# HELP freshclam not updating since 2020_03_28 - FIXED

## Moriah

I run clamd on my mail server and I use freshclam to keep its signatures current.  According to my monitoring, freshclam has not taken an update since March 28, 2020:

www.elilabs.com/cgi-bin/anisotropic_gif.cgi?image=http://www.elilabs.com/~rj/virus_updates.png&chart_title=Virus Per Day

Have there been no updates issued since then, perhaps because of the ongoing COVID-19 crisis, or has my freshclam gone stale?

----------

## freke

 *Moriah wrote:*   

> I run clamd on my mail server and I use freshclam to keep its signatures current.  According to my monitoring, freshclam has not taken an update since March 28, 2020:
> 
> www.elilabs.com/cgi-bin/anisotropic_gif.cgi?image=http://www.elilabs.com/~rj/virus_updates.png&chart_title=Virus Per Day
> 
> Have there been no updates issued since then, perhaps because of the ongoing COVID-19 crisis, or has my freshclam gone stale?

 

I hope there has been updates - otherwise I have a problem  :Wink: 

```
mail ~ # grep -i signatures /var/log/messages

Mar 29 16:22:27 mail clamd[3053]: Database correctly reloaded (6795809 signatures)

Mar 30 16:23:30 mail clamd[3053]: Database correctly reloaded (6796463 signatures)

Mar 31 16:24:20 mail clamd[3053]: Database correctly reloaded (6797620 signatures)

Apr  1 16:25:14 mail clamd[3053]: Database correctly reloaded (6798576 signatures)

Apr  2 16:26:06 mail clamd[3053]: Database correctly reloaded (6799746 signatures)

Apr  3 20:26:49 mail clamd[3053]: Database correctly reloaded (6800860 signatures)
```

As for your problem - have you checked logs to se if freshclam runs correctly?

ie.

```
mail ~ # grep -i freshclam /var/log/messages

...

Apr  3 20:25:09 mail freshclam[3062]: Received signal: wake up

Apr  3 20:25:09 mail freshclam[3062]: ClamAV update process started at Fri Apr  3 20:25:09 2020

Apr  3 20:25:10 mail freshclam[3062]: daily database available for update (local version: 25770, remote version: 25771)

Apr  3 20:25:14 mail freshclam[3062]: Testing database: '/var/lib/clamav/tmp.cb2d3/clamav-1a7c83940b4f8e75dd7a91c55727b7e7.tmp-daily.cld' ...

Apr  3 20:25:41 mail freshclam[3062]: Database test passed.

Apr  3 20:25:41 mail freshclam[3062]: daily.cld updated (version: 25771, sigs: 2246353, f-level: 63, builder: raynman)

Apr  3 20:25:42 mail freshclam[3062]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr  3 20:25:42 mail freshclam[3062]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr  3 20:25:42 mail freshclam[3062]: Clamd successfully notified about the update.

Apr  3 20:25:42 mail freshclam[3062]: --------------------------------------

Apr  3 22:25:42 mail freshclam[3062]: Received signal: wake up

Apr  3 22:25:42 mail freshclam[3062]: ClamAV update process started at Fri Apr  3 22:25:42 2020

Apr  3 22:25:45 mail freshclam[3062]: daily.cld database is up to date (version: 25771, sigs: 2246353, f-level: 63, builder: raynman)

Apr  3 22:25:45 mail freshclam[3062]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr  3 22:25:45 mail freshclam[3062]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr  3 22:25:45 mail freshclam[3062]: --------------------------------------
```

----------

## Moriah

Hmm...  

```

eli ~ # grep freshclam /var/log/messages

Mar 29 22:46:06 eli start-stop-daemon[6938]: Will stop freshclam

eli ~ # 

```

Never mind why it stoipped, how do I start it back up?  I tried /etc/init.d/freshclam start, but there is no freshclam in /etc/init.d   :Question:   :Shocked: 

Nevertheless:

```

eli ~ # ps ax | grep clam

 3132 ?        SNsl   1:56 /usr/sbin/clamd

 3147 ?        SNs    0:02 /usr/bin/freshclam -d

 3152 ?        SNsl   0:15 /usr/sbin/clamav-milter -c /etc/clamav-milter.conf

```

So it thinks it is running.    :Shocked: 

----------

## freke

You can try restarting clamd (freshclam is started via that if enabled in the corresponding conf.d/clamd)

But yes - looks like it's running.

