Clamav malfunction

clamav ain’t updating since 3 days now & the last successful update :

[@~]$ clamscan -V
ClamAV 0.103.6/26615/Thu Jul 28 13:28:07 2022

what are these warning messages :

[@~]$ sudo freshclam
[sudo] password for :
ClamAV update process started at Mon Aug 1 07:03:44 2022
WARNING: Can’t query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.

clamav manual update gives me :

Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
daily.cld database is up-to-date (version: 26615, sigs: 1992518, f-level: 90, builder: raynman)
Trying to retrieve CVD header from https://database.clamav.net/main.cvd
main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Trying to retrieve CVD header from https://database.clamav.net/bytecode.cvd
bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

all databases are reported as up-to-date but the virus signature is 3 days old & counting.

did a fresh install of fedora 36 gnome 42.3 with only 2 apps installed, clamav & clamtk :

[@ ~]$ clamscan -V
ClamAV 0.103.6/26615/Thu Jul 28 13:28:07 2022

[@ ~]$ sudo freshclam
ClamAV update process started at Mon Aug  1 03:25:34 2022
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Trying to retrieve CVD header from https://database.clamav.net/daily.cvd
daily.cvd database is up-to-date (version: 26615, sigs: 1992518, f-level: 90, builder: raynman)
Trying to retrieve CVD header from https://database.clamav.net/main.cvd
Time:    0.1s, ETA:    0.0s [========================>]        16B/16B
WARNING: remote_cvdhead: Malformed CVD header (too short)
WARNING: Failed to get main database version information from server: https://database.clamav.net
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net.
Trying again in 5 secs...
Trying to retrieve CVD header from https://database.clamav.net/main.cvd
Time:    0.1s, ETA:    0.0s [========================>]        16B/16B
WARNING: remote_cvdhead: Malformed CVD header (too short)
WARNING: Failed to get main database version information from server: https://database.clamav.net
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net.
Trying again in 5 secs...
Trying to retrieve CVD header from https://database.clamav.net/main.cvd
Time:    0.1s, ETA:    0.0s [========================>]        16B/16B
ERROR: remote_cvdhead: Malformed CVD header (too short)
WARNING: Failed to get main database version information from server: https://database.clamav.net
ERROR: check_for_new_database_version: Failed to find main database using server https://database.clamav.net.
Giving up on https://database.clamav.net...
ERROR: Update failed for database: main
ERROR: Database update process failed: HTTP GET failed
ERROR: Update failed.

i can confirm that this is a clamav mess & not a fedora issue as the very same problem persists on arch & ubuntu as well.

clamav does not do much & even the little bit that it does do has gone for a toss.

Hi,

Working fine here:

Querying current.cvd.clamav.net
TTL: 961

Also can confirm it resolves correctly with dig:

dig current.cvd.clamav.net TXT +short
"0.103.7:62:26616:1659560400:1:90:49192:333"

This would suggest there maybe an issue with the DNS servers you are using. If its affecting multiple distros, I’m guessing DNS servers are being set by your router.

Regards Tom.

1 Like

but that has always been the case so why has this problem surfaced now?

update :

Started clamav-freshclam.service - ClamAV virus database updater.
Aug 04 04:41:36 freshclam[7791]: ClamAV update process started at Thu Aug 4 04:41:36 2022
Aug 04 04:41:36 freshclam[7791]: WARNING: Your ClamAV installation is OUTDATED!
Aug 04 04:41:36 freshclam[7791]: WARNING: Local version: 0.103.6 Recommended version: 0.103.7
Aug 04 04:41:36 freshclam[7791]: DON’T PANIC! Read Installing - ClamAV Documentation
Aug 04 04:41:36 freshclam[7791]: daily database available for update (local version: 26532, remote version: 26616)
Aug 04 04:41:39 freshclam[7791]: WARNING: Download failed (6) WARNING: Message: Couldn’t resolve host name
Aug 04 04:41:39 freshclam[7791]: WARNING: downloadPatch: Can’t download daily-26538.cdiff from https://database.clamav.net/daily-26538.cdiff
Aug 04 04:41:39 freshclam[7791]: WARNING: Download failed (6) WARNING: Message: Couldn’t resolve host name
Aug 04 04:41:39 freshclam[7791]: WARNING: downloadPatch: Can’t download daily-26538.cdiff from https://database.clamav.net/daily-26538.cdiff

this is weird :

