Mailing List Archive

[clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32
Dear all,


Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32


I was able to install and copy the ddbb files (manually) to /usr/local/share/clamav but when I run clamscan I got the next error message:

* [redhat@redhat clamav]$ clamscan -ar /home

* LibClamAV Error: cli_cvdload:Corrupted CVD header

* LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database

* LibClamAV Error: cli_loadbdir(): error loading database /usr/local/share/clamv/daily.cvd

* ERROR: Malformed database

And if I'm trying to download the DDBB with freshclam I got the SSL connect error


Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15 2021 -> ! Message: SSL connect error
Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff from https://database.clamav.net/daily-26132.cdiff
Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to download daily.cvd
Tue Apr 6 15:36:15 2021 -> *Retrieving https://database.clamav.net/daily.cvd
Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd
Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination: /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
* About to connect() to database.clamav.net port 443 (#0)
* Trying 104.16.219.84... * connected
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12190
* Closing connection #0
* SSL connect error

Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7 x32

or to solve those errors?


Thanks in addition.


Regards.

Sorin Petrut Niculae
[cid:image009.jpg@01D4C7AC.7C1B4010]
P Please consider the environment before printing this e-mail.

P Please consider the environment before printing this e-mail.
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Looks like you need to update your certificate store?

--
Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

On Apr 6, 2021, at 10:24 AM, Sorin Petrut Niculae via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

Dear all,

Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32

I was able to install and copy the ddbb files (manually) to /usr/local/share/clamav but when I run clamscan I got the next error message:

* [redhat@redhat clamav]$ clamscan -ar /home

* LibClamAV Error: cli_cvdload:Corrupted CVD header

* LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database

* LibClamAV Error: cli_loadbdir(): error loading database /usr/local/share/clamv/daily.cvd

* ERROR: Malformed database

And if I'm trying to download the DDBB with freshclam I got the SSL connect error


Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15 2021 -> ! Message: SSL connect error
Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff from https://database.clamav.net/daily-26132.cdiff
Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to download daily.cvd
Tue Apr 6 15:36:15 2021 -> *Retrieving https://database.clamav.net/daily.cvd
Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd
Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination: /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
* About to connect() to database.clamav.net<http://database.clamav.net/> port 443 (#0)
* Trying 104.16.219.84... * connected
* Connected to database.clamav.net<http://database.clamav.net/> (104.16.219.84) port 443 (#0)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12190
* Closing connection #0
* SSL connect error

Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7 x32

or to solve those errors?

Thanks in addition.


Regards.

Sorin Petrut Niculae
[cid:image009.jpg@01D4C7AC.7C1B4010]
P Please consider the environment before printing this e-mail.

P Please consider the environment before printing this e-mail.
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Hi,

https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html

Your nss errorcode means following:

SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 "Peer reports incompatible or
unsupported protocol version."
is this command working

openssl s_client -connect database.clamav.net:443 ?

Eero

On Tue, Apr 6, 2021 at 5:26 PM Sorin Petrut Niculae via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Dear all,
>
>
> Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
>
>
> I was able to install and copy the ddbb files (manually) to
> /usr/local/share/clamav but when I run clamscan I got the next error
> message:
>
> - [redhat@redhat clamav]$ clamscan -ar /home
>
>
> - LibClamAV Error: cli_cvdload:Corrupted CVD header
>
>
> - LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
> Malformed database
>
>
> - LibClamAV Error: cli_loadbdir(): error loading database
> /usr/local/share/clamv/daily.cvd
>
>
> - ERROR: Malformed database
>
>
> And if I'm trying to download the DDBB with freshclam I got the SSL
> connect error
>
>
> Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15 2021
> -> ! Message: SSL connect error
> Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff
> from https://database.clamav.net/daily-26132.cdiff
> Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to download
> daily.cvd
> Tue Apr 6 15:36:15 2021 -> *Retrieving
> https://database.clamav.net/daily.cvd
> Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source:
> https://database.clamav.net/daily.cvd
> Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination:
> /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
> * About to connect() to database.clamav.net port 443 (#0)
> * Trying 104.16.219.84... * connected
> * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * NSS error -12190
> * Closing connection #0
> * SSL connect error
>
> Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7
> x32
>
> or to solve those errors?
>
>
> Thanks in addition.
>
>
> Regards.
>
> Sorin Petrut Niculae
> [image: cid:image009.jpg@01D4C7AC.7C1B4010]
> P Please consider the environment before printing this e-mail.
>
>
> P Please consider the environment before printing this e-mail.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
More accurately:

openssl s_client -connect database.clamav.net:443<http://database.clamav.net:443> -servername database.clamav.net<http://database.clamav.net>

On Apr 6, 2021, at 10:33 AM, Eero Volotinen <eero.volotinen@iki.fi<mailto:eero.volotinen@iki.fi>> wrote:

Hi,

https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html

Your nss errorcode means following:

SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 "Peer reports incompatible or unsupported protocol version."

is this command working

openssl s_client -connect database.clamav.net<http://database.clamav.net/>:443 ?

