Mailing List Archive: Re: [clamav-users] Malformed database issue

Micah,

I'm still using Centos 6, still on a 32-bit platform. Its patched with the exception of clamav.
Still running clamav-0.100.0-1.el6. I have the option of going to 0.100.3-1.el6.

I wouldn't say that clamav is working, but I can still send/receive email.

In your opinion, should I upgrade to this latest version?

Going to assume yes, been holding off.

Jay

> Sorry, it will not.
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 29, 2018, at 1:23 PM, Jay Hart <jhart@kevla.org<mailto:jhart@kevla.org>> wrote:
>
> Hey,
>
> Just got notified that Clamav 0.100.1 is released for Centos 6.10. I'm wondering if I upgrade to
> that release, will my malformed database issue get resolved?
>
> Thanks,
>
> Jay
>
> My apologies Jay,
>
> I tend to think of dependencies from a development perspective because I basically never test with
> ClamAV provided by package managers. If your ClamAV installation came pre-compiled from a distro,
> I guess it would have been linked with the zlib they provide and replacing zlib with a newer
> version wouldn't be sufficient.
>
> Please someone correct me if I'm wrong, but I think that you will need to build & install ClamAV
> from source with the newer version of zlib installed so it links with the new zlib.
>
> -Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 18, 2018, at 7:43 PM, Jay Hart
> <jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:
>
> Micah,
>
> Downloaded, complied and installed libz.so.1.2.4 to /lib. Renamed to libz.so.1.2.3. Removed
> mirror.dat file.
>
> Then ran freshclam -v without deleting the *.cvd files out of /var/lib/clamav
>
> Freshclam gets to this point, and no further:
>
> [root@centos zlib-1.2.4]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Wed Jul 18 19:39:16 2018
> Using IPv6 aware code
> Querying
> current.cvd.clamav.net<http://current.cvd.clamav.net/><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>>
> TTL: 596
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
> Retrieving http://db.us.clamav.net/main.cvd
> Trying to download http://db.us.clamav.net/main.cvd (IP: 104.16.186.138)
> Downloading main.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
> LibClamAV debug: cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
> ^CUpdate process terminated *** I terminated the command after 10 minutes.
>
> At this point I don't know what else to do other than maybe downgrading clamav if I can.
>
> Based on my experience yesterday, removing the .cvd files won't improve freshclam execution.
>
> Jay
>
> Wait... so it worked ok after upgrading to 1.2.4.5 before you rebooted but then afterwards you're
> having the same error or a different error? I'm a little confused, sorry.
>
> Micah
>
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
>
>
> On Jul 17, 2018, at 8:21 PM, Jay Hart
> <jhart@kevla.org<mailto:jhart@kevla.org><mailto:jhart@kevla.org><mailto:jhart@kevla.org>> wrote:
>
> Micah,
>
> I installed zlib 1.2.4.5 (should I use an older version), replaced libz.so.1.2.3 with
> libz.so.1.2.4.5 (and renamed it) and copied libz.a to /lib.
>
> Running freshclam without rebooting box got this:
> root@centos zlib-1.2.4.5]# freshclam -v
> Current working dir is /var/lib/clamav
> Max retries == 3
> ClamAV update process started at Tue Jul 17 19:47:02 2018
> Using IPv6 aware code
> Querying
> current.cvd.clamav.net<http://current.cvd.clamav.net/><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>><http://current.cvd.clamav.net<http://current.cvd.clamav.net/>>
> TTL: 279
> Software version from DNS: 0.100.1
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.100.0 Recommended version: 0.100.1
> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) daily.cvd
> version from DNS: 24760
> daily.cld is up to date (version: 24760, sigs: 2015700, f-level: 63, builder: neo) Retrieving
> http://db.us.clamav.net/bytecode.cvd
> Ignoring mirror 104.16.186.138 (due to previous errors)
> Ignoring mirror 104.16.187.138 (due to previous errors)
> Ignoring mirror 104.16.188.138 (due to previous errors)
> Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors) Ignoring mirror
> 2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download
> http://db.us.clamav.net/bytecode.cvd (IP: 104.16.189.138) Downloading bytecode.cvd [100%]
> LibClamAV debug: Initialized 0.100.0 engine
> LibClamAV debug: in cli_cvdload()
> LibClamAV debug: MD5(.tar.gz) = c85d81eb538b70e60ca59c5100526a26
> LibClamAV debug: cli_versig: Decoded signature: c85d81eb538b70e60ca59c5100526a26 LibClamAV debug:
> cli_versig: Digital signature is correct.
> LibClamAV debug: in cli_tgzload()
>
> Once box rebooted, Clamav failed to start, the error log is extension, is it worth posting?
>
> Jay
>
>
>
> Is zlib 1.2.4 really significantly more processor intensive than 1.2.3? It is rather trivial to
> install from http://www.zlib.net/fossils/
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> On Jul 16, 2018, at 11:37 PM, Al Varnell <alvarnell@mac.com<mailto:alvarnell@mac.com>> wrote:
> Micah said earlier that 1.2.3 cannot be used with ClamAV 100.x and I suspect your hardware won't
> support using zlib 1.2.4 or above, so you will either need that new box or roll ClamAV back to an
> earlier version.
> -Al-
> On Mon, Jul 16, 2018 at 07:19 PM, Jay Hart wrote:
> I do have zlib installed:
> root@centos include]# yum info zlib
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> * base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cs.princeton.edu<http://mirror.cs.princeton.edu/> * extras:
> mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.umd.edu<http://mirror.umd.edu/>
> Installed Packages
> Name : zlib
> Arch : i686
> Version : 1.2.3
> Release : 29.el6
> Size : 136 k
> Repo : installed
> From repo : base
> Summary : The zlib compression and decompression library
> URL : http://www.gzip.org/zlib/
> License : zlib and Boost
> Description : Zlib is a general-purpose, patent-free, lossless data compression
> : library which is used by many different programs.
> File location:
> [root@centos include]# repoquery -l zlib
> /lib/libz.so.1
> /lib/libz.so.1.2.3
> /usr/share/doc/zlib-1.2.3
> /usr/share/doc/zlib-1.2.3/ChangeLog
> /usr/share/doc/zlib-1.2.3/FAQ
> /usr/share/doc/zlib-1.2.3/README
> Jay
> Two things (each item is a bit long), with two questions/comments at the bottom: 1. I don't
> think zlib-devel is installed:
> [root@centos tmp]# yum info zlib-devel
> Loaded plugins: fastestmirror, refresh-packagekit, security
> Loading mirror speeds from cached hostfile
> epel/metalink | 15 kB 00:00 *
> base: ewr.edge.kernel.org<http://ewr.edge.kernel.org/>
> * epel: mirror.cogentco.com<http://mirror.cogentco.com/>
> * extras: mirror.cs.vt.edu<http://mirror.cs.vt.edu/>
> * updates: mirror.vcu.edu<http://mirror.vcu.edu/>
> base | 3.7 kB 00:00
> epel | 3.2 kB 00:00
> extras | 3.3 kB 00:00
> updates | 3.4 kB 00:00
> Available Packages
> Name : zlib-devel
> Arch : i686
> Version : 1.2.3
> Release : 29.el6
> Size : 44 k
> Repo : base
> Summary : Header files and libraries for Zlib development
> URL : http://www.gzip.org/zlib/
> License : zlib and Boost
> Description : The zlib-devel package contains the header files and libraries needed
> : to develop programs that use the zlib compression and decompression : library.
> [root@centos tmp]# more /usr/include/zlib.h |grep VERSION
> /usr/include/zlib.h: No such file or directory
> [root@centos include]# rpm -ql zlib-devel
> package zlib-devel is not installed
> 2. 32-bit CPU data:
> [root@centos include]# lscpu |grep "CPU op-mode"
> CPU op-mode(s): 32-bit
> [root@centos include]# lscpu
> Architecture: i686
> CPU op-mode(s): 32-bit
> Byte Order: Little Endian
> CPU(s): 4
> On-line CPU(s) list: 0-3
> Thread(s) per core: 2
> Core(s) per socket: 2
> Socket(s): 1
> Vendor ID: GenuineIntel
> CPU family: 6
> Model: 54
> Model name: Intel(R) Atom(TM) CPU D2700 @ 2.13GHz
> Stepping: 1
> CPU MHz: 2128.240
> BogoMIPS: 4256.48
> L1d cache: 24K
> L1i cache: 32K
> L2 cache: 512K
> Could the fact zlib-devel is NOT installed be my issue?
> Also, it looks like my hardware will not support Centos 7 so I'm guessing need to procure a new
> box.
> I think this answers all the outstanding queries you asked for Micah. My thanks for the
> support.
> Jay
> On CentOS you should be able to check with: `yum info zlib-devel` Alternatively, take a peek in
> /usr/include/zlib.h for the line starting with: #define ZLIB_VERSION
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> -Al-
> --
> Al Varnell
> Mountain View, CA
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml
>
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net><mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 09.02.20 21:28, Jay Hart wrote:
>I was going to update via the software update tool!! Would that work???

yes. he advised only if you want to upgrade manually.
Upgrading via distro-proposed solution (yum on centos) is much better.

I recommend doing that instead of manual upgrading due to possible conflicts
you have to resolve when using manual installation.

I wonder why you didn't install it already. Don't you install security
updates?

>> If you are going to upgrade to the newest version manually, I *highly*
>> suggest using the EL6 source RPM as a template as it bundles &
>> statically builds a newer version of zlib for use with ClamAV as a
>> workaround to prevent the "malformed database" errors.
>>
>> https://download-ib01.fedoraproject.org/pub/epel/6/SRPMS/Packages/c/clamav-0.100.3-1.el6.src.rpm
>>
>>
>>
>>> I'm still using Centos 6, still on a 32-bit platform. Its patched with the exception of clamav.
>>>Still running clamav-0.100.0-1.el6. I have the option of going to 0.100.3-1.el6.
>>>
>>>I wouldn't say that clamav is working, but I can still send/receive email.
>>>
>>>In your opinion, should I upgrade to this latest version?
>>>
>>>Going to assume yes, been holding off.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml