Page 1 of 7
[Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manually.
Posted: Fri Mar 05, 2021 5:17 pm
by MrHolland
Good day people,
W've got an issue regarding clamav virus updates on our TS-669 pro nas.
Running at Current firmware version:4.3.4.1463
Daily we get an email notice;
[Antivirus] Failed to update virus definitions. Please try again later or update the definitions manually.
When trying to update manually trough SSH this is the output:
Code: Select all
[~] # /usr/local/bin/freshclam -u admin -l /tmp/.freshclam.log
ClamAV update process started at Fri Mar 5 10:05:43 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.local.clamav.net
WARNING: getpatch: Can't download daily-26096.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
WARNING: Can't download daily.cvd from db.local.clamav.net
Trying again in 5 secs...
ClamAV update process started at Fri Mar 5 10:05:52 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.local.clamav.net
ERROR: getpatch: Can't download daily-26096.cdiff from db.local.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from db.local.clamav.net
Giving up on db.local.clamav.net...
ClamAV update process started at Fri Mar 5 10:05:54 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.ch.clamav.net
ERROR: getpatch: Can't download daily-26096.cdiff from db.ch.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from db.ch.clamav.net
Giving up on db.ch.clamav.net...
ClamAV update process started at Fri Mar 5 10:05:56 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.cn.clamav.net
ERROR: getpatch: Can't download daily-26096.cdiff from db.cn.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from db.cn.clamav.net
Giving up on db.cn.clamav.net...
ClamAV update process started at Fri Mar 5 10:05:59 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.jp.clamav.net
ERROR: getpatch: Can't download daily-26096.cdiff from db.jp.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from db.jp.clamav.net
Giving up on db.jp.clamav.net...
ClamAV update process started at Fri Mar 5 10:06:01 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from db.us.clamav.net
ERROR: getpatch: Can't download daily-26096.cdiff from db.us.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from db.us.clamav.net
Giving up on db.us.clamav.net...
ClamAV update process started at Fri Mar 5 10:06:04 2021
main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
WARNING: getpatch: Can't download daily-26096.cdiff from database.clamav.net
ERROR: getpatch: Can't download daily-26096.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: Can't download daily.cvd from database.clamav.net
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/config/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons.
[~] #
DNS Servers are set to 1.1.1.1 and 8.8.8.8
Result of ping:
Code: Select all
[~] # ping db.local.clamav.net
PING db.local.clamav.net (104.16.218.84): 56 data bytes
64 bytes from 104.16.218.84: seq=0 ttl=59 time=5.928 ms
64 bytes from 104.16.218.84: seq=1 ttl=59 time=5.640 ms
64 bytes from 104.16.218.84: seq=2 ttl=59 time=5.963 ms
Result of wget
Code: Select all
[~] # wget http://db.local.clamav.net
--2021-03-05 10:08:19-- http://db.local.clamav.net/
Resolving db.local.clamav.net (db.local.clamav.net)... 104.16.218.84, 104.16.219.84, 2606:4700::6810:da54, ...
Connecting to db.local.clamav.net (db.local.clamav.net)|104.16.218.84|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
index.html [ <=> ] 1.14K --.-KB/s in 0s
2021-03-05 10:08:20 (28.5 MB/s) - ‘index.html’ saved [1166]
[~] #
When I manually browse to
http://db.local.clamav.net/daily-26096.cdiff to file downloads without any problem.
However when I wget the file trough SSH gives:
Code: Select all
[~] # wget http://db.local.clamav.net/daily-26096.cdiff
--2021-03-05 10:15:25-- http://db.local.clamav.net/daily-26096.cdiff
Resolving db.local.clamav.net (db.local.clamav.net)... 104.16.219.84, 104.16.218.84, 2606:4700::6810:da54, ...
Connecting to db.local.clamav.net (db.local.clamav.net)|104.16.219.84|:80... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-03-05 10:15:25 ERROR 403: Forbidden.
Is there someone familiar with this issue and can help me out with a solution? Thanks in advance for any support!
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 7:08 am
by jamieburchell
Same here on a TS-228 with latest firmware. Started happening around the beginning of the month.
The provider is probably blocking the default User-agent that wget uses (and probably the agent the Qnap update process is using).
This works from the NAS
Code: Select all
wget -U "Mozilla/5.0 (iPhone; CPU iPhone OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/87.0.4280.77 Mobile/15E148 Safari/604.1" http://db.local.clamav.net/daily-26096.cdiff
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 7:15 am
by JoelEsler
Hello. Joel from ClamAV here. It has become necessary to restrict wget based clients, so that’s why wget isn’t working. Freshclam may not be working because you’re running an old version of ClamAV. If you’re older than 0.100, then your version is EOL and ClamAV needs to be updated.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 8:08 am
by jamieburchell
Unfortunately it's not possible for users to update it as it's baked in to the QTS software/firmware QNAP releases.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 8:33 am
by sinther
I am also in this quandry.