Eero

On Tue, Apr 6, 2021 at 5:26 PM Sorin Petrut Niculae via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:

Dear all,


Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32


I was able to install and copy the ddbb files (manually) to /usr/local/share/clamav but when I run clamscan I got the next error message:

* [redhat@redhat clamav]$ clamscan -ar /home

* LibClamAV Error: cli_cvdload:Corrupted CVD header

* LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database

* LibClamAV Error: cli_loadbdir(): error loading database /usr/local/share/clamv/daily.cvd

* ERROR: Malformed database

And if I'm trying to download the DDBB with freshclam I got the SSL connect error


Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15 2021 -> ! Message: SSL connect error
Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff from https://database.clamav.net/daily-26132.cdiff
Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to download daily.cvd
Tue Apr 6 15:36:15 2021 -> *Retrieving https://database.clamav.net/daily.cvd
Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd
Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination: /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
* About to connect() to database.clamav.net<http://database.clamav.net/> port 443 (#0)
* Trying 104.16.219.84... * connected
* Connected to database.clamav.net<http://database.clamav.net/> (104.16.219.84) port 443 (#0)
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS error -12190
* Closing connection #0
* SSL connect error

Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7 x32


or to solve those errors?


Thanks in addition.


Regards.

Sorin Petrut Niculae
[cid:image009.jpg@01D4C7AC.7C1B4010]
P Please consider the environment before printing this e-mail.


P Please consider the environment before printing this e-mail.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
At least the command works on centos 6.7 x32 (rhel clone)

Is the clamav installed from packages or using sources?

Eero

On Tue, Apr 6, 2021 at 5:39 PM Joel Esler (jesler) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> More accurately:
>
> openssl s_client -connect database.clamav.net:443 -servername
> database.clamav.net
>
> On Apr 6, 2021, at 10:33 AM, Eero Volotinen <eero.volotinen@iki.fi> wrote:
>
> Hi,
>
>
> https://www-archive.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
>
> Your nss errorcode means following:
>
> SSL_ERROR_PROTOCOL_VERSION_ALERT -12190 "Peer reports incompatible or
> unsupported protocol version."
> is this command working
>
> openssl s_client -connect database.clamav.net:443 ?
>
> Eero
>
> On Tue, Apr 6, 2021 at 5:26 PM Sorin Petrut Niculae via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
>> Dear all,
>>
>>
>> Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
>>
>>
>> I was able to install and copy the ddbb files (manually) to
>> /usr/local/share/clamav but when I run clamscan I got the next error
>> message:
>>
>> - [redhat@redhat clamav]$ clamscan -ar /home
>>
>>
>> - LibClamAV Error: cli_cvdload:Corrupted CVD header
>>
>>
>> - LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
>> Malformed database
>>
>>
>> - LibClamAV Error: cli_loadbdir(): error loading database
>> /usr/local/share/clamv/daily.cvd
>>
>>
>> - ERROR: Malformed database
>>
>>
>> And if I'm trying to download the DDBB with freshclam I got the SSL
>> connect error
>>
>>
>>
>> Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15
>> 2021 -> ! Message: SSL connect error
>> Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff
>> from https://database.clamav.net/daily-26132.cdiff
>> Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to
>> download daily.cvd
>> Tue Apr 6 15:36:15 2021 -> *Retrieving
>> https://database.clamav.net/daily.cvd
>> Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source:
>> https://database.clamav.net/daily.cvd
>> Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination:
>> /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
>> * About to connect() to database.clamav.net port 443 (#0)
>> * Trying 104.16.219.84... * connected
>> * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> CApath: none
>> * NSS error -12190
>> * Closing connection #0
>> * SSL connect error
>>
>> Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7
>> x32
>>
>> or to solve those errors?
>>
>>
>> Thanks in addition.
>>
>>
>>
>> Regards.
>>
>> Sorin Petrut Niculae
>> [image: cid:image009.jpg@01D4C7AC.7C1B4010]
>> P Please consider the environment before printing this e-mail.
>>
>>
>> P Please consider the environment before printing this e-mail.
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Hi there,

On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote:

> Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32

Yes, of course it is, but are you sure that you really want to?

