Antivirus scanner definition file update failed

I see nothing in the list of bugfixes that appears to relate to this issue.  There is a vague reference to fixing security issues, but no explanation of what they were.

I think I'll wait for the auto roll-out.

Yep security issue vague, would be good if they actually point to an advisory and only takes a minute.

Ok, I've manually set my primary DNS to google rather that the dynamically assigned OpenDNS and about 15 minutes later it updated to the latest DAT of its own accord despite stopping and restarting the service.

Antivirus scanner definition file was updated to 59.26011

System: Firmware was upgraded to 6.10.4... manually updated without issue, yet.

Cheers

Just to add, I also removed Plex as wasn't using this.

---

JTR1971 wrote:

 

Ok, I've manually set my primary DNS to google rather that the dynamically assigned OpenDNS and about 15 minutes later it updated to the latest DAT of its own accord despite stopping and restarting the service.

---

I'm a bit confused as to what you mean here.  Where was your primary DNS Set?  Somewhere in the ReadyNAS Setings or in your Router?

I'm afraid I don't quite see what changing the DNS Server identity has to do with getting an antivirus update.  What have I missed?

The DNS configuration is in the settings of the network adapter

---

TerryJColes wrote:

---

JTR1971 wrote:

 

Ok, I've manually set my primary DNS to google rather that the dynamically assigned OpenDNS and about 15 minutes later it updated to the latest DAT of its own accord despite stopping and restarting the service.

---

 

I'm a bit confused as to what you mean here.  Where was your primary DNS Set?  Somewhere in the ReadyNAS Setings or in your Router?

 

I'm afraid I don't quite see what changing the DNS Server identity has to do with getting an antivirus update.  What have I missed?

---

via the "network" tab.

I am assuming the DAT files are updated by resolving a hostname rather than an ip address, therefore it could be that my primary and secondary openDNS servers (used for familyshield) were either blocking the request to update or just couldn't resolve the name for some reason.

---

JTR1971 wrote:

The DNS configuration is in the settings of the network adapter

... via the "network" tab.

 

I am assuming the DAT files are updated by resolving a hostname rather than an ip address, therefore it could be that my primary and secondary openDNS servers (used for familyshield) were either blocking the request to update or just couldn't resolve the name for some reason.

 

---

Yes, the AV updates do require resolving ClamAV server hostnames, and if DNS can't resolve those names the process will fail.

Though many folks here have found that the updates work if they do them manually via ssh (or schedule them directly with cron jobs) - so while DNS could be part of the story for some people, it's not the cause for most.

FWIW, I haven't run into this issue myself - testing it on an RN202 with SMB Plus and Plex installed.  

OK.  Thanks.

The DNS setting in my RN212 points to my Netgear D7800 Router which in turn is set to 'Get Automatically from ISP'.  The thing is that these settings have been in place for at least two years now, so I'm a bit confused as to why this would all go belly up in June.

Notwithstanding that, I've just changed the DNS Setting to Google's server.  I'll be interested to see if the error pops up later this morning.

Bad news - a manual update to the latest firmware and still getting the failed to download latest AV definitions error message. Looks like this issue is still not fixed 😒

And same error message after changing to Google dns servers. 

Changing the DNS didn't work for me either.

Thanks for this info.

It sounds like this has affected a number of people and has yet to be resolved.

I'm wondering what the mechanism is that triggers the daily update task and whether there is the option to modify the log reporting level somewhere to provide more detail temporarily.

That's not good at all, sorry to hear that.

kohdeemaybe netgear can comment on this issue? I found a solution by turning many services on / off for my device but i don't hope the next update will return this issue again. But many people still have this issue and i don't see any comment of netgear itself. Bad customer services?

This gets worse. over the last few months I have run freshclam once a week and all has been well. I tried it several times yesterday and again today and it fails. See the error below. I am getting to the stage where with christmas just around the corner and watching people on Youtube setting up and using other NAS boxes I maight just be looking to replace this box. 

Regards

Derek

WARNING: [LibClamAV] Can't load /var/lib/clamav/clamav-8385bc559c3f5bb41cb84eb40ae58511.tmp/clamav-acd20b130ab2e85d0581f0a855a76677.cld: Malformed database
ERROR: Failed to load new database: Malformed database
ERROR: During database load : WARNING: [LibClamAV] mpool_malloc(): Can't allocate memory (262144 bytes). [...] ERROR: Failed to load new database: Malformed database
WARNING: Database load exited with status 55
ERROR: Failed to load new database

Derek, thanks for sharing the errors\logs, I feel extremely fortunate that my woes were probably down to the lack of name resolution from my DNS provider.

Firstly, I'm no Unix\Linux expert by any means so perhaps others well versed can shed some light\ideas to help you with this.

Re the malformed database....is the *.cld file the daily update that gets pulled down from ClamAV?  Is this corrupt, could you potentially rename this file and restart the service\daemon to pull down another copy?  Memory error...is this a disk space problem in that area of disk\partition or an actual memory shortage, or a big fat red herring?

Secondly, and forgive me if I stepping out of line here but as end users should we really be digging around trying to force an integrated component of a product, and quite an important one at that, to run as designed on a daily basis and pull down and install a daily DAT file.

Whilst I appreciate services stop\fail from time to time I really do think Netgear should own this.

---

JTR1971 wrote:

 

Secondly, and forgive me if I stepping out of line here but as end users should we really be digging around trying to force an integrated component of a product, and quite an important one at that, to run as designed on a daily basis and pull down and install a daily DAT file.

 

Whilst I appreciate services stop\fail from time to time I really do think Netgear should own this.

---

I couldn't agree more.  I have bought Netgear products for many years now because I believed that they were second to none when it comes to rolling out updates and Customer Support.  Now I'm not so sure.

There has been some mention in earlier responses to this Topic that Netgear 'are working with ClamAV to resolve this'.  I can't see how two obviously skilled organisations can find this so difficult so I can only assume that nothing is actually happening.

I may be wrong, but it seems to me that if the vius signatures can be reliably updated by logging in over SSH but not by the auto-updater, there can only be two things wrong.  Either the address being used by the auto-updater is wrong (Hint: it's http://database.clamav.net/or the command sent by the auto-updater is malformed.

Have I missed anything?

---

TerryJColes wrote:

...Either the address being used by the auto-updater is wrong (Hint: it's http://database.clamav.net/or the command sent by the auto-updater is malformed.

 

Have I missed anything?

---

The addresses haven't changed recently, and it's likely that the ReadyNAS application is simply calling the stock ClamAV updater.

Another possibility is that it is a resource issue - that for some reason the updater is running out of memory in some systems when it is called by the ReadyNAS app. 

It's also worth pointing out that this isn't happening on all systems, and it's almost impossible to tell from forum posts how prevalent the issue is.  As I've said earlier on the thread, though I don't normally have ClamAV enabled, I did try to duplicate this problem on my RN202 without sucess.

FWIW, I agree that Netgear should own this, and since it is apparently working with normal cron jobs it would be easy for them to issue a hotfix that simply shifts to that method (at least for now).  

JohnCM_S / Marc_V : is there any update from Netgear on the status of this problem.

Ok tried again with freshclam this morning Still failed with failed to allocate memory. Free shows swap has no space. rebooted the NAS and this sorted that issue. Tried freshclam again and it worked. Free shows some memory used but i will be interested to see if the auto update works over the next few days. 

I don't normally reboot the NAS as 30 plus years in computer hardware engineering tells me don't switch off unless you need to. lets see what happens now. 

Derek

---

DerekHoughton wrote:

Free shows swap has no space. rebooted the NAS and this sorted that issue.

---

Memory isn't the problem with my device:

root@ReadyNAS:~# free
             total       used       free     shared    buffers     cached
Mem:       2065992    1829760     236232       4360       5816     700772
-/+ buffers/cache:    1123172     942820
Swap:       523708      41052     482656

It still doesn't work with the sudo-updater.

However, freshclam -v works fine.

Terry,

that answers one of my questions then. apart from the swap space the output of your free command is pretty much the same as mine was. The other question I was going to ask is how often do people reboot the box? 

I don't routinely reboot the box unless as part of an upgrade - which I did as part of the lift to 6.10.4. The update AV failed immediately after the upgrade and has done so every day since.

That's interesting as I thought the problem was only related to the 200 series boxes. That is the ARM based systems.

I have about 10 of the RN202 units in our enterprise and the only 2 units are doing this. I've rebooted to no avail. 

Yesterday when I was checking the swap available using the 'free' command it went to 0 free with 523260 total and used. I decided to see what would happen overnight if i left it alone. Today when i checked it I have 523260 total, 499688 used and 23572 free. Checking the logs on the admin page shows the entries below. this isn't the first time i have seen these and i have wondered what was happening. My feeling is that this restart is caused by memory/swap usage for some reason and this resets things. I don't know why this is happening but it does look like there is a resource issue with the box at times. I know from reading through the posts here that at least one other user is seeing these messages. I am not doing anything else until i see what happens with the antivirus update later on but I feel it is going to fail once again. 

As i said in an earlier post I am out of support on this box and as it is for family use only i am not prepared to pay for Netgear to ignore our problems as they have shown they are prepared to do to folk who are paying. I will save my money and replace the unit at a later date.

Derek

Yesterday I tried this from the Clamav website:

Ignoring mirror <IP> (has connected too many times with an outdated version)

If you are experiencing this problem, please do the following: Stop the freshclam daemon if it’s running, delete both mirrors.dat and daily.cvd, then restart the freshclam daemon. Freshclam will then download a new daily.cvd and will be up-to-date.

After this, manual freshclam ran successfully for the first time in 6 months. Fingers crossed it keeps going. Manual freshclam ran ok today too. True test will be to see if auto-update runs over the next few days and stays running. 

(Note: I used the mv command to copy and rename the 2 files by adding a .old extension - this way I had a roll back point of needed)