Debian
clamav package

clamav autonfiguring a Proxy based on Apt settings

Bug #1631355 reported by Thomas A. F. Thorne
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
clamav (Debian)
New
Unknown
clamav (Ubuntu)
Incomplete
Undecided
Unassigned

Bug Description

In my syslog I can see messages such as "Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons." and "WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net". The reason for this seems to be that a machine named warden.pt.local is being used as general purpose http proxy.

If I check in /etc/clamav/freshclam.conf I can see:
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
# Proxy: http://warden.pt.local:3142/
HTTPProxyServer warden.pt.local
HTTPProxyPort 3142

Which does show that warden is being set up as an HTTP Proxy Server. I did not do this manually though, as the start of said config file suggests with it's message of:
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

I believe that the automatic configuration of this package is behaving in the wrong way. It should not be selecting warden as a Proxy.

Warden is set as a proxy for APT on my system. It has Apt-Cacher NG installed for this purpose. In my /etc area, warden is only mentioned in the /etc/apt/apt.conf.d/02proxy file and in the automatically generated /etc/clamav/freshclam.conf file.
$ sudo rgrep warden.pt.local /etc/
/etc/clamav/freshclam.conf:# Proxy: http://warden.pt.local:3142/
/etc/clamav/freshclam.conf:HTTPProxyServer warden.pt.local
/etc/apt/apt.conf.d/02proxy:Acquire::http { Proxy "http://warden.pt.local:3142"; };

When I check other machines on my network that have a similar setting for apt, they also express this error messages about clamav in their syslogs. As far as I can see both 14.04 and 16.04 machines exhibit the same behaviour.

Syslog sample:
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: Received signal: wake up
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: ClamAV update process started at Fri Oct 7 12:34:53 2016
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:34:58 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:34:58 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:01 thorne-ul-dt CRON[7552]: (munin) CMD (if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)
Oct 7 12:35:01 thorne-ul-dt CRON[7557]: (root) CMD (if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi)
Oct 7 12:35:04 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:04 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:06 thorne-ul-dt systemd[1]: Started CUPS Scheduler.
Oct 7 12:35:06 thorne-ul-dt colord[1420]: (colord:1420): Cd-WARNING **: failed to get session [pid 8204]: No such device or address
Oct 7 12:35:06 thorne-ul-dt colord[1420]: message repeated 3 times: [ (colord:1420): Cd-WARNING **: failed to get session [pid 8204]: No such device or address]
Oct 7 12:35:09 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:09 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:14 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:14 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:20 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:20 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:20 thorne-ul-dt freshclam[25718]: WARNING: Incremental update failed, trying to download daily.cvd
Oct 7 12:35:25 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:25 thorne-ul-dt freshclam[25718]: WARNING: Can't download daily.cvd from db.local.clamav.net
Oct 7 12:35:25 thorne-ul-dt freshclam[25718]: Trying again in 5 secs...
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: ClamAV update process started at Fri Oct 7 12:35:30 2016
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:35:35 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:35 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:41 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:41 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:46 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:46 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:51 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:51 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:56 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:35:56 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:57 thorne-ul-dt freshclam[25718]: WARNING: Incremental update failed, trying to download daily.cvd
Oct 7 12:36:02 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:36:02 thorne-ul-dt freshclam[25718]: WARNING: Can't download daily.cvd from db.local.clamav.net
Oct 7 12:36:02 thorne-ul-dt freshclam[25718]: Trying again in 5 secs...
Oct 7 12:36:07 thorne-ul-dt freshclam[25718]: ClamAV update process started at Fri Oct 7 12:36:07 2016
Oct 7 12:36:07 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:17 thorne-ul-dt freshclam[25718]: Trying again in 5 secs...
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: ClamAV update process started at Fri Oct 7 12:37:22 2016
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:27 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:37:27 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:33 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:37:33 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:38 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:37:38 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:43 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from db.local.clamav.net
Oct 7 12:37:43 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:49 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown response from db.local.clamav.net
Oct 7 12:37:49 thorne-ul-dt freshclam[25718]: ERROR: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:49 thorne-ul-dt freshclam[25718]: WARNING: Incremental update failed, trying to download daily.cvd
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown response from db.local.clamav.net
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: ERROR: Can't download daily.cvd from db.local.clamav.net
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: Giving up on db.local.clamav.net...
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: ClamAV update process started at Fri Oct 7 12:37:54 2016
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:59 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from database.clamav.net
Oct 7 12:37:59 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:04 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from database.clamav.net
Oct 7 12:38:04 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:10 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from database.clamav.net
Oct 7 12:38:10 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:15 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown response from database.clamav.net
Oct 7 12:38:15 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:20 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown response from database.clamav.net
Oct 7 12:38:20 thorne-ul-dt freshclam[25718]: ERROR: getpatch: Can't download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:21 thorne-ul-dt freshclam[25718]: WARNING: Incremental update failed, trying to download daily.cvd
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown response from database.clamav.net
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: ERROR: Can't download daily.cvd from database.clamav.net
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: Giving up on database.clamav.net...
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

I am willing to accept that I have mis-configured apt in some way to cause this. If that is likely, how should I setup an apt only http cache? I have not noticed any other program attempt to automatically use apt for all HTTP traffic.

