Bug 33716 - Tests for ClamAV
Tests for ClamAV
Status: NEW
Product: UCS Test
Classification: Unclassified
Component: Mail
unspecified
Other Linux
: P5 normal (vote)
: ---
Assigned To: Julius Hinrichs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-12-11 08:33 CET by Moritz Muehlenhoff
Modified: 2022-01-12 14:57 CET (History)
6 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
requate: Patch_Available+


Attachments
Test if freshclam works and CVD definitions can be processed (406 bytes, text/plain)
2016-09-29 14:56 CEST, Julius Hinrichs
Details
Minor improvement (476 bytes, text/plain)
2016-09-29 16:53 CEST, Julius Hinrichs
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-12-11 08:33:47 CET
ClamAV should be covered by ucs-test, at least the following:

- Does the virus scan generally work? (Tests with EICAR)
- Does Freshclam work and can all CVD definitions be processed by the current scan engine?
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2015-07-30 23:07:12 CEST
(In reply to Moritz Muehlenhoff from comment #0)
> - Does the virus scan generally work? (Tests with EICAR)

This is already covered.

> - Does Freshclam work and can all CVD definitions be processed by the
> current scan engine?

Please check if a test for this is possible and if yes, please implement it.
Comment 2 Julius Hinrichs univentionstaff 2016-09-29 14:56:55 CEST
Created attachment 8052 [details]
Test if freshclam works and CVD definitions can be processed

If CVD definitions cannot be processed, clamscan should fail.
Comment 3 Julius Hinrichs univentionstaff 2016-09-29 16:53:48 CEST
Created attachment 8056 [details]
Minor improvement
Comment 4 Philipp Hahn univentionstaff 2022-01-12 14:57:56 CET
(In reply to Sönke Schwardt-Krummrich from comment #1)
> > - Does Freshclam work and can all CVD definitions be processed by the
> > current scan engine?
> 
> Please check if a test for this is possible and if yes, please implement it.

Be careful: Just installing `clamav-freshclam` starts `freshclam`, which tries to download https://database.clamav.net/main.cvd from the CDN, which is rate-limited! This especially is a problem as all our internal VMs in KNUT use the same IPv4 address due to our use of NAT:

Jan 12 13:22:51 m34 systemd[1]: Started ClamAV virus database updater.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ClamAV update process started at Wed Jan 12 13:22:51 2022
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> daily database available for download (remote version: 26420)
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^Can't download daily.cvd from q
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> This means that you have been rate limited by the CDN.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->  1. Run FreshClam no more than once an hour to check for updates.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     FreshClam should check DNS first to see if an update is needed.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->  2. If you have more than 10 hosts on your network attempting to download,
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     it is recommended that you set up a private mirror on your network using
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     CDN and your own network.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->  3. Please do not open a ticket asking for an exemption from the rate limit,
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     it will not be granted.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^You are on cool-down until after: 2022-01-12 17:22:51
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> main database available for download (remote version: 62)
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^Can't download main.cvd from https://database.clamav.net/main.cvd
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^FreshClam received error code 429 from the ClamAV Content Delivery Network (CDN).
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> This means that you have been rate limited by the CDN.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->  1. Run FreshClam no more than once an hour to check for updates.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     FreshClam should check DNS first to see if an update is needed.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->  2. If you have more than 10 hosts on your network attempting to download,
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     it is recommended that you set up a private mirror on your network using
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     cvdupdate (https://pypi.org/project/cvdupdate/) to save bandwidth on the
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     CDN and your own network.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->  3. Please do not open a ticket asking for an exemption from the rate limit,
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 ->     it will not be granted.
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> ^You are on cool-down until after: 2022-01-12 17:22:51
Jan 12 13:22:51 m34 freshclam[14005]: Wed Jan 12 13:22:51 2022 -> bytecode database available for download (remote version: 333)
Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> Testing database: '/var/lib/clamav/tmp.26048a9034/clamav-2e687c52302c3792bda359f54d5d560f.tmp-bytecode.cvd' ...
Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> Database test passed.
Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Jan 12 13:22:52 m34 freshclam[14005]: Wed Jan 12 13:22:52 2022 -> !NotifyClamd: Can't find or parse configuration file /etc/clamav/clamd.conf

After setting up a local mirror <https://helpdesk.knut.univention.de/#ticket/zoom/3019> using <https://github.com/Cisco-Talos/cvdupdate> I was finally to do QA for Bug #54330.


Please note that /etc/univention/templates/files/etc/clamav/freshclam.conf overwrites the mirrors with out-dated values:
> # ucr get clamav/database/mirror
> db.local.clamav.net database.clamav.net

See <https://lists.clamav.net/pipermail/clamav-users/2021-March/010544.html> for the rate-limiting: everything <1day is considered abuse, while univention-adnitvir-mail configures 1h in /etc/clamav/freshclam.conf:
> # Check for new database 24 times a day
> Checks 24