmmm, signed by whom? And where are public keys stored? CVDs are signed prior to publishing, and pushing to the mirrors. The public key is hardcoded in libclamav. You can verify the signature using sigtool manually: $ sigtool/sigtool --info daily.cvd File: daily.cvd Build time: 14 Feb 2010 20:31 -0500 Version: 10392 Signatures: 168531 Functionality level: 44 Builder: acab MD5: d6ab08bc2271847d06ebcfe95a2b6bfc Digital signature: lamlVM3R8gXfEFFGQTQ0ptug07l6p1zkr40HyRgi9/g1rvIiBTP7I1N/XDwsMzEb9QwKv0HkMQyRneCYc7VE5PU8Eysg1kp3LM/AnqpyfTGcZ2NKfFaUPOuaRkfjSF8z7iExR1bY3miLzKlVmT/ZM/7Dr4ofa3NOpM6cXqr1Gyj Verification OK. If the database is tampered with you will get something like this (for example if one byte is wrong): ile: daily.cvd Build time: 14 Feb 2010 20:31 -0500 Version: 10392 Signatures: 168531 Functionality level: 44 Builder: acab MD5: d6ab08bc2271847d06ebcfe95a2b6bfc Digital signature: lamlVM3R8gXfEFFGQTQ0ptug07l6p1zkr40HyRgi9/g1rvIiBTP7I1N/XDwsMzEb9QwKv0HkMQyRneCYc7VE5PU8Eysg1kp3LM/AnqpyfTGcZ2NKfFaUPOuaRkfjSF8z7iExR1bY3miLzKlVmT/ZM/7Dr4ofa3NOpM6cXqr1Gyj ERROR: cvdinfo: Verification: Can't verify database integrity cdiff files (incremental updates) have a digital signature that is checked by freshclam too. Also 0.96 will check the SHA-256 hash of each file in the .cvd/.cld, and these hashes are signed similarly to .cdiffs. So downloading via HTTPS/SSL won't give you additional security. In fact if freshclam wasn't able to check the digital signature, then even if you downloaded over HTTPS you wouldn't know if the databases have been tampered with or not. You only know that you get what is on the mirror, and not that the mirror has the same database that was published. > How are 3rd party > databases checked? > They are not checked by freshclam (yet). Some 3rdparty update scripts check them using gpg signatures I think. Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
