[Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Q'center app, Helpdesk app
Post Reply
User avatar
Briain
Experience counts
Posts: 1749
Joined: Tue Apr 20, 2010 11:56 pm
Location: Edinburgh (Scotland)

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by Briain »

Hi

Well it seemed to work for a day or so, then fail. I was about to raise a ticket, but I spotted that a new firmware had been released and despite their being nothing in the notes (relating to clamav) I thought I'd see if the update fixed it, but no, I was still getting the daily e-mail to say that it had failed.

I then revisited this thread and had a look to see if the symbolic link to /user/share/clamav was present and no, it was not, so I manually created one (thank you @ours.gris; see post on previous page to this one) and now when then running 'freshclam -u admin' it works (well, at first it didn't work as expected, but that's due to me using an enterprise type network boundary; I'll explain that in a footnote, just in case anyone else comes across a similar issue).

Anyhow, I'll post back in a few days to let folks know if this latest attempt to fix it has worked.

Kind regards to all,
Briain

After installing the symbolic link and running 'freshclam -u admin', I received a tonne of certificate errors, but I immediately realised what was going wrong. I had thought that the clamav update process used only http in the past (I saw evidence of that when manually updating it via '/bin/sh -xxxx /etc/init.d/antivirus.sh update_db' and there has never been any problems with the automated update process in the past) but after running 'freshclam -u admin' I could see it was trying to access files at 'https://download.clamav.net' so with me running Sophos UTM with https inspection enabled, it was obviously objecting to my Sophos UTM re-signing the certificate (as it would be an unrecognised CA), so I then added a web filter exception for ^https://([A-Za-z0-9.-]*\.)?clamav\.net/ and it all worked a charm.

---------

Later edit (6th May 2021):

I meant to add this a while back, but if you are using a firewall that does HTTPS inspection, the AV update process now needs an exception for https://database.clamav.net/

Briain
TS-119, 1 X Seagate ~~ TS-219, 2 X Seagate (R1) ~~ TS-453A, 2 X 3 TB WD Red (R1) ~~ TS-659, 5 X 1 TB Hitachi Enterprise (R6)
APC Smart-UPS 750
sTaNy
New here
Posts: 4
Joined: Tue May 14, 2013 11:37 pm

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by sTaNy »

Dear community,

I also had the problem that the update of virus definition failed on my older QNAP TS469-L. After trying to update clamav with the command

Code: Select all

freshclam -u admin  
I received the error:
ClamAV update process started at Wed Aug 5 14:35:42 2020
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Than I tried to upload the files manually after deleting them an download via wget. Running

Code: Select all

freshclam -u admin
again and the definitions are up to date:
ClamAV update process started at Wed Aug 5 14:35:42 2020
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd is up to date (version: 25894, sigs: 3775917, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
But what is the right way to upgrade to the latest clamav version 0.102.4 on my older QNAP? It seems that the latest firmware update to version 4.3.4.1368 Build 20200703 didn't do that automatically.

Many thanks in advance and best regards
Tim
User avatar
usefulvid
Starting out
Posts: 33
Joined: Thu Oct 11, 2018 5:00 pm

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by usefulvid »

The topic is about an other problem.
Freshclam only updates virus definitions not the antivirus itself.
This is only a warning and can be ignored.
Nevertheless it should be good practive to run up to date software but QNAP seems to think different.
paulwi
New here
Posts: 9
Joined: Thu Jan 06, 2011 2:10 am

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by paulwi »

Hi,

I would like to share some information from my side.
Personally i own a TS-419PII and a TS-253PRO. The TS119-PII is owned by a friend of my.
The TS-119PII and TS-419PII have the same problem regarding updating the virus definitions. They both have virus engine version 0.99.3.
When running the command:

Code: Select all

freshclam -u admin -l /tmp/.freshclam.log
the memory consumption of the process is running up to 50-60%. The load average is going to approx 11/12.
Then finally the kernel kills the process with level 9.

The TS-253PRO works fine. Updates are automatically installed as expected.

TS-119PII (4.3.3.1315)
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
TS-419PII (4.3.3.1315)
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
TS-253PRO (4.4.3.1400)
WARNING: Local version: 0.102.2 Recommended version: 0.102.4

So I have a few questions.
Is it possible to upgrade the virus engine on both old Qnap servers? If yes, how?
Is Qnap going to release an update to fix this?
User avatar
dolbyman
Guru
Posts: 35014
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by dolbyman »

for the x19 units .. open a ticket with QNAP asap. Qnap will only do security relevant fixes till the end of this year, no feature updates since end of 2017
ottl05
New here
Posts: 4
Joined: Tue Oct 28, 2014 9:16 pm

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by ottl05 »

I´ve got the same problem on my ts-459 pro ii since a few days.
Manually update the definitions per cli or manually uploading with gui is working, only the automatic Update fails.
itteam
Know my way around
Posts: 100
Joined: Thu Jul 25, 2013 1:25 am

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by itteam »

Our TS-419 U II is doing the same - last definition update was Sep 20.
I have manually killed the freshclam process and it did the same one me twice.
It is producing a few errors like this in the /tmp/.freshclam.log , so I know the update is at least partially progressing, but then it just stops and causes performance issues as CPU and load keep increasing
"logical signature for XXXXXXXXXXXXXXXX uses PCREs but support is disabled, skipping"

I have now set the automatic def. update to OFF.

