update clamav virus definition

Hello everyone,

I’ve just migrated from debian lenny Xfce to openSUSE 11.2 Xfce. It’s the best Xfce distribution I’ve ever used; it’s lightweight, up-to-date and good looking distro. Thanks to all developers and openSUSE community.

As I’m running a dual-boot machine openSUSE/XP thus I had to install a virus scanner and I’ve choosen ClamAV. I successfully installed ClamTK but unable to update the virus definitions database. I tried to resolve the issue by doing the following steps as root:
Yast2>System>System Services (Runlevel)>Expert Mode> assign runlevel 2,3&5 to clamav-milter, clamd and freshclam>OK>Reboot

Then, I tried to update clamav using ClamTK but it failed. Also I tried to update it using freshclam through terminal but I got this error message:

al7oot@xfce:~> freshclam
ClamAV update process started at Tue Dec 22 10:11:40 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
ERROR: chdir_tmp: Can't create directory ./clamav-cd7ec6d0b7dd2b5e52685fa6a30fcfe7
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: getfile: Can't create new file /var/lib/clamav/clamav-ee703d106eb288a04532a0ef33bb7698 in /var/lib/clamav
Hint: The database directory must be writable for UID 1000 or GID 100
WARNING: Can't download daily.cvd from database.clamav.net
al7oot@xfce:~> 

I googled the net for a solution but I couldn’t find any applicable solution. Please help me.
Thanks

haven’t used clamtk so i have no advice on using it to update clamav, but i have used freshclam and if you look at your syslog file in yast2 (/var/log/messages), you’ll find that a script updates clamav every two hrs (iirc). and no, i don’t think that freshclam can be forced to update in the manner you are attempting.

your log will show freshclam running periodically, sometimes connecting and getting updates, other times not connecting (which is common when the servers are overloaded).

if you don’t see the entries in the log, post back and somebody will help you straighten it out.

Thanks mate for the respond, I checked the syslog file and I couldn’t find any entry record for freshclam in the log. Unfortunatly I couldn’t attched the log file to this thread.

al7oot wrote:

>
> Hello everyone,
>
> I’ve just migrated from debian lenny Xfce to openSUSE 11.2 Xfce.
> It’s the best Xfce distribution I’ve ever used; it’s lightweight,
> up-to-date and good looking distro. Thanks to all developers and
> openSUSE community.
>
> As I’m running a dual-boot machine openSUSE/XP thus I had to
> install a virus scanner and I’ve choosen ClamAV. I successfully
installed
> ClamTK but unable to update the virus definitions database.I
> tried to resolve the issue by doing the following steps as root:
> Yast2>System>System Services (Runlevel)>Expert Mode> assign
> runlevel 2,3&5 to clamav-milter, clamd and freshclam>OK>Reboot
>
> Then, I tried to update clamav using ClamTK but it failed. Also
> I tried to update it using freshclam through terminal but I got
> this error message:
>
> Code:
> --------------------
> al7oot@xfce:~> freshclam
> ClamAV update process started at Tue Dec 22 10:11:40 2009
> main.cvd is up to date (version: 51, sigs: 545035, f-level:
> 42, builder: sven) ERROR: chdir_tmp: Can’t create directory
> ./clamav-cd7ec6d0b7dd2b5e52685fa6a30fcfe7 WARNING: Incremental
> update failed, trying to download daily.cvd ERROR: getfile:
> Can’t create new file
> /var/lib/clamav/clamav-ee703d106eb288a04532a0ef33bb7698 in
> /var/lib/clamav Hint: The database directory must be writable
> for UID 1000 or GID 100 WARNING: Can’t download daily.cvd from
> database.clamav.net al7oot@xfce:~>
>
> --------------------
>
>
> I googled the net for a solution but I couldn’t find any
> applicable solution. Please help me.
> Thanks

Did you run as root?

Note: I just ran clamscan manually. Check and make sure the file
freshclam.log exists in /var/log before running the below command.
If not create as root and change the owner:user to vscan:vscan and
permissions to 644:

-rw-r–r-- 1 vscan vscan 12896 2009-12-23 09:17 freshclam.log

see clamav permissions below.

sudo fresshclam -v --log=/var/log/freshclam.log
(also could use su, enter root password in either case)

Note: I got failures on some of the mirrors but then it found a
good one and successfully updated daily.cvd.

