Since upgrading to OS 6.6.1 from 6.6.0 last weekend, I have not had any antivirus updates. Also, there is nothing in log showing that it's trying to update the AV definitions....
Model: ReadyNASRNDP600E|ReadyNAS Pro Pioneeer Chassis only, ReadyNASRNDU6000|ReadyNAS Ultra 6 Chassis only
Similar behavior here. Upgraded from 6.6.0 to 6.6.1 on 01/11/17, got antivirus update on 01/12/17, but nothing since then.
After the upgrade I noticed ctscand was no longer running and clamd was running. Presumably Netgear switched antivirus vendors. However clamd stopped running on 01/13/17. Here was the most recent entry in the syslog:
Jan 13 06:15:24 Netgear-RN202 clamd[1247]: SelfCheck: Database status OK.
After that, nothing further from clamd. I noticed, however, something called freshclam is running:
'sudo freshclam' as admin user, and the server appeared to perform an update, though the admin gui did not show the update.
After a server restart, it did show the update on the gui....
From terminal several hours later, I see the following though :
$ sudo service clamav-freshclam status ● clamav-freshclam.service - ClamAV virus database updater Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled) Active: inactive (dead) since Sat 2017-01-14 22:30:31 WET; 6s ago Process: 2236 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=0/SUCCESS) Main PID: 2236 (code=exited, status=0/SUCCESS)
I can start it with :
sudo service clamav-freshclam start
and status comes back :
clamav-freshclam.service - ClamAV virus database updater Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled) Active: inactive (dead) since Sat 2017-01-14 22:30:31 WET; 6s ago Process: 2236 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=0/SUCCESS) Main PID: 2236 (code=exited, status=0/SUCCESS)
Jan 14 22:30:22 MegaNAS systemd[1]: Starting ClamAV virus database updater... Jan 14 22:30:22 MegaNAS freshclam[2236]: ClamAV update process started at Sat Jan 14 22:30:22 2017 Jan 14 22:30:22 MegaNAS freshclam[2236]: main.cvd is up to date (version: 57, sigs: 4218790, f-leve l: 60, builder: amishhammer) Jan 14 22:30:23 MegaNAS freshclam[2236]: Downloading daily-22892.cdiff [100%] Jan 14 22:30:23 MegaNAS freshclam[2236]: Downloading daily-22893.cdiff [100%] Jan 14 22:30:27 MegaNAS freshclam[2236]: daily.cld updated (version: 22893, sigs: 1360574, f-level: 63, builder: neo) Jan 14 22:30:27 MegaNAS freshclam[2236]: bytecode.cvd is up to date (version: 285, sigs: 57, f-leve l: 63, builder: bbaker) Jan 14 22:30:31 MegaNAS freshclam[2236]: Database updated (5579421 signatures) from database.clamav .net (IP: 193.1.193.64) Jan 14 22:30:31 MegaNAS freshclam[2236]: Clamd successfully notified about the update. Jan 14 22:30:31 MegaNAS systemd[1]: Started ClamAV virus database updater.
So this appears to have kicked things off again, but I expect the daemon to stop again... any ideas anyone?
Thanks for your reply - I have sent on the logs, as requested. I tend to use sudo where possible to avoid using root user for everything... Just a practise I use in my own work to avoid mistakes.
I checked again this morning, and the daemon is dead again...
It appears that my server has updated definitions today, so I guess my problem has sorted itself out somehow...
Ah, so maybe it just needed a bit more patience. Now that you mention it I recall the AV definitions will likely be a little less frequent going forward than what they were on 6.6.0 and earlier firmware.
It's working for me on me RN202 but not for my RN102:
- RN202 ist getting daily updates after upgradeing to 6.6.1
- RN102 upgraded to 6.6.1 on 04Jan2017 and AV update recived. Since then no more updates shown in the Web-Interface. But >>freshclam<< is showing the latest AV signatures!?
mdgm: Could you post what we should expect to see with antivirus in 6.6.1? How often it should update definitions, whether freshclam should be running, whether clamd should be running, etc.?
