This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I will add my two cents to this. I checked on my unit here: RN422 running 6.9.5.
AV did update the definitions.
root@Datastore:~# tail -n1 /var/log/frontview/status.log
[19/03/15 22:12:56 WET] notice:system:LOGMSG_ANTIVIRUS_DEF_UPDATE Antivirus scanner definition file was updated to 58.25389.
The AV version itself is outdated though, same as @siggek
root@Datastore:~# freshclam
ClamAV update process started at Fri Mar 15 22:53:38 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.2 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd is up to date (version: 25389, sigs: 1518483, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
When doing verbose status it seems that the AV engine tries to update via: current.cvd.clamav.net
root@Datastore:~# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 5
ClamAV update process started at Fri Mar 15 22:54:36 2019
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1183
Software version from DNS: 0.101.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.2 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 25389
daily.cvd is up to date (version: 25389, sigs: 1518483, f-level: 63, builder: raynman)
bytecode.cvd version from DNS: 328
bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
If I try to resolve that address, even with Google DNS, it does not resolve.
I am not sure how the updates are done exactly and if the problem is that unresolvable address? I can see that freshclam accessed the mirrors successfully when it updated the definitions though.
root@Datastore:~# freshclam --list-mirrors
Mirror #1
IP: 104.16.218.84
Successes: 2
Failures: 0
Last access: Fri Mar 15 22:12:21 2019
Ignore: No
If I try to resolve that address, even with Google DNS, it does not resolve.
Cloudflare (1.1.1.1) doesn't resolve it either.
Likely this is on ClamAV (FWIW I have seen issues with their DNS before).
Alright, so after a bit of digging around I realised that current.cvd.clamav.net is not a DNS A record. This explains why it does not resolve upon normal DNS lookup 🙂
Instead it is a TXT record and querying it correctly actually works fine. You can query it, as OP said, with:
host -t txt current.cvd.clamav.net
That works fine.
So yeah, not sure why the ClamAV engine does not update to the latest version.
So, after a reboot of the NAS and then running freshclam it did some more updates of the virus database.
root@Datastore:~# freshclam ClamAV update process started at Sat Mar 16 15:38:03 2019 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.100.2 Recommended version: 0.101.1 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily-25390.cdiff [100%] daily.cld updated (version: 25390, sigs: 1520006, f-level: 63, builder: raynman) bytecode.cvd is up to date (version: 328, sigs: 94, f-level: 63, builder: neo) Database updated (6086349 signatures) from database.clamav.net (IP: 104.16.219.84) Clamd successfully notified about the update.
Clamscan is now running on the NAS as I suppose it is re-scanning files as the AV signatures are updated. I will leave it run and see what happens.
The AV engine is the same version as before but I suppose that gets updated in a different way - not 100% sure about the upgrade process for that.
I recently updated the firmware of my Ready NAS 316 to 6.9.5 9 (was running previous 6.9.4.hot-fix or someting like that). I started getting the following error messages via email alert:
Antivirus scanner definition file update failed due to download failure. Check your Internet connection
This started after I did the update and saw it in the logs via the admin page. I know it was connecting to the internet beause I could check for updates, receive the error message, etc. Following suggestions on this forum I used 'host -t txt current.cvd.clamav.net' to confirm the lookup. I then ran 'freshclam' as root:
root@NAS:~# uname -a Linux NAS 4.4.157.x86_64.1 #1 SMP Wed Dec 19 09:35:08 UTC 2018 x86_64 GNU/Linux
root@NAS:~$ host -t txt current.cvd.clamav.net
current.cvd.clamav.net descriptive text "0.101.1:58:25395:1553203740:1:63:48517:328"
root@NAS:~# freshclam
ClamAV update process started at Thu Mar 21 16:21:27 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.2 Recommended version: 0.101.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Downloading daily-25378.cdiff [100%]
Downloading daily-25379.cdiff [100%]
ERROR: cdiff_cmd_close: Can't write to daily.hsb
ERROR: cdiff_apply: Can't execute command CLOSE
ERROR: cdiff_apply: Error executing command at line 852
ERROR: getpatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 25395, sigs: 1526391, f-level: 63, builder: raynman)
bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
Database updated (6092734 signatures) from database.clamav.net (IP: 104.16.218.84)
Clamd successfully notified about the update.
I assume the ERRORs about trying to apply patches are okay?
I then ran 'freshclam -v' and it reported all files up to date.