----------

## Moriah

OK, I tried restarting clam.  Here is what the log shows:

```

Fri Apr  3 16:50:06 2020 -> --------------------------------------

Fri Apr  3 17:43:09 2020 -> Update process terminated

Fri Apr  3 17:43:41 2020 -> --------------------------------------

Fri Apr  3 17:43:41 2020 -> freshclam daemon 0.102.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)

Fri Apr  3 17:43:41 2020 -> ClamAV update process started at Fri Apr  3 17:43:41 2020

Fri Apr  3 17:43:41 2020 -> Current working dir is /var/lib/clamav/

Fri Apr  3 17:43:41 2020 -> Querying current.cvd.clamav.net

Fri Apr  3 17:43:41 2020 -> TTL: 213

Fri Apr  3 17:43:41 2020 -> fc_dns_query_update_info: Software version from DNS: 0.102.2

Fri Apr  3 17:43:41 2020 -> WARNING: Your ClamAV installation is OUTDATED!

Fri Apr  3 17:43:41 2020 -> WARNING: Local version: 0.102.1 Recommended version: 0.102.2

Fri Apr  3 17:43:41 2020 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

Fri Apr  3 17:43:41 2020 -> Current working dir is /var/lib/clamav/

Fri Apr  3 17:43:41 2020 -> check_for_new_database_version: Local copy of daily found: daily.cld.

Fri Apr  3 17:43:41 2020 -> query_remote_database_version: daily.cvd version from DNS: 25771

Fri Apr  3 17:43:41 2020 -> daily.cld database is up to date (version: 25771, sigs: 2246353, f-level: 63, builder: raynman)

Fri Apr  3 17:43:41 2020 -> fc_update_database: daily.cld already up-to-date.

Fri Apr  3 17:43:41 2020 -> Current working dir is /var/lib/clamav/

Fri Apr  3 17:43:41 2020 -> check_for_new_database_version: Local copy of main found: main.cld.

Fri Apr  3 17:43:41 2020 -> query_remote_database_version: main.cvd version from DNS: 59

Fri Apr  3 17:43:41 2020 -> main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Fri Apr  3 17:43:41 2020 -> fc_update_database: main.cld already up-to-date.

Fri Apr  3 17:43:41 2020 -> Current working dir is /var/lib/clamav/

Fri Apr  3 17:43:41 2020 -> check_for_new_database_version: Local copy of bytecode found: bytecode.cld.

Fri Apr  3 17:43:41 2020 -> query_remote_database_version: bytecode.cvd version from DNS: 331

Fri Apr  3 17:43:41 2020 -> bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Fri Apr  3 17:43:41 2020 -> fc_update_database: bytecode.cld already up-to-date.

Fri Apr  3 17:43:41 2020 -> --------------------------------------

```

Any clues here?

----------

## freke

Your dbs seems up-to-date? from my system

```
Apr  3 20:25:09 mail freshclam[3062]: Received signal: wake up

Apr  3 20:25:09 mail freshclam[3062]: ClamAV update process started at Fri Apr  3 20:25:09 2020

Apr  3 20:25:10 mail freshclam[3062]: daily database available for update (local version: 25770, remote version: 25771)

Apr  3 20:25:14 mail freshclam[3062]: Testing database: '/var/lib/clamav/tmp.cb2d3/clamav-1a7c83940b4f8e75dd7a91c55727b7e7.tmp-daily.cld' ...

Apr  3 20:25:41 mail freshclam[3062]: Database test passed.

Apr  3 20:25:41 mail freshclam[3062]: daily.cld updated (version: 25771, sigs: 2246353, f-level: 63, builder: raynman)

Apr  3 20:25:42 mail freshclam[3062]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr  3 20:25:42 mail freshclam[3062]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr  3 20:25:42 mail freshclam[3062]: Clamd successfully notified about the update.
```

Also - I guess portage would like to update your ClamAV?

