[clamav-users] ***UNCHECKED*** Re: Malformed database issue
Micah Snyder (micasnyd)
micasnyd at cisco.com
Mon Jul 16 09:51:05 EDT 2018
Is your system 32bit? As noted in our 0.100.0 release notes, we found that Centos 6 (and 5) provide an old version of zlib (188.8.131.52) that will fail to properly extract the ClamAV databases. You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has at least 4 published CVE's.
Cisco Systems, Inc.
On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org>> wrote:
Oh, check your permissions on var/lib/clamav, see if clam has access to it
ï»¿On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
<clamav-users-bounces at lists.clamav.net<mailto:clamav-users-bounces at lists.clamav.net> on behalf of jhart at kevla.org<mailto:jhart at kevla.org>> wrote:
I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:
[root at centos clamav]# ls -al
drwxr-xr-x 2 clam clam 4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root 4096 Jul 15 03:08 ..
-rw-r--r-- 1 clam clam 48510215 Jul 15 20:44 daily.cvd
-rw-r--r-- 1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw------- 1 clam clam 468 Jul 15 22:01 mirrors.dat
I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:
Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket. [FAILED]
I enabled logging when clamav is running, hence the debug info above. I still am getting the
malformed database issue even when directly downloading the files using wget from the clamav.net<http://clamav.net>
I also verified that the clamav package was good, here is that command and the result:
[root at centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T. c /etc/freshclam.conf
Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.
Do you want my freshclam,conf parameters?
thanks for the help. I've tried just about everything I know to do and have been able to research.
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
Help us build a comprehensive ClamAV guide:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clamav-users