[Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
- Briain
- Experience counts
- Posts: 1749
- Joined: Tue Apr 20, 2010 11:56 pm
- Location: Edinburgh (Scotland)
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
Hi
Well it seemed to work for a day or so, then fail. I was about to raise a ticket, but I spotted that a new firmware had been released and despite their being nothing in the notes (relating to clamav) I thought I'd see if the update fixed it, but no, I was still getting the daily e-mail to say that it had failed.
I then revisited this thread and had a look to see if the symbolic link to /user/share/clamav was present and no, it was not, so I manually created one (thank you @ours.gris; see post on previous page to this one) and now when then running 'freshclam -u admin' it works (well, at first it didn't work as expected, but that's due to me using an enterprise type network boundary; I'll explain that in a footnote, just in case anyone else comes across a similar issue).
Anyhow, I'll post back in a few days to let folks know if this latest attempt to fix it has worked.
Kind regards to all,
Briain
After installing the symbolic link and running 'freshclam -u admin', I received a tonne of certificate errors, but I immediately realised what was going wrong. I had thought that the clamav update process used only http in the past (I saw evidence of that when manually updating it via '/bin/sh -xxxx /etc/init.d/antivirus.sh update_db' and there has never been any problems with the automated update process in the past) but after running 'freshclam -u admin' I could see it was trying to access files at 'https://download.clamav.net' so with me running Sophos UTM with https inspection enabled, it was obviously objecting to my Sophos UTM re-signing the certificate (as it would be an unrecognised CA), so I then added a web filter exception for ^https://([A-Za-z0-9.-]*\.)?clamav\.net/ and it all worked a charm.
---------
Later edit (6th May 2021):
I meant to add this a while back, but if you are using a firewall that does HTTPS inspection, the AV update process now needs an exception for https://database.clamav.net/
Briain
Well it seemed to work for a day or so, then fail. I was about to raise a ticket, but I spotted that a new firmware had been released and despite their being nothing in the notes (relating to clamav) I thought I'd see if the update fixed it, but no, I was still getting the daily e-mail to say that it had failed.
I then revisited this thread and had a look to see if the symbolic link to /user/share/clamav was present and no, it was not, so I manually created one (thank you @ours.gris; see post on previous page to this one) and now when then running 'freshclam -u admin' it works (well, at first it didn't work as expected, but that's due to me using an enterprise type network boundary; I'll explain that in a footnote, just in case anyone else comes across a similar issue).
Anyhow, I'll post back in a few days to let folks know if this latest attempt to fix it has worked.
Kind regards to all,
Briain
After installing the symbolic link and running 'freshclam -u admin', I received a tonne of certificate errors, but I immediately realised what was going wrong. I had thought that the clamav update process used only http in the past (I saw evidence of that when manually updating it via '/bin/sh -xxxx /etc/init.d/antivirus.sh update_db' and there has never been any problems with the automated update process in the past) but after running 'freshclam -u admin' I could see it was trying to access files at 'https://download.clamav.net' so with me running Sophos UTM with https inspection enabled, it was obviously objecting to my Sophos UTM re-signing the certificate (as it would be an unrecognised CA), so I then added a web filter exception for ^https://([A-Za-z0-9.-]*\.)?clamav\.net/ and it all worked a charm.
---------
Later edit (6th May 2021):
I meant to add this a while back, but if you are using a firewall that does HTTPS inspection, the AV update process now needs an exception for https://database.clamav.net/
Briain
TS-119, 1 X Seagate ~~ TS-219, 2 X Seagate (R1) ~~ TS-453A, 2 X 3 TB WD Red (R1) ~~ TS-659, 5 X 1 TB Hitachi Enterprise (R6)
APC Smart-UPS 750
APC Smart-UPS 750
-
- New here
- Posts: 4
- Joined: Tue May 14, 2013 11:37 pm
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
Dear community,
I also had the problem that the update of virus definition failed on my older QNAP TS469-L. After trying to update clamav with the command I received the error:
again and the definitions are up to date:
Many thanks in advance and best regards
Tim
I also had the problem that the update of virus definition failed on my older QNAP TS469-L. After trying to update clamav with the command
Code: Select all
freshclam -u admin
Than I tried to upload the files manually after deleting them an download via wget. RunningClamAV update process started at Wed Aug 5 14:35:42 2020
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Code: Select all
freshclam -u admin
But what is the right way to upgrade to the latest clamav version 0.102.4 on my older QNAP? It seems that the latest firmware update to version 4.3.4.1368 Build 20200703 didn't do that automatically.ClamAV update process started at Wed Aug 5 14:35:42 2020
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
daily.cvd is up to date (version: 25894, sigs: 3775917, f-level: 63, builder: raynman)
bytecode.cvd is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg)
Many thanks in advance and best regards
Tim
- usefulvid
- Starting out
- Posts: 33
- Joined: Thu Oct 11, 2018 5:00 pm
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
The topic is about an other problem.