Could something have changed - is

```
NotifyClamd /etc/clamd.conf
```

set in /etc/freshclam.conf?

----------

## Moriah

I updated clamav but still no new signatures are coming in.

Is there some setup/startup script I need to run after a new update?

I just did:

```

/etcinit.d/clamd stop

/etcinit.d/clamd start

```

to start the new version.

----------

## freke

If a simple restart loads the new DBs - then freshclam seems to do (most of) its stuff.

It seems like it's not notifying clamd of the DB-update though, is

```
# Send the RELOAD command to clamd.

# Default: no

NotifyClamd /etc/clamd.conf
```

set in /etc/freshclam.conf that should send the RELOAD command to clamd.

----------

## Moriah

Yes, it is.

I'm really puzzled by this.  Freshclam/clamd has been working on this system for literally years, but since March 29, 2020 it has not had a signature update.  I think a routine weekly update of the server system messed it up, but I don't know how, nor how to fix it.    :Evil or Very Mad: 

----------

## freke

You're sure it's freshclam/clamd not updating properly?

From the snippet you posted when restarting clamd *Quote:*   

> OK, I tried restarting clam. Here is what the log shows:
> 
> Code:
> 
> ```
> ...

 

Seems to be the correct numbers according to my logs for same period

```
Apr  3 20:25:09 mail freshclam[3062]: Received signal: wake up

Apr  3 20:25:09 mail freshclam[3062]: ClamAV update process started at Fri Apr  3 20:25:09 2020

Apr  3 20:25:10 mail freshclam[3062]: daily database available for update (local version: 25770, remote version: 25771)

Apr  3 20:25:14 mail freshclam[3062]: Testing database: '/var/lib/clamav/tmp.cb2d3/clamav-1a7c83940b4f8e75dd7a91c55727b7e7.tmp-daily.cld' ...

Apr  3 20:25:41 mail freshclam[3062]: Database test passed.

Apr  3 20:25:41 mail freshclam[3062]: daily.cld updated (version: 25771, sigs: 2246353, f-level: 63, builder: raynman)

Apr  3 20:25:42 mail freshclam[3062]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr  3 20:25:42 mail freshclam[3062]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr  3 20:25:42 mail freshclam[3062]: Clamd successfully notified about the update.
```

Could it be the monitoring code?

----------

## Moriah

The monitoring code it just a tail on the frershclam logfile, feeding into a bash script that generates a graph showing the size of any update as a histogram-like bar on a gnuplot generated graph.  Looking directly at the freshclam logfile shows that no updates have been received for several weeks.  The graph-generating script has not changed for years, and shows updates for the past 30 days, so it is obvious when things stopped working.

See:

http://www.elilabs.com/~rj/virus.html

to see the graphs.  The freshclam graph is the last on on the page.

