[clamav-users] ***UNCHECKED*** Re: Re: Malformed database issue

Micah Snyder (micasnyd) micasnyd at cisco.com
Thu Jul 19 15:32:56 EDT 2018


My apologies Jay,

I tend to think of dependencies from a development perspective because I basically never test with ClamAV provided by package managers.  If your ClamAV installation came pre-compiled from a distro, I guess it would have been linked with the zlib they provide and replacing zlib with a newer version wouldn't be sufficient.

Please someone correct me if I'm wrong, but I think that you will need to build & install ClamAV from source with the newer version of zlib installed so it links with the new zlib.

-Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 18, 2018, at 7:43 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org>> wrote:

Micah,

Downloaded, complied and installed libz.so.1.2.4 to /lib. Renamed to libz.so.1.2.3. Removed
mirror.dat file.

Then ran freshclam -v without deleting the *.cvd files out of /var/lib/clamav

Freshclam gets to this point, and no further:

[root at centos zlib-1.2.4]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Jul 18 19:39:16 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net>
TTL: 596
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Retrieving http://db.us.clamav.net/main.cvd
Trying to download http://db.us.clamav.net/main.cvd (IP: 104.16.186.138)
Downloading main.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
^CUpdate process terminated  *** I terminated the command after 10 minutes.

At this point I don't know what else to do other than maybe downgrading clamav if I can.

Based on my experience yesterday, removing the .cvd files won't improve freshclam execution.

Jay

Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then afterwards you're
having the same error or a different error?   I'm a little confused, sorry.

Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 17, 2018, at 8:21 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org><mailto:jhart at kevla.org>> wrote:

Micah,

I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.

Running freshclam without rebooting box got this:
root at centos zlib-1.2.4.5]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Tue Jul 17 19:47:02 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net><http://current.cvd.clamav.net>
TTL: 279
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
version from DNS: 24760
daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
http://db.us.clamav.net/bytecode.cvd
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?

Jay



Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It is rather trivial to
install from http://www.zlib.net/fossils/
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
earlier version.
-Al-
On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
I do have zlib installed:
root at centos include]# yum info zlib
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
* epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
* updates: mirror.umd.edu<http://mirror.umd.edu/>
Installed Packages
Name        : zlib
Arch        : i686
Version     : 1.2.3
Release     : 29.el6
Size        : 136 k
Repo        : installed
>From repo   : base
Summary     : The zlib compression and decompression library
URL         : http://www.gzip.org/zlib/
License     : zlib and Boost
Description : Zlib is a general-purpose, patent-free, lossless data compression
         : library which is used by many different programs.
File location:
[root at centos include]# repoquery -l zlib
/lib/libz.so.1
/lib/libz.so.1.2.3
/usr/share/doc/zlib-1.2.3
/usr/share/doc/zlib-1.2.3/ChangeLog
/usr/share/doc/zlib-1.2.3/FAQ
/usr/share/doc/zlib-1.2.3/README
Jay
Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
think zlib-devel is installed:
[root at centos tmp]# yum info zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
epel/metalink                                                              |  15 kB     00:00 *
base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
* epel: mirror.cogentco.com<http://mirror.cogentco.com/>
* extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
* updates: mirror.vcu.edu<http://mirror.vcu.edu/>
base                                                                       | 3.7 kB     00:00
epel                                                                       | 3.2 kB     00:00
extras                                                                     | 3.3 kB     00:00
updates                                                                    | 3.4 kB     00:00
Available Packages
Name        : zlib-devel
Arch        : i686
Version     : 1.2.3
Release     : 29.el6
Size        : 44 k
Repo        : base
Summary     : Header files and libraries for Zlib development
URL         : http://www.gzip.org/zlib/
License     : zlib and Boost
Description : The zlib-devel package contains the header files and libraries needed
         : to develop programs that use the zlib compression and decompression : library.
[root at centos tmp]# more  /usr/include/zlib.h |grep VERSION
/usr/include/zlib.h: No such file or directory
[root at centos include]# rpm -ql zlib-devel
package zlib-devel is not installed
2. 32-bit CPU data:
[root at centos include]# lscpu |grep "CPU op-mode"
CPU op-mode(s):        32-bit
[root at centos include]# lscpu
Architecture:          i686
CPU op-mode(s):        32-bit
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    2
Socket(s):             1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 54
Model name:            Intel(R) Atom(TM) CPU D2700   @ 2.13GHz
Stepping:              1
CPU MHz:               2128.240
BogoMIPS:              4256.48
L1d cache:             24K
L1i cache:             32K
L2 cache:              512K
Could the fact zlib-devel is NOT installed be my issue?
Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
box.
I think this answers all the outstanding queries you asked for Micah.  My thanks for the
support.
Jay
On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
/usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml






_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20180719/9ee2c7ef/attachment.html>


More information about the clamav-users mailing list