ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
The problem has to be at your site, as the Clam updates are very reliable (when available), and you seem to be the only one with such a problem at the present time. That's about all we can say/do, given our time/resources.

Regards,
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
Noted. Do the ClamWin Devs also decline to
even attempt to determine what it is about
my site that apparently so afflicts ClamWin?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4292
Location: USA
Reply with quote
They don't decline--they just don't have much time. ClamWin is a free AV developed/maintained/operated by 2 people in their spare time (when they are not making a living), with a little help now and then from volunteers. ClamWin has lately seen a lot of use on networked environments, but it is primarily a free AV for stand-alone environments.

Regards,
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
Noted. My site is pretty much identical except the workload is
neither shared nor has the assistance of volunteers. Just me.
The 'network' is an intranet occupied by one workstation and
exists for appropriate connectivity of various boxes. It is most
definatively NOT an archetypal 'networked environment'. I have
already volunteered but without devs' assistance then extended
examination of events and triggers is impossible. When I can
derive or surmise what might be the vulnerability of ClamWin,
as normally operated here at this site, I will update this thread.
Failing that a deleting cron job can enforce periodic rebuilds.
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
This is a deduction and has been made without the
benefit of intelligence from the Devs or any advice
from the help forum. ClamWin is not coping well
with my C:\ SSD and is corrupting its own files.

This may be due to ClamWin using what old-timers
like me would call absolute addressing. The SSD
has a built-in functionality that moves data around
transparently due to the nature and design of SSD.

Using ClamWin's PREFS I have implemented an
adequate workaround: move the mirrors.dat
file storage off the SSD and on to HDD. At my
site all my normal HDDs are actually RAID5
arrays and not a simplistic HDD but at least
there is no transparent data re-location activity.
And RAID5 are mature whereas SSD's are new.

I have observed ClamWin's control corrupting but
the iterations of any such are, perhaps, ~50% less.
Moreover all such failures have been repaired by
ONLY deleting mirrors.dat for a successful rebuild.
At no time, since the relocation of mirrors.dat,
has the manual rebuild implementation process
proved unnervingly unsuccessful like beforehand.

Yes, this issue is only at my site.
No, it is not due to my stuff as
it is ClamWin that needs the fix.

Please advise.
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
Further... just come in and seen this:

ClamAV update process started at Fri Aug 05 16:05:51 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Downloading daily-13404.cdiff [100%]
Downloading daily-13404.cdiff [100%]
[LibClamAV] daily.cld cannot be deleted, scheduling for deletetion at next reboot
[LibClamAV] error scheduling the move operation for reboot (5)
ERROR: Can't rename D:\.clamwin\db\clamav-bdaa2f645147bc806add021d5d43a8c1.000009ac.clamtmp\clamav-40c03e1a078cac2ed7e84aa949d7d753.000009ac.cla.cld to daily.cld: File exists

--------------------------------------
Completed
--------------------------------------

Please advise.
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 894
Location: Italy
Reply with quote
piran wrote:
Further... just come in and seen this:

ClamAV update process started at Fri Aug 05 16:05:51 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Downloading daily-13404.cdiff [100%]
Downloading daily-13404.cdiff [100%]
[LibClamAV] daily.cld cannot be deleted, scheduling for deletetion at next reboot
[LibClamAV] error scheduling the move operation for reboot (5)
ERROR: Can't rename D:\.clamwin\db\clamav-bdaa2f645147bc806add021d5d43a8c1.000009ac.clamtmp\clamav-40c03e1a078cac2ed7e84aa949d7d753.000009ac.cla.cld to daily.cld: File exists

--------------------------------------
Completed
--------------------------------------

Please advise.


this may be caused by acronis or other software that locks files

about the update problem:
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) {
logg("%cUnknown response from remote server\n", logerr ? '!' : '^');

the update server returns something wrong
it may be tricky but I suggest you to use wireshark or something like to check web traffic when updating
(you can restrict rule to 'port 80' and close all programs that may access to web)
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
sherpya wrote:

this may be caused by acronis or other software that locks files

Indeed. I have tested manual updates just before,
during and after Acronis back up runs. No problems.

sherpya wrote:

about the update problem:
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) {
logg("%cUnknown response from remote server\n", logerr ? '!' : '^');

the update server returns something wrong

Indeed. I have not seen this particular text before.

To recap: ClamWin corrupts its own files locally
and the remote update server sends corrupt data.
Interesting.

sherpya wrote:

it may be tricky but I suggest you to use wireshark or something like to check web traffic when updating
(you can restrict rule to 'port 80' and close all programs that may access to web)

I have no wireless functionality here.
Everything is CAT5/6 and wired.
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
I am downloading the w7 64bit version of
wireshark now but first I have to learn
what it is and then how to use it.
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
piran wrote:
I am downloading the w7 64bit version of
wireshark now but first I have to learn
what it is and then how to use it.

...complicated. I have a local shoot I must cover. Later.
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
[quote="sherpya"]
piran wrote:
wireshark

Photo shoot complete. Wireshark installed. I have stuff.
Suggest you obtain my forum email address from the
moderators and make contact with my email server.
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
sherpya wrote:
wireshark

Photo shoot complete. Wireshark installed. I have stuff.
Suggest you obtain my forum email address from the
moderators and make contact with my email server.

Your update servers are sending 403 Forbidden flags
to my server when your ClamWin goes into FailSafe
mode after corrupting its own control file(s) and then
attempting to update itself 12x more often than is
mandated (ie every 5mins instead of every hour).
Nice.

PostEdit: corrected my maths
View user's profileSend private message
piran


Joined: 22 Apr 2010
Posts: 44
Reply with quote
I have now uninstalled ClamWin.
As this thread appears to be a target for
post spam I suggest that the moderators
now lock the thread. Good day.

MODERATORS:
1) close this thread now please
2) fix the PM spam too as well
View user's profileSend private message
I am having to delete mirrors.dat many times a day...
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 4 of 4  

  
  
 Reply to topic