Antivirus scanner definition file update failed

---

NormanP wrote:

If you are experiencing this problem, please do the following: Stop the freshclam daemon if it’s running, delete both mirrors.dat and daily.cvd, then restart the freshclam daemon. Freshclam will then download a new daily.cvd and will be up-to-date.needed) 

---

You wouldn't care to elucidate this would you?  I've studied the documentation on the ClamAV website and am struggling to find the name of the freshclam daemon so that I can stop it.  I've found the two files that you mention; mirrors.dat and daily.cvd in /var/lib/clamav, but have been unable to stop the freshclam daemon because I can't find it.

Did you mean clamd?

---

TerryJColes wrote:

---

Did you mean clamd?

---

clamd is the freshclam daemon

Got to admit I could not find the daemon either. So I took the chance of renaming the 2 files to add .old extensions and then manually ran freshclam. This created new versions of both files.

Better to follow the full instructions from ClamAV website and stop the daemon now we know the daemon name 😃 (thanks StephenB !!)

FWIW, I used

# ps aux | grep -i clam

to track down the name.  clamd showed up (and the "d" follows the normal linux convention for a daemon).

---

StephenB wrote:

FWIW, I used

# ps aux | grep -i clam

to track down the name.  clamd showed up (and the "d" follows the normal linux convention for a daemon).

---

Yes.  I used that too.  My problem wasn't that I couldn't find the clamd daemon; I was aware of that one from the ClamAV documentation.  My problem was that I thought there was a separate clam daemon to look after the updates (eg freshclam).

BTW.  I've had no success in shutting down the clamd daemon.  I'm assuming that the command to use is start-stop-daemon, but every incantation I've tried throws up an error.  Would anyone care to post the correct switches to use?

How about:

service clamd stop

Or when you ran the grep did you get the clamd process ID? If yes then 

kill (then put the process ID here without brackets)

should do it.

Just an update - after running the fix from the ClamAV website, (see above), my Readynas has just successfully completed the second consecutive day automatic update. So that's 2 manual and 2 automatic updates that have completed without issue. More than has happened in the last 5 months!I

Fingers crossed...

---

NormanP wrote:

service clamd stop

---

Always good to try the commands before you post them :smileywink:

That doesn't work.  But this does:

# systemctl stop clamav-daemon

And of course it can be started again with

# systemctl start clamav-daemon

You can also start and stop the updater - which is called clamav-freshclam.

You can get the full list of services with

# systemctl --type=service --no-pager

---

StephenB wrote:

---

You can get the full list of services with

# systemctl --type=service --no-pager

---

It looks like it's the updater that's failing on my box:

root@ReadyNAS:~# systemctl --type=service --no-pager
  UNIT                               LOAD   ACTIVE     SUB     JOB   DESCRIPTION
  antivirus-sched-scan.service       loaded activating start   start AntiVirus schedule scanner
  apache2.service                    loaded active     running       The Apache HTTP Server
  avahi-daemon.service               loaded active     running       Avahi mDNS/DNS-SD Stack
  clamav-daemon.service              loaded active     running       Clam AntiVirus userspace daemon
● clamav-freshclam.service           loaded failed     failed        ClamAV virus database updater

So going back to the original advice from a few days ago, should it be the clamav-daemon or the clamav-freshclam daemon that we should be stopping and restarting?

Do you see any errors when you restart the service with systemctl?

Here is what I did:

root@ReadyNAS:~# systemctl stop clamav-daemon
root@ReadyNAS:~# systemctl stop clamav-freshclam
root@ReadyNAS:~# cd /var/log/
root@ReadyNAS:/var/log# ls
alternatives.log  apache2  apt  btmp  clamav  dbbroker.log  dpkg.log  faillog  frontview  fsck  journal  lastlog  readynasd  samba  tallylog  wtmp
root@ReadyNAS:/var/log# cd clamav/
root@ReadyNAS:/var/log/clamav# ls
root@ReadyNAS:/var/log/clamav# cd /var/lib/clamav
root@ReadyNAS:/var/lib/clamav# ls
antivir.ini  bytecode.cld  daily.cvd  main.cld  mirrors.dat
root@ReadyNAS:/var/lib/clamav# rm daily.cvd 
root@ReadyNAS:/var/lib/clamav# rm mirrors.dat 
root@ReadyNAS:/var/lib/clamav# systemctl start clamav-daemon
root@ReadyNAS:/var/lib/clamav# systemctl start clamav-freshclam
Job for clamav-freshclam.service failed because the control process exited with error code.
See "systemctl status clamav-freshclam.service" and "journalctl -xe" for details.
root@ReadyNAS:/var/lib/clamav# ls
antivir.ini  bytecode.cld  daily.cvd  main.cld  mirrors.dat
root@ReadyNAS:/var/lib/clamav# ^C
root@ReadyNAS:/var/lib/clamav# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2020-12-17 14:06:53 WET; 10min ago
 Main PID: 4637 (code=exited, status=55)

