ClamAV databse Updates

R

rkperumala

New member
Joined
Jun 12, 2012
Messages
8
Hi there,

I have recently started using Clam AV (Clamav 0.97.4). I have disabled auto update in freshclam.conf

When i see the log (freshclam.log ) i see it updates every hour. below are the messages i see


Tue Jun 12 04:03:30 2012 -> --------------------------------------
Tue Jun 12 05:03:30 2012 -> Received signal: wake up
Tue Jun 12 05:03:30 2012 -> ClamAV update process started at Tue Jun 12 05:03:30 2012
Tue Jun 12 05:03:30 2012 -> WARNING: Can't query current.cvd.clamav.net
Tue Jun 12 05:03:30 2012 -> WARNING: Invalid DNS reply. Falling back to HTTP mode.
Tue Jun 12 05:03:30 2012 -> Connecting via 192.168.4.11
Tue Jun 12 05:03:30 2012 -> Reading CVD header (main.cvd): Tue Jun 12 05:03:30 2012 -> OK
Tue Jun 12 05:03:30 2012 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Tue Jun 12 05:03:30 2012 -> Connecting via 192.168.4.11
Tue Jun 12 05:03:30 2012 -> Reading CVD header (daily.cvd): Tue Jun 12 05:03:30 2012 -> OK
Tue Jun 12 05:03:30 2012 -> daily.cld is up to date (version: 15032, sigs: 217577, f-level: 63, builder: guitar)
Tue Jun 12 05:03:30 2012 -> Connecting via 192.168.4.11
Tue Jun 12 05:03:30 2012 -> Reading CVD header (bytecode.cvd): Tue Jun 12 05:03:30 2012 -> OK (IMS)
Tue Jun 12 05:03:30 2012 -> bytecode.cvd is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)
Can't query bytecode.185.64.1.0.192.168.4.11.ping.clamav.net
Tue Jun 12 05:03:31 2012 -> --------------------------------------
Tue Jun 12 06:03:31 2012 -> Received signal: wake up
Tue Jun 12 06:03:31 2012 -> ClamAV update process started at Tue Jun 12 06:03:31 2012
Tue Jun 12 06:03:31 2012 -> WARNING: Can't query current.cvd.clamav.net
Tue Jun 12 06:03:31 2012 -> WARNING: Invalid DNS reply. Falling back to HTTP mode.
Tue Jun 12 06:03:31 2012 -> Connecting via 192.168.4.11
Tue Jun 12 06:03:31 2012 -> Reading CVD header (main.cvd): Tue Jun 12 06:03:31 2012 -> OK
Tue Jun 12 06:03:31 2012 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Tue Jun 12 06:03:31 2012 -> Connecting via 192.168.4.11
Tue Jun 12 06:03:31 2012 -> Reading CVD header (daily.cvd): Tue Jun 12 06:03:32 2012 -> OK
Tue Jun 12 06:03:32 2012 -> daily.cld is up to date (version: 15032, sigs: 217577, f-level: 63, builder: guitar)
Tue Jun 12 06:03:32 2012 -> Connecting via 192.168.4.11
Tue Jun 12 06:03:32 2012 -> Reading CVD header (bytecode.cvd): Tue Jun 12 06:03:32 2012 -> OK (IMS)
Tue Jun 12 06:03:32 2012 -> bytecode.cvd is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)
Can't query bytecode.185.64.1.0.192.168.4.11.ping.clamav.net
Tue Jun 12 06:03:33 2012 -> --------------------------------------


Any suggestions where in in can completely disable clam updates, i did set a cron job where in it updates every week though


Thanks
RKPerumala
 
ClamAV :Received signal: wake up

SeLLeRoNe said:
Check in /etc/cron* if there is a freshclam file or something related. (probably in cron.hourly)

Regards
Click to expand...

Hi,
Thanks for your quick reply. I don't see any cronjob set as you said. here is the list of cronjobs. Appreciate your time.


ls /etc/cron*
/etc/cron.allow /etc/cron.deny /etc/crontab

/etc/cron.d:
ntpd rhn-virtualization.cron sysstat

/etc/cron.daily:
0anacron 0logwatch cups logrotate makewhatis.cron mlocate.cron prelink rpm tmpwatch

/etc/cron.fivem:
agentupper

/etc/cron.hourly:
mcelog.cron

/etc/cron.monthly:
0anacron

/etc/cron.weekly:
0anacron 99-raid-check makewhatis.cron
 
ClamAV: Received signal: wake up

SeLLeRoNe said:
What about in /etc/freshclam.conf?

Search for Check and be sure is set to 24 (is in hours)

Regards
Click to expand...

Thanks for your response. I have my checks disabled. I usually have my cronjob set to to have freshclam every MON.

Here is my freshclam.conf

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "1073741824"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/freshclam.log"
DatabaseOwner = "clamav"
Checks disabled
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.in.clamav.net", "clamav.hnsdc.com"
MaxAttempts = "3"
ScriptedUpdates disabled
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"

Any suggestions, Appreciate your time

Thanks
RKPerumala
 
As far as ive read on my freshclam.conf if check value is disabled it take as default every 12hours, the strange part is that seems from your log that try every hour.

Try add Check 240 for 10 days and lets see.

Also, i wouldn't suggest you to update antivirus db just once per month, once per day or max once per week should be a better solution for your security.

Regards

EDIT: Ive just noticed that you have Checks disabled, dont know if is a valid value, but, now im guessing, have you installed clamav/freshclam from custombuild or from your os repository? Or both?

