[Pkg-clamav-devel] Bug#840331: clamav autoconfiguring a Proxy based on Apt settings

T A F Thorne tafthorne at googlemail.com
Mon Oct 10 16:54:12 UTC 2016 

Package: clamav

Version: 0.99.2


I have been asked to file this bug report with Debian after some initial
diagnosis in the Ubuntu downstream repository.  See
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1631355 for the
thread as there.

What follows is a transcript of my initial report with the extra
information requested tact onto the end. 


In my syslog I can see messages such as "Update failed. Your network may
be down or none of the mirrors listed in /etc/clamav/freshclam.conf is
working. Check http://www.clamav.net/doc/mirrors-faq.html for possible
reasons." and "WARNING: getpatch: Can't download daily-21693.cdiff from
db.local.clamav.net". The reason for this seems to be that a machine
named warden.pt.local is being used as general purpose http proxy.

If I check in /etc/clamav/freshclam.conf I can see:
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
# Proxy: http://warden.pt.local:3142/
HTTPProxyServer warden.pt.local
HTTPProxyPort 3142

Which does show that warden is being set up as an HTTP Proxy Server. I
did not do this manually though, as the start of said config file
suggests with it's message of:
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

I believe that the automatic configuration of this package is behaving
in the wrong way. It should not be selecting warden as a Proxy.

Warden is set as a proxy for APT on my system. It has Apt-Cacher NG
installed for this purpose. In my /etc area, warden is only mentioned in
the /etc/apt/apt.conf.d/02proxy file and in the automatically generated
/etc/clamav/freshclam.conf file.
$ sudo rgrep warden.pt.local /etc/
/etc/clamav/freshclam.conf:# Proxy: http://warden.pt.local:3142/
/etc/clamav/freshclam.conf:HTTPProxyServer warden.pt.local
/etc/apt/apt.conf.d/02proxy:Acquire::http { Proxy
"http://warden.pt.local:3142"; };

When I check other machines on my network that have a similar setting
for apt, they also express this error messages about clamav in their
syslogs. As far as I can see both 14.04 and 16.04 machines exhibit the
same behaviour.

