NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Antivirus scanner definition file update failed
ReadyNAS 212 OSversion 6.10.3
Since a couple of days (starting July 5th) my virus definition file update failes.. stating check internet-connection ; my internet connection is fine because the readynas succeeds in sending me a notification to my gmail-account immediately after the update fails.
restarting the readynas seems to solve this issue for a couple of days and then the update fails again...
what can I do to solve this
rgds Hans
I kept getting errors while executing command: 'systemctl status clamav-freshclam.service' ; see below
root@Geldrop:~# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2020-12-23 14:33:45 CET; 15s ago
Process: 6263 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=1/FAILURE)
Main PID: 6263 (code=exited, status=1/FAILURE)Dec 23 14:33:45 Geldrop systemd[1]: Starting ClamAV virus database updater...
Dec 23 14:33:45 Geldrop freshclam[6263]: ClamAV update process started at Wed Dec 23 14:33:45 2020
Dec 23 14:33:45 Geldrop freshclam[6263]: main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Dec 23 14:33:45 Geldrop freshclam[6263]: daily.cld is up to date (version: 26026, sigs: 4328586, f-level: 63, builder: raynman)
Dec 23 14:33:45 Geldrop freshclam[6263]: bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Dec 23 14:33:45 Geldrop systemd[1]: clamav-freshclam.service: Main process exited, code=exited, status=1/FAILURE
Dec 23 14:33:45 Geldrop systemd[1]: Failed to start ClamAV virus database updater.
Dec 23 14:33:45 Geldrop systemd[1]: clamav-freshclam.service: Unit entered failed state.
Dec 23 14:33:45 Geldrop systemd[1]: clamav-freshclam.service: Failed with result 'exit-code'.The following I did after reading the following web-page (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972974):
stopping clamav: 'systemctl stop clamav-daemon'stopping clamav freshclam: 'systemctl stop clamav-freshclam'
adjusting member 'usr.bin.freshclam' in dir: /etc/apparmor.d ; adding 'capability dac_override,' and 'capability chown,'
capability setgid,
capability setuid,
capability dac_override,
capability chown,removing all file from dir: '/var/lib/clamav' (bytecode ; daily ; main ; mirrors ; antivir)
starting clamav : 'systemctl start clamav-daemon'
starting clamav freshclam: 'systemctl start clamav-freshclam'
starting 'clamav freshclam' takes a while (about 2 minutes, I guess) and afterwards it looks like the normal databased-updater is working again.... lets see what happens the coming days...
regards
338 Replies
Replies have been turned off for this discussion
After 3 month there`s neither a solution nor a clear communication from Netgear.This is mý second Netagear NAS and likely the last one.
all: Do not accept this. Start claiming each day into this threat. Netgear might need a little pusg to get things done.
Earth to Netgear: There`s a problem with your Antivirus sequence. Fix it!
Same problem on a friend's two 2xx series ReadyNAS devices. This is beyond frustrating.
I've been following this thread for a while because I have had this issue intermittently for several months. However, I have what may be a variation on the issue which could prove helpful to unravelling the cause/solution. I have two nearly identical RN214 on the same network with identical setups, including all network settings. One is experiencing the issue, the other is not. The only difference is that the one that is currently not updating the antivirus definitions is 4x6TB while the other is 4x3TB. They are both assigned static IP addresses, which are reserved for them in the router (a Netgear Nighthawk RAX 80) outside the range of addresses available for DHCP. For some reason, the router occasionally assigns the "problem" NAS another address by DHCP. Despite that, all other network-dependent functions (RAIDair, admin page, share access, time sync, rsync backups) appear normal. The "extra" address doesn't persist in the router. In addition, occasionally I have gotten the download to succeed by turning off AV, restarting the NAS and then re-enabling AV. That solution doesn't work every time, however.
Just an "update" to my prior post. After I made the statement that my RN214 were configured identically (other than the specific static address, of course), I looked a bit further to make sure there wasn't an app or service running on one that wasn't installed or running on the other. It turns out that there was: the "trouble" NAS was running ReadyNAS Replicate (which I don't recall having activated, and definitely never used). When I deregistered the NAS and turned off the service, the virus scanner definition updated successfully within minutes. The "good" NAS has never run any cloud services that I can detect.
I have 10 ReadyNAS in our enterprise and they are all configured the same. Only one of my NAS' is having the virus update problem. I am updating daily with freshclam -v
tl;dr: ran freshclam --no-dns in SSH and my definitions finally update for the first time since mid-July.
