[clamav-users] ***UNCHECKED*** Re: Re: Malformed database issue

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Jul 17 20:56:28 EDT 2018


Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then afterwards you're having the same error or a different error?   I'm a little confused, sorry.

Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 17, 2018, at 8:21 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org>> wrote:

Micah,

I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.

Running freshclam without rebooting box got this:
root at centos zlib-1.2.4.5]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Tue Jul 17 19:47:02 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net>
TTL: 279
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
version from DNS: 24760
daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
http://db.us.clamav.net/bytecode.cvd
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?

Jay



Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It is rather trivial to
install from http://www.zlib.net/fossils/
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
earlier version.
-Al-
On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
I do have zlib installed:
root at centos include]# yum info zlib
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
* epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
* updates: mirror.umd.edu<http://mirror.umd.edu/>
Installed Packages
Name        : zlib
Arch        : i686
Version     : 1.2.3
Release     : 29.el6
Size        : 136 k
Repo        : installed
>From repo   : base
Summary     : The zlib compression and decompression library
URL         : http://www.gzip.org/zlib/
License     : zlib and Boost
Description : Zlib is a general-purpose, patent-free, lossless data compression
          : library which is used by many different programs.
File location:
[root at centos include]# repoquery -l zlib
/lib/libz.so.1
/lib/libz.so.1.2.3
/usr/share/doc/zlib-1.2.3
/usr/share/doc/zlib-1.2.3/ChangeLog
/usr/share/doc/zlib-1.2.3/FAQ
/usr/share/doc/zlib-1.2.3/README
Jay
Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
think zlib-devel is installed:
[root at centos tmp]# yum info zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
epel/metalink                                                              |  15 kB     00:00 *
base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
* epel: mirror.cogentco.com<http://mirror.cogentco.com/>
* extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
* updates: mirror.vcu.edu<http://mirror.vcu.edu/>
base                                                                       | 3.7 kB     00:00
epel                                                                       | 3.2 kB     00:00
extras                                                                     | 3.3 kB     00:00
updates                                                                    | 3.4 kB     00:00
Available Packages
Name        : zlib-devel
Arch        : i686
Version     : 1.2.3
Release     : 29.el6
Size        : 44 k
Repo        : base
Summary     : Header files and libraries for Zlib development
URL         : http://www.gzip.org/zlib/
License     : zlib and Boost
Description : The zlib-devel package contains the header files and libraries needed
          : to develop programs that use the zlib compression and decompression : library.
[root at centos tmp]# more  /usr/include/zlib.h |grep VERSION
/usr/include/zlib.h: No such file or directory
[root at centos include]# rpm -ql zlib-devel
package zlib-devel is not installed
2. 32-bit CPU data:
[root at centos include]# lscpu |grep "CPU op-mode"
CPU op-mode(s):        32-bit
[root at centos include]# lscpu
Architecture:          i686
CPU op-mode(s):        32-bit
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    2
Socket(s):             1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 54
Model name:            Intel(R) Atom(TM) CPU D2700   @ 2.13GHz
Stepping:              1
CPU MHz:               2128.240
BogoMIPS:              4256.48
L1d cache:             24K
L1i cache:             32K
L2 cache:              512K
Could the fact zlib-devel is NOT installed be my issue?
Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
box.
I think this answers all the outstanding queries you asked for Micah.  My thanks for the
support.
Jay
On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
/usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml






_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20180718/73b103bd/attachment.html>


More information about the clamav-users mailing list