Mailing List Archive

Hey Jay,


Not sure which it is referring to db wise, but deleting main.cvd, daily, bytecode and mirror.dat should fix it after another freshclam.


Thank you,


Tom M

?On 7/15/18, 5:05 PM, "clamav-users on behalf of Jay Hart" <clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:

Hello and good afternoon,

Yessterday on a Centos 6.10 server I ran the software updater application which indicated 134
packages needed to be updated, one of which was Clamav.

The updater ran fine and the machine was rebooted. Upon reboot Clamav failed to run. This was due
to the deprecated option "AllowSupplementaryGroups" being enabled. Once I disabled this Clamav
would run, but I also was receiving a second error, which I have not been able to resolve.

It occurs when Freshclam queries the server for updated virus database files. I have enabled
logging for libclamav when freshclam runs to provide additional details.

ClamAV update process started at Sun Jul 15 16:27:39 2018
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 611
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Retrieving http://db.local.clamav.net/main.cvd
Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
Downloading main.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Phishcheck cleaned up
ERROR: Verification: Malformed database
Querying main.0.91.0.0.6810BD8A.ping.clamav.net
Giving up on db.local.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is
working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.

NOTE: I just copied of the five tries for updating, they all show saw situation.

I am pointing to db.us.clamav.net as the country code.

Any idea how to resolve this?

Thanks,

Jay

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hey Jay,
>
>
> Not sure which it is referring to db wise, but deleting main.cvd, daily, bytecode and mirror.dat
> should fix it after another freshclam.
>
>
> Thank you,
>
>
> Tom M

Tom,

I removed all files from /var/lib/clamav, reran freshclam (freshclam -v), and it did not resolve
the issue.

Jay


>
> ?On 7/15/18, 5:05 PM, "clamav-users on behalf of Jay Hart"
> <clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:
>
> Hello and good afternoon,
>
> Yessterday on a Centos 6.10 server I ran the software updater application which indicated 134
> packages needed to be updated, one of which was Clamav.
>
> The updater ran fine and the machine was rebooted. Upon reboot Clamav failed to run. This was
> due
> to the deprecated option "AllowSupplementaryGroups" being enabled. Once I disabled this
> Clamav
> would run, but I also was receiving a second error, which I have not been able to resolve.
>
> It occurs when Freshclam queries the server for updated virus database files. I have enabled
> logging for libclamav when freshclam runs to provide additional details.
>
> ClamAV update process started at Sun Jul 15 16:27:39 2018
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 611
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://db.local.clamav.net/main.cvd
> Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
> Downloading main.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> LibClamAV debug: in cli_tgzload_cleanup()
> WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
> ERROR: Verification: Malformed database
> Querying main.0.91.0.0.6810BD8A.ping.clamav.net
> Giving up on db.local.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf
> is
> working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
>
> NOTE: I just copied one of the five tries for updating, they all show same situation.
>
> I am pointing to db.us.clamav.net as the country code.
>
> Any idea how to resolve this?
>
> Thanks,
>
> Jay
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Hey Jay,
>
>
> Not sure which it is referring to db wise, but deleting main.cvd, daily, bytecode and mirror.dat
> should fix it after another freshclam.
>
>
> Thank you,
>
>
> Tom M
>

After I emptied the directory, and reran freshclam, I rebooted the box. Now clamav is not running
due to this:

Starting Clam AntiVirus Daemon: LibClamAV Error: cli_loaddbdir(): No supported database files
found in /var/ lib/clamav
Sun Jul 15 19:54:28 2018 -> !Can't open file or directory [FAILED]

Jay

> ?On 7/15/18, 5:05 PM, "clamav-users on behalf of Jay Hart"
> <clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:
>
> Hello and good afternoon,
>
> Yessterday on a Centos 6.10 server I ran the software updater application which indicated 134
> packages needed to be updated, one of which was Clamav.
>
> The updater ran fine and the machine was rebooted. Upon reboot Clamav failed to run. This was
> due
> to the deprecated option "AllowSupplementaryGroups" being enabled. Once I disabled this
> Clamav
> would run, but I also was receiving a second error, which I have not been able to resolve.
>
> It occurs when Freshclam queries the server for updated virus database files. I have enabled
> logging for libclamav when freshclam runs to provide additional details.
>
> ClamAV update process started at Sun Jul 15 16:27:39 2018
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 611
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://db.local.clamav.net/main.cvd
> Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
> Downloading main.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> LibClamAV debug: in cli_tgzload_cleanup()
> WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
> ERROR: Verification: Malformed database
> Querying main.0.91.0.0.6810BD8A.ping.clamav.net
> Giving up on db.local.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf
> is
> working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
>
> NOTE: I just copied of the five tries for updating, they all show saw situation.
>
> I am pointing to db.us.clamav.net as the country code.
>
> Any idea how to resolve this?
>
> Thanks,
>
> Jay
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Oh, check your permissions on var/lib/clamav, see if clam has access to it

?On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart" <clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:



> Hey Jay,
>
>
> Not sure which it is referring to db wise, but deleting main.cvd, daily, bytecode and mirror.dat
> should fix it after another freshclam.
>
>
> Thank you,
>
>
> Tom M
>

After I emptied the directory, and reran freshclam, I rebooted the box. Now clamav is not running
due to this:

Starting Clam AntiVirus Daemon: LibClamAV Error: cli_loaddbdir(): No supported database files
found in /var/ lib/clamav
Sun Jul 15 19:54:28 2018 -> !Can't open file or directory [FAILED]

Jay

> On 7/15/18, 5:05 PM, "clamav-users on behalf of Jay Hart"
> <clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:
>
> Hello and good afternoon,
>
> Yessterday on a Centos 6.10 server I ran the software updater application which indicated 134
> packages needed to be updated, one of which was Clamav.
>
> The updater ran fine and the machine was rebooted. Upon reboot Clamav failed to run. This was
> due
> to the deprecated option "AllowSupplementaryGroups" being enabled. Once I disabled this
> Clamav
> would run, but I also was receiving a second error, which I have not been able to resolve.
>
> It occurs when Freshclam queries the server for updated virus database files. I have enabled
> logging for libclamav when freshclam runs to provide additional details.
>
> ClamAV update process started at Sun Jul 15 16:27:39 2018
> Using IPv6 aware code
> Querying current.cvd.clamav.net
> TTL: 611
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://db.local.clamav.net/main.cvd
> Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
> Downloading main.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> LibClamAV debug: in cli_tgzload_cleanup()
> WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cleaned up
> ERROR: Verification: Malformed database
> Querying main.0.91.0.0.6810BD8A.ping.clamav.net
> Giving up on db.local.clamav.net...
> Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf
> is
> working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
>
> NOTE: I just copied of the five tries for updating, they all show saw situation.
>
> I am pointing to db.us.clamav.net as the country code.
>
> Any idea how to resolve this?
>
> Thanks,
>
> Jay
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

> Oh, check your permissions on var/lib/clamav, see if clam has access to it
>
> ?On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
> <clamav-users-bounces@lists.clamav.net on behalf of jhart@kevla.org> wrote:
>
>

I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:

[root@centos clamav]# ls -al
total 162524
drwxr-xr-x 2 clam clam 4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root 4096 Jul 15 03:08 ..
-rw-r--r-- 1 clam clam 48510215 Jul 15 20:44 daily.cvd
-rw-r--r-- 1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw------- 1 clam clam 468 Jul 15 22:01 mirrors.dat

I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:

Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$

LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket. [FAILED]

I enabled logging when clamav is running, hence the debug info above. I still am getting the
malformed database issue even when directly downloading the files using wget from the clamav.net
site.

I also verified that the clamav package was good, here is that command and the result:

[root@centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T. c /etc/freshclam.conf

Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.

Do you want my freshclam,conf parameters?

thanks for the help. I've tried just about everything I know to do and have been able to research.