Aug 04 04:41:36 freshclam[7791]: daily database available for update (local version: 26532, remote version: 26616)
Aug 04 04:41:39 freshclam[7791]: WARNING: Download failed (6) WARNING: Message: Couldn’t resolve host name
Aug 04 04:41:39 freshclam[7791]: WARNING: downloadPatch: Can’t download daily-26538.cdiff from https://database.clamav.net/daily-26538.cdiff
Aug 04 04:41:39 freshclam[7791]: WARNING: Download failed (6) WARNING: Message: Couldn’t resolve host name
Aug 04 04:41:39 freshclam[7791]: WARNING: downloadPatch: Can’t download daily-26538.cdiff from https://database.clamav.net/daily-26538.cdiff
Aug 04 04:41:49 freshclam[7791]: Testing database: ‘/var/lib/clamav/tmp.3b5516f605/clamav-6cb4d2ab3691f08343f40cd72783685d.tmp-daily.cld’ …
Aug 04 04:41:58 freshclam[7791]: Database test passed.
Aug 04 04:41:58 freshclam[7791]: daily.cld updated (version: 26616, sigs: 1993363, f-level: 90, builder: raynman)
Aug 04 04:41:58 freshclam[7791]: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Aug 04 04:41:58 freshclam[7791]: bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)

strangely clamav allows only 1 sudo freshclam command in an hour if you use the command more than once in an hour you are sorta banned for 24 hours :upside_down_face:

WARNING: FreshClam previously received error code 429 from the ClamAV Content Delivery Network (CDN).
This means that you have been rate limited by the CDN.

  1. Run FreshClam no more than once an hour to check for updates.
    FreshClam should check DNS first to see if an update is needed.
  2. If you have more than 10 hosts on your network attempting to download,
    it is recommended that you set up a private mirror on your network using
    cvdupdate (cvdupdate · PyPI) to save bandwidth on the
    CDN and your own network.
  3. Please do not open a ticket asking for an exemption from the rate limit,
    it will not be granted.
    WARNING: You are still on cool-down until after :

Hi,

The DNS servers setup in your router may be having issues. If you advise which ones they are, I can try and find out (I work for a domain registrar).

I suggest temporarily setting alternative DNS address(es) via Network Manager to see if this resolves the issue.

Regards Tom.

i will if you could please guide me how?

Run FreshClam no more than once an hour to check for updates.

in over 20 years of using computers i have never seen an app limit the number of checks for an update.

Please do not open a ticket asking for an exemption from the rate limit, it will not be granted.

this stinks of attitude, an ugly attitude.

WARNING: You are still on cool-down until after: 2022-08-06 23:39:26

hilarious. i will probably bid goodbye to clam av permanently before that.

if any one from FEDORA cares to fix this :

ClamAV update process started at Fri Aug 5 21:29:34 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.6 Recommended version: 0.103.7
DON’T PANIC! Read Installing - ClamAV Documentation

@tjdoyle

i currently have clamav clamd clamav-update installed for the clam program to work.

do i need all 3 of the above or just clamav is good enough?

clamav-0.103.7 currently is in the Test Updates repository.
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0d098f9faa

1 Like

HI,

Are using workstation (or another desktop spin), or server?

This explains the difference quite well:

Both have their uses.

Regards Tom.

i install fedora gnome myself with the fedora everything iso.

the link you posted is 8 years old with clamav version 0.98 so would it still be applicable with fedora 36 & clamav version 103.6?

brave, firefox, thunderbird, transmission work flawlessly with my current dns provider but clamav does not like my dns no more while till a week ago clam updates came in fine with the exact same dns…pathetically ridiculous :-1:

I can understand your disappointment, but please remember that comments like this don’t help to solve your issue.

Hi,

To change DNS servers:

  • Open Settings
    
  • Go to Network or Wi-fi  (depending on which is in use)
    
  • Select the network device you want to modify, click on the gearwheel
    
  • Select IPv4 or IPv6 (depending on which is in use)
    
  • Disable automatic DNS
    
  • Input your desired DNS
    
  • Click Apply
    

Regards Tom.

with all due respect, ? you want me to give clamav a pat on the back ?

disappointment is an understatement.

i try my best to promote linux in real life & every time i get someone to adopt linux over the other os i consider it as my contribution towards linux but absurdity like this only makes me a laughing stock.