Would this bug be a security vulnerability? If a large number of machines do not get av definition updates for months or years at a time I could see how that could compromise a system in some small way. I will avoid marking it as such for now as I am not sure it really is one.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: clamav 0.99.2+dfsg-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19
Uname: Linux 4.4.0-38-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Oct 7 13:16:58 2016
InstallationDate: Installed on 2015-03-12 (574 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64 (20150218.1)
SourcePackage: clamav
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Thomas A. F. Thorne (tafthorne) wrote :
Revision history for this message
Thomas A. F. Thorne (tafthorne) wrote :

Attaching the log file which seems to relate to clamaav as it was not automatically attached. This file was taken from /var/log/clamav/freshclam.log and seems to show the error extending back to the beginning of the month.

If I look in the oldest rotated copy of the long on my machine I can see evidence of the problem extending back to at least the end of July without my noticing until now.

Sun Jul 31 07:35:53 2016 -> ClamAV update process started at Sun Jul 31 07:35:53 2016
Sun Jul 31 07:35:53 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Sun Jul 31 07:35:53 2016 -> WARNING: Local version: 0.99 Recommended version: 0.99.2
Sun Jul 31 07:35:53 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Sun Jul 31 07:35:53 2016 -> Connecting via warden.pt.local
Sun Jul 31 07:35:53 2016 -> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Sun Jul 31 07:35:53 2016 -> Connecting via warden.pt.local
Sun Jul 31 07:35:58 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:35:58 2016 -> WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Sun Jul 31 07:36:03 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:36:03 2016 -> WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Sun Jul 31 07:36:08 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:36:08 2016 -> WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Sun Jul 31 07:36:13 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:36:13 2016 -> WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Sun Jul 31 07:36:18 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:36:18 2016 -> WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net
Sun Jul 31 07:36:18 2016 -> WARNING: Incremental update failed, trying to download daily.cvd
Sun Jul 31 07:36:23 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:36:23 2016 -> WARNING: Can't download daily.cvd from db.local.clamav.net
Sun Jul 31 07:36:23 2016 -> Trying again in 5 secs...
Sun Jul 31 07:36:28 2016 -> ClamAV update process started at Sun Jul 31 07:36:28 2016
Sun Jul 31 07:36:28 2016 -> WARNING: Your ClamAV installation is OUTDATED!
Sun Jul 31 07:36:28 2016 -> WARNING: Local version: 0.99 Recommended version: 0.99.2
Sun Jul 31 07:36:28 2016 -> DON'T PANIC! Read http://www.clamav.net/support/faq
Sun Jul 31 07:36:28 2016 -> Connecting via warden.pt.local
Sun Jul 31 07:36:28 2016 -> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Sun Jul 31 07:36:28 2016 -> Connecting via warden.pt.local
Sun Jul 31 07:36:33 2016 -> WARNING: getfile: Unknown response from remote server (IP: 172.16.20.99)
Sun Jul 31 07:36:33 2016 -> WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi,
Thank you for taking the time to report this bug and helping to make Ubuntu better.

This is a feature for a long time already:
Changelog from 2004:
* Preseed debconf with $http_proxy for freshclam proxy question
     (closes: #266436

The code doing so is only considering http_proxy env var which I think is right.
if [ -n "$http_proxy" ]; then·
  db_set clamav-freshclam/http_proxy "$http_proxy" || true
fi

Later on it also checks for $HTTPProxyServer and does the same.

Your /etc/apt/apt.conf.d/02proxy configuration should affect neither.
Could you report the content of those two environment variables on your system?

I'm curious so I'd really like to know.

But from all I have checked in the code I think in general that this bug should be present in Debian too. So it would be best fixed in Debian, then Ubuntu will pick it up on the next merge.

So in case the check for these env variables doesn't reveal whatever was going on, would you then mind filing a bug with Debian please?

Changed in clamav (Ubuntu):
status: New → Incomplete
Revision history for this message
Thomas A. F. Thorne (tafthorne) wrote :

> Could you report the content of those two environment variables on your system?

Certainly, here is what I can find on my system:
thomasthorne@thorne-ul-dt:~$ echo $http_proxy

thomasthorne@thorne-ul-dt:~$ echo $HTTPProxyServer

So nothing set for either variable there is seems:
thomasthorne@thorne-ul-dt:~$ env | grep -i http
NVM_NODEJS_ORG_MIRROR=http://nodejs.org/dist
That does not look like it would be applicable either.

> I'm curious so I'd really like to know.

Always a good trait in someone helping to fault find.

> So in case the check for these env variables doesn't reveal whatever was going on, would you then mind filing a bug with Debian please?

I will do so in a few minutes time and then report or link the bug details here.

Bug Watch Updater (bug-watch-updater)
Changed in clamav (Debian):
status: Unknown → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.