Manual Clam db update

Stuart

37
+0/-0

Topic changed to reflect the real issue.

I have a server which is being sent a large amount of data every 75 minutes. The server has it's own dedicated pppoe connection (ie. a bridged modem). It has a local eth port, but it is NOT a gateway. How do I find out where this traffic is coming from and what it is?

Thanks

« Last Edit: April 12, 2012, 03:18:11 AM by Stuart »

Logged

Stuart

37
+0/-0

Re: Tracing excessive traffic

« Reply #1 on: April 12, 2012, 01:23:52 AM »

It appears to be an update for Clam. Where do I start fixing this?

Logged

Stuart

37
+0/-0

Re: Tracing excessive traffic

« Reply #2 on: April 12, 2012, 01:30:08 AM »

Further info. It appears that yum is not working correctly. It gives the following

Code: [Select]

not using ftp, http[s], or file for repos, sI'll do some more looking and create a new more approriate thread.

Logged

janet

4,812
+0/-0

Re: Tracing excessive traffic

« Reply #3 on: April 12, 2012, 02:05:18 AM »

Stuart

Quote

It appears that yum is not working correctly.

Try this
http://forums.contribs.org/index.php/topic,48424.0.html

Logged

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Stuart

37
+0/-0

Re: Tracing excessive traffic

« Reply #4 on: April 12, 2012, 03:03:09 AM »

Thanks Mary.

I had found that info and fixed yum. Just trying to complete the Clam update now.

Logged

Stuart

37
+0/-0

Manual Clam db update.

« Reply #5 on: April 12, 2012, 03:17:11 AM »

Is there a way to manually trigger a Clam db update?

Logged

janet

4,812
+0/-0

Re: Manual Clam db update.

« Reply #6 on: April 12, 2012, 05:42:00 AM »

Stuart

You can look in the messages log file to see what commands are run automatically, and then run them manually.
Look in /etc/e-smith/events, and look at cron jobs, also look at the code.

Logged

Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Stefano

10,894
+3/-0

Re: Manual Clam db update

« Reply #7 on: April 12, 2012, 07:13:46 AM »

from root's shell

Code: [Select]

freshclam

Logged

Stuart

37
+0/-0

Re: Manual Clam db update

« Reply #8 on: April 12, 2012, 07:45:41 AM »

It tries a few times, failing each time, as below.

Code: [Select]

[root@mail /]# freshclam
ClamAV update process started at Thu Apr 12 15:42:03 2012
main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 116.240.207.20)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 117.104.160.194)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 116.240.207.20)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
[LibClamAV] ***********************************************************
[LibClamAV] ***  This version of the ClamAV engine is outdated.     ***
[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
[LibClamAV] ***********************************************************
WARNING: Mirror 193.1.193.64 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Thu Apr 12 15:43:18 2012
main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 116.240.207.20)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 117.104.160.194)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 116.240.207.20)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: getfile: daily-12639.cdiff not found on remote server (IP: 117.104.160.194)
WARNING: getpatch: Can't download daily-12639.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
[LibClamAV] ***********************************************************
[LibClamAV] ***  This version of the ClamAV engine is outdated.     ***
[LibClamAV] *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
[LibClamAV] ***********************************************************
WARNING: Mirror 193.1.193.64 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Thu Apr 12 15:44:32 2012

Logged

Stefano

10,894
+3/-0

Re: Manual Clam db update

« Reply #9 on: April 12, 2012, 08:16:47 AM »

delete the /var/clamav/mirrors.dat file and retry

Logged

Stuart

37
+0/-0

Re: Manual Clam db update

« Reply #10 on: April 12, 2012, 08:29:04 AM »

Stefano,

You, my friend, are the man! (if you're not a man, please pm me so I can apologize, if you know what I mean)

All updated successfully. 3 days to work out all that I just had to delete 1 file.

Thank you to you and Mary.

Stuart

Logged

Stefano

10,894
+3/-0

Re: Manual Clam db update

« Reply #11 on: April 12, 2012, 09:19:08 AM »

you are welcome.. and yes, unfortunately, I am a man..

Logged