[SOLVED] Ive broken ClamAV due to 'upgrade'

Z

zolthar

Member
Proxmox Subscriber
Dec 27, 2020
108
17
23
45
I forgot I was not supposed to use apt upgrade, but I did! I did the dist-upgrade afterwards, however ClamAV is just not updating.

I am still on 6.4-4 - what are my options to get ClamAV working?

Ideally I would prefer to stay on 6.4 for now - however if upgrading to 7 is the fix, then Ill have to plan accordingly for downtime this weekend.

Code: 
WARNING: Ignoring deprecated option SafeBrowsing at /etc/clamav/freshclam.conf:18
ClamAV update process started at Thu Aug 12 22:04:29 2021
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.2 Recommended version: 0.103.3
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
daily database available for update (local version: 26245, remote version: 26261)
WARNING: Download failed (6) WARNING:  Message: Couldn't resolve host name
WARNING: Can't download daily.cvd from https://database.clamav.net,rfxn.com,mirror.rollernet.us/daily.cvd

Yes I can ping google.com, database.clamav.net,rfxn.com
 
zolthar said:
WARNING: Download failed (6) WARNING: Message: Couldn't resolve host name
Click to expand...
hmm - on a hunch - is apparmor installed?
`dpkg -l |grep apparmor` - if yes - try removing it
(if this is the reason for the problem you should see some messages in `dmesg`)
 
Thanks @Stoiko Ivanov , I should have said I did check for that and it was not installed:

Code: 
root@spam:/etc# dpkg -l |grep apparmor
ii  libapparmor1:amd64             2.13.2-10                     amd64        changehat AppArmor library

root@spam:/etc# apt remove apparmor
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'apparmor' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@spam:/etc# apparmor_status
sudo: apparmor_status: command not found
 
zolthar said:
Thanks @Stoiko Ivanov , I should have said I did check for that and it was not installed:
Click to expand...
ok - that rules apparmor out ...

could you please share your /etc/clamav/freshclam.conf - and the output of:
* drill txt current.cvd.clamav.net
* drill database.clamav.net

thanks
 
  • Like
Reactions: zolthar
/etc/clamav/freshclam.conf
Code: 
DatabaseOwner clamav
LogVerbose false
LogSyslog true
LogFacility LOG_LOCAL6
LogFileMaxSize 0
Foreground false
Debug false
MaxAttempts 5
Checks 48
DatabaseDirectory /var/lib/clamav/
PidFile /var/run/clamav/freshclam.pid
DatabaseMirror database.clamav.net,rfxn.com,mirror.rollernet.us
ConnectTimeout 30
ScriptedUpdates false
CompressLocalDatabase no
NotifyClamd /etc/clamav/clamd.conf
Bytecode true
SafeBrowsing true
DNSDatabaseInfo current.cvd.clamav.net

I checked /etc/pmg/templates and no custom templates there.

Additional Requests:
Code: 
root@spam:/etc/pmg/templates# drill txt current.cvd.clamav.net
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 11767
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; current.cvd.clamav.net.      IN      TXT

;; ANSWER SECTION:
current.cvd.clamav.net. 488     IN      TXT     "0.103.3:61:26261:1628767740:1:90:49192:333"

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Thu Aug 12 23:31:16 2021
;; MSG SIZE  rcvd: 95

root@spam:/etc/pmg/templates# drill database.clamav.net
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 46298
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; database.clamav.net. IN      A

;; ANSWER SECTION:
database.clamav.net.    60      IN      CNAME   database.clamav.net.cdn.cloudflare.net.
database.clamav.net.cdn.cloudflare.net. 71      IN      A       104.16.219.84
database.clamav.net.cdn.cloudflare.net. 71      IN      A       104.16.218.84

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 232 msec
;; SERVER: 127.0.0.1
;; WHEN: Thu Aug 12 23:31:25 2021
;; MSG SIZE  rcvd: 118
 
You must log in or register to reply here.
Top Bottom