----------

## ipic

Just to confirm that clam updates are still happening - this is from my log about two hours ago:

```
Apr 15 13:42:51 ian freshclam[2039]: Received signal: wake up

Apr 15 13:42:51 ian freshclam[2039]: ClamAV update process started at Wed Apr 15 13:42:51 2020

Apr 15 13:42:51 ian freshclam[2039]: Current working dir is /var/lib/clamav/

Apr 15 13:42:51 ian freshclam[2039]: Querying current.cvd.clamav.net

Apr 15 13:42:51 ian freshclam[2039]: TTL: 325

Apr 15 13:42:51 ian freshclam[2039]: fc_dns_query_update_info: Software version from DNS: 0.102.2

Apr 15 13:42:51 ian freshclam[2039]: Current working dir is /var/lib/clamav/

Apr 15 13:42:51 ian freshclam[2039]: check_for_new_database_version: Local copy of daily found: daily.cld.

Apr 15 13:42:51 ian freshclam[2039]: query_remote_database_version: daily.cvd version from DNS: 25783

Apr 15 13:42:51 ian freshclam[2039]: daily database available for update (local version: 25782, remote version: 25783)

Apr 15 13:42:57 ian freshclam[2039]: Retrieving https://database.clamav.net/daily-25783.cdiff

Apr 15 13:42:57 ian freshclam[2039]: downloadFile: Download source:      https://database.clamav.net/daily-25783.cdiff

Apr 15 13:42:57 ian freshclam[2039]: downloadFile: Download destination: ./clamav-9c4a8cca7a2b02a0510971aff38caa74.tmp

Apr 15 13:42:57 ian freshclam[2039]: cdiff_apply: Parsed 1641 lines and executed 1641 commands

Apr 15 13:42:59 ian freshclam[2039]: updatedb: Running g_cb_download_complete callback...

Apr 15 13:42:59 ian freshclam[2039]: download_complete_callback: Download complete for database : /var/lib/clamav/tmp.544bd/clamav-1ada2e22b2225580e2c5b8f7263a5146.tmp-daily.cld

Apr 15 13:42:59 ian freshclam[2039]: download_complete_callback:   fc_context->bTestDatabases   : 1

Apr 15 13:42:59 ian freshclam[2039]: download_complete_callback:   fc_context->bBytecodeEnabled : 1

Apr 15 13:42:59 ian freshclam[2039]: Testing database: '/var/lib/clamav/tmp.544bd/clamav-1ada2e22b2225580e2c5b8f7263a5146.tmp-daily.cld' ...

Apr 15 13:42:59 ian freshclam[3368]: Loading signatures from /var/lib/clamav/tmp.544bd/clamav-1ada2e22b2225580e2c5b8f7263a5146.tmp-daily.cld

Apr 15 13:43:05 ian freshclam[3368]: Properly loaded 2265707 signatures from /var/lib/clamav/tmp.544bd/clamav-1ada2e22b2225580e2c5b8f7263a5146.tmp-daily.cld

Apr 15 13:43:06 ian freshclam[2039]: Database test passed.

Apr 15 13:43:06 ian freshclam[2039]: daily.cld updated (version: 25783, sigs: 2265707, f-level: 63, builder: raynman)

Apr 15 13:43:06 ian freshclam[2039]: fc_update_database: daily.cld updated.

Apr 15 13:43:06 ian freshclam[2039]: Current working dir is /var/lib/clamav/

Apr 15 13:43:06 ian freshclam[2039]: check_for_new_database_version: Local copy of main found: main.cld.

Apr 15 13:43:06 ian freshclam[2039]: query_remote_database_version: main.cvd version from DNS: 59

Apr 15 13:43:06 ian freshclam[2039]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr 15 13:43:06 ian freshclam[2039]: fc_update_database: main.cld already up-to-date.

Apr 15 13:43:06 ian freshclam[2039]: Current working dir is /var/lib/clamav/

Apr 15 13:43:06 ian freshclam[2039]: check_for_new_database_version: Local copy of bytecode found: bytecode.cld.

Apr 15 13:43:06 ian freshclam[2039]: query_remote_database_version: bytecode.cvd version from DNS: 331

Apr 15 13:43:06 ian freshclam[2039]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr 15 13:43:06 ian freshclam[2039]: fc_update_database: bytecode.cld already up-to-date.

Apr 15 13:43:06 ian freshclam[2039]: Clamd successfully notified about the update.

Apr 15 13:43:06 ian freshclam[2039]: --------------------------------------

Apr 15 13:43:07 ian clamd[2031]: Reading databases from /var/lib/clamav

Apr 15 13:43:22 ian clamd[2031]: Database correctly reloaded (6820147 signatures)

Apr 15 13:53:22 ian clamd[2031]: SelfCheck: Database status OK.

```

As to getting it working - not very original but how about taking a copy of the  /etc/freshclam.conf file, then removing and reinstalling app-antivirus/clamav?

Then look at the difference between installed and saved config file.

