[Pkg-clamav-devel] Bug#916146: clamav-freshclam: Daily updater thinks it can use IPv6, but it's available for local network only

Harri Suutari hsuutari at gmx.com
Mon Dec 10 17:08:58 GMT 2018 

Package: clamav-freshclam
Version: 0.100.2+dfsg-0+deb9u1
Severity: normal

Dear Maintainer,

a ClamAV installation on a machine on a private network thinks it can use IPv6
to fetch the updates and fails, because IPv6 is not available onwards the
router, but only in the internal private network.

Dec 10 09:00:14 hostn freshclam[390]: Mon Dec 10 09:00:14 2018 -> Trying host
db.fi.clamav.net (2606:4700::6810:ba8a)...
Dec 10 09:00:14 hostn freshclam[390]: Mon Dec 10 09:00:14 2018 ->
connect_error: getsockopt(SO_ERROR): fd=4 error=101: Network is unreachable

I think it should try both IPv6 and IPv4 before giving up.


A workaround is to configure a proxy for it, if one is available. (dpkg-
reconfigure clamav-freshclam...)
/etc/clamav/freshclam.conf:
HTTPProxyServer router.local.lan
HTTPProxyPort 3128

Regards,
Harri



-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
BlockMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "10485760"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "1"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.fi.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer = "localhost"
HTTPProxyPort = "3128"
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.100.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT

Database information
--------------------
Database directory: /var/lib/clamav
daily.cld: version 25193, sigs: 2179135, built on Mon Dec 10 04:14:28 2018
bytecode.cvd: version 327, sigs: 91, built on Thu Aug  9 03:43:48 2018
main.cvd: version 58, sigs: 4566249, built on Thu Jun  8 00:38:10 2017
Total number of signatures: 6745475

Platform information
--------------------
uname: Linux 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64
OS: linux-gnu, ARCH: i386, CPU: i686
Full OS version: Debian GNU/Linux 9.6 (stretch)
zlib version: 1.2.8 (1.2.8), compile flags: 55
Triple: i686-pc-linux-gnu
CPU: westmere, Little-endian
platform id: 0x0a115d5d0406030001060300

Build information
-----------------
GNU C: 6.3.0 20170516 (6.3.0)
GNU C++: 6.3.0 20170516 (6.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-MpSfuf/clamav-0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-MpSfuf/clamav-0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=i686-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/i386-linux-gnu' '--libexecdir=/usr/lib/i386-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-MpSfuf/clamav-0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-MpSfuf/clamav-0.100.2+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '-with-system-llvm=/usr/
 bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=i686-linux-gnu'
sizeof(void*) = 4
Engine flevel: 93, dconf: 93

--- data dir ---
total 270712
-rw-r--r-- 1 clamav clamav    187426 Nov 10 11:11 bytecode.cvd
-rw-r--r-- 1 clamav clamav 159120896 Dec 10 06:27 daily.cld
-rw-r--r-- 1 clamav clamav 117892267 Nov 10 11:10 main.cvd

-- System Information:
Debian Release: 9.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 4.9.0-8-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages clamav-freshclam depends on:
ii  clamav-base            0.100.2+dfsg-0+deb9u1
ii  debconf [debconf-2.0]  1.5.61
ii  dpkg                   1.18.25
ii  init-system-helpers    1.48
ii  libc6                  2.24-11+deb9u3
ii  libclamav7             0.100.2+dfsg-0+deb9u1
ii  libssl1.1              1.1.0j-1~deb9u1
ii  logrotate              3.11.0-0.1
ii  lsb-base               9.20161125
ii  procps                 2:3.3.12-3+deb9u1
ii  ucf                    3.0036
ii  zlib1g                 1:1.2.8.dfsg-5

clamav-freshclam recommends no packages.

Versions of packages clamav-freshclam suggests:
pn  apparmor     <none>
pn  clamav-docs  <none>

-- debconf information excluded

More information about the Pkg-clamav-devel mailing list