So I've been going through the same issues as everybody else since mid-July. Finally decided to really mess around with a bunch of settings and see what I could do. A possible relation is my NAS had been running low on space and I upgraded the drive space recently, hoping that might also kick the AV into doing what it was supposed to do. Nothing.
I upgraded to the 6.10.4 firmware, nothing.
Running freshclam -v wouldn't work to update anything when using SSH to get into the NAS. Looking through the error messages it was throwing, I was wondering if it has something to do with IPv6 and trying to hit clamav that way (even though it also tries through IPv4 addresses). Started messing around with the IPv6 settings on my Orbi to see if that was doing anything and trying to run the freshclam command once again, but wasn't completely successful there either as the Orbi and Fios were not playing nice with each other. The only way I could get anything to successfully work re: IPv6 in the router was with the 6to4 tunnel, and I don't think that could solve anything since my IPv6 tests were still failing. So I went back and disabled all of that stuff to stick with old IPv4 (as a side note, I think Fios is keeping non-Verizon routers from making full use of IPv6, but that's a different story).
I messed with a whole bunch of DNS settings on the NAS itself, and tried running freshclam again with no luck.
So I went back to messing around with freshclam and the different arguments available, and saw the --no-dns argument. My hunch is it still has something to do with how the DNS entries have been set up somewhere and a configuration change was rolled out to the DNS servers which took time to propigate globally in July (possibly in conjunction with an IPv6 change? who knows...) because by running freshclam --no-dns (which is used to "Force old non-DNS verification method"), I was finally able to get my virus definition files to update. I ran freshclam again shortly after with no arguments added on to it, and it updated successfully again. I ran freshclam a third time shortly after that, and it said there was nothing to update, but it made a successful check. Question will be whether the AV will now update on its own automatically without forcing it to or not.
Hopefully this helps somebody somewhere, and that this solution now sticks.
You've gone to a lot of trouble there, hopefully this will help or indeed spark another train of thought to get to a resolution.
Good stuff.
Have you tried to turn off antivirus, and then turn it on again??? It helped me once.
Have you tried to turn off antivirus, and then turn it on again??? It helped me once.
Didn't work for me. I turned off the antivirus, restarted the machine, waited a while, then turned the antivirus back on. Still didn't download the new antivirus definitions. I've also shut the whole thing down for a few weeks and it still doesn't download the definitions when I turned it back on. Considering what it takes to fix the problem (apparently, only until the next update or less) and the vulnerability factor without updated antivirus files, I'll probably just leave it off until I need to access it and then turn it back on for a while. Stupid, I know, but it works for me.
I've had 5 weeks of successful daily updates since following the fix described in message 173 (and the instructions that were clarified by StephenB in the messages that followed).
Next milestone will be to see if the fix survives the next Netgear firmware upgrade.
Fingers crossed!
Ugh. this started happening to me again 3 days ago (1/22 at 7:30am ET). Was working fine for several months.
Come on, Netgear...get your sh*t together...
Hi, after a few months of attemps, the problem is still the same.
I've rebooted the Nas a lot of time, all works properly but after a couple of day the same problems becomes:
Antivirus scanner definition file update failed due to download failure. Check your Internet connection!!
I've reinstalled OS, I've made a factory reset (copiyng all my data outside) and reconfigured the system, but none of these processes
solved the problem.
Any idea about new fw update? Before 6.10.3 any problem occurred with antivirus.
Now I've installed the latest 6.10.4 without any change about this issue.
Thanks
Matteo
Netgear, Justin (@dingjs1421), came back to me and told me they have a solution for this issue..... Netgear did an adjustment to my virusscan-software via "secure diagnostic modus" and I have asked what they did:
the service:freshclam is used to download AV pattern db , after succeeded to download it tries to load all db files(several houndreds MB) into memory to test. Due to limited memory resources on ReadyNAS RN21x,
it might run into the issue: can't allocate enough memory to test DB.