RHEL 6 is in its retirement phase. Perhaps should you consider an
upgrade. It might make sense to skip version 7 and go to version 8.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote:

> Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
>
> I was able to install and copy the ddbb files (manually) to /usr/local/share/clamav but when I run clamscan I got the next error message:
>
> * [redhat@redhat clamav]$ clamscan -ar /home
>
> * LibClamAV Error: cli_cvdload:Corrupted CVD header
>
> * LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd: Malformed database
>
> * LibClamAV Error: cli_loadbdir(): error loading database /usr/local/share/clamv/daily.cvd
>
> * ERROR: Malformed database

RHEL 6.10 reached EOL in November - more than four months ago.

In particular 6.10 has openssl v1.0.1e which is too old.
RHEL 6.7 is likely to have an even older openssl library.
This is likely to be the main source of your freshclam problems.

Where are you getting your clam package from ?

I do have a copy of clamav 103.1 which I built against OpenSSL 1.1.1c
and run on *64*bit Scientific Linux 6.10 (a clone of RHEL 6.10)
but I copy the database files from an Ubuntu 20.10 machine
rather than run freshclam on this old (virtual) machine.

Unless you have changed the defaults, freshclam needs almost 4GB RAM to
update successfully, which wont help on a 32bit machine.

[ Off topic ]
Ged suggests upgrading RHEL 6 to RHEL 8, skipping RHEL 7.
If you are considering this, consider your other options too.
Not only is RHEL8 very different from RHEL7, the support policy for
the "free version" CentOS8 is radically different and expires sooner
than that of CentOS7.


> And if I'm trying to download the DDBB with freshclam I got the SSL connect error
>
> Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15 2021 -> ! Message: SSL connect error
> Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff from https://database.clamav.net/daily-26132.cdiff
> Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to download daily.cvd
> Tue Apr 6 15:36:15 2021 -> *Retrieving https://database.clamav.net/daily.cvd
> Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source: https://database.clamav.net/daily.cvd
> Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination: /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
> * About to connect() to database.clamav.net port 443 (#0)
> * Trying 104.16.219.84... * connected
> * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * NSS error -12190
> * Closing connection #0
> * SSL connect error
>
> Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7 x32
> or to solve those errors?

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Well. I think that it just works as RHEL 6.7 supports tls v1.2

Clamav is linked to too old openssl version?

Eero

On Tue, Apr 6, 2021 at 6:49 PM Andrew C Aitchison via clamav-users <
clamav-users@lists.clamav.net> wrote:

> On Tue, 6 Apr 2021, Sorin Petrut Niculae via clamav-users wrote:
>
> > Can anyone confirm if is possible to use ClamAV on RHEL 6.7 x32
> >
> > I was able to install and copy the ddbb files (manually) to
> /usr/local/share/clamav but when I run clamscan I got the next error
> message:
> >
> > * [redhat@redhat clamav]$ clamscan -ar /home
> >
> > * LibClamAV Error: cli_cvdload:Corrupted CVD header
> >
> > * LibClamAV Error: Can't load /usr/local/share/clamav/daily.cvd:
> Malformed database
> >
> > * LibClamAV Error: cli_loadbdir(): error loading database
> /usr/local/share/clamv/daily.cvd
> >
> > * ERROR: Malformed database
>
> RHEL 6.10 reached EOL in November - more than four months ago.
>
> In particular 6.10 has openssl v1.0.1e which is too old.
> RHEL 6.7 is likely to have an even older openssl library.
> This is likely to be the main source of your freshclam problems.
>
> Where are you getting your clam package from ?
>
> I do have a copy of clamav 103.1 which I built against OpenSSL 1.1.1c
> and run on *64*bit Scientific Linux 6.10 (a clone of RHEL 6.10)
> but I copy the database files from an Ubuntu 20.10 machine
> rather than run freshclam on this old (virtual) machine.
>
> Unless you have changed the defaults, freshclam needs almost 4GB RAM to
> update successfully, which wont help on a 32bit machine.
>
> [ Off topic ]
> Ged suggests upgrading RHEL 6 to RHEL 8, skipping RHEL 7.
> If you are considering this, consider your other options too.
> Not only is RHEL8 very different from RHEL7, the support policy for
> the "free version" CentOS8 is radically different and expires sooner
> than that of CentOS7.
>
>
> > And if I'm trying to download the DDBB with freshclam I got the SSL
> connect error
> >
> > Tue Apr 6 15:36:15 2021 -> !Download failed (35) Tue Apr 6 15:36:15
> 2021 -> ! Message: SSL connect error
> > Tue Apr 6 15:36:15 2021 -> !getpatch: Can't download daily-26132.cdiff
> from https://database.clamav.net/daily-26132.cdiff
> > Tue Apr 6 15:36:15 2021 -> ^Incremental update failed, trying to
> download daily.cvd
> > Tue Apr 6 15:36:15 2021 -> *Retrieving
> https://database.clamav.net/daily.cvd
> > Tue Apr 6 15:36:15 2021 -> *downloadFile: Download source:
> https://database.clamav.net/daily.cvd
> > Tue Apr 6 15:36:15 2021 -> *downloadFile: Download destination:
> /usr/local/share/clamav/tmp.0b80a530f1/clamav-edfe0e16c0b9c746ff8439d366a29b5e.tmp
> > * About to connect() to database.clamav.net port 443 (#0)
> > * Trying 104.16.219.84... * connected
> > * Connected to database.clamav.net (104.16.219.84) port 443 (#0)
> > * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> > CApath: none
> > * NSS error -12190
> > * Closing connection #0
> > * SSL connect error
> >
> > Can anyone told me what is necessary to do to run the ClamAV on rhel 6.7
> x32
> > or to solve those errors?
>
> --
> Andrew C. Aitchison Kendal, UK
> andrew@aitchison.me.uk
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Citeren Eero Volotinen <eero.volotinen@iki.fi>:

