[clamav-users] ***UNCHECKED*** Re: Re: Malformed database issue

Jay Hart jhart at kevla.org
Tue Jul 17 20:21:23 EDT 2018


Micah,

I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.

Running freshclam without rebooting box got this:
root at centos zlib-1.2.4.5]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Tue Jul 17 19:47:02 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 279
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
version from DNS: 24760
daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
http://db.us.clamav.net/bytecode.cvd
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?

Jay



> Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It is rather trivial to
install from http://www.zlib.net/fossils/
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
> earlier version.
> -Al-
> On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
> I do have zlib installed:
> root at centos include]# yum info zlib
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.umd.edu<http://mirror.umd.edu/>
> Installed Packages
> Name        : zlib
> Arch        : i686
> Version     : 1.2.3
> Release     : 29.el6
> Size        : 136 k
> Repo        : installed
> From repo   : base
> Summary     : The zlib compression and decompression library
> URL         : http://www.gzip.org/zlib/
> License     : zlib and Boost
> Description : Zlib is a general-purpose, patent-free, lossless data compression
>            : library which is used by many different programs.
> File location:
> [root at centos include]# repoquery -l zlib
> /lib/libz.so.1
> /lib/libz.so.1.2.3
> /usr/share/doc/zlib-1.2.3
> /usr/share/doc/zlib-1.2.3/ChangeLog
> /usr/share/doc/zlib-1.2.3/FAQ
> /usr/share/doc/zlib-1.2.3/README
> Jay
> Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
think zlib-devel is installed:
> [root at centos tmp]# yum info zlib-devel
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> epel/metalink                                                              |  15 kB     00:00 *
base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cogentco.com<http://mirror.cogentco.com/>
> * extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.vcu.edu<http://mirror.vcu.edu/>
> base                                                                       | 3.7 kB     00:00
epel                                                                       | 3.2 kB     00:00
extras                                                                     | 3.3 kB     00:00
updates                                                                    | 3.4 kB     00:00
Available Packages
> Name        : zlib-devel
> Arch        : i686
> Version     : 1.2.3
> Release     : 29.el6
> Size        : 44 k
> Repo        : base
> Summary     : Header files and libraries for Zlib development
> URL         : http://www.gzip.org/zlib/
> License     : zlib and Boost
> Description : The zlib-devel package contains the header files and libraries needed
>            : to develop programs that use the zlib compression and decompression : library.
> [root at centos tmp]# more  /usr/include/zlib.h |grep VERSION
> /usr/include/zlib.h: No such file or directory
> [root at centos include]# rpm -ql zlib-devel
> package zlib-devel is not installed
> 2. 32-bit CPU data:
> [root at centos include]# lscpu |grep "CPU op-mode"
> CPU op-mode(s):        32-bit
> [root at centos include]# lscpu
> Architecture:          i686
> CPU op-mode(s):        32-bit
> Byte Order:            Little Endian
> CPU(s):                4
> On-line CPU(s) list:   0-3
> Thread(s) per core:    2
> Core(s) per socket:    2
> Socket(s):             1
> Vendor ID:             GenuineIntel
> CPU family:            6
> Model:                 54
> Model name:            Intel(R) Atom(TM) CPU D2700   @ 2.13GHz
> Stepping:              1
> CPU MHz:               2128.240
> BogoMIPS:              4256.48
> L1d cache:             24K
> L1i cache:             32K
> L2 cache:              512K
> Could the fact zlib-devel is NOT installed be my issue?
> Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
box.
> I think this answers all the outstanding queries you asked for Micah.  My thanks for the
support.
> Jay
> On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
/usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> -Al-
> --
> Al Varnell
> Mountain View, CA
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml









More information about the clamav-users mailing list