From nobody Mon Dec 05 09:04:01 2022 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NQczl08Xtz4j6kb for ; Mon, 5 Dec 2022 09:04:03 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NQczk67xsz4Qfl for ; Mon, 5 Dec 2022 09:04:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1670231042; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=94Y1vvpIKyI4pb1EL3myVpVpDyp74zoJQbuJ1Eq5HGg=; b=nyG/FaQrg7sel47pnh8tmD8JvgV/tMPQfmAjWcjt475kFHAeMFXoyP3g8j8VTktNHLLA9H AA66YpIiVw5XGBn+9Vy1/R0YQyFKATDDfXc5hIJIPOe9jvJFNcfrPT+aX5t6tmidUpaPKG QkxcGiYCJpCCWB77DMkRNsO/cE/5nSn+ljiFAsa0zB5WR/LHPwX7qK7BUbQ9PzWAFEBjNM 4FBqvs33GNA8Gv97ojpyyHQmY1sh3d3fsH5sH8ptF767CFjb7NKaIri5uuhq58qF8Y7s66 XqsIdNOp0Hu+asPQhZug7/JsXIV111cSRGaPj2zm1GsLz+uqBky5SzwHZQ1L1Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1670231042; a=rsa-sha256; cv=none; b=GBraZ/UYv5mLwmTy0gZHCWEmA5e0b696+Euqch/vIV/kELRyeSAvt2RjqywlEeyXBS+/Pz FdbFY8NDm6Ovs8AGwVH+I1UO8adGi/FXnsCgPXZafwz2iQL6wbKxX8stEChk6RvkHQAEmG FrIXHQJMlrm43hMOT7W6Q2yaA1zNni6q1WYyOoxtHJYcb5y43Bp9B/hJfTk4EUwW43vzqk OU6ymzMJ4TpICmCs4wxDqTbsZixcaxbKF1jjxXmJIn/yqFlTtoCdsniwzpWQL942ugaWH+ STBCxuSMJEFjq1Jl373fkDqVi+D+Fp07rR186sPv2xQwcxjYZX8mMhPlICqA0A== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NQczk5F2wzsKx for ; Mon, 5 Dec 2022 09:04:02 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 2B5942cW058144 for ; Mon, 5 Dec 2022 09:04:02 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 2B5942hN058143 for ports-bugs@FreeBSD.org; Mon, 5 Dec 2022 09:04:02 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 268069] security/clamav: 1.0.0 does no work with cld and cvd files Date: Mon, 05 Dec 2022 09:04:01 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: jasiu@tool.eu.org X-Bugzilla-Status: Open X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268069 jasiu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jasiu@tool.eu.org --- Comment #16 from jasiu --- Hello all. I noticed the same problem on 12.3-RELEASE FreeBSD 12.3-RELEASE releng/12.3-n234202-70cb68e7a00 GENERIC amd64 Maybe it is a problem with 'Decoded signature' look at: LibClamAV debug: MD5(.tar.gz) =3D 66662314e2576ce0f21b040490bdb5d6 LibClamAV debug: cli_versig: Decoded signature: 00000000000000000000000000000000 LibClamAV debug: cli_versig: Signature doesn't match. LibClamAV debug: cli_cvdverify: Digital signature verification error LibClamAV debug: Cleaning up phishcheck Reverted to port: security/clamav-lts, clamav-lts-0.103.7,1 and the problem= was gone Here is a full debug output from freshclam: root@thirdeye:/var/db/clamav # freshclam -u vscan --debug -v Current working dir is /var/db/clamav/ Loaded freshclam.dat: version: 1 uuid: 2aeb987e-bdbd-4d28-97a6-e8c686158415 retry-after: 2022-12-02 21:40:44 ClamAV update process started at Sat Dec 3 11:49:47 2022 Current working dir is /var/db/clamav/ Querying current.cvd.clamav.net TTL: 1800 fc_dns_query_update_info: Software version from DNS: 0.103.7 WARNING: Cool-down expired, ok to try again. Saved freshclam.dat Current working dir is /var/db/clamav/ check_for_new_database_version: No local copy of "daily" database. query_remote_database_version: daily.cvd version from DNS: 26739 daily database available for download (remote version: 26739) Retrieving https://database.clamav.net/daily.cvd downloadFile: Download source: https://database.clamav.net/daily.cvd downloadFile: Download destination: /var/db/clamav/tmp.165ecb003d/clamav-bd3cfc7a9a3af6e708185426742b891f.tmp * Trying 104.16.219.84:443... * Connected to database.clamav.net (104.16.219.84) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /usr/local/share/certs/ca-root-nss.crt * CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: C=3DUS; ST=3DCalifornia; L=3DSan Francisco; O=3DCloudflare, Inc= .; CN=3Dsni.cloudflaressl.com * start date: Jun 14 00:00:00 2022 GMT * expire date: Jun 14 23:59:59 2023 GMT * subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net" * issuer: C=3DUS; O=3DCloudflare, Inc.; CN=3DCloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=3D0 * h2h3 [:method: GET] * h2h3 [:path: /daily.cvd] * h2h3 [:scheme: https] * h2h3 [:authority: database.clamav.net] * h2h3 [user-agent: ClamAV/1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUI= D: 2aeb987e-bdbd-4d28-97a6-e8c686158415)] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x801fd9000) > GET /daily.cvd HTTP/2 Host: database.clamav.net user-agent: ClamAV/1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUID: 2aeb987e-bdbd-4d28-97a6-e8c686158415) accept: */* connection: close * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS =3D=3D 256)! < HTTP/2 200 < date: Sat, 03 Dec 2022 10:49:48 GMT < content-type: application/octet-stream < content-length: 60333814 < last-modified: Sat, 03 Dec 2022 08:16:00 GMT < etag: "638b05c0-3989ef6" < expires: Sat, 03 Dec 2022 22:49:48 GMT < etag: "638b05c0-3989ef6"=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20 =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20= =20=20=20=20 [82/184= 1] < expires: Sat, 03 Dec 2022 22:49:48 GMT < cache-control: public, max-age=3D43200 < cf-cache-status: HIT < age: 8995 < accept-ranges: bytes < server-timing: cf-q-config;dur=3D6.0000020312145e-06 < strict-transport-security: max-age=3D15552000 < x-content-type-options: nosniff < server: cloudflare < cf-ray: 773bbce0ecebbf65-WAW < Time: 4.9s, ETA: 0.0s [=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D>] 57.54MiB/57.54MiB * Connection #0 to host database.clamav.net left intact LibClamAV debug: Initialized 1.0.0 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) =3D 66662314e2576ce0f21b040490bdb5d6 LibClamAV debug: cli_versig: Decoded signature: 00000000000000000000000000000000 LibClamAV debug: cli_versig: Signature doesn't match. LibClamAV debug: cli_cvdverify: Digital signature verification error LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Can't verify database integrity Trying again in 5 secs... check_for_new_database_version: No local copy of "daily" database. query_remote_database_version: daily.cvd version from DNS: 26739 daily database available for download (remote version: 26739) Retrieving https://database.clamav.net/daily.cvd downloadFile: Download source: https://database.clamav.net/daily.cvd downloadFile: Download destination: /var/db/clamav/tmp.165ecb003d/clamav-71a990e570dd836b8a4a1002be6be9da.tmp * Trying 104.16.219.84:443... * Connected to database.clamav.net (104.16.219.84) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /usr/local/share/certs/ca-root-nss.crt * CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: C=3DUS; ST=3DCalifornia; L=3DSan Francisco; O=3DCloudflare, Inc= .; CN=3Dsni.cloudflaressl.com * start date: Jun 14 00:00:00 2022 GMT * expire date: Jun 14 23:59:59 2023 GMT * subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net" * issuer: C=3DUS; O=3DCloudflare, Inc.; CN=3DCloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=3D0 * h2h3 [:method: GET] * h2h3 [:path: /daily.cvd] * h2h3 [:scheme: https] * h2h3 [:authority: database.clamav.net] * h2h3 [user-agent: ClamAV/1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUI= D: 2aeb987e-bdbd-4d28-97a6-e8c686158415)] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x801fd9000) > GET /daily.cvd HTTP/2 Host: database.clamav.net user-agent: ClamAV/1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUID: 2aeb987e-bdbd-4d28-97a6-e8c686158415) accept: */* connection: close * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS =3D=3D 256)! < HTTP/2 200 < date: Sat, 03 Dec 2022 10:49:59 GMT < content-type: application/octet-stream < content-length: 60333814 < last-modified: Sat, 03 Dec 2022 08:16:00 GMT < etag: "638b05c0-3989ef6" < expires: Sat, 03 Dec 2022 22:49:59 GMT < cache-control: public, max-age=3D43200 < cf-cache-status: HIT < age: 9006 < accept-ranges: bytes < server-timing: cf-q-config;dur=3D6.9999987317715e-06 < strict-transport-security: max-age=3D15552000 < x-content-type-options: nosniff < server: cloudflare < cf-ray: 773bbd1fd9f8fbc6-WAW < Time: 4.2s, ETA: 0.0s [=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D>] 57.54MiB/57.54MiB * Connection #0 to host database.clamav.net left intact LibClamAV debug: Initialized 1.0.0 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) =3D 66662314e2576ce0f21b040490bdb5d6 LibClamAV debug: cli_versig: Decoded signature: 00000000000000000000000000000000 LibClamAV debug: cli_versig: Signature doesn't match. LibClamAV debug: cli_cvdverify: Digital signature verification error LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Can't verify database integrity Trying again in 5 secs... check_for_new_database_version: No local copy of "daily" database. query_remote_database_version: daily.cvd version from DNS: 26739 daily database available for download (remote version: 26739) Retrieving https://database.clamav.net/daily.cvd downloadFile: Download source: https://database.clamav.net/daily.cvd downloadFile: Download destination: /var/db/clamav/tmp.165ecb003d/clamav-fa17a57360dfb00dfa46cc38c9d74899.tmp * Trying 104.16.218.84:443... * Trying 2606:4700::6810:da54:443... * Immediate connect fail for 2606:4700::6810:da54: No route to host * Trying 2606:4700::6810:db54:443... * Immediate connect fail for 2606:4700::6810:db54: No route to host * Connected to database.clamav.net (104.16.218.84) port 443 (#0) * ALPN: offers h2 * ALPN: offers http/1.1 * CAfile: /usr/local/share/certs/ca-root-nss.crt * CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted h2 * Server certificate: * subject: C=3DUS; ST=3DCalifornia; L=3DSan Francisco; O=3DCloudflare, Inc= .; CN=3Dsni.cloudflaressl.com * start date: Jun 14 00:00:00 2022 GMT * expire date: Jun 14 23:59:59 2023 GMT * subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net" * issuer: C=3DUS; O=3DCloudflare, Inc.; CN=3DCloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=3D0 * h2h3 [:method: GET] * h2h3 [:path: /daily.cvd] * h2h3 [:scheme: https] * h2h3 [:authority: database.clamav.net] * h2h3 [user-agent: ClamAV/1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUI= D: 2aeb987e-bdbd-4d28-97a6-e8c686158415)] * h2h3 [accept: */*] * Using Stream ID: 1 (easy handle 0x801fd9000) > GET /daily.cvd HTTP/2 Host: database.clamav.net user-agent: ClamAV/1.0.0 (OS: FreeBSD, ARCH: amd64, CPU: amd64, UUID: 2aeb987e-bdbd-4d28-97a6-e8c686158415) accept: */* connection: close * old SSL session ID is stale, removing * Connection state changed (MAX_CONCURRENT_STREAMS =3D=3D 256)! < HTTP/2 200 < date: Sat, 03 Dec 2022 10:50:09 GMT < content-type: application/octet-stream < content-length: 60333814 < last-modified: Sat, 03 Dec 2022 08:16:00 GMT < etag: "638b05c0-3989ef6" < expires: Sat, 03 Dec 2022 22:50:09 GMT < cache-control: public, max-age=3D43200 < cf-cache-status: HIT < age: 9016 < accept-ranges: bytes < server-timing: cf-q-config;dur=3D5.0000016926788e-06 < strict-transport-security: max-age=3D15552000 < x-content-type-options: nosniff < server: cloudflare < cf-ray: 773bbd61ec01bfad-WAW < Time: 6.3s, ETA: 0.0s [=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D>] 57.54MiB/57.54MiB * Connection #0 to host database.clamav.net left intact LibClamAV debug: Initialized 1.0.0 engine LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) =3D 66662314e2576ce0f21b040490bdb5d6 LibClamAV debug: cli_versig: Decoded signature: 00000000000000000000000000000000 LibClamAV debug: cli_versig: Signature doesn't match. LibClamAV debug: cli_cvdverify: Digital signature verification error LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Can't verify database integrity Giving up on https://database.clamav.net... ERROR: Update failed for database: daily ERROR: Database update process failed: Invalid or corrupted CVD/CLD database ERROR: Update failed. --=20 You are receiving this mail because: You are the assignee for the bug.=