> Well. I think that it just works as RHEL 6.7 supports tls v1.2

TLS 1.2 was first available in openSSL 1.0.1 and ClamAV requires at
least 1.0.2 now, so there is no guarantee. As someone else already
mentioned, RHEL 6.10 (which was EOL'd in Novemver 2020) comes with
openSSL 1.0.1e, so I doubt RHEL 6.7 has a more recent version.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Well redhat backports some fixes usually as you can see:

https://access.redhat.com/blogs/766093/posts/1976123

Eero

On Tue, Apr 6, 2021 at 7:36 PM Arjen de Korte via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Citeren Eero Volotinen <eero.volotinen@iki.fi>:
>
> > Well. I think that it just works as RHEL 6.7 supports tls v1.2
>
> TLS 1.2 was first available in openSSL 1.0.1 and ClamAV requires at
> least 1.0.2 now, so there is no guarantee. As someone else already
> mentioned, RHEL 6.10 (which was EOL'd in Novemver 2020) comes with
> openSSL 1.0.1e, so I doubt RHEL 6.7 has a more recent version.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Citeren Eero Volotinen <eero.volotinen@iki.fi>:

> Well redhat backports some fixes usually as you can see:
>
> https://access.redhat.com/blogs/766093/posts/1976123

Backporting fixes/features, doesn't make openssl-1.0.1 equivalent to
openssl-1.0.2. If that was the case, it wouldn't make sense to
backport the fixes/features: you would just update to the newer version.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Well,

For some reasons they backported tls 1.2 support to openssl
1.0.1-e-something that is shipped with RHEL 6.5(+).

Eero

On Tue, Apr 6, 2021 at 9:34 PM Arjen de Korte via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Citeren Eero Volotinen <eero.volotinen@iki.fi>:
>
> > Well redhat backports some fixes usually as you can see:
> >
> > https://access.redhat.com/blogs/766093/posts/1976123
>
> Backporting fixes/features, doesn't make openssl-1.0.1 equivalent to
> openssl-1.0.2. If that was the case, it wouldn't make sense to
> backport the fixes/features: you would just update to the newer version.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Good morning,


Thanks to all for your help.


A couple of things that I forgot to mentioned:

1. I cannot upgrade the system, I know that this version of rhel is EoL but is impossible to upgrade it due too client policy.
2. Is a offline system, is impossible to connect it to internet due to client policy.
3. The SSL connect error that I've got it is on a VM that I replicated on my PC to download the DDBB and after that copy it on the main server.
4. I've try to download manually the DDBB from https://database.clamav.net/daily.cvd /main.cvd /bytecode.cvd and copy it on the main server but I got the error "Malformed database"

So the questions are:

1. I need to do something special when I download the DDBB manually and copy it on the clamav folder ?
2. The DDBB is the same for both architecture x32 and x64 or is different ?
3. Which can be the source of the error "Malformed database" ?


