[clamav-users] ***UNCHECKED*** Re: Malformed database issue

Micah Snyder (micasnyd) micasnyd at cisco.com
Mon Jul 16 09:51:05 EDT 2018


Hi Jay,

Is your system 32bit?   As noted in our 0.100.0 release notes, we found that Centos 6 (and 5) provide an old version of zlib (1.2.3.3) that will fail to properly extract the ClamAV databases.  You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has at least 4 published CVE's.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org>> wrote:

Oh, check your permissions on var/lib/clamav, see if clam has access to it

On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
<clamav-users-bounces at lists.clamav.net<mailto:clamav-users-bounces at lists.clamav.net> on behalf of jhart at kevla.org<mailto:jhart at kevla.org>> wrote:



I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:

[root at centos clamav]# ls -al
total 162524
drwxr-xr-x   2 clam clam      4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root      4096 Jul 15 03:08 ..
-rw-r--r--   1 clam clam  48510215 Jul 15 20:44 daily.cvd
-rw-r--r--   1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw-------   1 clam clam       468 Jul 15 22:01 mirrors.dat

I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:

Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$

LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket.     [FAILED]

I enabled logging when clamav is running, hence the debug info above.  I still am getting the
malformed database issue even when directly downloading the files using wget from the clamav.net<http://clamav.net>
site.

I also verified that the clamav package was good, here is that command and the result:

[root at centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T.  c /etc/freshclam.conf

Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.

Do you want my freshclam,conf parameters?

thanks for the help. I've tried just about everything I know to do and have been able to research.

Jay

_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180716/7e2a151e/attachment.html>


More information about the clamav-users mailing list