did you reboot after upgrading?
does the error persist after a reboot?
please share: ` journalctl -b -u clamav-freshclam.service` - maybe we see where the issue is coming from
Yes, VM has been rebooted a few times and error message still persists after reboots. Journalctl as below looks good - but is reported there only once after VM restart (should show hourly download attempts):
Jul 04 05:25:42 mailgate systemd[1]: Started clamav-freshclam.service - ClamAV virus database updater.
Jul 04 05:25:42 mailgate freshclam[669]: Tue Jul 4 05:25:42 2023 -> ClamAV update process started at Tue Jul 4 05:25:42 2023
Jul 04 05:25:42 mailgate freshclam[669]: freshclam daemon 1.0.1 (OS: Linux, ARCH: x86_64, CPU: x86_64)
Jul 04 05:25:42 mailgate freshclam[669]: ClamAV update process started at Tue Jul 4 05:25:42 2023
Jul 04 05:25:42 mailgate freshclam[669]: Tue Jul 4 05:25:42 2023 -> daily.cld database is up-to-date (version: 26958, sigs: 2038241, f-level: 90, builder: raynman)
Jul 04 05:25:42 mailgate freshclam[669]: daily.cld database is up-to-date (version: 26958, sigs: 2038241, f-level: 90, builder: raynman)
.. cut, more lines (we use additional Clam signatures from securiteinfo ...
Jul 04 05:25:44 mailgate freshclam[669]: Tue Jul 4 05:25:44 2023 -> winnow_bad_cw.hdb is up-to-date (version: custom database)
Jul 04 05:25:44 mailgate freshclam[669]: winnow_bad_cw.hdb is up-to-date (version: custom database)
Jul 04 05:25:44 mailgate freshclam[669]: Tue Jul 4 05:25:44 2023 -> MiscreantPunch099-Low.ldb is up-to-date (version: custom database)
Jul 04 05:25:44 mailgate freshclam[669]: MiscreantPunch099-Low.ldb is up-to-date (version: custom database)
Maybe a next, regular try
.. No newer entries here, 5 hrs later but in /var/log/syslog we see hourly updates, i.e.:
2023-07-04T10:27:43.065971+12:00 mailgate freshclam[669]: Tue Jul 4 10:27:43 2023 -> Received signal: wake up
2023-07-04T10:27:43.066436+12:00 mailgate freshclam[669]: Received signal: wake up
2023-07-04T10:27:43.066743+12:00 mailgate freshclam[669]: Tue Jul 4 10:27:43 2023 -> ClamAV update process started at Tue Jul 4 10:27:43 2023
2023-07-04T10:27:43.066869+12:00 mailgate freshclam[669]: ClamAV update process started at Tue Jul 4 10:27:43 2023
2023-07-04T10:27:43.908128+12:00 mailgate freshclam[669]: Tue Jul 4 10:27:43 2023 -> daily.cld database is up-to-date (version: 26958, sigs: 2038241, f-level: 90, builder: raynman)
Also systemctl looks correct
systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; preset: enabled)
Active: active (running) since Tue 2023-07-04 05:25:42 NZST; 5h 30min ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://docs.clamav.net/
Main PID: 669 (freshclam)
Tasks: 1 (limit: 7021)
Memory: 32.6M
CPU: 15.066s
CGroup: /system.slice/clamav-freshclam.service
└─669 /usr/bin/freshclam -d --foreground=true
Jul 04 10:27:58 mailgate freshclam[669]: securiteinfo.pdb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> rfxn.ndb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: rfxn.ndb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> rfxn.hdb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: rfxn.hdb is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> rfxn.yara is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: rfxn.yara is up-to-date (version: custom database)
Jul 04 10:27:59 mailgate freshclam[669]: Tue Jul 4 10:27:59 2023 -> Clamd successfully notified about the update.
Jul 04 10:27:59 mailgate freshclam[669]: Clamd successfully notified about the update.
Interesting seems a difference in ownership of the freshclam log files:
ls -la /var/log/clamav/
total 496
drwxr-xr-x 2 clamav clamav 4096 Jul 2 00:00 .
drwxr-xr-x 13 root root 4096 Jul 2 00:00 ..
-rw-r----- 1 clamav adm 0 Jul 2 00:00 clamav.log
-rw-r----- 1 clamav adm 0 Jul 1 09:27 clamav.log.1
-rw-r----- 1 clamav adm 20 Apr 23 00:00 clamav.log.10.gz
..cut..
-rw-r----- 1 clamav adm 20 Apr 30 00:00 clamav.log.9.gz
-rw-r----- 1 root root 266 Jul 1 09:27 clamonacc.log
-rw-r----- 1 clamav
clamav 334947 Jul 4 10:27 freshclam.log
-rw-r----- 1 clamav
clamav 58375 Jul 2 00:00 freshclam.log.1
-rw-r----- 1 clamav adm 20 Apr 23 00:00 freshclam.log.10.gz
-rw-r----- 1 clamav adm 20 Apr 16 00:00 freshclam.log.11.gz
.. cut ..
Previously (I believe) the group for those was also "adm" but the freshclam log there was never used (0 size) as it looks like in another (PMG 7.3-3) installation.
However I look, it seems that the correct process (PID 669) is using that logfile.
lsof /var/log/clamav/freshclam.log
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
freshclam 669 clamav 3wW REG 253,1 334947 132317 /var/log/clamav/freshclam.log