Regards.



[cid:83b459fd-eb52-4bed-8eea-534c8aebf8e3]


Sorin Petrut Niculae
GMV Aerospace and Defence

Administrador de sistemas e infraestructura /
IT systems & infrastructure administrator


GMV
Isaac Newton, 11
P.T.M. Tres Cantos
28760 Madrid

Espa?a
Tel. +34 91 807 21 00
Fax +34 91 807 21 99
www.gmv.com<http://www.gmv.com/>

[cid:7b3ba95d-c9cd-40ba-979f-b3872f88eb4f]<http://www.facebook.com/infoGMV>


[cid:9f6759dc-f6b6-4ae9-8d60-2c7c683951c3]<http://www.twitter.com/infoGMV_es>


[cid:82e2b7d3-b68f-419a-b4b4-279229a5e393]<http://www.youtube.com/infoGMV>


[cid:93d33053-42e2-4233-8278-f06ebf026d74]<https://www.linkedin.com/company/gmv>


[cid:e39fc9d3-38aa-4be1-9729-dac1be30fa82]<http://www.gmv.com/en/RSS>


[cid:065492af-15a4-4216-9896-4184d50de762]<http://www.gmv.com/blog_gmv/language/en/>



P Please consider the environment before printing this e-mail.


________________________________
De: clamav-users <clamav-users-bounces@lists.clamav.net> en nombre de Eero Volotinen <eero.volotinen@iki.fi>
Enviado: martes, 6 de abril de 2021 21:44:17
Para: ClamAV users ML
Cc: Arjen de Korte
Asunto: Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32

Well,

For some reasons they backported tls 1.2 support to openssl 1.0.1-e-something that is shipped with RHEL 6.5(+).

Eero

On Tue, Apr 6, 2021 at 9:34 PM Arjen de Korte via clamav-users <clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>> wrote:
Citeren Eero Volotinen <eero.volotinen@iki.fi<mailto:eero.volotinen@iki.fi>>:

> Well redhat backports some fixes usually as you can see:
>
> https://access.redhat.com/blogs/766093/posts/1976123<https://urldefense.com/v3/__https://access.redhat.com/blogs/766093/posts/1976123__;!!MvyJQugb!UcBa-6exL8cfA3bqaotxW7TxvCqCU1JAlDOYMnSEL5umyPOPNBKhZALCcyXH$>

Backporting fixes/features, doesn't make openssl-1.0.1 equivalent to
openssl-1.0.2. If that was the case, it wouldn't make sense to
backport the fixes/features: you would just update to the newer version.


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-users<https://urldefense.com/v3/__https://lists.clamav.net/mailman/listinfo/clamav-users__;!!MvyJQugb!UcBa-6exL8cfA3bqaotxW7TxvCqCU1JAlDOYMnSEL5umyPOPNBKhZOPgX4Do$>


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq<https://urldefense.com/v3/__https://github.com/vrtadmin/clamav-faq__;!!MvyJQugb!UcBa-6exL8cfA3bqaotxW7TxvCqCU1JAlDOYMnSEL5umyPOPNBKhZDp5a-Dz$>

http://www.clamav.net/contact.html#ml<https://urldefense.com/v3/__http://www.clamav.net/contact.html*ml__;Iw!!MvyJQugb!UcBa-6exL8cfA3bqaotxW7TxvCqCU1JAlDOYMnSEL5umyPOPNBKhZJZUFXkF$>

P Please consider the environment before printing this e-mail.
Re: [clamav-users] ClamAV 0.103.1 on RHEL 6.7 x32 [ In reply to ]
Hi there,

On Wed, 7 Apr 2021, Sorin Petrut Niculae via clamav-users wrote:

> A couple of things that I forgot to mentioned:
>
> 1. I cannot upgrade the system, I know that this version of rhel is
> EoL but is impossible to upgrade it due too client policy.

Tell the client he's fired? :)

> 2. Is a offline system, is impossible to connect it to internet
> due to client policy. ...

Does client policy state, under these circumstances, what are the
threats against which ClamAV is expected to protect?

> So the questions are:
>
> 1. I need to do something special when I download the DDBB manually
> and copy it on the clamav folder ?

