[Pkg-clamav-devel] Bug#968365: /usr/bin/freshclam: Ignores DatabaseCustomURL unless --update-db=custom is specified

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Fri Aug 14 20:48:32 BST 2020 

On 2020-08-13 17:21:04 [+0200], Stephan Jänecke wrote:
> starting with version 0.102.3 freshclam ignores DatebaseCustomURL
> options.

Are you sure about the versions? I've been looking at the changes
0.102.2..0.102.3 and there is nothing the freshclam area. That option
appears to be there. It might have happen earlier when they switched to
libcurl instead of doing their own http…

> As this option is used to specify custom paths to update databases on
> our local mirror, updates fail after upgrading from version 0.101.4.

okay. Then it is a 0.101 -> 0.102 kind of thing.

> Let me give you an example. Instead of downloading the database from
> `http://update.dfn-cert.de/av-sigs/clamav/db/main.cvd` freshclam will
> try `https://update.dfn-cert.de/main.cvd` and fail.
…
> Looking at the code I figured out that freshclam can be motivated to honour
> the values in DatabaseCustomURL options. Once I specified the executable
> parameter `--update-db=custom` freshclam happily updated the databases
> from the custom paths.
…
> Now I'm wondering: is my site incorrectly specifying custom database
> paths using `DatabaseCustomURL` and the breakage on update has been
> intentionally introduced by upstream? If so, what would be the correct
> way to introduce custom paths?

It sounds like you want to use PrivateMirror. But then you don't have
same path so it probably won't work. I don't know.

You have
	DatabaseMirror = "update.dfn-cert.de"

set which means it will look for

   update.dfn-cert.de/main.cvd
   update.dfn-cert.de/daily.cvd

so it works as expected so far. You have also set DatabaseCustomURL so
it should look additionally for

   update.dfn-cert.de/av-sigs/clamav/db/main.cvd

Now the fact that it does not might have something to do with the part
that it fails while looking for update.dfn-cert.de/main.cvd. But from
looking at the code (in this heat) it should do so.

By using "--update-db=custom" then you limit the download to the custom
URL only which is what you specify with DatabaseCustomURL. This skips
the download of main/daily/bytecode.

> Or did I indeed find a bug?

Maybe something that was not planned. It might be possible that your
custom URL contained the 'main.cvd' file which then overwrote the
'main.cvd' from the official mirror. Now it does it no longer and would
in your case download the main.cvd twice.
If you could verify the part with PrivateMirror then I/you could open a
bug with upstream asking what the recommended way is to use a private
mirror with a different hierarchy. This is what you intend to do I
guess.

> Best regards,
> 
> Stephan Jänecke

Sebastian

More information about the Pkg-clamav-devel mailing list