Also note your error appears to be a permissions problem on the
var/lib/clamav contents. here’s mine:

-rw-rw-r-- 1 vscan vscan 4 2009-12-23 08:10 clamav-
milter.pid
srwxrwxrwx 1 vscan vscan 0 2009-12-23 08:10 clamav-milter-
socket
-rw-rw-r-- 1 vscan vscan 4 2009-12-23 08:10 clamd.pid
srwxrwxrwx 1 vscan vscan 0 2009-12-23 08:10 clamd-socket
-rw-r–r-- 1 vscan vscan 3493315 2009-12-23 09:17 daily.cvd
-rw-r–r-- 1 vscan vscan 21253696 2009-11-09 08:19 main.cvd
-rw------- 1 vscan vscan 156 2009-12-2

Who owns your files. should set up as vscan:vscan.

Partial Log Entry:
Trying to download http://database.clamav.net/daily-10029.cdiff
(IP: 130.59.10.36)
WARNING: getfile: daily-10029.cdiff not found on remote server
(IP: 130.59.10.36)
WARNING: getpatch: Can’t download daily-10029.cdiff from
database.clamav.net
Retrieving http://database.clamav.net/daily-10029.cdiff
Ignoring mirror 130.59.10.36 (due to previous errors)
Trying to download http://database.clamav.net/daily-10029.cdiff
(IP: 193.1.193.64)
WARNING: getfile: daily-10029.cdiff not found on remote server
(IP: 193.1.193.64)
WARNING: getpatch: Can’t download daily-10029.cdiff from
database.clamav.net
Retrieving http://database.clamav.net/daily-10029.cdiff
Ignoring mirror 130.59.10.36 (due to previous errors)
Trying to download http://database.clamav.net/daily-10029.cdiff
(IP: 193.1.193.64)
WARNING: getfile: daily-10029.cdiff not found on remote server
(IP: 193.1.193.64)
WARNING: getpatch: Can’t download daily-10029.cdiff from
database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Trying to download http://database.clamav.net/daily.cvd
(IP: 193.1.193.64)
Downloading daily.cvd [100%]
daily.cvd updated (version: 10212, sigs: 134109, f-level: 44,
builder: arnaud)
Database updated (679144 signatures) from database.clamav.net
(IP: 193.1.193.64)
Clamd successfully notified about the update.

Hope this helps.

Russ
[openSUSE 11.2 (2.6.31.5-0.1-desktop, x86_64] KDE 4.3.4 release 2
Intel Core 2 Dual E7200, 4 GB RAM, GeForce 8400 GS, 320GB Disc (2)

Thanks for the tips, I typed the follwing commands as root

chown vscan:vscan /var/log/freshclam.log
chmod 644 /var/log/freshclam.log
freshclam -v --log=/var/log/freshclam.log

But I got another error about creating a directory

xfce:/home/al7oot # freshclam -v --log=/var/log/freshclam.log
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Dec 23 21:03:50 2009
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 678
Software version from DNS: 0.95.3
main.cvd version from DNS: 51
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
daily.cvd version from DNS: 10212
ERROR: chdir_tmp: Can't create directory ./clamav-28295448108d82023648a445afce7712
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Trying to download http://database.clamav.net/daily.cvd (IP: 193.1.193.64)
ERROR: getfile: Can't create new file /var/lib/clamav/clamav-36d0bd2a0c25fac0906abb293cf414c8 in /var/lib/clamav
Hint: The database directory must be writable for UID 65 or GID 108
WARNING: Can't download daily.cvd from database.clamav.net

Please help me :’(

al7oot wrote:

>
> upscope;2092549 Wrote:
>> al7oot wrote:
>>
>> >
>> > Hello everyone,
>> >
>> > I’ve just migrated from debian lenny Xfce to openSUSE 11.2 Xfce.
>> > It’s the best Xfce distribution I’ve ever used; it’s lightweight,
>> > up-to-date and good looking distro. Thanks to all developers and
>> > openSUSE community.
>> >
>> > As I’m running a dual-boot machine openSUSE/XP thus I had to
>> > install a virus scanner and I’ve choosen ClamAV. I successfully
>> installed
>> > ClamTK but unable to update the virus definitions database.I
>> > tried to resolve the issue by doing the following steps as root:
>> > Yast2>System>System Services (Runlevel)>Expert Mode> assign
>> > runlevel 2,3&5 to clamav-milter, clamd and freshclam>OK>Reboot
>> >
>> > Then, I tried to update clamav using ClamTK but it failed. Also
>> > I tried to update it using freshclam through terminal but I got
>> > this error message:
>> >
>> > Code:
>> > --------------------
>> > al7oot@xfce:~> freshclam
>> > ClamAV update process started at Tue Dec 22 10:11:40 2009
>> > main.cvd is up to date (version: 51, sigs: 545035, f-level:
>> > 42, builder: sven) ERROR: chdir_tmp: Can’t create directory
>> > ./clamav-cd7ec6d0b7dd2b5e52685fa6a30fcfe7 WARNING: Incremental
>> > update failed, trying to download daily.cvd ERROR: getfile:
>> > Can’t create new file
>> > /var/lib/clamav/clamav-ee703d106eb288a04532a0ef33bb7698 in
>> > /var/lib/clamav Hint: The database directory must be writable
>> > for UID 1000 or GID 100 WARNING: Can’t download daily.cvd from
>> > database.clamav.net al7oot@xfce:~>
>> >
>> > --------------------
>> >
>> >
>> > I googled the net for a solution but I couldn’t find any
>> > applicable solution. Please help me.
>> > Thanks
>>
>> Did you run as root?
>>
>> Note: I just ran clamscan manually. Check and make sure the file
>> freshclam.log exists in /var/log before running the below command.
>> If not create as root and change the owner:user to vscan:vscan and
>> permissions to 644:
>>
>> -rw-r–r-- 1 vscan vscan 12896 2009-12-23 09:17 freshclam.log
>>
>> see clamav permissions below.
>>
>> sudo fresshclam -v --log=/var/log/freshclam.log
>> (also could use su, enter root password in either case)
>>
>>
>> Note: I got failures on some of the mirrors but then it found a
>> good one and successfully updated daily.cvd.
>>
>> Also note your error appears to be a permissions problem on the
>> var/lib/clamav contents. here’s mine:
>>
>> -rw-rw-r-- 1 vscan vscan 4 2009-12-23 08:10 clamav-
>> milter.pid
>> srwxrwxrwx 1 vscan vscan 0 2009-12-23 08:10 clamav-milter-
>> socket
>> -rw-rw-r-- 1 vscan vscan 4 2009-12-23 08:10 clamd.pid
>> srwxrwxrwx 1 vscan vscan 0 2009-12-23 08:10 clamd-socket
>> -rw-r–r-- 1 vscan vscan 3493315 2009-12-23 09:17 daily.cvd
>> -rw-r–r-- 1 vscan vscan 21253696 2009-11-09 08:19 main.cvd
>> -rw------- 1 vscan vscan 156 2009-12-2
>>
>> Who owns your files. should set up as vscan:vscan.
>>
>> Partial Log Entry:
>> Trying to download http://database.clamav.net/daily-10029.cdiff
>> (IP: 130.59.10.36)
>> WARNING: getfile: daily-10029.cdiff not found on remote server
>> (IP: 130.59.10.36)
>> WARNING: getpatch: Can’t download daily-10029.cdiff from
>> database.clamav.net
>> Retrieving http://database.clamav.net/daily-10029.cdiff
>> Ignoring mirror 130.59.10.36 (due to previous errors)
>> Trying to download http://database.clamav.net/daily-10029.cdiff
>> (IP: 193.1.193.64)
>> WARNING: getfile: daily-10029.cdiff not found on remote server
>> (IP: 193.1.193.64)
>> WARNING: getpatch: Can’t download daily-10029.cdiff from
>> database.clamav.net
>> Retrieving http://database.clamav.net/daily-10029.cdiff
>> Ignoring mirror 130.59.10.36 (due to previous errors)
>> Trying to download http://database.clamav.net/daily-10029.cdiff
>> (IP: 193.1.193.64)
>> WARNING: getfile: daily-10029.cdiff not found on remote server
>> (IP: 193.1.193.64)
>> WARNING: getpatch: Can’t download daily-10029.cdiff from
>> database.clamav.net
>> WARNING: Incremental update failed, trying to download daily.cvd
>> Whitelisting short-term blacklisted mirrors
>> Retrieving http://database.clamav.net/daily.cvd
>> Trying to download http://database.clamav.net/daily.cvd
>> (IP: 193.1.193.64)
>> Downloading daily.cvd [100%]
>> daily.cvd updated (version: 10212, sigs: 134109, f-level: 44,
>> builder: arnaud)
>> Database updated (679144 signatures) from database.clamav.net
>> (IP: 193.1.193.64)
>> Clamd successfully notified about the update.
>>
>> Hope this helps.
>> –
>> Russ
>> [openSUSE 11.2 (2.6.31.5-0.1-desktop, x86_64] KDE 4.3.4 release 2
>> Intel Core 2 Dual E7200, 4 GB RAM, GeForce 8400 GS, 320GB Disc (2)
>
> Thanks for the tips, I typed the follwing commands as root
>
> Code:
> --------------------
> chown vscan:vscan /var/log/freshclam.log
> chmod 644 /var/log/freshclam.log
> freshclam -v --log=/var/log/freshclam.log
> --------------------
>
>
> But I got another error about creating a directory
>
> Code:
> --------------------
> xfce:/home/al7oot # freshclam -v --log=/var/log/freshclam.log
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Wed Dec 23 21:03:50 2009
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 678
> Software version from DNS: 0.95.3
> main.cvd version from DNS: 51
> main.cvd is up to date (version: 51, sigs: 545035, f-level: 42,
> builder: sven) daily.cvd version from DNS: 10212
> ERROR: chdir_tmp: Can’t create directory
> ./clamav-28295448108d82023648a445afce7712 WARNING: Incremental
> update failed, trying to download daily.cvd Whitelisting
> short-term blacklisted mirrors Retrieving
> http://database.clamav.net/daily.cvd Trying to download
> http://database.clamav.net/daily.cvd (IP: 193.1.193.64) ERROR:
> getfile: Can’t create new file
> /var/lib/clamav/clamav-36d0bd2a0c25fac0906abb293cf414c8 in
> /var/lib/clamav Hint: The database directory must be writable for
> UID 65 or GID 108 WARNING: Can’t download daily.cvd from
> database.clamav.net
>
> --------------------
>
>
> Please help me :’(
>
Forgot this yesterday: check /var/lib
drwxr-xr-x 2 vscan vscan 4096 2009-12-24 09:20 clamav


