From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTPS id 8112313 for ecs-isp@2rosenthals.com; Fri, 13 Oct 2023 23:47:30 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:38402 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1qrVcW-0008JU-3B for ecs-isp@2rosenthals.com; Fri, 13 Oct 2023 23:47:21 -0400 Received: from mta-201a.earthlink-vadesecure.net ([51.81.229.180]:38003) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1qrVcS-0000eB-1t for ecs-isp@2rosenthals.com; Fri, 13 Oct 2023 23:47:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=dQzvWkjJPd8z6OMmEG+uX2u+GqlVSjTERrY5Kb SHzz4=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-subscribe:list-post: list-owner:list-archive; q=dns/txt; s=dk12062016; t=1697255234; x=1697860034; b=lb52cCUn6dzoN/7XAto+9zcmkWKC3fnZCtXYu1Id971VNojSo+plPmU Syf7KQLkrd5r3bUX/UTzR65277TVxZpQ/qqBDMoQHC+BunsFNJifHBl5kh5LV0B0KDKg+MG dUHJ7jgXM+cRfVqrwA/kRrvJ6hncFwDc7ZxJYsBUCzzQZR7fISSCdqoiMILY//3v5pzKik+ zjVvjbHZK4N/jmz+LQan4WkEDvl5RQUwZkKesu+LtfnPPJuyBI7TsLPRdzZrvmy+xFtH+b8 gvvxCto1/cvShpvtcBkqbm8aOah07eCj/AmDv7HtC49Xc7Q6ZRHpujjpq/t9EOiV3LSJpDy w3A== Received: from slamain ([108.193.253.247]) by vsel2nmtao01p.internal.vadesecure.com with ngmta id a5409606-178ddca4ae685b84; Sat, 14 Oct 2023 03:47:14 +0000 Message-ID: <652a1aa7.15.mr2ice.fgrirsq@earthlink.net> Date: Fri, 13 Oct 2023 20:35:51 -0800 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] ClamAV X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 10/13/23 at 04:25 PM, "Paul Smedley" said: Hi there, >https://smedley.id.au/tmp/clamav-0.103.6-os2-20231013-debug.zip is >refreshed to use bww curl. Fails in the same way for me - but hopefully >gets @Steven further along... This appears to fix the curl problem. freshclam --debug --verbose --config-file=/Internet/clamav/etc/freshclam.conf Current working dir is /Internet/clamav/lib/clamav/ Loaded freshclam.dat: version: 1 uuid: cf7346ca-6cc9-4f1b-91f9-981ee6f9d7b9 ClamAV update process started at Fri Oct 13 20:36:42 2023 Current working dir is /Internet/clamav/lib/clamav/ Querying current.cvd.clamav.net TTL: 731 fc_dns_query_update_info: Software version from DNS: 0.103.10 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.103.6 Recommended version: 0.103.10 DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Current working dir is /Internet/clamav/lib/clamav/ check_for_new_database_version: No local copy of "daily" database. query_remote_database_version: daily.cvd version from DNS: 27060 daily database available for download (remote version: 27060) Retrieving https://database.clamav.net/daily.cvd downloadFile: Download source: https://database.clamav.net/daily.cvd downloadFile: Download destination: /Internet/clamav/lib/clamav/tmp.a6eee73b89/clamav-2be74efa91add909b73feea0330d0175.tmp * Trying 104.16.218.84:443... * Connected to database.clamav.net (104.16.218.84) port 443 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /@unixroot/etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com * start date: May 15 00:00:00 2023 GMT * expire date: May 14 23:59:59 2024 GMT * subjectAltName: host "database.clamav.net" matched cert's "database.clamav.net" * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. > GET /daily.cvd HTTP/1.1 Host: database.clamav.net User-Agent: ClamAV/0.103.6 (OS: os2-emx, ARCH: i386, CPU: i386, UUID: cf7346ca-6cc9-4f1b-91f9-981ee6f9d7b9) Accept: */* Connection: close * old SSL session ID is stale, removing * Mark bundle as not supporting multiuse < HTTP/1.1 429 Too Many Requests < Date: Sat, 14 Oct 2023 03:36:43 GMT < Content-Type: text/plain; charset=UTF-8 < Content-Length: 16 < Connection: close < Retry-After: 86304 < X-Frame-Options: SAMEORIGIN < Referrer-Policy: same-origin < Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 < Expires: Thu, 01 Jan 1970 00:00:01 GMT < Set-Cookie: __cf_bm=ZhMAL5sak9PgUaYX4BqmR0YTiD_6KTq6KjUIQoF1fTQ-1697254603-0-AbbZm+aWD8qa3QXEgCG1TZMqycSPzfstTFCayzLNQQ8KZrTuoV8/oJ75z8kbOKODoheZkFqpCnAglR/WozryJhw=; path=/; expires=Sat, 14-Oct-23 04:06:43 GMT; domain=.clamav.net; HttpOnly; Secure; SameSite=None < Strict-Transport-Security: max-age=15552000 < X-Content-Type-Options: nosniff < Server: cloudflare < CF-RAY: 815cc79668587cf2-LAX However, as the above shows there's always the next thing. As you might notice the output stops unexpectedly. Popuplog tells us why: 10-13-2023 20:36:43 SYS2070 PID 07cf TID 0001 Slot 00dd D:\INTERNET\CLAMAV\BIN\FRESHCLAM.EXE FRESHCLAM->LIBCN0.2026 182 I get to update libc later. On a positive note, I learned something new about the kernel. In the past whenever, I've run into the missing ordinal problem, the application seemed to die before any attempt was made to run it. Turns out this is not true. The missing ordinal does not cause the process to die until the code attempts to use the ordinal. If this wasn't the case the output show above could never have been generated. When you way >Fails in the same way for me I assume you mean freshclam runs out of memory. I do find it interesting that you never ran into the missing cert issue. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------