Hi All,
Just an FYI thatclamav was linking to libz.so.1.1.4 and upgrading to
libz.so.1.2.11 resolved the issue with being unable to verify updates.
Might need to be a check for a minimum zlip version though I don't have
input which version specifically demonstrates the issue.
Also note that --with-zlib did not work correctly. Was leading to
errors about not being able to retrieve version errors so we updated the
system library instead. Could be an interwinining of other things like
xml and bzip2 linking to the other version.
Regards,
KAM
On 4/12/2019 8:52 AM, Kevin A. McGrail wrote:
>
> Hi All,
>
> I'm still seeing this Malformed database error with freshclam on an
> older system. Going back prior to 25410 seems to resolve the issue.
>
> I'd like to work on the code and see if I can find the bug or system
> library causing the issue. Can anyone help give me a pointer where I
> can drill into the malformed header check specifically where is the
> code located for engine->dbinfo? I'm having some logic issues
> figuring out what routine / class that is calling.
>
> Regards,
>
> KAM
>
> -------- Forwarded Message --------
>
> Subject: Re: [clamav-users] Malformed pattern daily.ldb version 25410
> Date: Sat, 6 Apr 2019 06:37:31 -0400
> From: Kevin A. McGrail <KMcGrail@PCCC.com>
> To: clamav-users@lists.clamav.net
>
>
>
> On 4/5/2019 9:40 PM, David Shrimpton via clamav-users wrote:
>> This appears to be a different problem than the sigtool --list problem on daily
>
> Thanks for the impressive list of debug ideas. Whatever this is, it's a
> bug in clamav or an underlying library. The machine with the issue is a
> hodgepodge system.
>
> Ran wget http://db.US.clamav.net/main.cvd
>
> Here's the file size: 117892267
>
> Here's the sha1: d275ad7d79af6ecf602d8813173a0bb0a0a00a88 main.cvd
>
> All this is correct information but fails with I ran sigtool:
>
> /usr/local/clamav/bin/sigtool --info main.cvd
>
> File: main.cvd
> Build time: 07 Jun 2017 17:38 -0400
> Version: 58
> Signatures: 4566249
> Functionality level: 60
> Builder: sigmgr
> MD5: 57462fd73f1cfdb356b9dca66da2b732
> Digital signature:
> KWRdhTG+Own6ohh0wn5+vqg1d8ULKCxxxQeKuSA155B3ijxBKgf+bV3IXPcmZrIBUDn1xi8FmyvB63UieykwN/Avq5mTjHIVO8zFnC7wVF7dhdcEYn9Nt+Pmk/HXXx0voylYkidvgZmrxI8jx4a/Re6n3hHQJoCZrkHM15GER8j
> LibClamAV Error: cli_cvdload: Corrupted CVD header
> ERROR: cvdinfo: Verification: Malformed database
>
>
> On another machine with the same version of clamav 0.100.3, it passes
> sigtool:
>
> /usr/local/clamav/bin/sigtool --info main.cvd
> File: main.cvd
> Build time: 07 Jun 2017 17:38 -0400
> Version: 58
> Signatures: 4566249
> Functionality level: 60
> Builder: sigmgr
> MD5: 57462fd73f1cfdb356b9dca66da2b732
> Digital signature:
> KWRdhTG+Own6ohh0wn5+vqg1d8ULKCxxxQeKuSA155B3ijxBKgf+bV3IXPcmZrIBUDn1xi8FmyvB63UieykwN/Avq5mTjHIVO8zFnC7wVF7dhdcEYn9Nt+Pmk/HXXx0voylYkidvgZmrxI8jx4a/Re6n3hHQJoCZrkHM15GER8j
> Verification OK.
>
>
> Modifying cvd.c, I changed the CL_EMALFDB to be a little more specific
> so I can see that the call to dbinfo = engine->dbinfo; is failing.
> After that, though, I need some pointers of what routine/class provides
> that. Maybe I can keep drilling down and find out what's got a bug
> that's throwing a fit.
>
> Regards,
>
> KAM
>
--
*Kevin A. McGrail*
CEO Emeritus
Peregrine Computer Consultants Corporation
10311 Cascade Lane
Fairfax, VA 22032
http://www.pccc.com/
703-359-9700 / 800-823-8402 (Toll-Free)
703-798-0171 (wireless)
KMcGrail@PCCC.com <mailto:kmcgrail@pccc.com>
https://www.linkedin.com/in/kmcgrail
Just an FYI thatclamav was linking to libz.so.1.1.4 and upgrading to
libz.so.1.2.11 resolved the issue with being unable to verify updates.
