Bug #14108


Antivirus Bases showing outdated main.cvd with a version dated year 2021

Added by Jonathan Lee 3 months ago. Updated 2 days ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:


Per ClamAV's website:
"ClamAV signatures come in a variety of formats, one for each of the distinct detection methods that the ClamAV file scanning engine supports. ClamAV also uses the ClamAV Virus Database (CVD) file format, which serves as a container for the compressed and digitally-signed official signature sets that power ClamAV — daily.cvd, main.cvd, and bytecode.cvd. Each signature set serves a different purpose:

bytecode.cvd contains all compiled bytecode signatures evaluated by the bytecode interpreter engine
daily.cvd contains signatures for the latest threats (updated daily)
main.cvd contains signatures previously in daily.cvd that have shown to have a low false-positive risk."

The main.cvd is not replacing itself with a updated version.

Squid ClamAV is not updating the main.cvd and is listing 2021 version

Squid Version 5.7
Antivirus Scanner ClamAV 0.105.1_1,1 C-ICAP 0.5.10,2 + SquidClamav 7.2
Antivirus Bases
Database Date Version Builder
daily.cld 2023.03.14 26841 raynman
bytecode.cvd 2023.02.22 334 anvilleg
main.cvd 2021.09.16 62 sigmgr
Last Update Tue Mar 14 00:22:56 2023
Statistics Found 124 virus(es) total.

Please see attached ClamAV is functional again main is not updating with prior daily.cvd


Screenshot 2023-03-14 at 8.50.09 AM.png (101 KB) Screenshot 2023-03-14 at 8.50.09 AM.png Antivirus base date issue Jonathan Lee, 03/14/2023 10:50 AM
Screenshot 2023-03-14 at 8.51.44 AM.png (744 KB) Screenshot 2023-03-14 at 8.51.44 AM.png ClamAV is functional on system with HTTPS intercept enabled Jonathan Lee, 03/14/2023 10:52 AM
Screenshot 2023-03-14 at 8.53.14 AM.png (125 KB) Screenshot 2023-03-14 at 8.53.14 AM.png Live Test Virus Caught Jonathan Lee, 03/14/2023 10:53 AM
Actions #1

Updated by Kris Phillips about 2 months ago

  • Status changed from New to Confirmed
  • Affected Architecture All added
  • Affected Architecture deleted (SG-2100)

This doesn't appear to be a bug with the file not being downloaded. The file at matches in size to what the clamav freshclam process downloads, so it's definitely pulling the correct file. I suspect that the date format information in the Dashboard widget is incorrect for some reason. I can confirm the behavior of the widget, though. Appears to be entirely cosmetic.

Actions #2

Updated by Kris Phillips 2 days ago

  • Affected Plus Version changed from 23.01 to 23.05

Tested on 23.05-RELEASE and this issue is still present.


Also available in: Atom PDF