From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 8111151 for ecs-isp@2rosenthals.com; Fri, 13 Oct 2023 00:58:31 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:58437 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1qrAFg-0005aT-2q for ecs-isp@2rosenthals.com; Fri, 13 Oct 2023 00:58:20 -0400 Received: from mta-102a.earthlink-vadesecure.net ([51.81.61.66]:45913) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1qrAFf-0001h4-08 for ecs-isp@2rosenthals.com; Fri, 13 Oct 2023 00:58:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=WTy7E6xwy2mGxKUc1zTNbblwxeTDmlj5FKc6wk 6+yR8=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-subscribe:list-post: list-owner:list-archive; q=dns/txt; s=dk12062016; t=1697173098; x=1697777898; b=aa/txko4BWHGQTjAMUN/HGI26EIBloj+djgi9FTsGencmpVTgZ01j6I +BaZ+G49vDzzQZLHsErcbaCA1BUtNxAJVEGzVxVTUoEkPns3R5WV3+WAqPanxFXdDw/T1Tn f27uKR/Yp0fLuC3I+2KvNvPNUeCfMrbIg0FbsGDgMwKsyklfbK27c6B9AaXHfLqUpMywJhA RnJ/qL6UK3j7SiXGzWM1Drp/+8Sti5EyeoG4OA+NEq0sq/0rqo397lLm+YAxCnFWNrrepJA l8osFrJq+Bgak72RSWa+QwkEnQIJbfbH+exTNvOwCEG9jfd8EA1fGKxMC3VaCocyV5MO4vd 2Uw== Received: from slamain ([108.193.253.247]) by vsel1nmtao02p.internal.vadesecure.com with ngmta id 8020b1f0-178d91f0d46a8642; Fri, 13 Oct 2023 04:58:18 +0000 Message-ID: <6528d417.10.mr2ice.fgrirsq@earthlink.net> Date: Thu, 12 Oct 2023 21:22:31 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] ClamAV X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 10/13/23 at 10:50 AM, "Paul Smedley" said: Hi Paul, >>> This will probably go away once I rebuild clamav 0.103.6 with rpm >>> openssl. >> This would be good. >Fingers crossed. Unfortunately, I still have the cert problem: freshclam --debug --verbose --config-file=/Internet/clamav/etc/freshclam.conf Current working dir is /Internet/clamav/lib/clamav/ Loaded freshclam.dat: version: 1 uuid: cf7346ca-6cc9-4f1b-91f9-981ee6f9d7b9 ClamAV update process started at Thu Oct 12 21:22:13 2023 Current working dir is /Internet/clamav/lib/clamav/ Querying current.cvd.clamav.net TTL: 594 fc_dns_query_update_info: Software version from DNS: 0.103.10 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.103.6 Recommended version: 0.103.10 DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Current working dir is /Internet/clamav/lib/clamav/ check_for_new_database_version: No local copy of "daily" database. query_remote_database_version: daily.cvd version from DNS: 27059 daily database available for download (remote version: 27059) Retrieving https://database.clamav.net/daily.cvd downloadFile: Download source: https://database.clamav.net/daily.cvd downloadFile: Download destination: /Internet/clamav/lib/clamav/tmp.82c6d0da0a/clamav-d26a9c01a49cfe9aaf082622b9fdddb6.tmp ERROR: Download failed (77) ERROR: Message: Problem with the SSL CA cert (path? access rights?) ERROR: Can't download daily.cvd from https://database.clamav.net/daily.cvd * Trying 104.16.219.84:443... * Connected to database.clamav.net (104.16.219.84) port 443 (#0) * ALPN, offering http/1.1 * error setting certificate verify locations: CAfile: /etc/ssl/cacert.pem CApath: none * Closing connection 0 Giving up on https://database.clamav.net... check_for_new_database_version: No local copy of "daily" database. query_remote_database_version: daily.cvd version from DNS: 27059 daily database available for download (remote version: 27059) Retrieving https://database.clamav.net/daily.cvd downloadFile: Download source: https://database.clamav.net/daily.cvd downloadFile: Download destination: /Internet/clamav/lib/clamav/tmp.82c6d0da0a/clamav-d455b27f465f04cbeb70321557254227.tmp ERROR: Download failed (77) ERROR: Message: Problem with the SSL CA cert (path? access rights?) ERROR: Can't download daily.cvd from https://database.clamav.net/daily.cvd * Trying 104.16.219.84:443... * Connected to database.clamav.net (104.16.219.84) port 443 (#0) * ALPN, offering http/1.1 * error setting certificate verify locations: CAfile: /etc/ssl/cacert.pem CApath: none * Closing connection 0 Giving up on https://database.clamav.net... ERROR: Update failed for database: daily ERROR: Database update process failed: Connection failed ERROR: Update failed. [LibClamAV] cli_rmdirs: Can't locate /Internet/clamav/lib/clamav/tmp.82c6d0da0a: No such file or directory Best I can tell cacert.pem is not shipped by netlabs. Do you have a /etc/ssl/cacert.pem? FWIW, the error message is coming from the curl library because, at least here, verifypeer is set. Based on our discussion so far, when you run freshclam it dies when it runs ou of memory. Your SSL setup and the file download just works, otherwise. Is this true? >Well that was the main reason for the rebuild :P >https://smedley.id.au/tmp/clamav-0.103.6-os2-20231013-debug.zip We have debug data for everything but clamav.dll, but this dll appears to be unused. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------