Jay

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi Jay,

Is your system 32bit? As noted in our 0.100.0 release notes, we found that Centos 6 (and 5) provide an old version of zlib (1.2.3.3) that will fail to properly extract the ClamAV databases. You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has at least 4 published CVE's.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org>> wrote:

Oh, check your permissions on var/lib/clamav, see if clam has access to it

On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
<clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net> on behalf of jhart@kevla.org<mailto:jhart@kevla.org>> wrote:



I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:

[root@centos clamav]# ls -al
total 162524
drwxr-xr-x 2 clam clam 4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root 4096 Jul 15 03:08 ..
-rw-r--r-- 1 clam clam 48510215 Jul 15 20:44 daily.cvd
-rw-r--r-- 1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw------- 1 clam clam 468 Jul 15 22:01 mirrors.dat

I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:

Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$

LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket. [FAILED]

I enabled logging when clamav is running, hence the debug info above. I still am getting the
malformed database issue even when directly downloading the files using wget from the clamav.net<http://clamav.net>
site.

I also verified that the clamav package was good, here is that command and the result:

[root@centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T. c /etc/freshclam.conf

Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.

Do you want my freshclam,conf parameters?

thanks for the help. I've tried just about everything I know to do and have been able to research.

Jay

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I will check OS version this evening when I return home. I was not able to determine which
version of zlib is installed, what is a command with options that will allow me to provide that
data point to you?

Thanks for help so far.

Jay

> Hi Jay,
>
> Is your system 32bit? As noted in our 0.100.0 release notes, we found that Centos 6 (and 5)
> provide an old version of zlib (1.2.3.3) that will fail to properly extract the ClamAV databases.
> You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has
> at least 4 published CVE's.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org>> wrote:
>
> Oh, check your permissions on var/lib/clamav, see if clam has access to it
>
> On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
> <clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net> on behalf of
> jhart@kevla.org<mailto:jhart@kevla.org>> wrote:
>
>
>
> I was able to manually download daily.cvd and main.cvd, and I placed these files in the
> /var/lib/clamav directory, with the following permissions:
>
> [root@centos clamav]# ls -al
> total 162524
> drwxr-xr-x 2 clam clam 4096 Jul 15 22:01 .
> drwxr-xr-x. 49 root root 4096 Jul 15 03:08 ..
> -rw-r--r-- 1 clam clam 48510215 Jul 15 20:44 daily.cvd
> -rw-r--r-- 1 clam clam 117892267 Jul 15 20:44 main.cvd
> -rw------- 1 clam clam 468 Jul 15 22:01 mirrors.dat
>
> I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:
>
> Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: Initializing phishcheck module
> LibClamAV debug: Phishcheck: Compiling regex: ^
> *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
>
> LibClamAV debug: Phishcheck module initialized
> LibClamAV debug: Bytecode initialized in interpreter mode
> LibClamAV debug: Loading databases from /var/lib/clamav
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
> LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> LibClamAV debug: in cli_tgzload_cleanup()
> LibClamAV Error: cli_cvdload: Corrupted CVD header
> LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
> Sun Jul 15 21:27:43 2018 -> !Malformed database
> Sun Jul 15 21:27:43 2018 -> *Closing the main socket. [FAILED]
>
> I enabled logging when clamav is running, hence the debug info above. I still am getting the
> malformed database issue even when directly downloading the files using wget from the
> clamav.net<http://clamav.net>
> site.
>
> I also verified that the clamav package was good, here is that command and the result:
>
> [root@centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
> S.5....T. c /etc/freshclam.conf
>
> Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
> would tell me I got a bad package and I'd reapply it, but I don't think that is the case.
>
> Do you want my freshclam,conf parameters?
>
> thanks for the help. I've tried just about everything I know to do and have been able to
> research.
>
> Jay
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On CentOS you should be able to check with: `yum info zlib-devel`

Alternatively, take a peek in /usr/include/zlib.h for the line starting with:
#define ZLIB_VERSION

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 16, 2018, at 11:24 AM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org>> wrote:

I will check OS version this evening when I return home. I was not able to determine which
version of zlib is installed, what is a command with options that will allow me to provide that
data point to you?

Thanks for help so far.

Jay

Hi Jay,

Is your system 32bit? As noted in our 0.100.0 release notes, we found that Centos 6 (and 5)
provide an old version of zlib (1.2.3.3) that will fail to properly extract the ClamAV databases.
You can update to 1.2.4 to resolve the issue, but I recommend at least 1.2.9 or newer as 1.2.8 has
at least 4 published CVE's.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 15, 2018, at 10:15 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:

Oh, check your permissions on var/lib/clamav, see if clam has access to it

On 7/15/18, 8:05 PM, "clamav-users on behalf of Jay Hart"
<clamav-users-bounces@lists.clamav.net<mailto:clamav-users-bounces@lists.clamav.net><mailto:clamav-users-bounces@lists.clamav.net> on behalf of
jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:



I was able to manually download daily.cvd and main.cvd, and I placed these files in the
/var/lib/clamav directory, with the following permissions:

[root@centos clamav]# ls -al
total 162524
drwxr-xr-x 2 clam clam 4096 Jul 15 22:01 .
drwxr-xr-x. 49 root root 4096 Jul 15 03:08 ..
-rw-r--r-- 1 clam clam 48510215 Jul 15 20:44 daily.cvd
-rw-r--r-- 1 clam clam 117892267 Jul 15 20:44 main.cvd
-rw------- 1 clam clam 468 Jul 15 22:01 mirrors.dat

I was hoping on a reboot that clamav would start working, it didn't, here is the error I get now:

Starting Clam AntiVirus Daemon: LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$

LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in interpreter mode
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Decoded signature: e2cf7aaa354f5e33316a3dd89c4b915b
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
LibClamAV Error: cli_cvdload: Corrupted CVD header
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database
Sun Jul 15 21:27:43 2018 -> !Malformed database
Sun Jul 15 21:27:43 2018 -> *Closing the main socket. [FAILED]

I enabled logging when clamav is running, hence the debug info above. I still am getting the
malformed database issue even when directly downloading the files using wget from the
clamav.net<http://clamav.net/><http://clamav.net<http://clamav.net/>>
site.

I also verified that the clamav package was good, here is that command and the result:

[root@centos jhart]# rpm -V clamav-0.100.0-1.el6.i686
S.5....T. c /etc/freshclam.conf

Can you see any issues above, or point me to something else to try. I was figuring that maybe rpm
would tell me I got a bad package and I'd reapply it, but I don't think that is the case.

Do you want my freshclam,conf parameters?

thanks for the help. I've tried just about everything I know to do and have been able to
research.

Jay

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 15.07.2018 23:05, Jay Hart wrote:
> Hello and good afternoon,
>
> Yessterday on a Centos 6.10 server I ran the software updater application which indicated 134
> packages needed to be updated, one of which was Clamav.
can you remove clamav (yum remove clamav ...)
and reboot, after this reinstall it again (yum install clamav ...)?

I'm also using CentOS6 and have not this problem;

Two things (each item is a bit long), with two questions/comments at the bottom:

1. I don't think zlib-devel is installed:

[root@centos tmp]# yum info zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
epel/metalink | 15 kB 00:00
* base: ewr.edge.kernel.org
* epel: mirror.cogentco.com
* extras: mirror.cs.vt.edu
* updates: mirror.vcu.edu
base | 3.7 kB 00:00
epel | 3.2 kB 00:00
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
Available Packages
Name : zlib-devel
Arch : i686
Version : 1.2.3
Release : 29.el6
Size : 44 k
Repo : base
Summary : Header files and libraries for Zlib development
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : The zlib-devel package contains the header files and libraries needed
: to develop programs that use the zlib compression and decompression
: library.

