Hi Jay,

Is your system 32bit?   As noted in our 0.100.0 release notes, we found that Centos 6 (and 5) provide an old version of zlib (1.2.3.3) that will fail to properly extract the ClamAV databases.  You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has at least 4 published CVE's. 

Regards,
Micah
 
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart@kevla.org> wrote:

Oh, check your permissions on var/lib/clamav, see if clam has access to it

On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
<clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:



I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:

[root@centos clamav]# ls -al
total 162524
drwxr-xr-x   2 clam clam      4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root      4096 Jul 15 03:08 ..
-rw-r--r--   1 clam clam  48510215 Jul 15 20:44 daily.cvd
-rw-r--r--   1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw-------   1 clam clam       468 Jul 15 22:01 mirrors.dat

I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:

Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$

LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket.     [FAILED]

I enabled logging when clamav is running, hence the debug info above.  I still am getting the
malformed database issue even when directly downloading the files using wget from the clamav.net
site.

I also verified that the clamav package was good, here is that command and the result:

[root@centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T.  c /etc/freshclam.conf

Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.

Do you want my freshclam,conf parameters?

thanks for the help. I've tried just about everything I know to do and have been able to research.

Jay

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml