1

Topic: problem with ClamAV

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.0
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: ubuntu 20
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): pgsql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

Recently I started receiving such log info in my email "Logwatch for admin (linux)".
Is there a recommended things I should do with clamav installation?

--------------------- clam-update Begin ------------------------


Last ClamAV update process started at Sat May 21 23:42:18 2022

Last Status:
    WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
    This means that you have been rate limited or blocked by the CDN.
     1. Verify that you're running a supported ClamAV version.
        See https_//docs.clamav.net/faq/faq-eol.html for details.
     2. Run FreshClam no more than once an hour to check for updates.
        FreshClam should check DNS first to see if an update is needed.
     3. If you have more than 10 hosts on your network attempting to download,
        it is recommended that you set up a private mirror on your network using
        cvdupdate (https_//pypi.org/project/cvdupdate/) to save bandwidth on the
        CDN and your own network.
     4. Please do not open a ticket asking for an exemption from the rate limit,
        it will not be granted.
    WARNING: You are still on cool-down until after: 2022-05-22 02:54:29

---------------------- clam-update End -------------------------

greets!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team.

2

Re: problem with ClamAV

Hello - info update. Today message from ClamAV in logwatch email is this:

--------------------- clam-update Begin ------------------------


Last ClamAV update process started at Mon May 23 23:01:09 2022

Last Status:
    WARNING: DNS record is older than 3 hours.
    Trying to retrieve CVD header from https_//database.clamav.net/daily.cvd
    daily.cld database is up-to-date (version: 26550, sigs: 1984558, f-level: 90, builder: raynman)
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    ERROR: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    WARNING: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    Trying to retrieve CVD header from https_//database.clamav.net/main.cvd
    ERROR: remote_cvdhead: Malformed CVD header (too short)
    WARNING: Failed to get main database version information from server: https_//database.clamav.net
    ERROR: check_for_new_database_version: Failed to find main database using server https_//database.clamav.net.
    ERROR: Update failed for database: main
    ERROR: Database update process failed: HTTP GET failed
    ERROR: Update failed.

---------------------- clam-update End -------------------------


Is there something I can/should do?

3

Re: problem with ClamAV

Below is the content of today email. Seems it healed itself. Am I right?



--------------------- clam-update Begin ------------------------


Last ClamAV update process started at Tue May 24 23:01:49 2022

Last Status:
    WARNING: Cool-down expired, ok to try again.
    daily database available for update (local version: 26550, remote version: 26551)
    Testing database: '/var/lib/clamav/tmp.1e79ce318b/clamav-7db52aa7f599d6b14ffcb679b3a1ca9a.tmp-daily.cld' ...
    Database test passed.
    daily.cld updated (version: 26551, sigs: 1984562, f-level: 90, builder: raynman)
    main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
    bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
    Clamd successfully notified about the update.

---------------------- clam-update End -------------------------

4

Re: problem with ClamAV

This is the event from today email:

--------------------- clam-update Begin ------------------------


Last ClamAV update process started at Thu May 26 23:02:47 2022

Last Status:
    WARNING: FreshClam previously received error code 429 or 403 from the ClamAV Content Delivery Network (CDN).
    This means that you have been rate limited or blocked by the CDN.
     1. Verify that you're running a supported ClamAV version.
        See https_//docs.clamav.net/faq/faq-eol.html for details.
     2. Run FreshClam no more than once an hour to check for updates.
        FreshClam should check DNS first to see if an update is needed.
     3. If you have more than 10 hosts on your network attempting to download,
        it is recommended that you set up a private mirror on your network using
        cvdupdate (https_//pypi.org/project/cvdupdate/) to save bandwidth on the
        CDN and your own network.
     4. Please do not open a ticket asking for an exemption from the rate limit,
        it will not be granted.
    WARNING: You are still on cool-down until after: 2022-05-27 01:02:32

---------------------- clam-update End -------------------------


May I ask if anyone experienced similar behaviour?

5

Re: problem with ClamAV

Clearly mentioned in the message, "rate limit".

6

Re: problem with ClamAV

ZhangHuangbin wrote:

Clearly mentioned in the message, "rate limit".

Thanks for your reply. Seems like that, because since a few days, there's no such messages. Interesting, that they appeared at all, without any abnormal email activities from me.