From: "Massimo S." <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] (clamav) freshclam and cron/2
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-11591000@2rosenthals.com>
Organization: Massimo S.
Message-ID: <9e0f28c7-a5db-92bf-5658-d9436d5552e7@ecomstation.it>
Date: Sun, 29 Dec 2024 11:49:56 +0100
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-11591000@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 7bit



Il 28/12/2024 03:11, Steven Levine ha scritto:
> In <list-11590842@2rosenthals.com>, on 12/27/24
>     at 11:30 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
> 
> Hi Massimo,
> 
>> now it installed also the certificates, but nothing changed, freshclam
>> still complain:
> 
>> Fri Dec 27 23:26:25 2024 -> downloadFile: Download source:
>> https://database.clamav.net/daily.cvd Fri Dec 27 23:26:25 2024 ->
>> downloadFile: Download destination:
>> X:/usr/local/clamav/share/clamav/tmp.dfebd40db2/clamav-abaef3085449f10f20ed2baa912a0d29.tmp
>> Fri Dec 27 23:26:25 2024 -> ERROR: Download failed (77) Fri Dec 27
>> 23:26:25 2024 -> ERROR:  Message: Problem  with the SSL CA cert (path?
>> access rights?)
>> Fri Dec 27 23:26:25 2024 -> ERROR: Can't download daily.cvd from
>> https://database.clamav.net/daily.cvd Fri Dec 27 23:26:25 2024 -> Giving
>> up on https://database.clamav.net... Fri Dec 27 23:26:25 2024 -> ERROR:
>> Update failed for database: daily Fri Dec 27 23:26:25 2024 -> ERROR:
>> Database update process failed: Connection failed Fri Dec 27 23:26:25
>> 2024 -> ERROR: Update failed.
> 
> Hmmm.  When this failure occurred the first time, did you think to check
> if the daily.cvd file was accessible before blaming freshclam.
> 
> Testing here, I get
> 
> [d:\tmp]wgetx https://database.clamav.net/daily.cvd
> * wget --no-check-certificate -N ` https://database.clamav.net/daily.cvd`
> wget --no-check-certificate -N ` https://database.clamav.net/daily.cvd`
> --2024-12-27 18:10:53--  https://database.clamav.net/daily.cvd Resolving
> database.clamav.net (database.clamav.net)... 104.16.218.84, 104.16.219.84
> Connecting to database.clamav.net
> (database.clamav.net)|104.16.218.84|:443... connected. HTTP request sent,
> awaiting response... 403 Forbidden
> 2024-12-27 18:10:54 ERROR 403: Forbidden.
> 
> This in and of itself may not be a useful test since freshclam does not
> appear to download daily.cvd but rather downloads the files needed to
> update your local copy of daily.cvd.  I'll do some more testing tomorrow,
> if time permits.
> 
> Running freshclam here worked perfectly and I neglected to log the
> requested URLs.
> 
> Steven

Hi,

i believe that freshclam porting has some issue with paths
since sometimes it download correctly all the small files that
will update daily.cdv in a tmp subdir, but after it fails

and i don't understand messages like this one:

Sat Dec 28 21:35:23 2024 -> ~[LibClamAV] cli_rmdirs: Can't locate 
X:/usr/local/clamav/share/clamav/tmp.e77cb458f0: No such file or directory


about this one instead:

Fri Dec 27 23:26:25 2024 -> WARNING: Download failed (77) Fri Dec 27 23:26:25 2024 -> WARNING:  Message: 
Problem with the SSL CA cert (path? access rights?)

i've finally fixed it with:

set CURL_CA_BUNDLE=X:\etc\pki\ca-trust\extracted\pem\tls-ca-bundle.pem

as from clamav docs:

https://docs.clamav.net/faq/faq-freshclam.html#:~:text=First%20you%20may%20try%20installing%20the%20ca-certificates%20package.,path%20of%20the%20CA%20bundle%20on%20your%20system.

let's see in the next days what happens with updates

massmo