9

I would like to manually download the main.cvd for clamav and then import it from a local location. I see this is possible using clamav-clamfresh if I configure it to use DatabaseMirror machine1.example.com but that requires running an http webserver on port 80 of machine1.example.com which I don't want to do.

If I get the main.cvd file onto a machine is there some way to manually trigger the import?

greggles
  • 753
  • I got an answer at http://lists.clamav.net/pipermail/clamav-users/2018-June/006273.html that is more complete. It notes that if using clamd daemon then it can be reloaded using clamdscan –reload but it doesn't need to be reloaded because it will get reloaded as often as SelfCheck in clamd.conf says to look at it. I don't want to answer my own question, but neither of the below really answers the question I asked. – greggles Jun 22 '18 at 16:17

3 Answers3

14

You could probably do a script like so to download the updated file then copy it over to the proper location for an update manually.

Script contents

#!/bin/bash
wget http://database.clamav.net/main.cvd
sudo cp main.cvd /var/lib/clamav/
sudo chown clamav:clamav /var/lib/clamav/main.cvd
sudo chmod 644 /var/lib/clamav/main.cvd
Terrance
  • 41,612
  • 7
  • 124
  • 183
  • 1
    Is any further step necessary to get clamav and clamd to recognize the main.cvd file has been placed into that location? – greggles Jun 15 '18 at 15:03
  • 1
    I don't believe so. When it downloads the file it drops it into that folder then the applications look there when they run. – Terrance Jun 15 '18 at 15:05
11

If clamav have been installed from official repositories, the database folder is /var/lib/clamav
This folder contains some files, not only main.cvd
3 files are part of the database:
https://database.clamav.net/main.cvd
https://database.clamav.net/daily.cvd
https://database.clamav.net/bytecode.cvd

Once a machine1 have his ClamAV updated with freshclam (or so), another machine2 can copy the directory content to his local /var/lib/clamav folder.

To check if manual update of machine2 has worked, you can compare the outputs of clamscan --version on machine1 and machine2. And/or compare md5sum of .cvd files.

This could be pretty easy to script with some backup and rollback actions in case of failure.
Of course, the embedded Private Local Mirror feature seems more elegant but require a local webserver.

Jonas Lejon
  • 103
cmak.fr
  • 8,696
2

Change the User-Agent to something unique

wget --user-agent='CVDUPDATE/0 (43fde49b-905f-43c6-a51b-e1324cd23280)' https://database.clamav.net/main.cvd https://database.clamav.net/daily.cvd https://database.clamav.net/bytecode.cvd

schemacs
  • 21
  • 1
    This seems like it might solve a different problem with similar symptoms or perhaps something else. I am glad to hear about the idea of using a unique user agent, though not sure how likely folks are to do that. – greggles Apr 15 '21 at 14:07