When I go to the clamav website, the definitions downloads offered there are .cvd files, but on the QNAP they are .cld ? I don't know if it's just a straight swap ?
[ TS-873U-RP @HQ ][ TS-220 + TS-221 +TS-419 U II @Satellite branches ] [ TS-212P + HS453-DX @Home ]
ottl05
New here
Posts: 4
Joined: Tue Oct 28, 2014 9:16 pm

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by ottl05 »

after update to "4.2.6 build 20200821" the automatic updates are working again.

---
since two days the updates aren´t working again :(
ulikio
Starting out
Posts: 14
Joined: Mon Dec 07, 2009 3:05 am

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by ulikio »

TS-439 firmware 4.2.6 (2020.08.21) - updates keep failing (have been failing for a while).
manual fun produces the following

freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Thu Oct 15 12:21:25 2020
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
ERROR: Can't create new socket: Address family not supported by protocol
WARNING: getpatch: Can't download daily-25912.cdiff from db.local.clamav.net
Downloading daily-25912.cdiff [100%]
Downloading daily-25913.cdiff [100%]
Downloading daily-25914.cdiff [100%]
Downloading daily-25915.cdiff [100%]
Downloading daily-25916.cdiff [100%]
Downloading daily-25917.cdiff [100%]
Downloading daily-25918.cdiff [100%]
Downloading daily-25919.cdiff [100%]
Downloading daily-25920.cdiff [100%]
Downloading daily-25921.cdiff [100%]
Downloading daily-25922.cdiff [100%]
Downloading daily-25923.cdiff [100%]
Downloading daily-25924.cdiff [100%]
Downloading daily-25925.cdiff [100%]
Downloading daily-25926.cdiff [100%]
Downloading daily-25927.cdiff [100%]
Downloading daily-25928.cdiff [100%]
Downloading daily-25929.cdiff [100%]
Downloading daily-25930.cdiff [100%]
Downloading daily-25931.cdiff [100%]
.... then a lot of log file entries... and at the end...
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538121-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538122-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538124-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Win.Exploit.PowerSploit-6982894-2 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_0985-6990944-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Img.Exploit.CVE_2019_5060-6978103-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_5067-7054139-0 uses PCREs but support is disabled, skipping
ERROR: Database load killed by signal 9
ERROR: Failed to load new database
ctahell
New here
Posts: 3
Joined: Tue Sep 18, 2012 9:12 pm
Location: Seinäjoki, Finland
Contact:

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by ctahell »

Hi,

I have exactly the same problem with both of my QNAPs, one at the office, one at home. I have received the same error for months now. Since March (first time March 1st, 2020, next March 16th, 2020, and March 24, 2020 and onwards every day) my NAS servers of the model QNAP TS-219 have not been able to update their database from CLAMAV website. I have updated it by hand at https://www.clamav.net/downloads, and assumed that the fault is in the software, but the issue has not been fixed by QNAP, even though several updates have been installed since March 1st.

This is what happens using the console:

[/usr/share/clamav] # freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Mon Oct 19 12:28:26 2020
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Downloading daily-25942.cdiff [100%]
Downloading daily-25943.cdiff [100%]
Downloading daily-25944.cdiff [100%]
...
[LibClamAV] cli_loadldb: logical signature for Doc.Downloader.Emotet-9771969-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Doc.Downloader.Emotet-9774516-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Js.Malware.LemonDuck-9775029-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for PUA.Java.Packer.Allatori-6687596-0 uses PCREs but support is disabled, skipping
ERROR: Database load killed by signal 9
ERROR: Failed to load new database
[/usr/share/clamav] #

Why isn't QNAP doing anything?
-----------------------------------------------
Best Regards,
Tapio Hellman
Laboratory Engineer
Seinäjoki University of Applied Sciences
School of Technology
Kampusranta 9 A
FIN-60320 Seinäjoki
FINLAND
Tel: +358408304157
E-mail: tapio.hellman@seamk.fi
Internet: www.seamk.fi
User avatar
dolbyman
Guru
Posts: 35014
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by dolbyman »

did you report that issue to qnap?

do it asap..your NAS will not get any updayes anymore starting 2021
User avatar
chalk
Starting out
Posts: 30
Joined: Tue Nov 20, 2012 1:45 am

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by chalk »

Hi,

I am experiencing the same issue on a TS-119 P II. Has anyone found a way to resolve this or made a request to QNAP yet? Was any response from QNAP received on this Failure?

Thanks,

Christoph
UNIVAC
New here
Posts: 2
Joined: Mon Feb 13, 2012 10:37 pm

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by UNIVAC »

I'm yet another person experiencing this issue on a TS-219P+ , which goes out of support at the end of this year. I've pretty well tried all the suggested fixes, to no avail. As far as I know, the virus update failure started sometime last spring.

Just curious if anyone's heard back from QNAP on the fix for this issue?


bryan
blake
New here
Posts: 9
Joined: Thu Sep 24, 2015 11:25 pm

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by blake »

I've got the TS-219P+ also. Same problem: I've been getting the "[Antivirus] Failed to update virus definitions." error message every day for months. I have no clue what to do about it. I find it worrisome that QNAP has apparently turned a blind eye to something as seemingly fundamental as this.
erik@stook.se
First post
Posts: 1
Joined: Thu Mar 26, 2020 3:22 am

Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.

Post by erik@stook.se »

I have the same issue on BF3E40 .
What to do about it?
Post Reply

Return to “NAS Management”