Freshclam only updates virus definitions not the antivirus itself.
This is only a warning and can be ignored.
Nevertheless it should be good practive to run up to date software but QNAP seems to think different.
Freshclam only updates virus definitions not the antivirus itself.
This is only a warning and can be ignored.
Nevertheless it should be good practive to run up to date software but QNAP seems to think different.
-
- New here
- Posts: 9
- Joined: Thu Jan 06, 2011 2:10 am
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
Hi,
I would like to share some information from my side.
Personally i own a TS-419PII and a TS-253PRO. The TS119-PII is owned by a friend of my.
The TS-119PII and TS-419PII have the same problem regarding updating the virus definitions. They both have virus engine version 0.99.3.
When running the command:
the memory consumption of the process is running up to 50-60%. The load average is going to approx 11/12.
Then finally the kernel kills the process with level 9.
The TS-253PRO works fine. Updates are automatically installed as expected.
TS-119PII (4.3.3.1315)
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
TS-419PII (4.3.3.1315)
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
TS-253PRO (4.4.3.1400)
WARNING: Local version: 0.102.2 Recommended version: 0.102.4
So I have a few questions.
Is it possible to upgrade the virus engine on both old Qnap servers? If yes, how?
Is Qnap going to release an update to fix this?
I would like to share some information from my side.
Personally i own a TS-419PII and a TS-253PRO. The TS119-PII is owned by a friend of my.
The TS-119PII and TS-419PII have the same problem regarding updating the virus definitions. They both have virus engine version 0.99.3.
When running the command:
Code: Select all
freshclam -u admin -l /tmp/.freshclam.log
Then finally the kernel kills the process with level 9.
The TS-253PRO works fine. Updates are automatically installed as expected.
TS-119PII (4.3.3.1315)
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
TS-419PII (4.3.3.1315)
WARNING: Local version: 0.99.3 Recommended version: 0.102.4
TS-253PRO (4.4.3.1400)
WARNING: Local version: 0.102.2 Recommended version: 0.102.4
So I have a few questions.
Is it possible to upgrade the virus engine on both old Qnap servers? If yes, how?
Is Qnap going to release an update to fix this?
- dolbyman
- Guru
- Posts: 35276
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
for the x19 units .. open a ticket with QNAP asap. Qnap will only do security relevant fixes till the end of this year, no feature updates since end of 2017
-
- New here
- Posts: 4
- Joined: Tue Oct 28, 2014 9:16 pm
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
I´ve got the same problem on my ts-459 pro ii since a few days.
Manually update the definitions per cli or manually uploading with gui is working, only the automatic Update fails.
Manually update the definitions per cli or manually uploading with gui is working, only the automatic Update fails.
-
- Know my way around
- Posts: 101
- Joined: Thu Jul 25, 2013 1:25 am
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
Our TS-419 U II is doing the same - last definition update was Sep 20.
I have manually killed the freshclam process and it did the same one me twice.
It is producing a few errors like this in the /tmp/.freshclam.log , so I know the update is at least partially progressing, but then it just stops and causes performance issues as CPU and load keep increasing
"logical signature for XXXXXXXXXXXXXXXX uses PCREs but support is disabled, skipping"
I have now set the automatic def. update to OFF.
When I go to the clamav website, the definitions downloads offered there are .cvd files, but on the QNAP they are .cld ? I don't know if it's just a straight swap ?
I have manually killed the freshclam process and it did the same one me twice.
It is producing a few errors like this in the /tmp/.freshclam.log , so I know the update is at least partially progressing, but then it just stops and causes performance issues as CPU and load keep increasing
"logical signature for XXXXXXXXXXXXXXXX uses PCREs but support is disabled, skipping"
I have now set the automatic def. update to OFF.
When I go to the clamav website, the definitions downloads offered there are .cvd files, but on the QNAP they are .cld ? I don't know if it's just a straight swap ?