[root@centos tmp]# more /usr/include/zlib.h |grep VERSION
/usr/include/zlib.h: No such file or directory

[root@centos include]# rpm -ql zlib-devel
package zlib-devel is not installed

2. 32-bit CPU data:
[root@centos include]# lscpu |grep "CPU op-mode"
CPU op-mode(s): 32-bit
[root@centos include]# lscpu
Architecture: i686
CPU op-mode(s): 32-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 2
Core(s) per socket: 2
Socket(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 54
Model name: Intel(R) Atom(TM) CPU D2700 @ 2.13GHz
Stepping: 1
CPU MHz: 2128.240
BogoMIPS: 4256.48
L1d cache: 24K
L1i cache: 32K
L2 cache: 512K

Could the fact zlib-devel is NOT installed be my issue?

Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new box.

I think this answers all the outstanding queries you asked for Micah. My thanks for the support.

Jay


> On CentOS you should be able to check with: `yum info zlib-devel`
>
> Alternatively, take a peek in /usr/include/zlib.h for the line starting with:
> #define ZLIB_VERSION
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Sorry, it will not.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 29, 2018, at 1:23 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org>> wrote:

Hey,

Just got notified that Clamav 0.100.1 is released for Centos 6.10. I'm wondering if I upgrade to
that release, will my malformed database issue get resolved?

Thanks,

Jay

My apologies Jay,

I tend to think of dependencies from a development perspective because I basically never test with
ClamAV provided by package managers. If your ClamAV installation came pre-compiled from a distro,
I guess it would have been linked with the zlib they provide and replacing zlib with a newer
version wouldn't be sufficient.

Please someone correct me if I'm wrong, but I think that you will need to build & install ClamAV
from source with the newer version of zlib installed so it links with the new zlib.

-Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 18, 2018, at 7:43 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:

Micah,

Downloaded, complied and installed libz.so.1.2.4 to /lib. Renamed to libz.so.1.2.3. Removed
mirror.dat file.

Then ran freshclam -v without deleting the *.cvd files out of /var/lib/clamav

Freshclam gets to this point, and no further:

[root@centos zlib-1.2.4]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Wed Jul 18 19:39:16 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>>
TTL: 596
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
Retrieving http://db.us.clamav.net/main.cvd
Trying to download http://db.us.clamav.net/main.cvd (IP: 104.16.186.138)
Downloading main.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
^CUpdate process terminated *** I terminated the command after 10 minutes.

At this point I don't know what else to do other than maybe downgrading clamav if I can.

Based on my experience yesterday, removing the .cvd files won't improve freshclam execution.

Jay

Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then afterwards you're
having the same error or a different error? I'm a little confused, sorry.

Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Jul 17, 2018, at 8:21 PM, Jay Hart
<jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:

Micah,

I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.

Running freshclam without rebooting box got this:
root@centos zlib-1.2.4.5]# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 3
ClamAV update process started at Tue Jul 17 19:47:02 2018
Using IPv6 aware code
Querying current.cvd.clamav.net<http://current.cvd.clamav.net/><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>>
TTL: 279
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
version from DNS: 24760
daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
http://db.us.clamav.net/bytecode.cvd
Ignoring mirror 104.16.186.138 (due to previous errors)
Ignoring mirror 104.16.187.138 (due to previous errors)
Ignoring mirror 104.16.188.138 (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()

Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?