----------

## Moriah

And this is mine:

```

eli ~ # head -n 1 /var/log/messages

Mar  1 03:19:07 eli syslog-ng[2873]: WARNING: Configuration file format is newer than the current version, please specify the current version number (3.17) in the @version directive. syslog-ng will operate at its highest supported version in this mode;

eli ~ # tail -n 1 /var/log/messages

Apr 15 10:18:15 eli sm-mta[23670]: 03FEIF8M023670: --- 220 eli.elilabs.com ESMTP Sendmail 8.15.2/8.14.4; Wed, 15 Apr 2020 10:18:15 -0400

eli ~ # grep freshclam /var/log/messages

Mar 29 22:46:06 eli start-stop-daemon[6938]: Will stop freshclam

Apr  3 17:43:08 eli start-stop-daemon[17042]: Will stop freshclam

Apr  3 17:43:09 eli kernel: freshclam (3147) used greatest stack depth: 3384 bytes left

Apr  6 13:13:34 eli start-stop-daemon[18234]: Will stop freshclam

Apr  6 13:16:15 eli start-stop-daemon[20308]: Will stop freshclam

eli ~ # 

```

/var/log/messages starts march 1 and runs up to today, 4/15

----------

## ipic

I have this setting for the database mirrors:

```
# database.clamav.net is now the primary domain name to be used world-wide.

# Now that CloudFlare is being used as our Content Delivery Network (CDN),

# this one domain name works world-wide to direct freshclam to the closest

# geographic endpoint.

# If the old db.XY.clamav.net domains are set, freshclam will automatically

# use database.clamav.net instead.

DatabaseMirror database.clamav.net

```

Yours the same?

Can you reach it?

----------

## ipic

From your log listing, the last "freshclam" message was a shutdown.

If it started, there should be something like

```
Apr 15 09:42:51 ian freshclam[2039]: freshclam daemon 0.102.2 (OS: linux-gnu, ARCH: i386, CPU: i586)
```

 after the last shutdown in there.

So, what is logged when you do

```
/etc/init.d/clamd stop

/etc/init.d/clamd start
```

 assuming you use OpenRC of course.

----------

## Moriah

OK, I set the database path as you suggested.  It was there already, but had the old path on a line before it.  Here's an excerpt from /etc/freshclam.conf

```

# Uncomment the following line and replace XY with your country

# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.

#DatabaseMirror db.US.clamav.net

# database.clamav.net is a round-robin record which points to our most 

# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is 

# not working. DO NOT TOUCH the following line unless you know what you

# are doing.

DatabaseMirror database.clamav.net

```

Here is an excerpt from freshclam.log the last time it worked:

```

Sat Mar 28 09:03:12 2020 -> --------------------------------------

Sat Mar 28 11:03:12 2020 -> Received signal: wake up

Sat Mar 28 11:03:12 2020 -> ClamAV update process started at Sat Mar 28 11:03:12 2020

Sat Mar 28 11:03:12 2020 -> Using IPv6 aware code

Sat Mar 28 11:03:12 2020 -> Max retries == 3

Sat Mar 28 11:03:12 2020 -> Querying current.cvd.clamav.net

Sat Mar 28 11:03:12 2020 -> TTL: 212

Sat Mar 28 11:03:12 2020 -> Software version from DNS: 0.102.2

Sat Mar 28 11:03:12 2020 -> WARNING: Your ClamAV installation is OUTDATED!

Sat Mar 28 11:03:12 2020 -> WARNING: Local version: 0.101.4 Recommended version: 0.102.2

Sat Mar 28 11:03:12 2020 -> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav

Sat Mar 28 11:03:12 2020 -> main.cvd version from DNS: 59

Sat Mar 28 11:03:12 2020 -> main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Sat Mar 28 11:03:12 2020 -> daily.cvd version from DNS: 25765

Sat Mar 28 11:03:12 2020 -> Retrieving http://db.US.clamav.net/daily-25765.cdiff

Sat Mar 28 11:03:13 2020 -> Trying to download http://db.US.clamav.net/daily-25765.cdiff (IP: 104.16.219.84)

Sat Mar 28 11:03:13 2020 -> Downloading daily-25765.cdiff [100%]

Sat Mar 28 11:03:13 2020 -> cdiff_apply: Parsed 953 lines and executed 953 commands

Sat Mar 28 11:03:13 2020 -> Loading signatures from daily.cld

Sat Mar 28 11:04:34 2020 -> Properly loaded 2240683 signatures from new daily.cld

Sat Mar 28 11:04:35 2020 -> daily.cld updated (version: 25765, sigs: 2240683, f-level: 63, builder: raynman)

Sat Mar 28 11:04:35 2020 -> Querying daily.25765.105.1.0.6810DB54.ping.clamav.net

Sat Mar 28 11:04:35 2020 -> Can't query daily.25765.105.1.0.6810DB54.ping.clamav.net

Sat Mar 28 11:04:35 2020 -> bytecode.cvd version from DNS: 331

Sat Mar 28 11:04:35 2020 -> bytecode.cld is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Sat Mar 28 11:04:38 2020 -> Database updated (6805679 signatures) from db.US.clamav.net (IP: 104.16.219.84)

Sat Mar 28 11:04:38 2020 -> Clamd successfully notified about the update.

Sat Mar 28 11:04:38 2020 -> --------------------------------------