As far as possible manual downloads should be restricted to testing.
There's nothing special about downloading, except that there may be
restrictions imposed because of ongoing abuse of the download servers
- so you need to use one of the two documented methods to fetch the
database (or you risk your IP being blocked by Cloudflare). In any
case you can't expect manual efforts to be as reliable as this kind of
thing needs to be. Perhaps you should be looking at

https://www.clamav.net/documents/private-local-mirrors

which specifically mentions for example the case of a scanner which is
not permitted Internet access and the permitted download methods.

> 2. The DDBB is the same for both architecture x32 and x64 or is
> different ?

Exactly the same. The databases are identical for all architectures,
and in them there are signatures for threats to all architectures. Of
course the ClamaV code must be built separately for each architecture
on which it will run. That may be done by the ClamAV team (for a few
architectures) in which case there will be binaries available that you
can download, although for less mainstream architectures you may need
either to build it yourself or to find/get it built elsewhere. In the
latter cases you may need to be cautious; criminals will often try to
get you to install their own doctored versions of well-known software.

> 3. Which can be the source of the error "Malformed database" ?

$ grep -r -C1 'Malformed database' ./clamav-0.103.1 | grep -v 'Binary file'
--
libclamav/others.c- case CL_EMALFDB:
libclamav/others.c: return "Malformed database";
libclamav/others.c- case CL_ECVD:

That message appears in one place in the ClamAV code, it associates a
text string with the CL_EMALFDB flag which is used internally. Most of
the occurrences of this flag are in statements like

return CL_EMALFDB;

Which means that a section of the code has deduced that the database
is malformed and cannot be used. To count the number of occurrences
of this flag:

$ grep -r 'CL_EMALFDB' ~/clamav-0.103.1 | grep -v 'Binary file' | wc -l
288

There are almost three hundred places in the code which might give
rise to that error. More information would be needed to be able to
narrow it down. Knowing which of the ClamAV tools produces it, how
exactly it was persuaded to do that, and exactly what databases were
in use at the time would be a good start.

Here are the 'sigtool' test results on my local databases today:

$ sigtool -i /EXPORTS/clamav/databases/main.cvd
File: /EXPORTS/clamav/databases/main.cvd
Build time: 25 Nov 2019 08:56 -0500
Version: 59
Signatures: 4564902
Functionality level: 60
Builder: sigmgr
MD5: af6f9a95b19fcce8be2c84bde73b5db6
Digital signature: VeNZg/gIMosAkDvAv5U4IezNpJzBILxyOIbrsmFVrQRpFEULdbLbRK1csHyDHu9nTzNOwX7fiDiZkM7eOoaF91JNtL0Hju3SHrzWzY0K6nV6NV2+y+RohIpjvHJDx98ViAuCou/b2O7ryjD1u31jhBwwckGU+DwdIzmjXNJu3Jb
Verification OK.

$ sigtool -i /EXPORTS/clamav/databases/daily.cld
File: /EXPORTS/clamav/databases/daily.cld
Build time: 06 Apr 2021 07:06 -0400
Version: 26132
Signatures: 3968913
Functionality level: 63
Builder: raynman
Verification OK.

$ sigtool -i /EXPORTS/clamav/databases/bytecode.cld
File: /EXPORTS/clamav/databases/bytecode.cld
Build time: 08 Mar 2021 10:21 -0500
Version: 333
Signatures: 92
Functionality level: 63
Builder: awillia2
Verification OK.

A very quick and easy check to test that the databases which you're
using are properly installed is running 'md5sum' on them. Here are
the three values here today for three primary ('official') databases:

ged@pi4b530214:/EXPORTS/clamav/databases $ md5sum main.cvd daily.cld bytecode.cld
0fdc6dc2135ebeb8289cca7bd6a69c43 main.cvd
61cd5237377bd670c91c1afcf94b2c51 daily.cld
bbdce24385bd4d715fc2d81d156ae0bb bytecode.cld

Note that the md5sum produced on the raw file is not the same as that
produced by sigtool. Obviously sigtools is looking at something else,
I don't know what nor why.

As you can see, only one of the official database files changes often:

pi4b:/EXPORTS/clamav/databases $ l main.cvd daily.cld bytecode.cld
-rw-r--r-- 1 clamav clamav 117859675 Feb 5 2020 main.cvd
-rw-r--r-- 1 clamav clamav 1438720 Mar 8 18:57 bytecode.cld
-rw-r--r-- 1 clamav clamav 321211904 Apr 6 14:46 daily.cld

Can you confirm that you have these files, that they're in the right
places for your system, and that they look similar?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml