ClamTK can't update signatures because of cdiff_apply lseek failure

[nstommel]

Describe the bug
ClamAV with freshclam works fine, but for some reason ClamTK still lists signatures as outdated and gives an odd error message about a seek failure. The following warnings and errors occur when running clamtk and attempting to manually update signatures.

LibClamAV Warning: **************************************************
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
WARNING: Incremental update failed, trying to download daily.cvd

This bug makes ClamTK impossible to use properly on Fedora 34.

To Reproduce
Steps to reproduce the behavior:

1. Open clamtk, monitor through command line
2. Click on 'Update' then 'Check for updates'
3. Observe error message ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed in terminal while ClamTK is unable to update signatures three times due to an lseek failure.

Expected behavior
ClamTK should register updated virus definitions/signatures from clamav freshclam, but does not acknowledge they exist. Attempting to manually update signatures inside ClamTK results in an error message in the terminal and a blank prompt in the GUI.

Screenshots
Below is the glitched text box in ClamTK GUI that results after manually checking for updates:

OS:

• Distribution: Fedora
• Version 34

clamtk:

• Version: 6.13

Additional context
This bug makes ClamTK's update feature useless on Fedora 34, it needs to be fixed. Copying bytecode.cvd daily.cld freshclam.dat main.cvd from /var/lib/clamav/ to /home/yourusernamehere/.clamtk/db works, but is kind of janky. Once virus definitions are updated by manually copying the files, checking for updates results in the same glitched text prompt with back button shown in the screenshot above, with no error message printed in the terminal.
Here is some sample output from /home/yourusernamehere/.clamtk/db/freshclam.log that shows the error:

Current working dir is /home/noctua/.clamtk/db/
Can't open freshclam.dat in /home/noctua/.clamtk/db
It probably doesn't exist yet. That's ok.
Failed to load freshclam.dat; will create a new freshclam.dat
Creating new freshclam.dat
Saved freshclam.dat
ClamAV update process started at Wed Aug 25 21:20:17 2021
Current working dir is /home/noctua/.clamtk/db/
Querying current.cvd.clamav.net
TTL: 832
fc_dns_query_update_info: Software version from DNS: 0.103.3
Current working dir is /home/noctua/.clamtk/db/
check_for_new_database_version: Local copy of daily found: daily.cld.
query_remote_database_version: daily.cvd version from DNS: 26274
daily database available for update (local version: 26231, remote version: 26274)
Retrieving https://database.clamav.net/daily-26232.cdiff
downloadFile: Download source:      https://database.clamav.net/daily-26232.cdiff
downloadFile: Download destination: ./clamav-4ca2ec2e74104cd086935bbc1d4e6f6e.tmp
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source:      https://database.clamav.net/daily.cvd
downloadFile: Download destination: /home/noctua/.clamtk/db/tmp.ec954813af/clamav-b0b33f9b9ccddac1c3ca6cc9f29d9bc0.tmp
The daily.cvd database downloaded from https://database.clamav.net is older than the version advertised in the DNS TXT record.
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
check_for_new_database_version: Local copy of daily found: daily.cld.
query_remote_database_version: daily.cvd version from DNS: 26274
daily database available for update (local version: 26231, remote version: 26274)
Retrieving https://database.clamav.net/daily-26232.cdiff
downloadFile: Download source:      https://database.clamav.net/daily-26232.cdiff
downloadFile: Download destination: ./clamav-08c1f4e5c44f80450d0ba08ba28584e7.tmp
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source:      https://database.clamav.net/daily.cvd
downloadFile: Download destination: /home/noctua/.clamtk/db/tmp.ec954813af/clamav-b9b644c7fa1bdf77a0f383f23017d12b.tmp
The daily.cvd database downloaded from https://database.clamav.net is older than the version advertised in the DNS TXT record.
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
check_for_new_database_version: Local copy of daily found: daily.cld.
query_remote_database_version: daily.cvd version from DNS: 26274
daily database available for update (local version: 26231, remote version: 26274)
Retrieving https://database.clamav.net/daily-26232.cdiff
downloadFile: Download source:      https://database.clamav.net/daily-26232.cdiff
downloadFile: Download destination: ./clamav-f800b216bb7c828da828f520e1a46533.tmp
ERROR: cdiff_apply: lseek(desc, -350, SEEK_END) failed
ERROR: downloadPatch: Can't apply patch
WARNING: Incremental update failed, trying to download daily.cvd
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source:      https://database.clamav.net/daily.cvd
downloadFile: Download destination: /home/noctua/.clamtk/db/tmp.ec954813af/clamav-2ce720a91c39540196780643cf30de71.tmp
The daily.cvd database downloaded from https://database.clamav.net is older than the version advertised in the DNS TXT record.
Received an older daily CVD than was advertised. We'll retry so the incremental update will ensure we're up-to-date.
Current working dir is /home/noctua/.clamtk/db/
check_for_new_database_version: Local copy of main found: main.cvd.
query_remote_database_version: main.cvd version from DNS: 61
main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr)
fc_update_database: main.cvd already up-to-date.
Current working dir is /home/noctua/.clamtk/db/
check_for_new_database_version: No local copy of "bytecode" database.
query_remote_database_version: bytecode.cvd version from DNS: 333
bytecode database available for download (remote version: 333)
Retrieving https://database.clamav.net/bytecode.cvd
downloadFile: Download source:      https://database.clamav.net/bytecode.cvd
downloadFile: Download destination: /home/noctua/.clamtk/db/tmp.ec954813af/clamav-b41f558e9ca3b7651f7f9cd26900e638.tmp
updatedb: Running g_cb_download_complete callback...
download_complete_callback: Download complete for database : /home/noctua/.clamtk/db/tmp.ec954813af/clamav-b41f558e9ca3b7651f7f9cd26900e638.tmp-bytecode.cvd
download_complete_callback:   fc_context->bTestDatabases   : 1
download_complete_callback:   fc_context->bBytecodeEnabled : 1
Testing database: '/home/noctua/.clamtk/db/tmp.ec954813af/clamav-b41f558e9ca3b7651f7f9cd26900e638.tmp-bytecode.cvd' ...
Loading signatures from /home/noctua/.clamtk/db/tmp.ec954813af/clamav-b41f558e9ca3b7651f7f9cd26900e638.tmp-bytecode.cvd
Properly loaded 92 signatures from /home/noctua/.clamtk/db/tmp.ec954813af/clamav-b41f558e9ca3b7651f7f9cd26900e638.tmp-bytecode.cvd
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)
fc_update_database: bytecode.cvd updated.

It appears that ClamTK cannot properly apply a required patch, which results in a cdiffy_apply lseek failure. Right now my solution is just to soft symlink the required signature files from /var/lib/clamav to /home/yourusernamehere/.clamtk/db.

[dave-theunsub]

Hi @nstommel ,

This looks to be an issue with freshclam, according to this:
https://lists.clamav.net/pipermail/clamav-users/2021-July/011499.html

Unfortunately, that means I can't do much about it; they're aware of the issue and are on top of it.

Can you see if they're downloaded at all? Try opening a terminal window, and type:

1. sigtool -i ~/.clamtk/db/daily.*
2. sigtool -i ~/.clamtk/db/main.*

Hopefully the dates will show the signatures are current.

respectfully,
Dave M