```

And here is the latest failed attempt to update:

```

Wed Apr 15 09:24:15 2020 -> --------------------------------------

Wed Apr 15 11:24:15 2020 -> Received signal: wake up

Wed Apr 15 11:24:15 2020 -> ClamAV update process started at Wed Apr 15 11:24:15 2020

Wed Apr 15 11:24:15 2020 -> Current working dir is /var/lib/clamav/

Wed Apr 15 11:24:15 2020 -> Querying current.cvd.clamav.net

Wed Apr 15 11:24:15 2020 -> TTL: 1133

Wed Apr 15 11:24:15 2020 -> fc_dns_query_update_info: Software version from DNS: 0.102.2

Wed Apr 15 11:24:15 2020 -> Current working dir is /var/lib/clamav/

Wed Apr 15 11:24:15 2020 -> check_for_new_database_version: Local copy of daily found: daily.cld.

Wed Apr 15 11:24:15 2020 -> query_remote_database_version: daily.cvd version from DNS: 25783

Wed Apr 15 11:24:15 2020 -> daily.cld database is up to date (version: 25783, sigs: 2265707, f-level: 63, builder: raynman)

Wed Apr 15 11:24:15 2020 -> fc_update_database: daily.cld already up-to-date.

Wed Apr 15 11:24:15 2020 -> Current working dir is /var/lib/clamav/

Wed Apr 15 11:24:15 2020 -> check_for_new_database_version: Local copy of main found: main.cld.

Wed Apr 15 11:24:15 2020 -> query_remote_database_version: main.cvd version from DNS: 59

Wed Apr 15 11:24:15 2020 -> main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Wed Apr 15 11:24:15 2020 -> fc_update_database: main.cld already up-to-date.

Wed Apr 15 11:24:15 2020 -> Current working dir is /var/lib/clamav/

Wed Apr 15 11:24:15 2020 -> check_for_new_database_version: Local copy of bytecode found: bytecode.cld.

Wed Apr 15 11:24:15 2020 -> query_remote_database_version: bytecode.cvd version from DNS: 331

Wed Apr 15 11:24:15 2020 -> bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Wed Apr 15 11:24:15 2020 -> fc_update_database: bytecode.cld already up-to-date.

Wed Apr 15 11:24:15 2020 -> --------------------------------------

```

It looks like the newer version of freshclam is issueing some different log messages...   :Shocked: 

I'm beginning to think /etc/freshclam.conf maybe got updated the wrong way or something.  I'll have to look at what it was on 3/28 and compare that with what is there now.  Luckily, I have a backup server that runs every night, so I can easily get the old version of the file.    :Very Happy: 

----------

## freke

 *Moriah wrote:*   

> OK, I set the database path as you suggested.  It was there already, but had the old path on a line before it.  Here's an excerpt from /etc/freshclam.conf
> 
> ```
> 
> # Uncomment the following line and replace XY with your country
> ...