Syslog sample:
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: Received signal: wake up
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: ClamAV update process
started at Fri Oct 7 12:34:53 2016
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: main.cvd is up to date
(version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:34:53 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:34:58 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:34:58 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:01 thorne-ul-dt CRON[7552]: (munin) CMD (if [ -x
/usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi)
Oct 7 12:35:01 thorne-ul-dt CRON[7557]: (root) CMD (if [ -x
/etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update
7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then
/etc/munin/plugins/apt update 7200 12 >/dev/null; fi)
Oct 7 12:35:04 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:04 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:06 thorne-ul-dt systemd[1]: Started CUPS Scheduler.
Oct 7 12:35:06 thorne-ul-dt colord[1420]: (colord:1420): Cd-WARNING **:
failed to get session [pid 8204]: No such device or address
Oct 7 12:35:06 thorne-ul-dt colord[1420]: message repeated 3 times: [
(colord:1420): Cd-WARNING **: failed to get session [pid 8204]: No such
device or address]
Oct 7 12:35:09 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:09 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:14 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:14 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:20 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:20 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:20 thorne-ul-dt freshclam[25718]: WARNING: Incremental
update failed, trying to download daily.cvd
Oct 7 12:35:25 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:25 thorne-ul-dt freshclam[25718]: WARNING: Can't download
daily.cvd from db.local.clamav.net
Oct 7 12:35:25 thorne-ul-dt freshclam[25718]: Trying again in 5 secs...
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: ClamAV update process
started at Fri Oct 7 12:35:30 2016
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: main.cvd is up to date
(version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:35:30 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:35:35 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:35 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:41 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:41 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:46 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:46 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:51 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:51 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:56 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:35:56 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:35:57 thorne-ul-dt freshclam[25718]: WARNING: Incremental
update failed, trying to download daily.cvd
Oct 7 12:36:02 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:36:02 thorne-ul-dt freshclam[25718]: WARNING: Can't download
daily.cvd from db.local.clamav.net
Oct 7 12:36:02 thorne-ul-dt freshclam[25718]: Trying again in 5 secs...
Oct 7 12:36:07 thorne-ul-dt freshclam[25718]: ClamAV update process
started at Fri Oct 7 12:36:07 2016
Oct 7 12:36:07 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:17 thorne-ul-dt freshclam[25718]: Trying again in 5 secs...
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: ClamAV update process
started at Fri Oct 7 12:37:22 2016
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: main.cvd is up to date
(version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:37:22 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:27 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:37:27 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:33 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:37:33 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:38 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:37:38 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:43 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:37:43 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:49 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:37:49 thorne-ul-dt freshclam[25718]: ERROR: getpatch: Can't
download daily-21693.cdiff from db.local.clamav.net
Oct 7 12:37:49 thorne-ul-dt freshclam[25718]: WARNING: Incremental
update failed, trying to download daily.cvd
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown
response from db.local.clamav.net
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: ERROR: Can't download
daily.cvd from db.local.clamav.net
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: Giving up on
db.local.clamav.net...
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: ClamAV update process
started at Fri Oct 7 12:37:54 2016
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: main.cvd is up to date
(version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Oct 7 12:37:54 thorne-ul-dt freshclam[25718]: Connecting via warden.pt.local
Oct 7 12:37:59 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from database.clamav.net
Oct 7 12:37:59 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:04 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from database.clamav.net
Oct 7 12:38:04 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:10 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from database.clamav.net
Oct 7 12:38:10 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:15 thorne-ul-dt freshclam[25718]: WARNING: getfile: Unknown
response from database.clamav.net
Oct 7 12:38:15 thorne-ul-dt freshclam[25718]: WARNING: getpatch: Can't
download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:20 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown
response from database.clamav.net
Oct 7 12:38:20 thorne-ul-dt freshclam[25718]: ERROR: getpatch: Can't
download daily-21693.cdiff from database.clamav.net
Oct 7 12:38:21 thorne-ul-dt freshclam[25718]: WARNING: Incremental
update failed, trying to download daily.cvd
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: ERROR: getfile: Unknown
response from database.clamav.net
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: ERROR: Can't download
daily.cvd from database.clamav.net
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: Giving up on
database.clamav.net...
Oct 7 12:38:26 thorne-ul-dt freshclam[25718]: Update failed. Your
network may be down or none of the mirrors listed in
/etc/clamav/freshclam.conf is working. Check
http://www.clamav.net/doc/mirrors-faq.html for possible reasons.

I am willing to accept that I have mis-configured apt in some way to
cause this. If that is likely, how should I setup an apt only http
cache? I have not noticed any other program attempt to automatically use
apt for all HTTP traffic.

Would this bug be a security vulnerability? If a large number of
machines do not get av definition updates for months or years at a time
I could see how that could compromise a system in some small way. I will
avoid marking it as such for now as I am not sure it really is one.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: clamav 0.99.2+dfsg-0ubuntu0.16.04.1
ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19
Uname: Linux 4.4.0-38-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Oct 7 13:16:58 2016
InstallationDate: Installed on 2015-03-12 (574 days ago)
InstallationMedia: Ubuntu 14.04.2 LTS "Trusty Tahr" - Release amd64
(20150218.1)
SourcePackage: clamav
UpgradeStatus: No upgrade log present (probably fresh install)


ChristianEhrhardt (paelzer) requested I check for the $http_proxy and
$HTTPProxyServer environment variables.  My testing showed that these
were not set:
Certainly, here is what I can find on my system:
thomasthorne at thorne-ul-dt:~$ echo $http_proxy

thomasthorne at thorne-ul-dt:~$ echo $HTTPProxyServer

So nothing set for either variable there is seems:
thomasthorne at thorne-ul-dt:~$ env | grep -i http
NVM_NODEJS_ORG_MIRROR=http://nodejs.org/dist
That does not look like it would be applicable either.

It was Christian Ehrhardt who suggested that I should submit a bug
report to Debian. 

-- 
TafT


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20161010/f4c36164/attachment.sig>

More information about the Pkg-clamav-devel mailing list