NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Antivirus scanner definition file update failed
ReadyNAS 212 OSversion 6.10.3 Since a couple of days (starting July 5th) my virus definition file update failes.. stating check internet-connection ; my internet connection is fine because the rea...
I kept getting errors while executing command: 'systemctl status clamav-freshclam.service' ; see below
root@Geldrop:~# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2020-12-23 14:33:45 CET; 15s ago
Process: 6263 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=1/FAILURE)
Main PID: 6263 (code=exited, status=1/FAILURE)Dec 23 14:33:45 Geldrop systemd[1]: Starting ClamAV virus database updater...
Dec 23 14:33:45 Geldrop freshclam[6263]: ClamAV update process started at Wed Dec 23 14:33:45 2020
Dec 23 14:33:45 Geldrop freshclam[6263]: main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Dec 23 14:33:45 Geldrop freshclam[6263]: daily.cld is up to date (version: 26026, sigs: 4328586, f-level: 63, builder: raynman)
Dec 23 14:33:45 Geldrop freshclam[6263]: bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Dec 23 14:33:45 Geldrop systemd[1]: clamav-freshclam.service: Main process exited, code=exited, status=1/FAILURE
Dec 23 14:33:45 Geldrop systemd[1]: Failed to start ClamAV virus database updater.
Dec 23 14:33:45 Geldrop systemd[1]: clamav-freshclam.service: Unit entered failed state.
Dec 23 14:33:45 Geldrop systemd[1]: clamav-freshclam.service: Failed with result 'exit-code'.The following I did after reading the following web-page (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972974):
stopping clamav: 'systemctl stop clamav-daemon'stopping clamav freshclam: 'systemctl stop clamav-freshclam'
adjusting member 'usr.bin.freshclam' in dir: /etc/apparmor.d ; adding 'capability dac_override,' and 'capability chown,'
capability setgid,
capability setuid,
capability dac_override,
capability chown,removing all file from dir: '/var/lib/clamav' (bytecode ; daily ; main ; mirrors ; antivir)
starting clamav : 'systemctl start clamav-daemon'
starting clamav freshclam: 'systemctl start clamav-freshclam'
starting 'clamav freshclam' takes a while (about 2 minutes, I guess) and afterwards it looks like the normal databased-updater is working again.... lets see what happens the coming days...
regards
I would like to echo the previous poster's query. It is very nearly six months since this issue arose and despite various assurances on this thread that the problem is being investigated, there has been no update to fix it.
I am running Firmware version 6.10.3.
I don't have any information on a fix from Netgear or the anti-virus vendor, but I can confirm that both my RN214 are reliably updating the database daily without any manual intervention. One other possible set up issue network bonding. You should consider how your adapters were set up before the bond was created. I've found that occasionally when I've destroyed a bond and looked at the adapters separately, the setups are different. If you have one NAS that's working and another that's not, and you're using bonding, destroy the bond and check that the set ups are identical before creating the bond again.
Thanks for the info. I'm not actually sure what network bonding is, let alone how to do it, so I doubt that I've been using it.
The fact is that (AFAICR) the error just started happening about the same time as the first posts appeared in this Topic. My Router setup has been pretty static since I bought it around 2-3 years ago.
i finally got it working again. turned on/off my virusscanner a few times, update the virus definition manually and then it start working again. also turned off all what i don't need or i don't use. Looks like some kind of resource issues?
I've just tried that. First I disabled Antivirus in the Admin Control Panel. Then I SSHd in and performed the manual update. This worked, but I got a message to say that Clamd had not been informed because the directory was missing. I then went back to the Admin Control Panel where I noted a Banner telling me that the Antivirus definitions had been updated. I then re-enabled Antivirus.
I'll be interested to see if I get the Alert tomorrow.
fingers crossed. Hope you also check all other services and turn off the once you don't need?
Yes. I've turned off just about everything!
If this works, I'll turn them back on again one at a time to see if I can establish the problem.
I'm afraid that work-around didn't work. :smileysad: I'm afraid that I'm still getting daily emails to alert me to the failure of the virus signature updates.
did you checked your apps running? turning services off is one thing but i also checked my apps installed and turned most of them (so not all) off. Hope this helps?
I'm not running any Apps. I have SMB Plus and Transmission NT installed, but they have been disabled for years.
I have also noticed the AntiVirus update failure on a ReadyNAS 314 device and I only noticed this because I have just deployed a Server 2019 test machine on my network and it has immediately picked up a number of infections. Anyway, I noticed that there is a release note for firmware 6.10.4 (6.10.3 currently installed) but no automatic update as of yet.
https://kb.netgear.com/000062588/ReadyNAS-OS-6-Software-Version-6-10-4
Netgear any news on when this will be released and whether it resolves the AV update issue??
