Ubuntu
clamav package

  1. Bug #1920615
  2. Comment #2

Comment 2 for bug 1920615

Revision history for this message
jean-christophe manciot (manciot-jeanchristophe) wrote : Re: getcvd: Can't download daily.cvd from https://database.clamav.net/daily.cvd despite correct connection to https://database.clamav.net

I have found the cause of the issue: clamav does not support symlinks for any of the following:
- /etc/clamav
- /etc/ssl
- /etc/ssl/certs
- /var/lib/clamav

If I make sure there is no symlink anymore for any of the above folders, then the issue is worked around:
# freshclam --debug --verbose
...
* Trying 104.16.219.84:443...
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Aug 15 00:00:00 2020 GMT
* expire date: Aug 15 12:00:00 2021 GMT
* subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55631ca7a1e0)
> GET /safebrowsing.cvd HTTP/2
 Host: database.clamav.net
user-agent: ClamAV/0.103.0 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
accept: */*

I'm not sure whether this symlink sensitivity is by design or a bug.