Regards
 
Received signal: wake up

SeLLeRoNe said:
As far as ive read on my freshclam.conf if check value is disabled it take as default every 12hours, the strange part is that seems from your log that try every hour.

Try add Check 240 for 10 days and lets see.

Also, i wouldn't suggest you to update antivirus db just once per month, once per day or max once per week should be a better solution for your security.

Regards

EDIT: Ive just noticed that you have Checks disabled, dont know if is a valid value, but, now im guessing, have you installed clamav/freshclam from custombuild or from your os repository? Or both?

Regards
Click to expand...

Hi,

As you said i have made checks for every 7 days (though i have a cronjob set for this).
I installed ClamAV from a rpm build.

Will keep you posted regarding the solution you gave.

Thanks
RKPerumala
 
I would suggest you to use the custombuild installation cause it compile from source and once a new version come out you dont need to wait that os distribution update his rpms ;)

Let me know if now it work.

Regards
 
Clam AV Updates database every hour

SeLLeRoNe said:
I would suggest you to use the custombuild installation cause it compile from source and once a new version come out you dont need to wait that os distribution update his rpms ;)

Let me know if now it work.

Regards
Click to expand...

Hi there,

I'm still facing the same problem. its getting updated every hour. below is the log output

Wed Jun 13 04:36:55 2012 -> --------------------------------------
Wed Jun 13 05:36:55 2012 -> Received signal: wake up
Wed Jun 13 05:36:55 2012 -> Max retries == 3
Wed Jun 13 05:36:55 2012 -> ClamAV update process started at Wed Jun 13 05:36:55 2012
Wed Jun 13 05:36:55 2012 -> Using IPv6 aware code
Wed Jun 13 05:36:55 2012 -> Querying current.cvd.clamav.net
Wed Jun 13 05:36:55 2012 -> TTL: 900
Wed Jun 13 05:36:55 2012 -> Software version from DNS: 0.97.4
Wed Jun 13 05:36:55 2012 -> main.cvd version from DNS: 54
Wed Jun 13 05:36:55 2012 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Jun 13 05:36:55 2012 -> daily.cvd version from DNS: 15036
Wed Jun 13 05:36:55 2012 -> daily.cvd is up to date (version: 15036, sigs: 217594, f-level: 63, builder: guitar)
Wed Jun 13 05:36:55 2012 -> bytecode.cvd version from DNS: 185
Wed Jun 13 05:36:55 2012 -> bytecode.cvd is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)
Wed Jun 13 05:36:57 2012 -> --------------------------------------
Wed Jun 13 06:36:57 2012 -> Received signal: wake up
Wed Jun 13 06:36:57 2012 -> Max retries == 3
Wed Jun 13 06:36:57 2012 -> ClamAV update process started at Wed Jun 13 06:36:57 2012
Wed Jun 13 06:36:57 2012 -> Using IPv6 aware code
Wed Jun 13 06:36:57 2012 -> Querying current.cvd.clamav.net
Wed Jun 13 06:36:57 2012 -> TTL: 900
Wed Jun 13 06:36:57 2012 -> Software version from DNS: 0.97.4
Wed Jun 13 06:36:57 2012 -> main.cvd version from DNS: 54
Wed Jun 13 06:36:57 2012 -> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Wed Jun 13 06:36:57 2012 -> daily.cvd version from DNS: 15037
Wed Jun 13 06:36:57 2012 -> Retrieving http://db.in.clamav.net/daily.cvd
Wed Jun 13 06:36:57 2012 -> Trying to download http://db.in.clamav.net/daily.cvd (IP: 193.1.193.64)
Wed Jun 13 06:37:00 2012 -> Downloading daily.cvd [100%]
Wed Jun 13 06:37:01 2012 -> Loading signatures from daily.cvd
Wed Jun 13 06:37:01 2012 -> Properly loaded 217921 signatures from new daily.cvd
Wed Jun 13 06:37:01 2012 -> daily.cvd updated (version: 15037, sigs: 217921, f-level: 63, builder: neo)
Wed Jun 13 06:37:01 2012 -> Querying daily.15037.64.1.0.193.1.193.64.ping.clamav.net
Wed Jun 13 06:37:01 2012 -> bytecode.cvd version from DNS: 185
Wed Jun 13 06:37:01 2012 -> bytecode.cvd is up to date (version: 185, sigs: 39, f-level: 63, builder: neo)
Wed Jun 13 06:37:03 2012 -> Database updated (1262347 signatures) from db.in.clamav.net (IP: 193.1.193.64)
Wed Jun 13 06:37:03 2012 -> Clamd successfully notified about the update.
Wed Jun 13 06:37:03 2012 -> --------------------------------------


Appreciate your time & effort

Thanks
RKPerumala
 
ClamAV Updates every hour

SeLLeRoNe said:
I would suggest you to use the custombuild installation cause it compile from source and once a new version come out you dont need to wait that os distribution update his rpms ;)

Let me know if now it work.

Regards
Click to expand...


Hi there,

I'm still facing the same issue. It gets updated every hour, Any thing to tune in my configurations

Appreciate your time & effort

Thanks
RKPerumala
 
ClamAV Database Updates

Does any one have solution for this problem...

Thanks in advance

---
RKPerumala
 
If anyone has an answer, they'll let you know. Otherwise you'll need to either find the answer on your own, live with it, or hire a server administrator to look into your server for you.

Continuing to refresh a thread just to keep it at the top of the list will simply get you banned from posting.

Jeff
 
You must log in or register to reply here.
Back
Top