Problem updating ClamAV

[jlucho]

hi

I have a problem with updating clamav

=====================================
[[email protected] ~]# freshclam

ClamAV update process started at Mon Nov 26 11:25:09 2018
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: getpatch: Can't download main-55.cdiff from database.clamav.net
ERROR: getpatch: Can't download main-55.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download main.cvd
ERROR: Can't download main.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check ClamavNet for possible reasons.
[[email protected] ~]#

=====================================


Likewise, when I try to restart exim, it shows the following error message



=====================================
Startup Log
Starting clamd: LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
LibClamAV Warning: Detected duplicate databases /usr/local/cpanel/3rdparty/share/clamav/main.cvd and /usr/local/cpanel/3rdparty/share/clamav/main.cld. The /usr/local/cpanel/3rdparty/share/clamav/main.cvd database is older and will not be loaded, you should manually remove it from the database directory.
=====================================


How can I solve this problem?

Thank

 

[dalem]

remove as is the error suggests

The /usr/local/cpanel/3rdparty/share/clamav/main.cvd database is older and will not be loaded, you should manually remove it from the database directory

 

[jlucho]

Thanks for your quick response

Effectively, I made the recommendation, delete main.cvd file, but, the problem persists

==================================================
ClamAV update process started at Mon Nov 26 11:58:00 2018
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-17559.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-17559.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-17559.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check ClamavNet for possible reasons.
==================================================


when restarting exim, it no longer shows any error message


==================================================
Startup Log
Starting clamd: LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
[ OK ]
==================================================


How to solve the update problem?

 

[dalem]

can you resolve database.clamav.net

dig database.clamav.net

 

[jlucho]

Yes, yes there is an answer

[[email protected] ~]# dig database.clamav.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> database.clamav.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9419
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;database.clamav.net. IN A

;; ANSWER SECTION:
database.clamav.net. 37 IN CNAME database.clamav.net.cdn.cloudflare.net.
database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.189.138
database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.188.138
database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.186.138
database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.187.138
database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.185.138

;; Query time: 11 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Nov 26 14:06:06 2018
;; MSG SIZE rcvd: 166

 

[dalem]

unsure what you can try next
you and check that your firewall is not inbound connections from database.clamav.net

 

[cPanelLauren]

Hi @jlucho


Not only would it be useful to check if the firewall is accepting connections from database.clamav.net but it might also be useful to check the conf file to ensure that you don't have any private mirrors set.


Thanks!

 

[jlucho]

deactivate CSF, to avoid some kind of blocking

try to update clamav, and the problem persists


=====================================
[[email protected] ~]# freshclam

ClamAV update process started at Tue Nov 27 21:07:14 2018
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-25156.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-25156.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-25156.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /usr/local/cpanel/3rdparty/etc/freshclam.conf is working. Check ClamavNet for possible reasons.


[[email protected] ~]#

=====================================


in file "freshclam.conf" , show :

DatabaseMirror database.clamav.net


Now, what could be the cause of the problem?

 

[cPanelLauren]

Hi @jlucho

The problem is specifically:

ERROR: getpatch: Can't download daily-25156.cdiff from database.clamav.net

If your firewall isn't blocking connections it must be something else. It's not a universal issue as I was able to update ClamAV on my server using freshclam without issue. You're more than welcome to open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[rpvw]

This ClamAV FAQ should help ClamavNet

 

[jlucho]

my ticket is : 10742655

 

[cPanelLauren]

Hello @jlucho

That ticket is from Nov 16th for the same issue. The analyst in the ticket told you the following:

1. The ClamAV installation isn't provided by cPanel in this instance (it's a custom installation) though the issue does occur with our installed ClamAV package
2. The issue is specific to your server. They were not able to replicate the issue anywhere else.
3. They told you to contact ClamAV about the issue which can be done through their mailing list: ClamavNet

Thanks!