Dec 17 14:06:51 ReadyNAS freshclam[4639]: Failed to load new database: Malformed database
Dec 17 14:06:53 ReadyNAS freshclam[4637]: ERROR: During database load : ERROR: Failed to load new database: Malformed database
Dec 17 14:06:53 ReadyNAS freshclam[4637]: ERROR: Failed to load new database
Dec 17 14:06:53 ReadyNAS freshclam[4637]: During database load : ERROR: Failed to load new database: Malformed database
Dec 17 14:06:53 ReadyNAS freshclam[4637]: Database load exited with status 55
Dec 17 14:06:53 ReadyNAS freshclam[4637]: Failed to load new database
Dec 17 14:06:53 ReadyNAS systemd[1]: clamav-freshclam.service: Main process exited, code=exited, status=55/n/a
Dec 17 14:06:53 ReadyNAS systemd[1]: Failed to start ClamAV virus database updater.
Dec 17 14:06:53 ReadyNAS systemd[1]: clamav-freshclam.service: Unit entered failed state.
Dec 17 14:06:53 ReadyNAS systemd[1]: clamav-freshclam.service: Failed with result 'exit-code'.

Any thoughts on this?

Did you try renaming (or moving) bytecode.cvd, daily.cld, and main.cvd in /var/lib/clamav? 

Then try starting the service again.

A variant is to replace these three files with the ones found here: https://www.clamav.net/downloads

---

StephenB wrote:

Did you try renaming (or moving) bytecode.cvd, daily.cld, and main.cvd in /var/lib/clamav? 

 

Then try starting the service again.

---

The start command took a very long time to return, but when it did, it was without error.

I look forward to not seeing update error messages anymore.

Here's hoping.

---

TerryJColes wrote:

---

---

The start command took a very long time to return, but when it did, it was without error.

That's encouraging.

If you left the old files on the OS partition, you should delete them now.  They are fairly large, and you don't want the OS partition to get too full.

Let us know if this resolves the problem (or not... ).

---

StephenB wrote:

Let us know if this resolves the problem (or not... ).

It looks as if it may well have done:

root@ReadyNAS:/var/lib/clamav# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
   Active: inactive (dead) since Fri 2020-12-18 06:41:02 WET; 5h 18min ago
  Process: 7674 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=0/SUCCESS)
 Main PID: 7674 (code=exited, status=0/SUCCESS)

Dec 18 06:38:59 ReadyNAS freshclam[7674]: main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, b
uilder: sigmgr)
Dec 18 06:39:15 ReadyNAS freshclam[7674]: Downloading daily.cvd [100%]
Dec 18 06:40:45 ReadyNAS freshclam[7674]: daily.cvd updated (version: 26020, sigs: 4404882, f-level: 63, bui
lder: raynman)
Dec 18 06:40:46 ReadyNAS freshclam[7674]: Can't query daily.26020.93.1.0.6810DB54.ping.clamav.net
Dec 18 06:40:46 ReadyNAS freshclam[7674]: Downloading bytecode.cvd [100%]
Dec 18 06:40:47 ReadyNAS freshclam[7674]: bytecode.cvd updated (version: 331, sigs: 94, f-level: 63, builder
: anvilleg)
Dec 18 06:40:48 ReadyNAS freshclam[7674]: Can't query bytecode.331.93.1.0.6810DB54.ping.clamav.net
Dec 18 06:41:02 ReadyNAS freshclam[7674]: Database updated (8969878 signatures) from database.clamav.net (IP
: 104.16.219.84)
Dec 18 06:41:02 ReadyNAS freshclam[7674]: Clamd successfully notified about the update.
Dec 18 06:41:02 ReadyNAS systemd[1]: Started ClamAV virus database updater.