[ TS-873U-RP @HQ ][ TS-220 + TS-221 +TS-419 U II @Satellite branches ] [ TS-212P + HS453-DX @Home ]
-
- New here
- Posts: 4
- Joined: Tue Oct 28, 2014 9:16 pm
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
after update to "4.2.6 build 20200821" the automatic updates are working again.
---
since two days the updates aren´t working again
---
since two days the updates aren´t working again
-
- Starting out
- Posts: 14
- Joined: Mon Dec 07, 2009 3:05 am
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
TS-439 firmware 4.2.6 (2020.08.21) - updates keep failing (have been failing for a while).
manual fun produces the following
freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Thu Oct 15 12:21:25 2020
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
ERROR: Can't create new socket: Address family not supported by protocol
WARNING: getpatch: Can't download daily-25912.cdiff from db.local.clamav.net
Downloading daily-25912.cdiff [100%]
Downloading daily-25913.cdiff [100%]
Downloading daily-25914.cdiff [100%]
Downloading daily-25915.cdiff [100%]
Downloading daily-25916.cdiff [100%]
Downloading daily-25917.cdiff [100%]
Downloading daily-25918.cdiff [100%]
Downloading daily-25919.cdiff [100%]
Downloading daily-25920.cdiff [100%]
Downloading daily-25921.cdiff [100%]
Downloading daily-25922.cdiff [100%]
Downloading daily-25923.cdiff [100%]
Downloading daily-25924.cdiff [100%]
Downloading daily-25925.cdiff [100%]
Downloading daily-25926.cdiff [100%]
Downloading daily-25927.cdiff [100%]
Downloading daily-25928.cdiff [100%]
Downloading daily-25929.cdiff [100%]
Downloading daily-25930.cdiff [100%]
Downloading daily-25931.cdiff [100%]
.... then a lot of log file entries... and at the end...
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538121-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538122-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538124-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Win.Exploit.PowerSploit-6982894-2 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_0985-6990944-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Img.Exploit.CVE_2019_5060-6978103-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_5067-7054139-0 uses PCREs but support is disabled, skipping
ERROR: Database load killed by signal 9
ERROR: Failed to load new database
manual fun produces the following
freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Thu Oct 15 12:21:25 2020
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
ERROR: Can't create new socket: Address family not supported by protocol
WARNING: getpatch: Can't download daily-25912.cdiff from db.local.clamav.net
Downloading daily-25912.cdiff [100%]
Downloading daily-25913.cdiff [100%]
Downloading daily-25914.cdiff [100%]
Downloading daily-25915.cdiff [100%]
Downloading daily-25916.cdiff [100%]
Downloading daily-25917.cdiff [100%]
Downloading daily-25918.cdiff [100%]
Downloading daily-25919.cdiff [100%]
Downloading daily-25920.cdiff [100%]
Downloading daily-25921.cdiff [100%]
Downloading daily-25922.cdiff [100%]
Downloading daily-25923.cdiff [100%]
Downloading daily-25924.cdiff [100%]
Downloading daily-25925.cdiff [100%]
Downloading daily-25926.cdiff [100%]
Downloading daily-25927.cdiff [100%]
Downloading daily-25928.cdiff [100%]
Downloading daily-25929.cdiff [100%]
Downloading daily-25930.cdiff [100%]
Downloading daily-25931.cdiff [100%]
.... then a lot of log file entries... and at the end...
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538121-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538122-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Email.Phishing.VOF2-6538124-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Win.Exploit.PowerSploit-6982894-2 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_0985-6990944-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Img.Exploit.CVE_2019_5060-6978103-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Pdf.Exploit.CVE_2019_5067-7054139-0 uses PCREs but support is disabled, skipping
ERROR: Database load killed by signal 9
ERROR: Failed to load new database
-
- New here
- Posts: 3
- Joined: Tue Sep 18, 2012 9:12 pm
- Location: Seinäjoki, Finland
- Contact:
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
Hi,
I have exactly the same problem with both of my QNAPs, one at the office, one at home. I have received the same error for months now. Since March (first time March 1st, 2020, next March 16th, 2020, and March 24, 2020 and onwards every day) my NAS servers of the model QNAP TS-219 have not been able to update their database from CLAMAV website. I have updated it by hand at https://www.clamav.net/downloads, and assumed that the fault is in the software, but the issue has not been fixed by QNAP, even though several updates have been installed since March 1st.
