[clamav-win32] Clamd terminating (Malformed database)

Bret Miller bret.miller at wcg.org
Tue Aug 26 20:29:11 CEST 2008 


Phil (Medway Hosting) wrote:
> ----- Original Message ----- 
> From: "Phil (Medway Hosting)" <phil at medwayhosting.com>
> To: <clamav-win32 at lists.clamav.net>
> Sent: Friday, August 22, 2008 5:27 PM
> Subject: Re: [clamav-win32] Clamd terminating (Malformed database)
>
>
>   
>> So - that's that problem solved - now to simply wait
>> to see if it bombs again !!
>>     
>
> Hi Folks
>
> Ok - it DID bomb again :-(
>
> Sun Aug 24 07:33:41 2008 -> SelfCheck: Database modification detected.
> Forcing reload.
> Sun Aug 24 07:33:41 2008 -> Reading databases from C:\Program
> Files\clamAV\data
> Sun Aug 24 07:33:41 2008 -> d:\Merak Mail\temp\200808240733390102.tmp: OK
> Sun Aug 24 07:34:05 2008 -> Database correctly reloaded (400852 signatures)
> Sun Aug 24 09:01:04 2008 -> SelfCheck: Database modification detected.
> Forcing reload.
> Sun Aug 24 09:01:04 2008 -> Reading databases from C:\Program
> Files\clamAV\data
> Sun Aug 24 09:01:04 2008 -> d:\Merak Mail\temp\200808240901020103.tmp: OK
> Sun Aug 24 09:01:30 2008 -> ERROR: reload db failed: Malformed database
> Sun Aug 24 09:01:30 2008 -> Terminating because of a fatal error.
> Sun Aug 24 09:01:30 2008 -> Shutting down the main socket.
> Sun Aug 24 09:01:30 2008 -> Closing the main socket.
> Sun Aug 24 09:01:30 2008 -> --- Stopped at Sun Aug 24 09:01:30 2008
>
> First question - Why might it be detecting database modifications when
> freshclam hasn't been run ?
> 2nd - Why does it start up quite happily again after it detected "Malformed
> database" ?
>
> Also when it bombs, only clamd fails but srvany.exe doesn't. Is there a way
> to force srvany.exe to fail if it's child process fails ? because the system
> won't recover and restart clamd all the time srvany.exe is running.

OK... So I've not a clue why it's dying. It's almost as if it's having 
trouble reading the disk.

You could try my service app (requires .NET 1.1 framework). The service 
program monitors clamd to make sure it stays running, and restarts it if 
not.
*http://mail.wcg.org/~postmaster/ClamAVService_Setup.exe*

You'll want to configure some settings in the registry if you chose to 
use this. The settings  are in 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ClamAV for 
Windows\Parameters.
ClamPath = the path to the folder clamd.exe resides in.
ClamOptions = the arguments to pass to clamd.exe
MonitorInterval = how often to check clamd in milliseconds, default 
60000 (60 seconds).
FreshclamMinutes = how often to run freshclam.exe. Set to 0 if you're 
running it from somewhere else.
ProgramUpdateHours = how often to check for a program update and install 
it. Set this to 0, please.
ProgramDownloadURL = where to download a program update from. Not needed 
if you set the above to 0.

The service writes some information to the Windows application log.

Source available on request.

HTH,
Bret

More information about the clamav-win32 mailing list