Univention Bugzilla – Bug 33716
Tests for ClamAV
Last modified: 2022-01-12 14:57:56 CET
ClamAV should be covered by ucs-test, at least the following: - Does the virus scan generally work? (Tests with EICAR) - Does Freshclam work and can all CVD definitions be processed by the current scan engine?
(In reply to Moritz Muehlenhoff from comment #0) > - Does the virus scan generally work? (Tests with EICAR) This is already covered. > - Does Freshclam work and can all CVD definitions be processed by the > current scan engine? Please check if a test for this is possible and if yes, please implement it.
Created attachment 8052 [details] Test if freshclam works and CVD definitions can be processed If CVD definitions cannot be processed, clamscan should fail.
Created attachment 8056 [details] Minor improvement
(In reply to Sönke Schwardt-Krummrich from comment #1) > > - Does Freshclam work and can all CVD definitions be processed by the > > current scan engine? > > Please check if a test for this is possible and if yes, please implement it. Be careful: Just installing `clamav-freshclam` starts `freshclam`, which tries to download https://database.clamav.net/main.cvd from the CDN, which is rate-limited! This especially is a problem as all our internal VMs in KNUT use the same IPv4 address due to our use of NAT: Jan 12 13:22:51 m34 systemd[1]: Started ClamAV virus database updater. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ClamAV update process started at Wed Jan 12 13:22:51 2022 Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> daily database available for download (remote version: 26420) Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^Can't download daily.cvd from q Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN). Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> This means that you have been rate limited by the CDN. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> 1. Run FreshClam no more than once an hour to check for updates. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> FreshClam should check DNS first to see if an update is needed. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> 2. If you have more than 10 hosts on your network attempting to download, Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> it is recommended that you set up a private mirror on your network using Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> CDN and your own network. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> 3. Please do not open a ticket asking for an exemption from the rate limit, Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> it will not be granted. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^You are on cool-down until after: 2022-01-12 17:22:51 Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> main database available for download (remote version: 62) Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^Can't download main.cvd from https://database.clamav.net/main.cvd Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN). Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> This means that you have been rate limited by the CDN. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> 1. Run FreshClam no more than once an hour to check for updates. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> FreshClam should check DNS first to see if an update is needed. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> 2. If you have more than 10 hosts on your network attempting to download, Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> it is recommended that you set up a private mirror on your network using Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> CDN and your own network. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> 3. Please do not open a ticket asking for an exemption from the rate limit, Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> it will not be granted. Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^You are on cool-down until after: 2022-01-12 17:22:51 Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> bytecode database available for download (remote version: 333) Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> Testing database: '/var/lib/clamav/tmp.26048a9034/clamav-2e687c52302c3792bda359f54d5d560f.tmp-bytecode.cvd' ... Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> Database test passed. Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2) Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> !NotifyClamd: Can't find or parse configuration file /etc/clamav/clamd.conf After setting up a local mirror <https://helpdesk.knut.univention.de/#ticket/zoom/3019> using <https://github.com/Cisco-Talos/cvdupdate> I was finally to do QA for Bug #54330. Please note that /etc/univention/templates/files/etc/clamav/freshclam.conf overwrites the mirrors with out-dated values: > # ucr get clamav/database/mirror > db.local.clamav.net database.clamav.net See <https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html> for the rate-limiting: everything <1day is considered abuse, while univention-adnitvir-mail configures 1h in /etc/clamav/freshclam.conf: > # Check for new database 24 times a day > Checks 24