:-)

I am at 3 days of automatic updates completing successfully since applying the fix 😁

Here's hoping...

So, after many months of not having the problem with the antivirus definitions not downloading since Marc used my NAS as a test subject, I'm getting the error again after the latest firmware update. 

The latest firmware version of 6.10.4 was successfully downloaded automatically on Dec 17.  Then, on Dec 18, the antivirus scanner definition file was updated to 59.26020.  On Dec 19, I received an error message saying Download firmware version () failed, and another error message saying Antivirus scanner definition file update failed due to download failure.  Check your internet connection.

So, the latest firmware update has broken my NAS and, from what it's sounding like in this thread, it hasn't helped others, either.  I've messaged Marc to let him know that whatever he did to fix my problem before isn't working now with the new firmware update.  This is really disappointing.

kcejo,

I had the more or less the same, until the upgrade to 6.10.4 my FRESHCLAM-bypass was working fine and even the first time after upgrading but after that it fails. What I did was removing MAIN.CVD ; BYTECODE.CVD and DAILY.CLD from directory /var/lib/clamav and replave them by the downloaded version of the clam-website (https://www.clamav.net/downloads (Virus Database)) and now at least freshclam is working fine again... (did not test the normal database-upgrade).
By upgrading to OS 6.10.4 the clamav softeware is updated to the latest version.

succes

It looks like a solution may be at hand.  But Netgear can't expect all users to go in via SSH and fix this, so it is up to them to fix it in a way all users can implement.

Prior to the update to 6.10.4, I had been having no trouble automatically downloading the antivirus scanner definition file with either of my identically-configured RN214. The second day after the update, one unit failed to download. I disabled antivirus on that unit, restarted the unit, let it run for 20 minutes, re-enabled antivirus, and the download worked normally. It has been fine since.

Thanks for that simple idea to try.  I tried it this morning, after getting another error messaging about being unable to update virus definitions.  Unfortunately, I got the same error message again after disabling antivirus, rebooting, waiting 20 minutes and enabling antivirus. 

Just to be sure, here's what I did:

I went to my Admin page and went to Settings

I clicked on Antivirus under Services and unchecked "Enable Real-Time Antivirus Scanning" then clicked Apply

I then hovered over the Power icon and pulled down to Restart and clicked that

After the NAS restarted, I waited 20 minutes, then went back to Antivirus and checked "Enable Real-Time Antivirus Scanning" and "Protect ReadyNAS OS" and clicked Apply

My logs show all of this activity, along with the "System: Antivirus scanner definition file update failed due to download failure.  Check your internet connection."  error message I received about 4 minutes after I went through that whole process and re-enabled the Antivirus.  But, I'm also seeing two other log entries about an hour after that error message that say "ReadyNASOS service or process (readynasd) was restarted." and "ReadyNASOS background service started."

So, I think I'll wait until tomorrow to see if I get another error message about antivirus updates.

Ericka

OK.  I followed the instructions detailed by several people earlier in this thread (see the series of replies ending on 2020-12-17).

Here is what my last log entries say:

Dec 22, 2020 06:44:12 AM	System: Antivirus scanner definition file was updated to 59.26024.
Dec 21, 2020 06:43:13 AM	System: Antivirus scanner definition file was updated to 59.26023.
Dec 20, 2020 06:42:12 AM	System: Antivirus scanner definition file was updated to 59.26022.
Dec 19, 2020 06:41:31 AM	System: Antivirus scanner definition file was updated to 59.26021.
Dec 18, 2020 06:41:02 AM	System: Antivirus scanner definition file was updated to 59.26020.
Dec 17, 2020 03:33:07 PM	System: Antivirus scanner definition file update failed due to download failure. Check your Internet connection.

So I reckon that the best fix is the one suggested initially by NormanP and then clarified by StephenB.

Now all we need is for the next update from Netgear NOT to break this again.

And I just got the error message again saying the antivirus scanner definition file update failed to download.  So, unfortunately, that simple sounding fix didn't work for me.

A little disappointed, but my adjustments did not do the trick, so added 'capability chown' to file: usr.sbin.clamd (as stated in the same website) be continued....