Russ
[openSUSE 11.2 (2.6.31.5-0.1-desktop, x86_64] KDE 4.3.4 release 2,
Intel Core 2 Dual E7200, 4 GB RAM, GeForce 8400 GS, 320GB Disc (2)

Happy 2010 fellow lizards

Currently ClamTK can run freshclam properly but I’ve got another problem, it seems to me that all mirrors are blacklisted!

--------------------------------------
ClamAV update process started at Wed Dec 30 17:19:58 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 219.117.246.122)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Trying host database.clamav.net (222.124.18.201)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 222.124.18.201)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Trying host database.clamav.net (61.177.194.226)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 61.177.194.226)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (120.29.176.126)...
Downloading daily.cvd [100%]
WARNING: Mirror 120.29.176.126 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Wed Dec 30 17:20:34 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
Trying host database.clamav.net (203.178.137.175)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 203.178.137.175)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Trying host database.clamav.net (211.10.155.48)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 211.10.155.48)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Trying host database.clamav.net (211.239.150.206)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 211.239.150.206)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (218.44.253.75)...
Downloading daily.cvd [100%]
WARNING: Mirror 218.44.253.75 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Wed Dec 30 17:21:09 2009
main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
Trying host database.clamav.net (219.94.128.99)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 219.94.128.99)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
Trying host database.clamav.net (219.106.242.51)...
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 219.106.242.51)
WARNING: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: getfile: daily-9956.cdiff not found on remote server (IP: 219.117.246.122)
ERROR: getpatch: Can't download daily-9956.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
WARNING: Mirror 219.117.246.122 is not synchronized.
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.

I checked clamav webpage and I was advised to run freshclam some-other-time

    *  WARNING: Mirror xxx.xxx.xxx.xxx is not synchronized.

    * For some reason, this mirror has not fetched the latest updates yet. Freshclam can recover from this situation by trying the next mirror.

    * Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.

    * It’s not your lucky day. Freshclam tried every possible way to download the updates but failed. Usually this means that all the mirrors in your local pool are down or not synchronized, or something really nasty happened. Please wait a few minutes and try again. Remember to pass the -v option to freshclam. It is also possible that you recently had a prolonged network outage and freshclam blacklisted all the mirrors: remove mirrors.dat from the DatabaseDirectory and try again. If the problem persists, check the mirror status page and perhaps send the output of freshclam -v to Luca .

I tried to download daily.cvd manually to my home directory them move it to .clamtk/db/

al7oot@xfce:~> wget http://db.uk.clamav.net/daily.cvd
--2010-01-01 17:19:16--  http://db.uk.clamav.net/daily.cvd
Resolving db.uk.clamav.net... 193.1.193.64, 217.135.32.99, 81.91.100.173, ...
Connecting to db.uk.clamav.net|193.1.193.64|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3592152 (3.4M) [text/plain]
Saving to: `daily.cvd'

100%======================================>] 3,592,152    128K/s   in 42s     

2010-01-01 17:20:00 (84.4 KB/s) - `daily.cvd' saved [3592152/3592152]


Now when I run clamtk, virus definitions are up-to-date :). I can consider this soultion as temporary fix becuase it requires a human intervention to update clamav. Does anyone know how to edit /etc/freshclam.conf in order to download both main.cvd and daily.cvd from working synchronized ClamAV database mirror,thus I don’t need to downdload them manullay and then move them to .clamth/db directory? Any advice or suggestion is highly appreciated. Thanks