Mailing List Archive

Malformed DB in daily-26708.cdiff?
Hi All,

I'll admit up front I'm running ClamAV v100.3 on RHEL 6. This is not my fault, but also nothing I can do anything about (the hosts doing so are long-scheduled for decommissioning). As such I don't expect any help. But I am interested if this is where I get another string to my bow to tell the people who won't move off these hosts that now they have no ClamAV protection from newer threats.

As of daily-26708.cdiff I get this on all of those hosts when running freshclam:

# freshclam
ClamAV update process started at Wed Nov 2 09:18:06 2022
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.3 Recommended version: 0.103.7
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Downloading daily-26707.cdiff [100%]
Downloading daily-26708.cdiff [100%]
ERROR: During database load : WARNING: [LibClamAV] cli_hex2str(): Malformed hexstring: >>26#ib2#>512 (length: 13) [...] ERROR: Failed to load new database: Malformed database
WARNING: Database load exited with status 55
ERROR: Failed to load new database

Is this an incompatibility with v100.3, or an error in the cdiff?

With thanks,

Ben
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Malformed DB in daily-26708.cdiff? [ In reply to ]
Hi there,

On Wed, 2 Nov 2022, Ben Argyle via clamav-users wrote:

> I'll admit up front I'm running ClamAV v100.3 on RHEL 6. This is
> not my fault, but also nothing I can do anything about (the hosts
> doing so are long-scheduled for decommissioning). As such I don't
> expect any help. But I am interested if this is where I get another
> string to my bow to tell the people who won't move off these hosts
> that now they have no ClamAV protection from newer threats.

Maybe show them this blog post:

https://blog.clamav.net/2021/10/clamav-0100-end-of-life-today-and.html

which to me says theoretically they'd have had no ClamAV updates since
last October - but see below.

> As of daily-26708.cdiff I get this on all of those hosts when running freshclam:
>
> # freshclam
> ClamAV update process started at Wed Nov 2 09:18:06 2022
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.3 Recommended version: 0.103.7
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> main.cld is up to date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
> Downloading daily-26707.cdiff [100%]
> Downloading daily-26708.cdiff [100%]
> ERROR: During database load : WARNING: [LibClamAV] cli_hex2str(): Malformed hexstring: >>26#ib2#>512 (length: 13) [...] ERROR: Failed to load new database: Malformed database
> WARNING: Database load exited with status 55
> ERROR: Failed to load new database
>
> Is this an incompatibility with v100.3, or an error in the cdiff?

Again, reading the EOL blog post I'm surprised that the CDN is even
allowing you to download the cdiff - are you using a local mirror with
an up-to-date freshclam or something like that? But since you seem to
be downloading the cdiff OK, I very much doubt that there's anything
wrong with it. Here's a log extract taken from a clamd server here,
downloading the same two cdiff files:

...
Tue Nov 1 23:14:11 2022 -> ClamAV update process started at Tue Nov 1 23:14:11 2022
Tue Nov 1 23:14:11 2022 -> daily database available for update (local version: 26706, remote version: 26707)
Tue Nov 1 23:14:17 2022 -> Testing database: '/EXPORTS/clamav/databases/tmp.6cba9d4577/clamav-afd6a8d4c872bc90643557b8ae8a87be.tmp-daily.cld' ...
Tue Nov 1 23:14:37 2022 -> Database test passed.
Tue Nov 1 23:14:38 2022 -> daily.cld updated (version: 26707, sigs: 2009761, f-level: 90, builder: cmarczewski)
Tue Nov 1 23:14:38 2022 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Tue Nov 1 23:14:38 2022 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Tue Nov 1 23:14:38 2022 -> Clamd successfully notified about the update.
...
Wed Nov 2 09:36:22 2022 -> ClamAV update process started at Wed Nov 2 09:36:22 2022
Wed Nov 2 09:36:23 2022 -> daily database available for update (local version: 26707, remote version: 26708)
Wed Nov 2 09:36:30 2022 -> Testing database: '/EXPORTS/clamav/databases/tmp.063d4c241f/clamav-13690daaba0c36fe94ca0c8f0baa091b.tmp-daily.cld' ...
Wed Nov 2 09:36:50 2022 -> Database test passed.
Wed Nov 2 09:36:51 2022 -> daily.cld updated (version: 26708, sigs: 2009776, f-level: 90, builder: raynman)
Wed Nov 2 09:36:51 2022 -> main.cld database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Wed Nov 2 09:36:51 2022 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Wed Nov 2 09:36:51 2022 -> Clamd successfully notified about the update.
...

The server is running the 0.103.7 LTS release.

HTH

--

73,
Ged.
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat