search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.19k stars 684 forks source link

freshclam 1.0.1 ignores daily.cld if daily.cvd is present #845

Open opoplawski opened 1 year ago

opoplawski commented 1 year ago

Describe the bug

With the Fedora clamav packages we can end up with on update something like the following in /var/lib/clamav:

-rw-r-----. 1 clamupdate clamupdate 192051712 Feb 20 15:05 daily.cld
-rw-r--r--. 1 clamupdate clamupdate  60748805 Feb 18 17:53 daily.cvd

With an up-to-date daily.cld file created by freshclam and an out of date daily.cvd file provided by the clamav-data package.

When freshclam is run, it appears to ignore the daily.cld file and rebuilds daily.cld based on daily.cvd:

Current working dir is /var/lib/clamav/
check_for_new_database_version: Local copy of daily found: daily.cvd.
query_remote_database_version: daily.cvd version from DNS: 26818
daily database available for update (local version: 26816, remote version: 26818)
Current database is 2 versions behind.
Downloading database patch # 26817...
....
updatedb: Running g_cb_download_complete callback...
download_complete_callback: Download complete for database : /var/lib/clamav/tmp.daaadde252/clamav-aef57e9a87d7d7725d97dbd708f8c73d.tmp-daily.cld
download_complete_callback:   fc_context->bTestDatabases   : 1
download_complete_callback:   fc_context->bBytecodeEnabled : 1
Testing database: '/var/lib/clamav/tmp.daaadde252/clamav-aef57e9a87d7d7725d97dbd708f8c73d.tmp-daily.cld' ...
Loading signatures from /var/lib/clamav/tmp.daaadde252/clamav-aef57e9a87d7d7725d97dbd708f8c73d.tmp-daily.cld
Properly loaded 2021302 signatures from /var/lib/clamav/tmp.daaadde252/clamav-aef57e9a87d7d7725d97dbd708f8c73d.tmp-daily.cld
Database test passed.
daily.cld updated (version: 26818, sigs: 2021302, f-level: 90, builder: raynman)
fc_update_database: daily.cld updated.

This does not seem optimal. Shouldn't freshclam check the existing daily.cld file first?

How to reproduce the problem

On Fedora 38:

micahsnyder commented 1 year ago

I agree with you. It should probably check which is the newest and delete the older one.