[clamav-users] Malformed database issue

Jay Hart jhart at kevla.org
Sun Jul 29 13:23:50 EDT 2018


Hey,

Just got notified that Clamav 0.100.1 is released for Centos 6.10. I'm wondering if I upgrade to
that release, will my malformed database issue get resolved?

Thanks,

Jay

> My apologies Jay,
>
> I tend to think of dependencies from a development perspective because I basically never test with
> ClamAV provided by package managers.  If your ClamAV installation came pre-compiled from a distro,
> I guess it would have been linked with the zlib they provide and replacing zlib with a newer
> version wouldn't be sufficient.
>
> Please someone correct me if I'm wrong, but I think that you will need to build & install ClamAV
> from source with the newer version of zlib installed so it links with the new zlib.
>
> -Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 18, 2018, at 7:43 PM, Jay Hart <jhart at kevla.org<mailto:jhart at kevla.org>> wrote:
>
> Micah,
>
> Downloaded, complied and installed libz.so.1.2.4 to /lib. Renamed to libz.so.1.2.3. Removed
> mirror.dat file.
>
> Then ran freshclam -v without deleting the *.cvd files out of /var/lib/clamav
>
> Freshclam gets to this point, and no further:
>
> [root at centos zlib-1.2.4]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Wed Jul 18 19:39:16 2018
> Using IPv6 aware code
> Querying current.cvd.clamav.net<http://current.cvd.clamav.net>
> TTL: 596
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://db.us.clamav.net/main.cvd
> Trying to download http://db.us.clamav.net/main.cvd (IP: 104.16.186.138)
> Downloading main.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> ^CUpdate process terminated  *** I terminated the command after 10 minutes.
>
> At this point I don't know what else to do other than maybe downgrading clamav if I can.
>
> Based on my experience yesterday, removing the .cvd files won't improve freshclam execution.
>
> Jay
>
> Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then afterwards you're
> having the same error or a different error?   I'm a little confused, sorry.
>
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 17, 2018, at 8:21 PM, Jay Hart
> <jhart at kevla.org<mailto:jhart at kevla.org><mailto:jhart at kevla.org>> wrote:
>
> Micah,
>
> I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
> libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.
>
> Running freshclam without rebooting box got this:
> root at centos zlib-1.2.4.5]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Tue Jul 17 19:47:02 2018
> Using IPv6 aware code
> Querying current.cvd.clamav.net<http://current.cvd.clamav.net><http://current.cvd.clamav.net>
> TTL: 279
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
> version from DNS: 24760
> daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
> http://db.us.clamav.net/bytecode.cvd
> Ignoring mirror 104.16.186.138 (due to previous errors)
> Ignoring mirror 104.16.187.138 (due to previous errors)
> Ignoring mirror 104.16.188.138 (due to previous errors)
> Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
> 2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
> http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
> LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
> cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
>
> Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?
>
> Jay
>
>
>
> Is zlib 1.2.4 really significantly more processor intensive than 1.2.3?  It is rather trivial to
> install from http://www.zlib.net/fossils/
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell at mac.com<mailto:alvarnell at mac.com>> wrote:
> Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
> support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
> earlier version.
> -Al-
> On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
> I do have zlib installed:
> root at centos include]# yum info zlib
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
> mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.umd.edu<http://mirror.umd.edu/>
> Installed Packages
> Name        : zlib
> Arch        : i686
> Version     : 1.2.3
> Release     : 29.el6
> Size        : 136 k
> Repo        : installed
> From repo   : base
> Summary     : The zlib compression and decompression library
> URL         : http://www.gzip.org/zlib/
> License     : zlib and Boost
> Description : Zlib is a general-purpose, patent-free, lossless data compression
>          : library which is used by many different programs.
> File location:
> [root at centos include]# repoquery -l zlib
> /lib/libz.so.1
> /lib/libz.so.1.2.3
> /usr/share/doc/zlib-1.2.3
> /usr/share/doc/zlib-1.2.3/ChangeLog
> /usr/share/doc/zlib-1.2.3/FAQ
> /usr/share/doc/zlib-1.2.3/README
> Jay
> Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
> think zlib-devel is installed:
> [root at centos tmp]# yum info zlib-devel
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> epel/metalink                                                              |  15 kB     00:00 *
> base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cogentco.com<http://mirror.cogentco.com/>
> * extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.vcu.edu<http://mirror.vcu.edu/>
> base                                                                       | 3.7 kB     00:00
> epel                                                                       | 3.2 kB     00:00
> extras                                                                     | 3.3 kB     00:00
> updates                                                                    | 3.4 kB     00:00
> Available Packages
> Name        : zlib-devel
> Arch        : i686
> Version     : 1.2.3
> Release     : 29.el6
> Size        : 44 k
> Repo        : base
> Summary     : Header files and libraries for Zlib development
> URL         : http://www.gzip.org/zlib/
> License     : zlib and Boost
> Description : The zlib-devel package contains the header files and libraries needed
>          : to develop programs that use the zlib compression and decompression : library.
> [root at centos tmp]# more  /usr/include/zlib.h |grep VERSION
> /usr/include/zlib.h: No such file or directory
> [root at centos include]# rpm -ql zlib-devel
> package zlib-devel is not installed
> 2. 32-bit CPU data:
> [root at centos include]# lscpu |grep "CPU op-mode"
> CPU op-mode(s):        32-bit
> [root at centos include]# lscpu
> Architecture:          i686
> CPU op-mode(s):        32-bit
> Byte Order:            Little Endian
> CPU(s):                4
> On-line CPU(s) list:   0-3
> Thread(s) per core:    2
> Core(s) per socket:    2
> Socket(s):             1
> Vendor ID:             GenuineIntel
> CPU family:            6
> Model:                 54
> Model name:            Intel(R) Atom(TM) CPU D2700   @ 2.13GHz
> Stepping:              1
> CPU MHz:               2128.240
> BogoMIPS:              4256.48
> L1d cache:             24K
> L1i cache:             32K
> L2 cache:              512K
> Could the fact zlib-devel is NOT installed be my issue?
> Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
> box.
> I think this answers all the outstanding queries you asked for Micah.  My thanks for the
> support.
> Jay
> On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
> /usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> -Al-
> --
> Al Varnell
> Mountain View, CA
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>





More information about the clamav-users mailing list