So we just disable the option: TestDatabases for freshclam. Thanks Justin
So I looked what was changed and found out it was file freshclam.conv ; file is located in etc/clamav;
This is my freshclam now:
DatabaseOwner root
LogSyslog true
LogFacility LOG_LOCAL6
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 120
ReceiveTimeout 120
TestDatabases false
ScriptedUpdates true
CompressLocalDatabase false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
OnErrorExecute /usr/bin/clamav_event -s 1
OnUpdateExecute /usr/bin/clamav_event -s 0
Checks 2
DatabaseMirror database.clamav.net
DatabaseMirror db.cn.clamav.net
DatabaseMirror db.tw.clamav.netThe first normal update did work, will keep checking the next couple of days...
rgds Hans
oeps a type-o.... freshclam.conv
must be
freshclam.conf
Hi All,
Yesterday I raised a new post to this community in https://community.netgear.com/t5/ReadyNAS-Storage-Apps-Current/freshclam-AV-stops-updating-on-my-ReadyNAS/m-p/2053763/highlight/true#M15785 .
This thread discusses the same issue.
StephenB suggested in my post above "There's a much longer thread on this here: https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/Antivirus-scanner-definition-file-update-failed/td-p/1943198
If you have ssh enabled, you could try manually editing /etc/freshclam.conf as described here: : https://community.netgear.com/t5/Using-your-ReadyNAS-in-Business/Antivirus-scanner-definition-file-update-failed/m-p/2051207#M190436 It'd be useful to know if it solves the problem."
I have implemented the change as suugested by HansRL in /etc/freshclam.conf and changed
- TestDatabases true
to - TestDatabases false
Freshclam still runs sucessfully after the change.
I am no monitoring if this resolves the issue...
The AV has updated twice since TestDatabases=false is set in my /etc/freshclam.conf.
Not conclusive that the problem has resolved, just positive progress
Hi all
I checked again today (Feb 16) and the AV has not updated fince Feb 11 so sadly the change TestDatabases=false setting in my /etc/freshclam.conf has failed to rectify or workaround the issue as seen in the log below
I ran freshclam -v which ran successfully and my AV updated to 59.26081 from 59.26076 though there are some interesting messages highlighted below
Freshclam seems to have disabled the AV and did not re-enable it. This has not happened in the past. Any thoughts?
I manually enabled AV successfully as noted belowNow back to the successful running of Freshclam. These details are noted below. Nothing unusual execpt for the warning in red text at the end.
ClamAV update process started at Tue Feb 16 11:18:32 2021
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1349
Software version from DNS: 0.103.1
main.cvd version from DNS: 59
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 26081
Retrieving http://database.clamav.net/daily-26077.cdiff
Trying to download http://database.clamav.net/daily-26077.cdiff (IP: 104.16.219.84)
Downloading daily-26077.cdiff [100%]
cdiff_apply: Parsed 10182 lines and executed 10182 commands
Retrieving http://database.clamav.net/daily-26078.cdiff
Trying to download http://database.clamav.net/daily-26078.cdiff (IP: 104.16.219.84)
Downloading daily-26078.cdiff [100%]
cdiff_apply: Parsed 11731 lines and executed 11731 commands
Retrieving http://database.clamav.net/daily-26079.cdiff
Trying to download http://database.clamav.net/daily-26079.cdiff (IP: 104.16.219.84)
Downloading daily-26079.cdiff [100%]
cdiff_apply: Parsed 11600 lines and executed 11600 commands
Retrieving http://database.clamav.net/daily-26080.cdiff
Trying to download http://database.clamav.net/daily-26080.cdiff (IP: 104.16.219.84)
Downloading daily-26080.cdiff [100%]
cdiff_apply: Parsed 10313 lines and executed 10313 commands
Retrieving http://database.clamav.net/daily-26081.cdiff
Trying to download http://database.clamav.net/daily-26081.cdiff (IP: 104.16.219.84)
Downloading daily-26081.cdiff [100%]
cdiff_apply: Parsed 10297 lines and executed 10297 commands
Loading signatures from daily.cld
Properly loaded 4010384 signatures from new daily.cld
daily.cld updated (version: 26081, sigs: 4051203, f-level: 63, builder: raynman)
Querying daily.26081.93.1.0.6810DB54.ping.clamav.net
Can't query daily.26081.93.1.0.6810DB54.ping.clamav.net
bytecode.cvd version from DNS: 331
bytecode.cld is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Database updated (8616199 signatures) from database.clamav.net (IP: 104.16.219.84)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directoryI have searched the file system and indeed clamd.ctl does not exist anywhere on the file system.
Any thoughts on the missing clamd.ctl?
Cheers Rob
- TestDatabases true
RN528X and RN314 AV updates are now working, for unknown reason(s). RN528X has been on 6.10.5 Hotfix 1 for months. RN314 was on 6.10.4 Hotfix and when I upgraded to 6.10.5 Hotfix 1, AV update worked.
