Tuesday, February 26, 2013

Resolving Issues With Freshclam

Certain users are experiencing database update issues due to the failed Authenticode database push. This blog post will show how to check if you're one of those affected users and how to fix freshclam.

Validate You're Affected

You can validate that you're having this particular issue by a number of ways:
  1. Check the hash of your daily.cvd. You are affected if the hash matches the following:
    1. MD5: 89dedb45609e59b0244fb5202ab6fa56
    2. SHA1: 9947ec90e60499ab7c3331670d5b26b4eaac76e4
  2. Check your freshclam log file for repeated errors that look like:
    1. Ignoring mirror [Mirror's IP address here] (has connected too many times with an outdated version)
  3. Check the version number and the functional level of the daily.cvd by using sigtool:
    1. sigtool --info daily.cvd will show a version number of 16681 and a functionality level of 73

How To Fix Freshclam

If you are expereincing the problem, please do the following:  Stop the freshclam daemon if it's running, delete both mirrors.dat and daily.cvd, then restart the freshclam daemon. Freshclam will then download a new daily.cvd and will be up-to-date.

We apologize for any inconvenience this has caused and thank you for using ClamAV.  If you have any further issues, please send a message to the ClamAV user's list or contact us via IRC.