[clamav-users] Clamd.log ERROR: reload_th: Database load failed: Malformed
Gary R. Schmidt
grschmidt at acm.org
Tue Jul 27 10:41:36 UTC 2021
On 27/07/2021 18:54, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Tue, 27 Jul 2021, Ashtec Cerenuela via clamav-users wrote:
>
>> I've been monitoring the clamd.log for my email server this past few
>> weeks and I've seen errors like this everyday.
>> Sat Jul 24 19:28:27 2021 -> SelfCheck: Database modification detected.
>> Forcing reload.
>> Sat Jul 24 19:28:27 2021 -> Reading databases from
>> C:\ProgramData\.clamwin\db
>> Sat Jul 24 19:28:39 2021 -> ERROR: reload_th: Database load failed:
>> Malformed database
>
> Are you sure that you're using an up-to-date clamd version? Clutching
> at straws here, perhaps when you upgraded the daemon wasn't restarted?
>
>> ...
>> ClamUpdateLog.txt says:
>> ClamAV update process started at Sat Jul 24 19:19:00 2021
>> WARNING: Your ClamAV installation is OUTDATED!
>> WARNING: Local version: 0.103.2 Recommended version: 0.103.3
>
> Since you seem to be using ClamWin you will either have to live with
> these warnings or use the Windows version from upstream. Personally
> after what I've seen of ClamWin I'd steer clear of it. See comments
> in the list archives for example:
>
> https://lists.clamav.net/pipermail/clamav-users/2021-June/011286.html
>
>> daily database available for update (local version: 26241, remote
>> version: 26242)
>> Testing database:
>> 'C:\ProgramData\.clamwin\db\tmp.5c43b1ecb8\clamav-632317d6ea0ad37e91e81295e905073d.tmp-daily.cld'
>> ...
>> Database test passed.
>> daily.cld updated (version: 26242, sigs: 1963537, f-level: 90,
>> builder: raynman)
>> main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level:
>> 90, builder: sigmgr)
>> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level:
>> 63, builder: awillia2)
>
> Your update process seem to be working OK. Here's my freshclam log
> (on Linux!) for about that time, as you see the numbers all match:
>
> Sat Jul 24 20:21:55 2021 -> Received signal: wake up
> Sat Jul 24 20:21:55 2021 -> ClamAV update process started at Sat Jul 24
> 20:21:55 2021
> Sat Jul 24 20:21:56 2021 -> daily.cld database is up-to-date (version:
> 26242, sigs: 1963537, f-level: 90, builder: raynman)
> Sat Jul 24 20:21:56 2021 -> main.cvd database is up-to-date (version:
> 61, sigs: 6607162, f-level: 90, builder: sigmgr)
> Sat Jul 24 20:21:56 2021 -> bytecode.cld database is up-to-date
> (version: 333, sigs: 92, f-level: 63, builder: awillia2)
>
>> Deleted daily.cld/main.cvd and downloaded with a new copy from
>> clamwin website. After 24hrs of monitoring, the error occured again
>> after the update. I'm not sure if this is normal or what.
>
> I'm not sure what's normal for ClamWin. Why not just use the official
> sources and CDN? In case it helps, if you check the MD5sum for the
> main database it should be
>
> 8192d77d0032163244c7323a80d5f228
>
> and I wouldn't expect that file to change for quite some time since
> it's only very recently been updated.
>
Wasn't ClamWin 0.103.2 a "fake" update where they only changed the
version number?
Or was that 0.103.3?
Either way, Ged's advice to throw it away and use a proper ClamAV build
for winderss is correct.
Cheers,
Gary B-)
More information about the clamav-users
mailing list