 

Again this seems to indicate that your daily.cld WAS updated?

Yours currently holds 2265707 signatures (version 25783) - which according to my logs was updated to that number today 15/4?

```
Apr 15 13:52:39 mail freshclam[19839]: Received signal: wake up

Apr 15 13:52:39 mail freshclam[19839]: ClamAV update process started at Wed Apr 15 13:52:39 2020

Apr 15 13:52:42 mail freshclam[19839]: daily.cld database is up to date (version: 25782, sigs: 2264082, f-level: 63, builder: raynman)

Apr 15 13:52:42 mail freshclam[19839]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr 15 13:52:42 mail freshclam[19839]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr 15 13:52:42 mail freshclam[19839]: --------------------------------------

Apr 15 15:52:42 mail freshclam[19839]: Received signal: wake up

Apr 15 15:52:42 mail freshclam[19839]: ClamAV update process started at Wed Apr 15 15:52:42 2020

Apr 15 15:52:43 mail freshclam[19839]: daily database available for update (local version: 25782, remote version: 25783)

Apr 15 15:52:46 mail freshclam[19839]: Testing database: '/var/lib/clamav/tmp.c76c0/clamav-b90da8ce169dab56cd9256c0460e61fb.tmp-daily.cld' ...

Apr 15 15:53:14 mail freshclam[19839]: Database test passed.

Apr 15 15:53:14 mail freshclam[19839]: daily.cld updated (version: 25783, sigs: 2265707, f-level: 63, builder: raynman)

Apr 15 15:53:14 mail freshclam[19839]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr 15 15:53:14 mail freshclam[19839]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)

Apr 15 15:53:14 mail freshclam[19839]: Clamd successfully notified about the update.

Apr 15 15:53:14 mail freshclam[19839]: --------------------------------------

Apr 15 17:53:14 mail freshclam[19839]: Received signal: wake up

Apr 15 17:53:14 mail freshclam[19839]: ClamAV update process started at Wed Apr 15 17:53:14 2020

Apr 15 17:53:15 mail freshclam[19839]: daily.cld database is up to date (version: 25783, sigs: 2265707, f-level: 63, builder: raynman)

Apr 15 17:53:15 mail freshclam[19839]: main.cld database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)

Apr 15 17:53:15 mail freshclam[19839]: bytecode.cld database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
```

----------

## Moriah

So what you have shown is that the freshclam process now logs different stuff, or at least expressed differently, into its log file, compared to what it did before my update of March 28.  This means that my script that extracts data from the freshclam log file needs to change, which means that it will no longer show the old updates properly, only the new ones.

OK, I can live with that, but why on earth would they totally rewrite the way these log messages appear in the log?  I'm expect that I am not the only one to get bit by this.    :Evil or Very Mad: 

Well, at least I feel better that my signatures have been updating all along after all.

----------

## Moriah

OK, I modified the way I extract the data from the freshclam log file, and now its looking much better.

Thanks everybody for all the help!    :Very Happy: 

----------

## Hu

Unless otherwise documented as stable, log messages are usually intended for human consumption, and humans don't mind a bit of variation as long as the key facts are still shown.  It's nice when the logs are machine readable, but if they were meant to be machine readable, they really ought to come in a structured format (json, yaml, etc.).

----------

## Moriah

I know.  I've had similar experiences when I scrape web pages with a script.  The script will work for years, then somebody "has a better idea", and changes the layout to make it "look nicer".  Oh well, its their web page, log message, etc.  That's why we have software maintanence.  It's not to clean the bird droppings and fingerprints off the code; its to adapt to changes other people make.  Sometimes its coding changes we have to adapt to.  Sometimes its input data changes.  Sometimes its legal or regulatory changes. Sometimes we have to move to new hardware, or a different compiler, or even a different programming language. 

Oh well, it all pays the same rate.    :Confused: 

----------