Jay



Is zlib 1.2.4 really significantly more processor intensive than 1.2.3? It is rather trivial to
install from http://www.zlib.net/fossils/
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell@mac.com<mailto:alvarnell@mac.com>> wrote:
Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
earlier version.
-Al-
On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
I do have zlib installed:
root@centos include]# yum info zlib
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
* epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
* updates: mirror.umd.edu<http://mirror.umd.edu/>
Installed Packages
Name : zlib
Arch : i686
Version : 1.2.3
Release : 29.el6
Size : 136 k
Repo : installed
From repo : base
Summary : The zlib compression and decompression library
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : Zlib is a general-purpose, patent-free, lossless data compression
: library which is used by many different programs.
File location:
[root@centos include]# repoquery -l zlib
/lib/libz.so.1
/lib/libz.so.1.2.3
/usr/share/doc/zlib-1.2.3
/usr/share/doc/zlib-1.2.3/ChangeLog
/usr/share/doc/zlib-1.2.3/FAQ
/usr/share/doc/zlib-1.2.3/README
Jay
Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
think zlib-devel is installed:
[root@centos tmp]# yum info zlib-devel
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
epel/metalink | 15 kB 00:00 *
base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
* epel: mirror.cogentco.com<http://mirror.cogentco.com/>
* extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
* updates: mirror.vcu.edu<http://mirror.vcu.edu/>
base | 3.7 kB 00:00
epel | 3.2 kB 00:00
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
Available Packages
Name : zlib-devel
Arch : i686
Version : 1.2.3
Release : 29.el6
Size : 44 k
Repo : base
Summary : Header files and libraries for Zlib development
URL : http://www.gzip.org/zlib/
License : zlib and Boost
Description : The zlib-devel package contains the header files and libraries needed
: to develop programs that use the zlib compression and decompression : library.
[root@centos tmp]# more /usr/include/zlib.h |grep VERSION
/usr/include/zlib.h: No such file or directory
[root@centos include]# rpm -ql zlib-devel
package zlib-devel is not installed
2. 32-bit CPU data:
[root@centos include]# lscpu |grep "CPU op-mode"
CPU op-mode(s): 32-bit
[root@centos include]# lscpu
Architecture: i686
CPU op-mode(s): 32-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 2
Core(s) per socket: 2
Socket(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 54
Model name: Intel(R) Atom(TM) CPU D2700 @ 2.13GHz
Stepping: 1
CPU MHz: 2128.240
BogoMIPS: 4256.48
L1d cache: 24K
L1i cache: 32K
L2 cache: 512K
Could the fact zlib-devel is NOT installed be my issue?
Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
box.
I think this answers all the outstanding queries you asked for Micah. My thanks for the
support.
Jay
On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
/usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-Al-
--
Al Varnell
Mountain View, CA
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml






_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Am 29.07.2018 um 19:23 schrieb Jay Hart:
> Just got notified that Clamav 0.100.1 is released for Centos 6.10. I'm wondering if I upgrade to
> that release, will my malformed database issue get resolved?
what about just update and report?
you need to update anyways for security reasons
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Micah,

I'm still using Centos 6, still on a 32-bit platform. Its patched with the exception of clamav.
Still running clamav-0.100.0-1.el6. I have the option of going to 0.100.3-1.el6.

I wouldn't say that clamav is working, but I can still send/receive email.

In your opinion, should I upgrade to this latest version?

Going to assume yes, been holding off.

