Forum Discussion

Apprentice

Feb 07, 2021

freshclam AV stops updating on my ReadyNAS

For some reason that I have not figured out on my ReadyNAS 314 ClamAV stops automatically updating. If I reboot the ReadyNAS it will update for a few days then stop updating If I ssh to root and...

StephenB

Guru - Experienced User

Feb 24, 2021

scrjs wrote:

Netgear are asking for logs, however we have always seens that this failure occurs without any notification so log collection before rotation is difficult.

Thoughts...

They are apparently actively working on a hot fix, so perhaps you should just restart the service manually if you see it fails again.

How quickly are your logs rotating? (journalctl will tell you the oldest log entry, since by default it lists the oldest first).

scrjs

Apprentice

Feb 24, 2021

Hi StephenB

StephenB wrote:
scrjs wrote:
Netgear are asking for logs, however we have always seens that this failure occurs without any notification so log collection before rotation is difficult.

Thoughts...

They are apparently actively working on a hot fix, so perhaps you should just restart the service manually if you see it fails again.

How quickly are your logs rotating? (journalctl will tell you the oldest log entry, since by default it lists the oldest first).

Yes I was aware Netgear are working on a Hotfix so you suggestion makes sense.

I just ran journalctl and currently it suggests

-- Logs begin at Mon 2021-02-22 21:30:50 AEDT, end at Wed 2021-02-24 22:13:22 AEDT. --

The begin date is just after a boot of the NAS so they have not yet rotated.

Just checked systemctl status clamav-freshclam.service which continues to run as noted below

root@xxxxxReadyNAS:~# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
   Active: inactive (dead) since Wed 2021-02-24 08:24:18 AEDT; 4h 51min ago
  Process: 5693 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=0/SUCCESS)
 Main PID: 5693 (code=exited, status=0/SUCCESS)

Feb 24 08:22:40 xxxxxReadyNAS systemd[1]: Starting ClamAV virus database updater...
Feb 24 08:22:44 xxxxxReadyNAS freshclam[5693]: ClamAV update process started at Wed Feb 24 08:22:44 2021
Feb 24 08:22:44 xxxxxReadyNAS freshclam[5693]: main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Feb 24 08:22:46 xxxxxReadyNAS freshclam[5693]: Downloading daily-26089.cdiff [100%]
Feb 24 08:24:03 xxxxxReadyNAS freshclam[5693]: daily.cld updated (version: 26089, sigs: 4000162, f-level: 63, builder: raynman)
Feb 24 08:24:09 xxxxxReadyNAS freshclam[5693]: Can't query daily.26089.93.1.0.6810DA54.ping.clamav.net
Feb 24 08:24:09 xxxxxReadyNAS freshclam[5693]: bytecode.cld is up to date (version: 332, sigs: 93, f-level: 63, builder: awillia2)
Feb 24 08:24:17 xxxxxReadyNAS freshclam[5693]: Database updated (8565157 signatures) from database.clamav.net (IP: 104.16.218.84)
Feb 24 08:24:17 xxxxxReadyNAS freshclam[5693]: Clamd successfully notified about the update.
Feb 24 08:24:18 xxxxxReadyNAS systemd[1]: Started ClamAV virus database updater.

I hope the hotfix will be available soon...

StephenB
Guru - Experienced User
Feb 24, 2021
scrjs wrote:

Hi StephenB

I just ran journalctl and currently it suggests

-- Logs begin at Mon 2021-02-22 21:30:50 AEDT, end at Wed 2021-02-24 22:13:22 AEDT. --

The begin date is just after a boot of the NAS so they have not yet rotated.

The journal doesn't start fresh when the NAS reboots. 2 days isn't much retention, my main NAS goes back about a month.

Have you enabled the audit service? Just wondering what is generating so many log entries.
scrjs
Apprentice
Feb 24, 2021
Hi StephenB
StephenB wrote:
scrjs wrote:
Hi StephenB
I just ran journalctl and currently it suggests
-- Logs begin at Mon 2021-02-22 21:30:50 AEDT, end at Wed 2021-02-24 22:13:22 AEDT. --
The begin date is just after a boot of the NAS so they have not yet rotated.
The journal doesn't start fresh when the NAS reboots. 2 days isn't much retention, my main NAS goes back about a month.

Have you enabled the audit service? Just wondering what is generating so many log entries.
I have NOT enabled the Audit Service. What can I check?
StephenB
Guru - Experienced User
Feb 24, 2021
scrjs wrote: I have NOT enabled the Audit Service. What can I check?

Maybe just scroll through a few screens worth of journalctl entries, and see if anything seems to be flooding the logs.

FWIW, I generally see about ~700 log entries per day. But of course this will vary, depending on how your NAS is configured and how it is used. So the low retention doesn't necessarily mean anything is wrong - it just seems to me that your system is doing a lot of logging.

You can count the number of entries for a specific day:

root@NAS:~# journalctl --no-pager | grep "Feb 19" | wc 701 8685 61460

The first entry is the number of lines that go through the grep filter - so there were 701 entries in my main NAS dated Feb 19.

You can also count them for a specific hour by simply changing the filter a bit.

root@NAS:~# journalctl --no-pager | grep "Feb 19 23:" | wc 34 419 3132

So my system logged 34 entries between Feb 19 23:00:00 and Feb 19 23:59:59
scrjs
Apprentice
Feb 24, 2021
Hi StephenB
Thanks for the education! I am not proficient with Unix OS
StephenB wrote:
scrjs wrote: I have NOT enabled the Audit Service. What can I check?
Maybe just scroll through a few screens worth of journalctl entries, and see if anything seems to be flooding the logs.

FWIW, I generally see about ~700 log entries per day. But of course this will vary, depending on how your NAS is configured and how it is used. So the low retention doesn't necessarily mean anything is wrong - it just seems to me that your system is doing a lot of logging.

You can count the number of entries for a specific day:
root@NAS:~# journalctl --no-pager | grep "Feb 19" | wc 701 8685 61460
The first entry is the number of lines that go through the grep filter - so there were 701 entries in my main NAS dated Feb 19.

You can also count them for a specific hour by simply changing the filter a bit.
root@NAS:~# journalctl --no-pager | grep "Feb 19 23:" | wc 34 419 3132
So my system logged 34 entries between Feb 19 23:00:00 and Feb 19 23:59:59

In my case I am logging a bit more then you +300 per day and +20 per hour
root@xxxxxReadyNAS:~# journalctl --no-pager | grep "Feb 23" | wc 1085 11442 94861 root@xxxxxReadyNAS:~# journalctl --no-pager | grep "Feb 23 10:" | wc 51 530 4505
Looks like my Windows FileHistory is creating the extra entries for some Apple MobileSync. Not critical but extra logging
Feb 22 21:30:50 xxxxxReadyNAS tracker-miner-fs[2731]: (tracker-miner-fs:2731): Tracker-CRITICAL **: (Sparql buffer) Error in task 2 (file:///data/Backup/FileHist-T590/scrjs/xxxxxxxxxx-T590/Data/C/Users/scrjs/Apple/MobileSync/Backup/097 38580e54d9155c885c64d0eb6853c06fdaaf6/06/06b60848b6afef08d879bf24afe5855bb7fd0d44%20(2020_08_12%2001_26_35%20UTC)) of the array-update: UNIQUE constraint failed: nie:DataObject.nie:url (strerror of errno (not necessarily related): Reso urce temporarily unavailable) Feb 22 21:30:50 xxxxxReadyNAS tracker-miner-fs[2731]: (tracker-miner-fs:2731): Tracker-CRITICAL **: Could not execute sparql: UNIQUE constraint failed: nie:DataObject.nie:url (strerror of errno (not necessarily related): Resource tempo rarily unavailable)
Thanks again for the tip!

scrjs

Apprentice

Mar 01, 2021

Hi StephenB

FWIW AV My NAS has been updaing AV successfully for 7 days after the restart after failure command systemctl start clamav-freshclam.service

root@xxxxxReadyNAS:~# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
   Active: inactive (dead) since Tue 2021-03-02 08:31:18 AEDT; 6h ago
  Process: 12506 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=0/SUCCESS)
 Main PID: 12506 (code=exited, status=0/SUCCESS)

Mar 02 08:27:34 xxxxxReadyNAS systemd[1]: Starting ClamAV virus database updater...
Mar 02 08:27:35 xxxxxReadyNAS freshclam[12506]: ClamAV update process started at Tue Mar  2 08:27:35 2021
Mar 02 08:27:36 xxxxxReadyNAS freshclam[12506]: main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Mar 02 08:27:40 xxxxxReadyNAS freshclam[12506]: Downloading daily-26095.cdiff [100%]
Mar 02 08:30:36 xxxxxReadyNAS freshclam[12506]: daily.cld updated (version: 26095, sigs: 3956535, f-level: 63, builder: raynman)
Mar 02 08:30:43 xxxxxReadyNAS freshclam[12506]: Can't query daily.26095.93.1.0.6810DB54.ping.clamav.net
Mar 02 08:30:43 xxxxxReadyNAS freshclam[12506]: bytecode.cld is up to date (version: 332, sigs: 93, f-level: 63, builder: awillia2)
Mar 02 08:31:14 xxxxxReadyNAS freshclam[12506]: Database updated (8521530 signatures) from database.clamav.net (IP: 104.16.219.84)
Mar 02 08:31:15 xxxxxReadyNAS freshclam[12506]: Clamd successfully notified about the update.
Mar 02 08:31:18 xxxxxReadyNAS systemd[1]: Started ClamAV virus database updater.

StephenB
Guru - Experienced User
Mar 02, 2021
scrjs wrote:
FWIW AV My NAS has been updaing AV successfully for 7 days after the restart after failure command systemctl start clamav-freshclam.service

Thx for updating us. Netgear says they are still working on the hotfix (no idea why it's taken that long).
scrjs
Apprentice
Mar 04, 2021
Hi StephenB
The hotfix automatically applied to my ReadyNAS as noted in the Logs presented in the User Interface where I now see (in timezone AEDT)

Mar 04, 2021 05:08:47 PM

System: A hotfix was applied to your system (6.10.4 Hotfix 1).

Prior to the application of the Hotfix my AV was updating as indicated in my revious update
StephenB wrote:
scrjs wrote:
FWIW AV My NAS has been updaing AV successfully for 7 days after the restart after failure command systemctl start clamav-freshclam.service
Thx for updating us. Netgear says they are still working on the hotfix (no idea why it's taken that long).