[clamav-users] ***UNCHECKED*** Re: Re: Malformed database issue

Micah Snyder (micasnyd) micasnyd at cisco.com
Mon Jul 16 11:37:43 EDT 2018


On CentOS you should be able to check with: `yum info zlib-devel`

Alternatively, take a peek in /usr/include/zlib.h for the line starting with:
#define ZLIB_VERSION

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 16, 2018, at 11:24 AM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org>> wrote:

I will check OS version this evening when I return home.  I was not able to determine which
version of zlib is installed, what is a command with options that will allow me to provide that
data point to you?

Thanks for help so far.

Jay

Hi Jay,

Is your system 32bit?   As noted in our 0.100.0 release notes, we found that Centos 6 (and 5)
provide an old version of zlib (1.2.3.3) that will fail to properly extract the ClamAV databases.
You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has
at least 4 published CVE's.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org><mailto:jhart at kevla.org>> wrote:

Oh, check your permissions on var/lib/clamav, see if clam has access to it

On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
<clamav-users-bounces at lists.clamav.net<mailto:clamav-users-bounces at lists.clamav.net><mailto:clamav-users-bounces at lists.clamav.net> on behalf of
jhart at kevla.org<mailto:jhart at kevla.org><mailto:jhart at kevla.org>> wrote:



I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:

[root at centos clamav]# ls -al
total 162524
drwxr-xr-x   2 clam clam      4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root      4096 Jul 15 03:08 ..
-rw-r--r--   1 clam clam  48510215 Jul 15 20:44 daily.cvd
-rw-r--r--   1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw-------   1 clam clam       468 Jul 15 22:01 mirrors.dat

I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:

Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$

LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket.     [FAILED]

I enabled logging when clamav is running, hence the debug info above.  I still am getting the
malformed database issue even when directly downloading the files using wget from the
clamav.net<http://clamav.net/><http://clamav.net<http://clamav.net/>>
site.

I also verified that the clamav package was good, here is that command and the result:

[root at centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T.  c /etc/freshclam.conf

Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.

Do you want my freshclam,conf parameters?

thanks for the help. I've tried just about everything I know to do and have been able to
research.

Jay

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net><mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20180716/11bb2c63/attachment.html>


More information about the clamav-users mailing list