Might need to be a check for a minimum zlip version though I don't have
input which version specifically demonstrates the issue.
Also note that --with-zlib did not work correctly. Was leading to
errors about not being able to retrieve version errors so we updated the
system library instead. Could be an interwinining of other things like
xml and bzip2 linking to the other version.
Regards,
KAM
On 4/12/2019 8:52 AM, Kevin A. McGrail wrote:
>
> Hi All,
>
> I'm still seeing this Malformed database error with freshclam on an
> older system. Going back prior to 25410 seems to resolve the issue.
>
> I'd like to work on the code and see if I can find the bug or system
> library causing the issue. Can anyone help give me a pointer where I
> can drill into the malformed header check specifically where is the
> code located for engine->dbinfo? I'm having some logic issues
> figuring out what routine / class that is calling.
>
> Regards,
>
> KAM
>
> -------- Forwarded Message --------
>
> Subject: Re: [clamav-users] Malformed pattern daily.ldb version 25410
> Date: Sat, 6 Apr 2019 06:37:31 -0400
> From: Kevin A. McGrail <KMcGrail@PCCC.com>
> To: clamav-users@lists.clamav.net
>
>
>
> On 4/5/2019 9:40 PM, David Shrimpton via clamav-users wrote:
>> This appears to be a different problem than the sigtool --list problem on daily
>
> Thanks for the impressive list of debug ideas. Whatever this is, it's a
> bug in clamav or an underlying library. The machine with the issue is a
> hodgepodge system.
>
> Ran wget http://db.US.clamav.net/main.cvd
>
> Here's the file size: 117892267
>
> Here's the sha1: d275ad7d79af6ecf602d8813173a0bb0a0a00a88 main.cvd
>
> All this is correct information but fails with I ran sigtool:
>
> /usr/local/clamav/bin/sigtool --info main.cvd
>
> File: main.cvd
> Build time: 07 Jun 2017 17:38 -0400
> Version: 58
> Signatures: 4566249
> Functionality level: 60
> Builder: sigmgr
> MD5: 57462fd73f1cfdb356b9dca66da2b732
> Digital signature:
> KWRdhTG+Own6ohh0wn5+vqg1d8ULKCxxxQeKuSA155B3ijxBKgf+bV3IXPcmZrIBUDn1xi8FmyvB63UieykwN/Avq5mTjHIVO8zFnC7wVF7dhdcEYn9Nt+Pmk/HXXx0voylYkidvgZmrxI8jx4a/Re6n3hHQJoCZrkHM15GER8j
> LibClamAV Error: cli_cvdload: Corrupted CVD header
> ERROR: cvdinfo: Verification: Malformed database
>
>
> On another machine with the same version of clamav 0.100.3, it passes
> sigtool:
>
> /usr/local/clamav/bin/sigtool --info main.cvd
> File: main.cvd
> Build time: 07 Jun 2017 17:38 -0400
> Version: 58
> Signatures: 4566249
> Functionality level: 60
> Builder: sigmgr
> MD5: 57462fd73f1cfdb356b9dca66da2b732
> Digital signature:
> KWRdhTG+Own6ohh0wn5+vqg1d8ULKCxxxQeKuSA155B3ijxBKgf+bV3IXPcmZrIBUDn1xi8FmyvB63UieykwN/Avq5mTjHIVO8zFnC7wVF7dhdcEYn9Nt+Pmk/HXXx0voylYkidvgZmrxI8jx4a/Re6n3hHQJoCZrkHM15GER8j
> Verification OK.
>
>
> Modifying cvd.c, I changed the CL_EMALFDB to be a little more specific
> so I can see that the call to dbinfo = engine->dbinfo; is failing.
> After that, though, I need some pointers of what routine/class provides
> that. Maybe I can keep drilling down and find out what's got a bug
> that's throwing a fit.
>
> Regards,
>
> KAM
>
--
*Kevin A. McGrail*
CEO Emeritus
Peregrine Computer Consultants Corporation
10311 Cascade Lane
Fairfax, VA 22032
http://www.pccc.com/
703-359-9700 / 800-823-8402 (Toll-Free)
703-798-0171 (wireless)
KMcGrail@PCCC.com <mailto:kmcgrail@pccc.com>
https://www.linkedin.com/in/kmcgrail
Attached Files:
-
pccc_logo.gif (5.16 KB)