Автор Тема: Проблемы при обновлении ClamAv при помощи fteshclam  (Прочитано 159 раз)

0 Пользователей и 1 Гость просматривают эту тему.

Оффлайн Александр

  • Модератор
  • *****
  • Сообщений: 193
  • Репутация: 1
  • Мощность альтернативной энергоустановки: 800
О том, что ручное обновление баз может вызвать проблему блокировки файла логов знают все и давно, во всяком случае это легко ищется поисковиками.
ERROR: /var/log/clamav/freshclam.log is locked by another processРешается
pkill -15 -x freshclamА вот с другой ошибкой пришлось повозиться.
freshclam при загрузке базы начинал загрузку и отваливался без внятных объяснений.
root@notebook:/home/ak# freshclam
Sun Apr 12 16:48:38 2020 -> ClamAV update process started at Sun Apr 12 16:48:38 2020
Sun Apr 12 16:48:38 2020 -> daily database available for download (remote version: 25780)
Sun Apr 12 16:49:08 2020 -> ^Download failed (28) Sun Apr 12 16:49:08 2020 -> ^ Message: Timeout was reached
Sun Apr 12 16:49:08 2020 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 12 16:49:08 2020 -> Trying again in 5 secs...
Sun Apr 12 16:49:13 2020 -> daily database available for download (remote version: 25780)
Sun Apr 12 16:49:43 2020 -> ^Download failed (28) Sun Apr 12 16:49:43 2020 -> ^ Message: Timeout was reached
Sun Apr 12 16:49:43 2020 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 12 16:49:43 2020 -> Trying again in 5 secs...
Sun Apr 12 16:49:48 2020 -> daily database available for download (remote version: 25780)
Sun Apr 12 16:50:18 2020 -> ^Download failed (28) Sun Apr 12 16:50:18 2020 -> ^ Message: Timeout was reached
Sun Apr 12 16:50:18 2020 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 12 16:50:18 2020 -> Trying again in 5 secs...
Sun Apr 12 16:50:23 2020 -> daily database available for download (remote version: 25780)
Sun Apr 12 16:50:53 2020 -> ^Download failed (28) Sun Apr 12 16:50:53 2020 -> ^ Message: Timeout was reached
Sun Apr 12 16:50:53 2020 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 12 16:50:53 2020 -> Trying again in 5 secs...
Sun Apr 12 16:50:58 2020 -> daily database available for download (remote version: 25780)
^CSun Apr 12 16:51:19 2020 -> Update process terminated] 11.13MiB/58.26MiB
Ни Гугл ни Яндекс внятного ответа не дали. Даже на stackoverflow.com нашлась единственная бредовая рекомендация загружать базы вручную на ограниченных соединениях.
Цитировать
It seems to be timing out getting the virus definition database. Are you able to connect directly to https://database.clamav.net/daily.cvd

It's a fairly large file (~58 MB) so it might not work if you're on a limited connection.
Ну да, можно еще с флэшкой сбегать за базами...
root@notebook:/home/ak# freshclam -v
Sun Apr 12 16:53:29 2020 -> ClamAV update process started at Sun Apr 12 16:53:29 2020
Sun Apr 12 16:53:29 2020 -> *Current working dir is /var/lib/clamav/
Sun Apr 12 16:53:29 2020 -> *Querying current.cvd.clamav.net
Sun Apr 12 16:53:29 2020 -> *TTL: 28
Sun Apr 12 16:53:29 2020 -> *fc_dns_query_update_info: Software version from DNS: 0.102.2
Sun Apr 12 16:53:29 2020 -> *Current working dir is /var/lib/clamav/
Sun Apr 12 16:53:29 2020 -> *check_for_new_database_version: No local copy of "daily" database.
Sun Apr 12 16:53:29 2020 -> *query_remote_database_version: daily.cvd version from DNS: 25780
Sun Apr 12 16:53:29 2020 -> daily database available for download (remote version: 25780)
Sun Apr 12 16:53:29 2020 -> *Retrieving https://database.clamav.net/daily.cvd
Sun Apr 12 16:53:29 2020 -> *downloadFile: Download source:      https://database.clamav.net/daily.cvd
Sun Apr 12 16:53:29 2020 -> *downloadFile: Download destination: /var/lib/clamav/tmp.c692a/clamav-1bb541bbe20694b03a94c6327e68c18c.tmp
*   Trying 104.16.218.84...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.218.84) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Apr  6 00:00:00 2020 GMT
*  expire date: Oct  9 12:00:00 2020 GMT
*  subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
> GET /daily.cvd HTTP/1.1
Host: database.clamav.net
User-Agent: ClamAV/0.102.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Accept: */*
Connection: close

< HTTP/1.1 200 OK
< Date: Sun, 12 Apr 2020 13:53:29 GMT
< Content-Type: application/octet-stream
< Content-Length: 61086058
< Connection: close
< Set-Cookie: __cfduid=d0991a181ea9564bd27aaed3cf47383931586699609; expires=Tue, 12-May-20 13:53:29 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax
< Last-Modified: Sun, 12 Apr 2020 11:57:00 GMT
< ETag: "5e93020c-3a4196a"
< Expires: Sun, 12 Apr 2020 17:53:29 GMT
< Cache-Control: public, max-age=14400
< CF-Cache-Status: HIT
< Age: 2558
< Accept-Ranges: bytes
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Strict-Transport-Security: max-age=15552000
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 582d6f0f2d0d3248-FRA
<
* Operation timed out after 30000 milliseconds with 17504816 out of 61086058 bytes received
* stopped the pause stream!
* Closing connection 0s [========>                     ] 16.69MiB/58.26MiB     
Sun Apr 12 16:53:59 2020 -> ^Download failed (28) Sun Apr 12 16:53:59 2020 -> ^ Message: Timeout was reached
Sun Apr 12 16:53:59 2020 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sun Apr 12 16:53:59 2020 -> Trying again in 5 secs...
^CSun Apr 12 16:54:03 2020 -> Update process terminated
Ага, теперь понятно, что таймаут 30с. Попытки поискать готовое решение все равно ни к чему не привели, а вот заглянуть в конфиг freshclam оказалось весьма кстати.

root@notebook:/var/lib/clamav# cat /etc/clamav/freshclam.conf
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
Вот эти злосчастные 30с, отведенные на загрузку.
Меняем на 5 минут ReceiveTimeout 300 и всё становится хорошо.
Даже 112 МБ фпйл грузится без проблем.
root@notebook:/var/lib/clamav# freshclam -v
Sun Apr 12 17:08:48 2020 -> ClamAV update process started at Sun Apr 12 17:08:48 2020
Sun Apr 12 17:08:48 2020 -> *Current working dir is /var/lib/clamav/
Sun Apr 12 17:08:48 2020 -> *Querying current.cvd.clamav.net
Sun Apr 12 17:08:48 2020 -> *TTL: 1272
Sun Apr 12 17:08:48 2020 -> *fc_dns_query_update_info: Software version from DNS: 0.102.2
Sun Apr 12 17:08:48 2020 -> *Current working dir is /var/lib/clamav/
Sun Apr 12 17:08:48 2020 -> *check_for_new_database_version: Local copy of daily found: daily.cvd.
Sun Apr 12 17:08:48 2020 -> *query_remote_database_version: daily.cvd version from DNS: 25780
Sun Apr 12 17:08:48 2020 -> daily.cvd database is up to date (version: 25780, sigs: 2261201, f-level: 63, builder: raynman)
Sun Apr 12 17:08:48 2020 -> *fc_update_database: daily.cvd already up-to-date.
Sun Apr 12 17:08:48 2020 -> *Current working dir is /var/lib/clamav/
Sun Apr 12 17:08:48 2020 -> *check_for_new_database_version: No local copy of "main" database.
Sun Apr 12 17:08:48 2020 -> *query_remote_database_version: main.cvd version from DNS: 59
Sun Apr 12 17:08:48 2020 -> main database available for download (remote version: 59)
Sun Apr 12 17:08:48 2020 -> *Retrieving https://database.clamav.net/main.cvd
Sun Apr 12 17:08:48 2020 -> *downloadFile: Download source:      https://database.clamav.net/main.cvd
Sun Apr 12 17:08:48 2020 -> *downloadFile: Download destination: /var/lib/clamav/tmp.b17fd/clamav-caac64d195a0fd6ca0e4183a33d55648.tmp
*   Trying 104.16.219.84...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Apr  6 00:00:00 2020 GMT
*  expire date: Oct  9 12:00:00 2020 GMT
*  subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
> GET /main.cvd HTTP/1.1
Host: database.clamav.net
User-Agent: ClamAV/0.102.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Accept: */*
Connection: close

< HTTP/1.1 200 OK
< Date: Sun, 12 Apr 2020 14:08:50 GMT
< Content-Type: application/octet-stream
< Content-Length: 117859675
< Connection: close
< Set-Cookie: __cfduid=dbe0d66aac7489ec4fc9ff560f84d38351586700530; expires=Tue, 12-May-20 14:08:50 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax
< Last-Modified: Mon, 25 Nov 2019 13:56:00 GMT
< ETag: "5ddbdd70-706655b"
< CF-Cache-Status: HIT
< Age: 11820
< Expires: Sun, 12 Apr 2020 18:08:50 GMT
< Cache-Control: public, max-age=14400
< Accept-Ranges: bytes
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Strict-Transport-Security: max-age=15552000
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 582d8588cb17145a-FRA
<
Time: 207.6s, ETA: 0.0s [=============================>] 112.40MiB/112.40MiB     
* Closing connection 0
Кстати, если кто заметил - в конце конфига у меня вписаны пара ссылок на сторонний ресурс с базами. Это базы malware и добавлены они по рекомендациям отсюда.
« Последнее редактирование: 12 Апрель 2020, 17:46:59 от Александр »

 

Яндекс.Метрика