Jay

> Sorry, it will not.
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 29, 2018, at 1:23 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org>> wrote:
>
> Hey,
>
> Just got notified that Clamav 0.100.1 is released for Centos 6.10. I'm wondering if I upgrade to
> that release, will my malformed database issue get resolved?
>
> Thanks,
>
> Jay
>
> My apologies Jay,
>
> I tend to think of dependencies from a development perspective because I basically never test with
> ClamAV provided by package managers. If your ClamAV installation came pre-compiled from a distro,
> I guess it would have been linked with the zlib they provide and replacing zlib with a newer
> version wouldn't be sufficient.
>
> Please someone correct me if I'm wrong, but I think that you will need to build & install ClamAV
> from source with the newer version of zlib installed so it links with the new zlib.
>
> -Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 18, 2018, at 7:43 PM, Jay Hart
> <jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:
>
> Micah,
>
> Downloaded, complied and installed libz.so.1.2.4 to /lib. Renamed to libz.so.1.2.3. Removed
> mirror.dat file.
>
> Then ran freshclam -v without deleting the *.cvd files out of /var/lib/clamav
>
> Freshclam gets to this point, and no further:
>
> [root@centos zlib-1.2.4]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Wed Jul 18 19:39:16 2018
> Using IPv6 aware code
> Querying
> current.cvd.clamav.net<http://current.cvd.clamav.net/><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>>
> TTL: 596
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://db.us.clamav.net/main.cvd
> Trying to download http://db.us.clamav.net/main.cvd (IP: 104.16.186.138)
> Downloading main.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> ^CUpdate process terminated *** I terminated the command after 10 minutes.
>
> At this point I don't know what else to do other than maybe downgrading clamav if I can.
>
> Based on my experience yesterday, removing the .cvd files won't improve freshclam execution.
>
> Jay
>
> Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then afterwards you're
> having the same error or a different error? I'm a little confused, sorry.
>
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 17, 2018, at 8:21 PM, Jay Hart
> <jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:
>
> Micah,
>
> I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
> libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.
>
> Running freshclam without rebooting box got this:
> root@centos zlib-1.2.4.5]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Tue Jul 17 19:47:02 2018
> Using IPv6 aware code
> Querying
> current.cvd.clamav.net<http://current.cvd.clamav.net/><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>>
> TTL: 279
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
> version from DNS: 24760
> daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
> http://db.us.clamav.net/bytecode.cvd
> Ignoring mirror 104.16.186.138 (due to previous errors)
> Ignoring mirror 104.16.187.138 (due to previous errors)
> Ignoring mirror 104.16.188.138 (due to previous errors)
> Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
> 2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
> http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
> LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
> cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
>
> Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?
>
> Jay
>
>
>
> Is zlib 1.2.4 really significantly more processor intensive than 1.2.3? It is rather trivial to
> install from http://www.zlib.net/fossils/
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell@mac.com<mailto:alvarnell@mac.com>> wrote:
> Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
> support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
> earlier version.
> -Al-
> On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
> I do have zlib installed:
> root@centos include]# yum info zlib
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
> mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.umd.edu<http://mirror.umd.edu/>
> Installed Packages
> Name : zlib
> Arch : i686
> Version : 1.2.3
> Release : 29.el6
> Size : 136 k
> Repo : installed
> From repo : base
> Summary : The zlib compression and decompression library
> URL : http://www.gzip.org/zlib/
> License : zlib and Boost
> Description : Zlib is a general-purpose, patent-free, lossless data compression
> : library which is used by many different programs.
> File location:
> [root@centos include]# repoquery -l zlib
> /lib/libz.so.1
> /lib/libz.so.1.2.3
> /usr/share/doc/zlib-1.2.3
> /usr/share/doc/zlib-1.2.3/ChangeLog
> /usr/share/doc/zlib-1.2.3/FAQ
> /usr/share/doc/zlib-1.2.3/README
> Jay
> Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
> think zlib-devel is installed:
> [root@centos tmp]# yum info zlib-devel
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> epel/metalink | 15 kB 00:00 *
> base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cogentco.com<http://mirror.cogentco.com/>
> * extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.vcu.edu<http://mirror.vcu.edu/>
> base | 3.7 kB 00:00
> epel | 3.2 kB 00:00
> extras | 3.3 kB 00:00
> updates | 3.4 kB 00:00
> Available Packages
> Name : zlib-devel
> Arch : i686
> Version : 1.2.3
> Release : 29.el6
> Size : 44 k
> Repo : base
> Summary : Header files and libraries for Zlib development
> URL : http://www.gzip.org/zlib/
> License : zlib and Boost
> Description : The zlib-devel package contains the header files and libraries needed
> : to develop programs that use the zlib compression and decompression : library.
> [root@centos tmp]# more /usr/include/zlib.h |grep VERSION
> /usr/include/zlib.h: No such file or directory
> [root@centos include]# rpm -ql zlib-devel
> package zlib-devel is not installed
> 2. 32-bit CPU data:
> [root@centos include]# lscpu |grep "CPU op-mode"
> CPU op-mode(s): 32-bit
> [root@centos include]# lscpu
> Architecture: i686
> CPU op-mode(s): 32-bit
> Byte Order: Little Endian
> CPU(s): 4
> On-line CPU(s) list: 0-3
> Thread(s) per core: 2
> Core(s) per socket: 2
> Socket(s): 1
> Vendor ID: GenuineIntel
> CPU family: 6
> Model: 54
> Model name: Intel(R) Atom(TM) CPU D2700 @ 2.13GHz
> Stepping: 1
> CPU MHz: 2128.240
> BogoMIPS: 4256.48
> L1d cache: 24K
> L1i cache: 32K
> L2 cache: 512K
> Could the fact zlib-devel is NOT installed be my issue?
> Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
> box.
> I think this answers all the outstanding queries you asked for Micah. My thanks for the
> support.
> Jay
> On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
> /usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> -Al-
> --
> Al Varnell
> Mountain View, CA
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Jay,

If you are going to upgrade to the newest version manually, I *highly*
suggest using the EL6 source RPM as a template as it bundles &
statically builds a newer version of zlib for use with ClamAV as a
workaround to prevent the "malformed database" errors.

https://download-ib01.fedoraproject.org/pub/epel/6/SRPMS/Packages/c/clamav-0.100.3-1.el6.src.rpm



> I'm still using Centos 6, still on a 32-bit platform. Its patched with the exception of clamav.
>Still running clamav-0.100.0-1.el6. I have the option of going to 0.100.3-1.el6.
>
>I wouldn't say that clamav is working, but I can still send/receive email.
>
>In your opinion, should I upgrade to this latest version?
>
>Going to assume yes, been holding off.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I was going to update via the software update tool!! Would that work???

Jay

> Jay,
>
> If you are going to upgrade to the newest version manually, I *highly*
> suggest using the EL6 source RPM as a template as it bundles &
> statically builds a newer version of zlib for use with ClamAV as a
> workaround to prevent the "malformed database" errors.
>
> https://download-ib01.fedoraproject.org/pub/epel/6/SRPMS/Packages/c/clamav-0.100.3-1.el6.src.rpm
>
>
>
>> I'm still using Centos 6, still on a 32-bit platform. Its patched with the exception of clamav.
>>Still running clamav-0.100.0-1.el6. I have the option of going to 0.100.3-1.el6.
>>
>>I wouldn't say that clamav is working, but I can still send/receive email.
>>
>>In your opinion, should I upgrade to this latest version?
>>
>>Going to assume yes, been holding off.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 09.02.20 21:28, Jay Hart wrote:
>I was going to update via the software update tool!! Would that work???

yes. he advised only if you want to upgrade manually.
Upgrading via distro-proposed solution (yum on centos) is much better.

I recommend doing that instead of manual upgrading due to possible conflicts
you have to resolve when using manual installation.

I wonder why you didn't install it already. Don't you install security
updates?

>> If you are going to upgrade to the newest version manually, I *highly*
>> suggest using the EL6 source RPM as a template as it bundles &
>> statically builds a newer version of zlib for use with ClamAV as a
>> workaround to prevent the "malformed database" errors.
>>
>> https://download-ib01.fedoraproject.org/pub/epel/6/SRPMS/Packages/c/clamav-0.100.3-1.el6.src.rpm
>>
>>
>>
>>> I'm still using Centos 6, still on a 32-bit platform. Its patched with the exception of clamav.
>>>Still running clamav-0.100.0-1.el6. I have the option of going to 0.100.3-1.el6.
>>>
>>>I wouldn't say that clamav is working, but I can still send/receive email.
>>>
>>>In your opinion, should I upgrade to this latest version?
>>>
>>>Going to assume yes, been holding off.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Yes, the regular channel update will work fine to update to 0.100.3

I meant if you wanted to update to the latest 0.102.2 you will have to
roll your own...


> I was going to update via the software update tool!! Would that work???
>
>Jay

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml