The problem has to be at your site, as the Clam updates are very reliable (when available), and you seem to be the only one with such a problem at the present time. That's about all we can say/do, given our time/resources.

Regards,

Noted. Do the ClamWin Devs also decline to
even attempt to determine what it is about
my site that apparently so afflicts ClamWin?

They don't decline--they just don't have much time. ClamWin is a free AV developed/maintained/operated by 2 people in their spare time (when they are not making a living), with a little help now and then from volunteers. ClamWin has lately seen a lot of use on networked environments, but it is primarily a free AV for stand-alone environments.

Regards,

Noted. My site is pretty much identical except the workload is
neither shared nor has the assistance of volunteers. Just me.
The 'network' is an intranet occupied by one workstation and
exists for appropriate connectivity of various boxes. It is most
definatively NOT an archetypal 'networked environment'. I have
already volunteered but without devs' assistance then extended
examination of events and triggers is impossible. When I can
derive or surmise what might be the vulnerability of ClamWin,
as normally operated here at this site, I will update this thread.
Failing that a deleting cron job can enforce periodic rebuilds.

This is a deduction and has been made without the
benefit of intelligence from the Devs or any advice
from the help forum. ClamWin is not coping well
with my C:\ SSD and is corrupting its own files.

This may be due to ClamWin using what old-timers
like me would call absolute addressing. The SSD
has a built-in functionality that moves data around
transparently due to the nature and design of SSD.

Using ClamWin's PREFS I have implemented an
adequate workaround: move the mirrors.dat
file storage off the SSD and on to HDD. At my
site all my normal HDDs are actually RAID5
arrays and not a simplistic HDD but at least
there is no transparent data re-location activity.
And RAID5 are mature whereas SSD's are new.

I have observed ClamWin's control corrupting but
the iterations of any such are, perhaps, ~50% less.
Moreover all such failures have been repaired by
ONLY deleting mirrors.dat for a successful rebuild.
At no time, since the relocation of mirrors.dat,
has the manual rebuild implementation process
proved unnervingly unsuccessful like beforehand.

Yes, this issue is only at my site.
No, it is not due to my stuff as
it is ClamWin that needs the fix.

Please advise.

Further... just come in and seen this:

ClamAV update process started at Fri Aug 05 16:05:51 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
Downloading daily-13404.cdiff [100%]
Downloading daily-13404.cdiff [100%]
[LibClamAV] daily.cld cannot be deleted, scheduling for deletetion at next reboot
[LibClamAV] error scheduling the move operation for reboot (5)
ERROR: Can't rename D:\.clamwin\db\clamav-bdaa2f645147bc806add021d5d43a8c1.000009ac.clamtmp\clamav-40c03e1a078cac2ed7e84aa949d7d753.000009ac.cla.cld to daily.cld: File exists

--------------------------------------
Completed
--------------------------------------

Please advise.

this may be caused by acronis or other software that locks files

about the update problem:
if(!strstr(buffer, "HTTP/1.1 200") && !strstr(buffer, "HTTP/1.0 200") &&
!strstr(buffer, "HTTP/1.1 206") && !strstr(buffer, "HTTP/1.0 206")) {
logg("%cUnknown response from remote server\n", logerr ? '!' : '^');

the update server returns something wrong
it may be tricky but I suggest you to use wireshark or something like to check web traffic when updating
(you can restrict rule to 'port 80' and close all programs that may access to web)

Indeed. I have tested manual updates just before,
during and after Acronis back up runs. No problems.


Indeed. I have not seen this particular text before.

To recap: ClamWin corrupts its own files locally
and the remote update server sends corrupt data.
Interesting.


I have no wireless functionality here.
Everything is CAT5/6 and wired.

I am downloading the w7 64bit version of
wireshark now but first I have to learn
what it is and then how to use it.

...complicated. I have a local shoot I must cover. Later.

[quote="sherpya"]
Photo shoot complete. Wireshark installed. I have stuff.
Suggest you obtain my forum email address from the
moderators and make contact with my email server.

Photo shoot complete. Wireshark installed. I have stuff.
Suggest you obtain my forum email address from the
moderators and make contact with my email server.

Your update servers are sending 403 Forbidden flags
to my server when your ClamWin goes into FailSafe
mode after corrupting its own control file(s) and then
attempting to update itself 12x more often than is
mandated (ie every 5mins instead of every hour).
Nice.

PostEdit: corrected my maths

I have now uninstalled ClamWin.
As this thread appears to be a target for
post spam I suggest that the moderators
now lock the thread. Good day.

MODERATORS:
1) close this thread now please
2) fix the PM spam too as well