[Pkg-clamav-devel] Bug#991299: clamav-freshclam: Default download timeout short, retrying download endlessly

Mara Sophie Grosch littlefox at lf-net.org
Tue Jul 20 10:10:47 BST 2021 

Package: clamav-freshclam
Version: 0.103.2+dfsg-2
Severity: normal

Dear Maintainer,

yesterday I noticed my laptop having a lot of internet traffic from
cloudflare, but could not find what was the reason for it. Today I
enabled IP accounting and while looking at the journal (to check if a
`daemon-reload` is enough), I saw `freshclam` warning about missed
timeouts and retried downloads.

After stopping the `clamav-freshclam.service` and doing a manual
`sudo freshclam`, I saw the problem: it's configured by default to
timeout the download after 30s and then retries to download.

I'm currently at a location with a not-very-fast internet connection, so
the 30s just are not enough time to download the ~160MB it wanted to
retrieve.

I changed the ReceiveTimeout from 30 to 120, this allowed me to download
the updated database with my current connection.

I'd suggest any or both of these changes:

   * increase default timeout, best by not setting one at all
   * do not retry immediately after a missed timeout

Some days ago I used a metered connection. This only slows down after
the allowed data volume is used up, but maybe it was faster used up
because of this - so can be quite frustrating to users, especially since
it happens in the background.

Having a reverse DNS for the IP would have helped a bit, but since it's
cloudflare, it probably isn't used for clamav database only, so the info
it can give is limited..

Thank you for putting your time into this and best regards
Mara Sophie Grosch


-- Package-specific info:
--- configuration ---
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 120
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

--- data dir ---
total 342204
-rw-r--r-- 1 clamav clamav   1438720 May 31 17:48 bytecode.cld
-rw-r--r-- 1 clamav clamav 180754944 Jul 19 11:01 daily.cld
-rw-r--r-- 1 clamav clamav 168205379 Jul 20 10:57 main.cvd
-rw------- 1 clamav clamav        69 Jul 17 16:03 mirrors.dat

-- System Information:
Debian Release: 11.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages clamav-freshclam depends on:
ii  clamav-base            0.103.2+dfsg-2
ii  debconf [debconf-2.0]  1.5.75
ii  dpkg                   1.20.9
ii  libc6                  2.31-12
ii  libclamav9             0.103.2+dfsg-2
ii  logrotate              3.18.0-2
ii  lsb-base               11.1.0
ii  procps                 2:3.3.17-5
ii  ucf                    3.0043

Versions of packages clamav-freshclam recommends:
ii  ca-certificates  20210119

Versions of packages clamav-freshclam suggests:
ii  apparmor     2.13.6-10
pn  clamav-docs  <none>

-- debconf information excluded

More information about the Pkg-clamav-devel mailing list