Still no antivirus updates here since 1/12/17. Four days is a long time without updated antivirus definitions. clamd not running. freshclam running, but doesn't seem to be doing much.
clamav-freshclam is a timer service, so it should not be running all the time. You can check `systemctl status clamav-freshclam.timer` to see if the timer is active, or `systemctl list-timers` to see when it is scheduled to run next.
# systemctl status clamav-freshclam.timer
● clamav-freshclam.timer - Anti-Virus Definition Update Timer
Loaded: loaded (/lib/systemd/system/clamav-freshclam.timer; static; vendor preset: enabled)
Active: active (running) since Sat 2017-01-14 12:40:51 PST; 2 days ago
Jan 14 12:40:51 Netgear-RN202 systemd[1]: Stopped Anti-Virus Definition Update Timer.
Jan 14 12:40:51 Netgear-RN202 systemd[1]: Stopping Anti-Virus Definition Update Timer.
Jan 14 12:40:51 Netgear-RN202 systemd[1]: Started Anti-Virus Definition Update Timer.
# systemctl list-timers
NEXT LEFT LAST PASSED UNIT ACTIVATES
Sat 2017-01-14 06:56:32 PST 2 days ago Sat 2017-01-14 12:40:51 PST 2 days ago clamav-freshclam.timer clamav-freshclam.service
Mon 2017-01-16 18:49:36 PST 1h 35min left Mon 2017-01-16 14:49:36 PST 2h 24min ago radar.timer radar.service
Tue 2017-01-17 06:42:33 PST 13h left Mon 2017-01-16 06:42:33 PST 10h ago apt-update.timer apt-update.service
Tue 2017-01-17 06:54:33 PST 13h left Mon 2017-01-16 06:54:33 PST 10h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Tue 2017-01-17 07:00:33 PST 13h left Mon 2017-01-16 07:00:33 PST 10h ago logtruncate.timer logtruncate.service
Sat 2017-01-21 06:44:32 PST 4 days left Sat 2017-01-14 06:44:32 PST 2 days ago rn-update.timer rn-update.service
6 timers listed.
Pass --all to see loaded but inactive timers, too.
Looks as though it should have run 2 days ago, but didn't.
OK, so it is indeed still running, and apparently stuck somewhere. Looks like we'll need to add a timeout. For now, you should be able to just kill the freshclam process and it should run on the timer again.
Checked again after reboot on my RN102. I'm pretty sure that the clamav is working and is getting updates (latest today is 22907) but the Web-GUI isn't getting the information. The ReadyNas eventlog doesn't show anything useful as well.
#freshclam ClamAV update process started at Tue Jan 17 08:34:30 2017 main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer) daily.cld is up to date (version: 22907, sigs: 1367548, f-level: 63, builder: neo) bytecode.cvd is up to date (version: 285, sigs: 57, f-level: 63, builder: bbaker)
It appears that my freshclam service has been running since yesterday :
# systemctl status clamav-freshclam.service ● clamav-freshclam.service - ClamAV virus database updater Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled) Active: activating (start) since Mon 2017-01-16 09:35:41 WET; 1 day 2h ago Main PID: 3307 (freshclam) CGroup: /system.slice/clamav-freshclam.service └─3307 /usr/bin/freshclam --quiet
I'll kill the process and let the timer service kick in. I look forward to there being some kind of timeout, or to ascertain why the process hangs in the first place...
If anybody has a freshclam process in a hung state, and is willing to open remote access for us to investigate, please enable Secure Diagnostic Mode and PM me the 5-digit number.
It looks like there may be an issue with socket notification once the AV signatures are updated. freshclam is waiting for a response to its notification packet, but it never receives one and therefore sits there indefinitely waiting. We've pushed out a live update to fix this, which will remove the clamav-daemon.socket service, and it will also add an 8 hour timeout to the freshclam process. Live updates happen weekly and shortly after a reboot, so if you'd like the update immediately you can reboot the NAS.