This is what happens using the console:
[/usr/share/clamav] # freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Mon Oct 19 12:28:26 2020
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Downloading daily-25942.cdiff [100%]
Downloading daily-25943.cdiff [100%]
Downloading daily-25944.cdiff [100%]
...
[LibClamAV] cli_loadldb: logical signature for Doc.Downloader.Emotet-9771969-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Doc.Downloader.Emotet-9774516-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Js.Malware.LemonDuck-9775029-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for PUA.Java.Packer.Allatori-6687596-0 uses PCREs but support is disabled, skipping
ERROR: Database load killed by signal 9
ERROR: Failed to load new database
[/usr/share/clamav] #
Why isn't QNAP doing anything?
I have exactly the same problem with both of my QNAPs, one at the office, one at home. I have received the same error for months now. Since March (first time March 1st, 2020, next March 16th, 2020, and March 24, 2020 and onwards every day) my NAS servers of the model QNAP TS-219 have not been able to update their database from CLAMAV website. I have updated it by hand at https://www.clamav.net/downloads, and assumed that the fault is in the software, but the issue has not been fixed by QNAP, even though several updates have been installed since March 1st.
This is what happens using the console:
[/usr/share/clamav] # freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Mon Oct 19 12:28:26 2020
main.cvd is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Downloading daily-25942.cdiff [100%]
Downloading daily-25943.cdiff [100%]
Downloading daily-25944.cdiff [100%]
...
[LibClamAV] cli_loadldb: logical signature for Doc.Downloader.Emotet-9771969-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Doc.Downloader.Emotet-9774516-0 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for Js.Malware.LemonDuck-9775029-1 uses PCREs but support is disabled, skipping
[LibClamAV] cli_loadldb: logical signature for PUA.Java.Packer.Allatori-6687596-0 uses PCREs but support is disabled, skipping
ERROR: Database load killed by signal 9
ERROR: Failed to load new database
[/usr/share/clamav] #
Why isn't QNAP doing anything?
-----------------------------------------------
Best Regards,
Tapio Hellman
Laboratory Engineer
Seinäjoki University of Applied Sciences
School of Technology
Kampusranta 9 A
FIN-60320 Seinäjoki
FINLAND
Tel: +358408304157
E-mail: tapio.hellman@seamk.fi
Internet: www.seamk.fi
Best Regards,
Tapio Hellman
Laboratory Engineer
Seinäjoki University of Applied Sciences
School of Technology
Kampusranta 9 A
FIN-60320 Seinäjoki
FINLAND
Tel: +358408304157
E-mail: tapio.hellman@seamk.fi
Internet: www.seamk.fi
- dolbyman
- Guru
- Posts: 35276
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
did you report that issue to qnap?
do it asap..your NAS will not get any updayes anymore starting 2021
do it asap..your NAS will not get any updayes anymore starting 2021
- chalk
- Starting out
- Posts: 30
- Joined: Tue Nov 20, 2012 1:45 am
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
Hi,
I am experiencing the same issue on a TS-119 P II. Has anyone found a way to resolve this or made a request to QNAP yet? Was any response from QNAP received on this Failure?
Thanks,
Christoph
I am experiencing the same issue on a TS-119 P II. Has anyone found a way to resolve this or made a request to QNAP yet? Was any response from QNAP received on this Failure?
Thanks,
Christoph
-
- New here
- Posts: 2
- Joined: Mon Feb 13, 2012 10:37 pm
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
I'm yet another person experiencing this issue on a TS-219P+ , which goes out of support at the end of this year. I've pretty well tried all the suggested fixes, to no avail. As far as I know, the virus update failure started sometime last spring.
Just curious if anyone's heard back from QNAP on the fix for this issue?
bryan
Just curious if anyone's heard back from QNAP on the fix for this issue?
bryan
-
- New here
- Posts: 9
- Joined: Thu Sep 24, 2015 11:25 pm
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
I've got the TS-219P+ also. Same problem: I've been getting the "[Antivirus] Failed to update virus definitions." error message every day for months. I have no clue what to do about it. I find it worrisome that QNAP has apparently turned a blind eye to something as seemingly fundamental as this.
-
- First post
- Posts: 1
- Joined: Thu Mar 26, 2020 3:22 am
Re: [Antivirus] Failed to update virus definitions. Update definitions manually, or try again later.
I have the same issue on BF3E40 .
What to do about it?
What to do about it?