For those with applicable devices the 6.10.4 manual firmware update can be found here.
https://www.netgear.com/support/product/ReadyNAS_OS_6.aspx#Software%20Version%206.10.4%20(x86)
I see nothing in the list of bugfixes that appears to relate to this issue. There is a vague reference to fixing security issues, but no explanation of what they were.
I think I'll wait for the auto roll-out.
Yep security issue vague, would be good if they actually point to an advisory and only takes a minute.
Ok, I've manually set my primary DNS to google rather that the dynamically assigned OpenDNS and about 15 minutes later it updated to the latest DAT of its own accord despite stopping and restarting the service.
Antivirus scanner definition file was updated to 59.26011
System: Firmware was upgraded to 6.10.4... manually updated without issue, yet.
Cheers
Just to add, I also removed Plex as wasn't using this.
JTR1971 wrote:
Ok, I've manually set my primary DNS to google rather that the dynamically assigned OpenDNS and about 15 minutes later it updated to the latest DAT of its own accord despite stopping and restarting the service.I'm a bit confused as to what you mean here. Where was your primary DNS Set? Somewhere in the ReadyNAS Setings or in your Router?
I'm afraid I don't quite see what changing the DNS Server identity has to do with getting an antivirus update. What have I missed?
The DNS configuration is in the settings of the network adapter
TerryJColes wrote:
JTR1971 wrote:
Ok, I've manually set my primary DNS to google rather that the dynamically assigned OpenDNS and about 15 minutes later it updated to the latest DAT of its own accord despite stopping and restarting the service.I'm a bit confused as to what you mean here. Where was your primary DNS Set? Somewhere in the ReadyNAS Setings or in your Router?
I'm afraid I don't quite see what changing the DNS Server identity has to do with getting an antivirus update. What have I missed?
via the "network" tab.I am assuming the DAT files are updated by resolving a hostname rather than an ip address, therefore it could be that my primary and secondary openDNS servers (used for familyshield) were either blocking the request to update or just couldn't resolve the name for some reason.
JTR1971 wrote:
The DNS configuration is in the settings of the network adapter
... via the "network" tab.
I am assuming the DAT files are updated by resolving a hostname rather than an ip address, therefore it could be that my primary and secondary openDNS servers (used for familyshield) were either blocking the request to update or just couldn't resolve the name for some reason.
Yes, the AV updates do require resolving ClamAV server hostnames, and if DNS can't resolve those names the process will fail.
Though many folks here have found that the updates work if they do them manually via ssh (or schedule them directly with cron jobs) - so while DNS could be part of the story for some people, it's not the cause for most.
FWIW, I haven't run into this issue myself - testing it on an RN202 with SMB Plus and Plex installed.
OK. Thanks.
The DNS setting in my RN212 points to my Netgear D7800 Router which in turn is set to 'Get Automatically from ISP'. The thing is that these settings have been in place for at least two years now, so I'm a bit confused as to why this would all go belly up in June.
Notwithstanding that, I've just changed the DNS Setting to Google's server. I'll be interested to see if the error pops up later this morning.
Bad news - a manual update to the latest firmware and still getting the failed to download latest AV definitions error message. Looks like this issue is still not fixed 😒
And same error message after changing to Google dns servers.
Changing the DNS didn't work for me either.
Thanks for this info.
It sounds like this has affected a number of people and has yet to be resolved.
I'm wondering what the mechanism is that triggers the daily update task and whether there is the option to modify the log reporting level somewhere to provide more detail temporarily.
That's not good at all, sorry to hear that.
This gets worse. over the last few months I have run freshclam once a week and all has been well. I tried it several times yesterday and again today and it fails. See the error below. I am getting to the stage where with christmas just around the corner and watching people on Youtube setting up and using other NAS boxes I maight just be looking to replace this box.
Regards
Derek
WARNING: [LibClamAV] Can't load /var/lib/clamav/clamav-8385bc559c3f5bb41cb84eb40ae58511.tmp/clamav-acd20b130ab2e85d0581f0a855a76677.cld: Malformed database
ERROR: Failed to load new database: Malformed database
ERROR: During database load : WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory (262144 bytes). [...] ERROR: Failed to load new database: Malformed database
WARNING: Database load exited with status 55
ERROR: Failed to load new databaseDerek, thanks for sharing the errors\logs, I feel extremely fortunate that my woes were probably down to the lack of name resolution from my DNS provider.
Firstly, I'm no Unix\Linux expert by any means so perhaps others well versed can shed some light\ideas to help you with this.
Re the malformed database....is the *.cld file the daily update that gets pulled down from ClamAV? Is this corrupt, could you potentially rename this file and restart the service\daemon to pull down another copy? Memory error...is this a disk space problem in that area of disk\partition or an actual memory shortage, or a big fat red herring?
Secondly, and forgive me if I stepping out of line here but as end users should we really be digging around trying to force an integrated component of a product, and quite an important one at that, to run as designed on a daily basis and pull down and install a daily DAT file.
Whilst I appreciate services stop\fail from time to time I really do think Netgear should own this.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
