[clamav-users] daily.cvd: Malformed database

G.W. Haywood clamav at jubileegroup.co.uk
Sun May 3 16:52:39 UTC 2015 

Hi there,

On Sun, 3 May 2015, MAYER Hans wrote:

> ...
> Whipped out /usr/local/share/clamav
> ...

What does "Whipped out" mean?

> And when I start the deamon:
>
> # /usr/local/sbin/clamd
> LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database
> ERROR: Malformed database
> 
> I get this error above.
> When I download daily.cvd with wget it's the same.
>
> # ls -la
> total 194266
> drwxrwxr-x   2 clamav   clamav       512 May  2 21:19 .
> drwxr-xr-x  25 root     root         512 Jan 18 12:46 ..
> -rw-r--r--   1 clamav   clamav     75408 May  2 21:06 bytecode.cvd
> -rw-r--r--   1 clamav   clamav   34581471 May  2 21:05 daily.cvd
> -rw-r--r--   1 clamav   clamav   64720632 May  2 21:04 main.cvd
> -rw-------   1 clamav   clamav        52 May  2 21:07 mirrors.dat
> # md5sum daily.cvd
> 7f63e270b7e4ae1e2959db90d38848e9  daily.cvd

There are only '.cld' files on our systems here so the md5sum is of no
use for comparison.

You have said neither from where you are trying to download the file,
nor exactly how you are using wget to do it, which might perhaps have
helped.  It is not clear to me from the information that you've given
that the file '/usr/local/share/clamav/daily.cvd' even exists in your
filesystem _and_ is readable by the clamd daemon although the error
message does imply that something has been read and that somehow it
isn't to the liking of clamd.  I generally treat error messages with
suspicion unless I'm very familiar with them.  I'm rather unfamiliar
with this particular message; I've seen it only once in the last six
or seven years.

> Any ideas what I can do ?

You could try a different mirror, or look for somewhere that has
daily.cld instead of daily.cvd, or in desperation you might even try
unpack the cvd file and repair it by hand.  I can't see why it would
ever be that desperate. :)  I normally rotate copies of the database
files to cover for this kind of eventuality.  I probably overdo it.

We do occasionally see a corrupted copy of a data file on some mirrors.
You might wait a day or so to see if it gets fixed.  To my knowledge
there have been no problems with the mirrors we've been using from here
in the UK for many months.  Here are the mirrors used in about the last
six months, although our systems normally download only '.cdiff' files:

mail5:~# >>> grep IP: /var/log/freshclam.log | grep updated | cut -b 44- | sort | uniq
db.uk.clamav.net (IP: 129.67.1.218)
db.uk.clamav.net (IP: 193.1.193.64)
db.uk.clamav.net (IP: 81.91.100.173)

-- 

73,
Ged.

More information about the clamav-users mailing list