| 2021-03-20 15:40:07 |
jean-christophe manciot |
description |
Ubuntu 21.04
clamav-freshclam: 0.103.0+dfsg-3.1
Commands executed as root:
# systemctl stop clamav-freshclam
# freshclam --debug --verbose
Sat Mar 20 16:00:21 2021 -> ClamAV update process started at Sat Mar 20 16:00:21 2021
Sat Mar 20 16:00:21 2021 -> *Current working dir is /var/lib/clamav/
Sat Mar 20 16:00:21 2021 -> *Querying current.cvd.clamav.net
Sat Mar 20 16:00:21 2021 -> *TTL: 1623
Sat Mar 20 16:00:21 2021 -> *fc_dns_query_update_info: Software version from DNS: 0.103.1
Sat Mar 20 16:00:21 2021 -> *Current working dir is /var/lib/clamav/
Sat Mar 20 16:00:21 2021 -> *check_for_new_database_version: No local copy of "daily" database.
Sat Mar 20 16:00:21 2021 -> *query_remote_database_version: daily.cvd version from DNS: 26115
Sat Mar 20 16:00:21 2021 -> daily database available for download (remote version: 26115)
Sat Mar 20 16:00:21 2021 -> *Retrieving https://database.clamav.net/daily.cvd
Sat Mar 20 16:00:21 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd
Sat Mar 20 16:00:21 2021 -> *downloadFile: Download destination: /var/lib/clamav/tmp.5ee08cf0a0/clamav-746b5f842a022ff02206be76e0c77fe8.tmp
* Trying 104.16.219.84:443...
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
* Closing connection 0
Sat Mar 20 16:00:21 2021 -> ^Download failed (77) Sat Mar 20 16:00:21 2021 -> ^ Message: Problem with the SSL CA cert (path? access rights?)
Sat Mar 20 16:00:21 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sat Mar 20 16:00:21 2021 -> Trying again in 5 secs...
The alleged "error setting certificate verify locations" is false:
# sudo -u clamav -EH ls -al /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 186336 Mar 15 08:45 /etc/ssl/certs/ca-certificates.crt
# sudo -u clamav -EH ls -al /etc/ssl/certs
total 556
drwxr-xr-x 3 root root 12288 Mar 15 08:45 .
...
Also, it is possible to contact the website as clamav user, meaning there is no CA access issue for that user:
# sudo -u clamav -EH wget https://database.clamav.net
--2021-03-20 16:21:12-- https://database.clamav.net/
Resolving database.clamav.net (database.clamav.net)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ...
Connecting to database.clamav.net (database.clamav.net)|104.16.219.84|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
index.html [ <=> ] 1.14K --.-KB/s in 0s
2021-03-20 16:21:12 (21.3 MB/s) - ‘index.html’ saved [1166]
# more index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<meta content="15;url=http://www.clamav.net" http-equiv="Refresh">
<title>ClamAV database mirror</title>
</head>
<body>
<div style="text-align: center;">
<big>
<img style="width: 125px; height: 102px;" alt="ClamAV logo"
src="//www.clamav.net/assets/clamav-trademark.png">
</big>
<br>
</div>
<br>
<br>
You reached one of ClamAV virus database mirrors: <a
style="font-style: italic;" href="http://database.clamav.net">database.clamav.net</a>
is a round robin record that tries to equally balance the traffic
between all the database mirrors.<br>
For a complete list of our mirrors visit <a
href="http://www.clamav.net/mirrors.html">http://www.clamav.net/mirrors.html</a><br>
<br>
<br>
You'll be redirected to ClamAV home page (<a
href="http://www.clamav.net">http://www.clamav.net</a>) in 15
seconds...<br>
<br>
<br>
<hr style="width: 100%; height: 2px;"><small style="font-weight: bold;">This
mirror is sponsored by </small><br>
<br>
<img alt="Sponsor Logo" src="local_logo.png"><br>
<br>
</body>
</html>
This is a very strange issue.
Any suggestion on how to debug/workaround that issue? |
Ubuntu 21.04
clamav-freshclam: 0.103.0+dfsg-3.1
/etc/clamav/freshclam.conf:
--------------------------
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug true
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing true
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.fr.clamav.net
DatabaseMirror database.clamav.net
Commands executed as root:
# systemctl stop clamav-freshclam
# freshclam --debug --verbose
Sat Mar 20 16:00:21 2021 -> ClamAV update process started at Sat Mar 20 16:00:21 2021
Sat Mar 20 16:00:21 2021 -> *Current working dir is /var/lib/clamav/
Sat Mar 20 16:00:21 2021 -> *Querying current.cvd.clamav.net
Sat Mar 20 16:00:21 2021 -> *TTL: 1623
Sat Mar 20 16:00:21 2021 -> *fc_dns_query_update_info: Software version from DNS: 0.103.1
Sat Mar 20 16:00:21 2021 -> *Current working dir is /var/lib/clamav/
Sat Mar 20 16:00:21 2021 -> *check_for_new_database_version: No local copy of "daily" database.
Sat Mar 20 16:00:21 2021 -> *query_remote_database_version: daily.cvd version from DNS: 26115
Sat Mar 20 16:00:21 2021 -> daily database available for download (remote version: 26115)
Sat Mar 20 16:00:21 2021 -> *Retrieving https://database.clamav.net/daily.cvd
Sat Mar 20 16:00:21 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd
Sat Mar 20 16:00:21 2021 -> *downloadFile: Download destination: /var/lib/clamav/tmp.5ee08cf0a0/clamav-746b5f842a022ff02206be76e0c77fe8.tmp
* Trying 104.16.219.84:443...
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* error setting certificate verify locations: CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
* Closing connection 0
Sat Mar 20 16:00:21 2021 -> ^Download failed (77) Sat Mar 20 16:00:21 2021 -> ^ Message: Problem with the SSL CA cert (path? access rights?)
Sat Mar 20 16:00:21 2021 -> ^getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd
Sat Mar 20 16:00:21 2021 -> Trying again in 5 secs...
The alleged "error setting certificate verify locations" is false:
# sudo -u clamav -EH ls -al /etc/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 186336 Mar 15 08:45 /etc/ssl/certs/ca-certificates.crt
# sudo -u clamav -EH ls -al /etc/ssl/certs
total 556
drwxr-xr-x 3 root root 12288 Mar 15 08:45 .
...
Also, it is possible to contact the website as clamav user, meaning there is no CA access issue for that user:
# sudo -u clamav -EH wget https://database.clamav.net
--2021-03-20 16:21:12-- https://database.clamav.net/
Resolving database.clamav.net (database.clamav.net)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ...
Connecting to database.clamav.net (database.clamav.net)|104.16.219.84|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
index.html [ <=> ] 1.14K --.-KB/s in 0s
2021-03-20 16:21:12 (21.3 MB/s) - ‘index.html’ saved [1166]
# more index.html
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="content-type">
<meta content="15;url=http://www.clamav.net" http-equiv="Refresh">
<title>ClamAV database mirror</title>
</head>
<body>
<div style="text-align: center;">
<big>
<img style="width: 125px; height: 102px;" alt="ClamAV logo"
src="//www.clamav.net/assets/clamav-trademark.png">
</big>
<br>
</div>
<br>
<br>
You reached one of ClamAV virus database mirrors: <a
style="font-style: italic;" href="http://database.clamav.net">database.clamav.net</a>
is a round robin record that tries to equally balance the traffic
between all the database mirrors.<br>
For a complete list of our mirrors visit <a
href="http://www.clamav.net/mirrors.html">http://www.clamav.net/mirrors.html</a><br>
<br>
<br>
You'll be redirected to ClamAV home page (<a
href="http://www.clamav.net">http://www.clamav.net</a>) in 15
seconds...<br>
<br>
<br>
<hr style="width: 100%; height: 2px;"><small style="font-weight: bold;">This
mirror is sponsored by </small><br>
<br>
<img alt="Sponsor Logo" src="local_logo.png"><br>
<br>
</body>
</html>
This is a very strange issue.
Any suggestion on how to debug/workaround that issue? |
|
