Bug #14108
closed
Antivirus Bases showing outdated main.cvd with a version dated year 2021
0%
Description
Per ClamAV's website:
"ClamAV signatures come in a variety of formats, one for each of the distinct detection methods that the ClamAV file scanning engine supports. ClamAV also uses the ClamAV Virus Database (CVD) file format, which serves as a container for the compressed and digitally-signed official signature sets that power ClamAV — daily.cvd, main.cvd, and bytecode.cvd. Each signature set serves a different purpose:
bytecode.cvd contains all compiled bytecode signatures evaluated by the bytecode interpreter engine
daily.cvd contains signatures for the latest threats (updated daily)
main.cvd contains signatures previously in daily.cvd that have shown to have a low false-positive risk."
The main.cvd is not replacing itself with a updated version.
Squid ClamAV is not updating the main.cvd and is listing 2021 version
Squid Version 5.7
Antivirus Scanner ClamAV 0.105.1_1,1 C-ICAP 0.5.10,2 + SquidClamav 7.2
Antivirus Bases
Database Date Version Builder
daily.cld 2023.03.14 26841 raynman
bytecode.cvd 2023.02.22 334 anvilleg
main.cvd 2021.09.16 62 sigmgr
Last Update Tue Mar 14 00:22:56 2023
Statistics Found 124 virus(es) total.
Please see attached ClamAV is functional again main is not updating with prior daily.cvd
Files
| Screenshot 2023-03-14 at 8.50.09 AM.png (101 KB) Screenshot 2023-03-14 at 8.50.09 AM.png | Antivirus base date issue | ||
| Screenshot 2023-03-14 at 8.51.44 AM.png (744 KB) Screenshot 2023-03-14 at 8.51.44 AM.png | ClamAV is functional on system with HTTPS intercept enabled | ||
| Screenshot 2023-03-14 at 8.53.14 AM.png (125 KB) Screenshot 2023-03-14 at 8.53.14 AM.png | Live Test Virus Caught | ||
| Antivirus Bases showing outdated maincvd with a version dated year 2021.pdf (46.2 KB) Antivirus Bases showing outdated maincvd with a version dated year 2021.pdf | CLAM AV Confirmed Not a BUG |
Updated by Kris Phillips about 1 year ago
- Status changed from New to Confirmed
- Affected Architecture All added
- Affected Architecture deleted (
SG-2100)
This doesn't appear to be a bug with the file not being downloaded. The file at http://database.clamav.net/main.cvd matches in size to what the clamav freshclam process downloads, so it's definitely pulling the correct file. I suspect that the date format information in the Dashboard widget is incorrect for some reason. I can confirm the behavior of the widget, though. Appears to be entirely cosmetic.
Updated by Kris Phillips 11 months ago
- Affected Plus Version changed from 23.01 to 23.05
Tested on 23.05-RELEASE and this issue is still present.
Updated by Jonathan Lee 10 months ago
@Kris Phillips
Thanks for looking into this
Updated by Jonathan Lee 8 months ago
https://bugs.squid-cache.org/show_bug.cgi?id=5297
Bug zilla ticket also open for Squid side for more visibility of issue.
Updated by Amos Jeffries 8 months ago
From Squid and indirectly also c-icap upstream(s):
Neither Squid nor c-icap have anything to do with the ClamAV databases. That is all part of the ClamAV and/or its system integration. We agree with Kris Phillips initial suspicion.
Updated by Jim Pingle 8 months ago
- Status changed from Confirmed to Rejected
2021 is the most recent main.cvd/main.cld file from ClamAV directly. The daily file gets updated more regularly.
From a non-pfSense box fetching the databases results in the same date.
file main.cld main.cld: Clam AntiVirus database (with buildtime), 16 Sep 2021 08-32 -0400, version 62, 6647427 signatures, level 90, builder sigmgr, with tar archive (V7), file COPYING, size 43110
Updated by Jonathan Lee 8 months ago
- File Antivirus Bases showing outdated maincvd with a version dated year 2021.pdf Antivirus Bases showing outdated maincvd with a version dated year 2021.pdf added
Also confirmed via Andrew C. Aitchison of ClamAV users support email system.
"It is a very big file and stores the definitions that do not change very often.
daily.cld (or daily.cvd depending how it reaches your machine) contains the latest updates." ...
"Per developer investigation this is the newest file available for main.cvd."
Thank you for looking into this.