[clamav-users] ERROR: Malformed database -> Closing the main socket.

Sat Nov 16 14:55:59 UTC 2019

Hi there,

On Sat, 16 Nov 2019, Jim Ward via clamav-users wrote:

> I have yet to get past this one.  I've done multiple builds to no
> avail.  I have run in circles so much at this point that I have no
> idea where to start or where to go.  Anyone have the magic cure??

I don't do magic, but I can take a shot at logic. :)

You say you've done multiple builds, but you're running Debian.  That
sounds like a recipe for confusion if you're not _very_ familiar with
things like the Filesystem Hierarchy Standard, or, to put it another
way, if not very familiar with the ways Debian screws everything up. :/

When you build from the 'upstream' sources, quite likely everything is
done differently from the way Debian does it.  In the case of ClamAV,
it's not just different locations for lots of files; Debian packages
the single ClamAV package from Sourcefire into several, so you install
separate packages for the scanner, the updater and the daemon.  Theory
I guess says that you might not necessarily want all of them so you're
given a choice.  Practice seems to say it all gets confusing.  If you
install from Debian packages, then install from the upstream sources
without cleaning up very thoroughly first, not only can you get very
confused but things might not work - and they might not work in some
non-obvious ways, especially if the versions were different.

So the first question: Have you at any stage installed ClamAV from a
Debian (or other) package, have you subsequently built from source,
and if you did those things did you make absolutely sure that all the
Debianated stuff was removed (purged) before building from source?

Second: If you're comfortable with all the above, do you know exactly
where all your ClamAV configuration files and databases are?  Do you
know what is responsible for updating the databases, do you know that
nothing else is doing anything to them, and are you sure that they're
being updated how and when you think they're being updated?  If yes,
please can you show us full directory listings of them including
timestamps and file sizes?  It might also be useful to see md5sums for
each file.

Third: Check back in the mailing archives of this list for this post:

Date: Mon, 26 Aug 2019 16:38:16 +0100 (BST)
From: G.W. Haywood via clamav-users <clamav-users at lists.clamav.net>
To: ClamAV users ML <clamav-users at lists.clamav.net>
Subject: Re: [clamav-users] Disable official database

Try starting clamd with no databases.  Check if it's running OK, by
connecting to its socket from the command line with a tool like telnet
and sending the 'PING' command.  Does it reply 'PONG'?  Please report
back here with the results.  In addition to telling us something, this
will likely be useful exercise.

Finally, for now: What exactly are you doing with ClamAV on Debian?

-- 

73,
Ged.