I have a TS469L.
spent 3 hours today trying to work out why clamav not updating - now find this.
What options do I have - remove and update clamav from the command line?
Regards
rod.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 8:40 am
by jamieburchell
I think we'll have to wait and hope that QNAP release a new firmware with an updated ClamAV integration soon. Last firmware update for the TS-228 was something like September last year though. Probably need to open a support ticket with QNAP.
I don't believe it's possible to update the ClamAV software itself on the Qnap. It's probably possible to cobble together a script that uses wget and a spoofed user agent to grab the update files and restart the service but frankly we shouldn't have to do that and, I suspect the ClamAV team won't be thrilled about the idea.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 8:46 am
by sinther
OK cheers
I might take the risk of breaking this and work out how to uninstall and put latest clamav on there.. might break the UI, but if I can get it running in the background, all OK.
What's the worst that can happen? - I have to reload the machine with debian... or replace the device with a debian / ZFS box....
BTW - the comment from Joel is right on the money
freshclam --version on my TS469L yields
ClamAV 0.99.3
.. I wonder if I just overload with the new freshclam tool binary....... but that would mean that I need to correct build for the architecture....Hmmm
Cheers
rod.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Sun Mar 07, 2021 8:50 am
by jamieburchell
I'd be interested to know how you get on. I've not poked around too much myself, only to discover that I couldn't work out which process was running it. There's probably a battle to be had with persisting the changes after reboots and creating symlinks.
Edit: I found the files in /share/CACHEDEV1_DATA/.antivirus. There are lib files here that would probably need updating too.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Mon Mar 08, 2021 6:47 am
by Bulls3y3
Well, I'm glad I found this thread which explains I am not alone
My TS-869 Pro stopped updating after March 1. Given that I have had this thing up and running since 2013, I have gotten good value from it.
Still going strong as a NAS serving out my files and helping to protect my families files; I do not use it for much else. CPU too slow for streaming via apps (Twonky or Plex).
I think this last thing is just what I needed to push me to upgrade to a newer model! Not to mention there's no more firmware for 4.3.4 for these models and they don't support 4.4.x.
If someone does find a workaround, I'm interested too!
Regards,
Mike.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Mon Mar 08, 2021 7:47 am
by jamieburchell
My TS-228 is still within "security updates" support. I wonder if that would include a working antivirus application
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Mon Mar 08, 2021 5:52 pm
by fantomas
Hi gyus
looking at
https://www.qnap.com/en/product/eol.php#
TS-669
TS-469L
TS-869 Pro
are all out of support, apparently with old clamav version installed.
security updates for TS-228 (and I guess other versions) apparently do not include new clamav releases
(my 419P+ with TA-4.3.3 contains clamav 0.99.3, over 3 years old).
installing other linux distro could apparently bring clamav back to life.
note that clamav needs a more than 1GB of RAM to run properly:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
29395 uhlar 20 0 1746976 1.6g 3512 R 80.9 40.8 0:48.98 clamscan
2318 clamav 20 0 1769128 1.5g 1376 S 0.0 39.8 247:04.05 clamd
(no matter if you run clamscan or clamd/clamdscan)
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Tue Mar 09, 2021 12:26 am
by sunkarv
JoelEsler wrote: ↑Sun Mar 07, 2021 7:15 am
Hello. Joel from ClamAV here. It has become necessary to restrict wget based clients, so that’s why wget isn’t working. Freshclam may not be working because you’re running an old version of ClamAV. If you’re older than 0.100, then your version is EOL and ClamAV needs to be updated.
Hi Joel, if wget is restricted and what is the alternative solution. We don't want to use freshclam. We do have an architecture, we do have 5 different instances where ClamAV installed and we do have a centralized server where we are currently downloading the virus definition using WGET. And we are pushing the latest definition to all our ClamAV instances. We want to have a consistent definition in all ClamAV instances.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Tue Mar 09, 2021 4:31 am
by jamieburchell
Seems like I need to stop using ClamAV. That's one way to reduce traffic to the mirrors.
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Wed Mar 10, 2021 12:36 am
by bobthesungeek
Has anyone opened a case with QNAP regarding this?
Re: [Open] TS-669 p Antivirus Failed to update virus definitions. Please try again later or update the definitions manua
Posted: Wed Mar 10, 2021 12:42 am
by dolbyman
only people with non EOL units can , the rest gets ignored by default