RN212 however, still won't update AV (stuck on 9/24/2020) and it's also been on 6.10.5 Hotfix 1 for months. Read through all 300+ posts here, don't see any clear solutions other than possibly hacking in through SSH and playing with ClamAV.
Am I missing a solution?
What worked for me after the same experience was downloading a "fresh" copy of the finalized 6.10.5 Firmware.
When I flashed the NAS with that, the problem has not recurred.
Good luck.
DW
Re-installing the latest Firmware 6.10.5 did not help.
CLAMAV still asks for the same daily-26276.cdiff - AND FAILS.
In the WWW I find that the same problem exists on totally different HW,
e.g. on QNAP - so I am meanwhile convinced that this is a problem of CLAMAV.
Other users (e.g. using QNAP) are also desparately looking for a way to
reset/re-install the CLAMAV Software......
root@MAKUNASWEB:~# freshclam ClamAV update process started at Tue Sep 14 12:58:58 2021 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.100.2 Recommended version: 0.103.3 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd is up to date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) Downloading daily-26293.cdiff [100%] Downloading daily-26294.cdiff [100%] daily.cld updated (version: 26294, sigs: 1972718, f-level: 90, builder: raynman) bytecode.cld is up to date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Database updated (8579972 signatures) from database.clamav.net (IP: 104.16.218.84) Clamd successfully notified about the update. root@MAKUNASWEB:~#
I have several 626X/628X
On bad "good" machine, I get:
root@MAKUNASWEB2:~# freshclam ClamAV update process started at Tue Sep 14 12:59:19 2021 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.100.2 Recommended version: 0.103.3 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd is up to date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) nonblock_connect: connect(): fd=4 errno=101: Network is unreachable Can't connect to port 80 of host database.clamav.net (IP: 2606:4700::6810:db54) Trying host database.clamav.net (2606:4700::6810:da54)... nonblock_connect: connect(): fd=4 errno=101: Network is unreachable Can't connect to port 80 of host database.clamav.net (IP: 2606:4700::6810:da54) WARNING: getpatch: Can't download daily-26276.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-26276.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-26276.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-26276.cdiff from database.clamav.net WARNING: getpatch: Can't download daily-26276.cdiff from database.clamav.net WARNING: Incremental update failed, trying to download daily.cvd nonblock_connect: connect(): fd=4 errno=101: Network is unreachable Can't connect to port 80 of host database.clamav.net (IP: 2606:4700::6810:db54) Trying host database.clamav.net (2606:4700::6810:da54)... nonblock_connect: connect(): fd=4 errno=101: Network is unreachable Can't connect to port 80 of host database.clamav.net (IP: 2606:4700::6810:da54) WARNING: Can't download daily.cvd from database.clamav.net Trying again in 5 secs...
MaxKublin wrote:
Database updated (8579972 signatures) from database.clamav.net (IP: 104.16.218.84)Can't connect to port 80 of host database.clamav.net (IP: 2606:4700::6810:da54)One obvious difference is that the NAS that is failing is trying to connect with ipv6, and the one that succeeds is using ipv4.
Which suggests that you might try disabling ipv6 on the NAS that fails.
Good point with IP V4 vs IP V6.
However, nothing has changed here - all machines succeeded to update the antivirus for a long time.
However, I will give it a try and change to IP V4.
Any hints what needs to be configured on the NAS?
Hello,
The difference between my "good ReadyNAS" and the bad ones seems to be:
- Good one is online 24x7
- The others are offline (I wake them up with a MAGIC packet)
All NAS boxes are able to ping database.clamav.net - so the Network is NOT the issue.
I guess the issue is that the machines which where offline for several weeks try to
request a daily-26276.cdiff - which no longer exists - so they will never be able
to update :-(
I guess the only remedy is to uninstall and re-install the CLAMAV software on the
ReadyNAS - but I don't want to do a full reset of the NAS ....
Any hints how to uninstall/re-install/or reset the CLAMAV software and/or database
on the ReadyNAS is highly appreciated!Well, I still suggest a test with ipv6 disabled. You are getting network unreachable errors on the problem NAS
Trying host database.clamav.net (2606:4700::6810:da54)... nonblock_connect: connect(): fd=4 errno=101: Network is unreachable
You could also rename /var/lib/clamav/daily.cvd, and then run freshclam. If that works, delete the renamed file. If not, then just rename it back.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
