Bug 1600458
| Summary: | [EL6] Clamd fails to run after upgrading to 0.100.0-1 (main.cvd: Malformed database) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | Nerijus Baliūnas <nerijus> |
| Component: | clamav | Assignee: | Robert Scheck <redhat-bugzilla> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | el6 | CC: | adambrown29, anon.amish, bennie.joubert, danci, erik, gbcox, herrold, janfrode, j, nerijus, ondrejj, orion, redhat-bugzilla, redhat, rhbugs, rh-bugzilla, sergio, steve |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| See Also: | https://bugzilla.clamav.net/show_bug.cgi?id=12160 | ||
| Whiteboard: | |||
| Fixed In Version: | clamav-0.100.1-2.el6 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-08-30 02:51:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Nerijus Baliūnas
2018-07-12 10:08:36 UTC
What happens when you try to update the database with freshclam? ClamAV update process started at Thu Jul 12 03:59:02 2018 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.100.0 Recommended version: 0.100.1 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getfile: daily-24612.cdiff not found on db.LT.clamav.net (IP: 104.16.188.138) WARNING: getpatch: Can't download daily-24612.cdiff from db.LT.clamav.net Trying host db.LT.clamav.net (104.16.189.138)... WARNING: getfile: daily-24612.cdiff not found on db.LT.clamav.net (IP: 104.16.189.138) WARNING: getpatch: Can't download daily-24612.cdiff from db.LT.clamav.net WARNING: getfile: daily-24612.cdiff not found on db.LT.clamav.net (IP: 104.16.187.138) WARNING: getpatch: Can't download daily-24612.cdiff from db.LT.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... As you can see, it downloads daily.cvd but fails to parse/load it. please try clamav-0.100.1 which was pushed today for updates-testing . please send the list output of (ls -l) /var/lib/clamav/ Thanks # rpm -q clamav clamav-0.100.1-1.el6.i686 # service clamd start Starting Clam AntiVirus Daemon: LibClamAV Error: cli_cvdload: Corrupted CVD header LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Malformed database Thu Jul 12 18:35:59 2018 -> !Malformed database # ls -l /var/lib/clamav viso 162576 -rw-r--r-- 1 clam clam 185246 2018-07-11 04:37 bytecode.cvd -rw-r--r-- 1 clam clam 48392890 2018-07-11 04:37 daily.cvd -rw-r--r-- 1 clam clam 117892267 2018-01-09 main.cvd It happens on 3 different CentOS 6.10 32 bit servers, and works on 64 bit servers. I could reproduce this bug on epel-6-i386, update to clamav-0.100.1-1.el6.i686 haven't solved the problem , still investigating I filled upstream bug https://bugzilla.clamav.net/show_bug.cgi?id=12160 Is it intentionally not open (You are not authorized to access bug #12160)? No, BTW I was close as duplciate , ClamAV 0.100 has You should be able to alleviate this issue by upgrading zlib to a recent version: http://zlib.net/ https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.100/NEWS.md#known-issues I will make a point to add something to our configuration script to require a newer version of zlib. *** This bug has been marked as a duplicate of bug 12162 *** https://bugzilla.clamav.net/show_bug.cgi?id=12162 So it appears that the only way out for 32bit centos6 would seem to be either bundling a newer zlib or adding a separate zlib1.2.11 package to EPEL6 and then using that. You could ask if Red Hat would apply a patch to their zlib which would fix the problem but I don't think anyone has done much work to figure out what the problem actually is. (And I have no idea if Red Hat would actually do that in any case.) What is the zlib patch needed? I would rebuild zlib packages myself. As I wrote, I'm not aware that anyone has done the work required to figure out what needs to change in zlib beyond "use a newer version". RHEL6 has zlib 1.2.3. All Fedora releases have zlib 1.2.11, released in early 2017. RHEL7 has zlib 1.2.7, but there is no 32-bit version of RHEL7 so I don't know if that version of zlib is good or not. I do not know if the ABI changes between zlib 1.2.3 and 1.2.11. The so version is still 1 so... perhaps it would work to simply rebuild it. I honestly don't know. But that's obviously not a solution that's going to work if a 32-bit build of clamav is going to continue to be provided in EPEL6. I have the same problem running CentOS 7, 64-bit. There are two versions of zlib installed, zlib-1.2.7-17.el7.i686 and zlib-1.2.7-17.el7.x86_64. I don't dare to just uninstall the 32-bit version as it may be used by other programs running on the same box. This server has been working for years before the recent upgrade. Surely it must be possible to fix this? There must have been a change in how the definitions are packaged? Or can I force the use of the 64-bit zlib version just for clamd? I'm relatively certain that you are having a different problem. You may be having similar errors (because those errors just indicate that a CVD file couldn't be parsed) but that does not mean that the underlying issue is the same. The problem discussed in this ticket is restricted to 32bit EPEL6. The 32bit version of zlib on your will only be used if you have other i686 packages or some non-packaged 32 bit pieces of software that need it, and then only by those packages or that software. If your clamd packages are 64 bit (which they must be unless you got them from somewhere other than EPEL) then they aren't using the 32 bit zlib. ldd /usr/sbin/clamd|grep libz should show you something like libz.so.1 => /lib64/libz.so.1 (0x00007efeb89e3000) And that's definitely the 64 bit version of zlib. In any case, I can install clamav on a test EL7 VM and run clamscan successfully and without error: * with or without the zlib-1.2.7-17.el7.i686 package installed * both before and after running freshclam. There is no general problem with clamav reading the virus databases on x86_64 EL7. This problem was happening on my system. I noticed a main.cvd.rpmnew, renamed it, and freshclamd restarted working. Also, I enabled browser checking (safebrowsing.cvd) and it got the same problem. I solved it by downloading it mannually: wget http://db.br.clamav.net/safebrowsing.cvd I don't know why this solved the problem. Sorry, did not solve... :-( *** Bug 1613180 has been marked as a duplicate of this bug. *** Hi Team, I'm having the same issues as everyone else. It started in July. Deleted. Re-installed a few times. Tried renaming files. Had to create files. Tried changing permissions. No success. Lost. Confused. Clueless on what needs to be fixed or replaced with these corrupted headers. Please help? Thank you. #cat /etc/redhat-release CentOS release 6.10 (Final) ====== #uname -a Linux 2 2.6.32-754.2.1.el6.i686 #1 SMP Fri Jul 13 13:16:25 UTC 2018 i686 i686 i386 GNU/Linux #uname -m i686 or #arch i686 ( 32 bit version ) ====== #freshclam ClamAV update process started at Tue Aug 7 21:14:04 2018 nonblock_connect: connect(): fd=5 errno=101: Network is unreachable Can't connect to port 80 of host db.local.clamav.net (IP: 2400:cb00:2048:1::6810:b98a) Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... ClamAV update process started at Tue Aug 7 21:14:16 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... ClamAV update process started at Tue Aug 7 21:14:28 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Giving up on db.local.clamav.net... ClamAV update process started at Tue Aug 7 21:14:34 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Giving up on db.local.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons. ====== #rpm -q clamav clamav-0.100.1-1.el6.i686 ====== #locate libclamav /usr/lib/libclamav.so.7 /usr/lib/libclamav.so.7.1.1 #/usr/lib #ls -l libclamav* lrwxrwxrwx. 1 root root 18 Aug 7 21:10 libclamav.so.7 -> libclamav.so.7.1.1 -rwxr-xr-x. 1 root root 2355812 Jul 11 16:08 libclamav.so.7.1.1 #locate freshclam.conf #cat /etc/freshclam.conf /etc/freshclam.conf /etc/freshclam.conf.rpmsave /usr/share/doc/clamav-0.100.1/freshclam.conf /usr/share/man/man5/freshclam.conf.5.gz cat /etc/freshclam.conf ## ## Example config file for freshclam ## Please read the freshclam.conf(5) manual before editing this file. ## # Comment or remove the line below. #Example # Path to the database directory. # WARNING: It must match clamd.conf's directive! # Default: hardcoded (depends on installation options) DatabaseDirectory /var/lib/clamav # Path to the log file (make sure it has proper permissions) # Default: disabled UpdateLogFile /var/log/clamav/freshclam.log # Maximum size of the log file. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). # in bytes just don't use modifiers. If LogFileMaxSize is enabled, # log rotation (the LogRotate option) will always be enabled. # Default: 1M #LogFileMaxSize 2M # Log time with each message. # Default: no #LogTime yes # Enable verbose logging. # Default: no #LogVerbose yes # Use system logger (can work together with UpdateLogFile). # Default: no LogSyslog yes # Specify the type of syslog messages - please refer to 'man syslog' # for facility names. # Default: LOG_LOCAL6 #LogFacility LOG_MAIL # Enable log rotation. Always enabled when LogFileMaxSize is enabled. # Default: no #LogRotate yes # This option allows you to save the process identifier of the daemon # Default: disabled #PidFile /var/run/freshclam.pid # By default when started freshclam drops privileges and switches to the # "clamav" user. This directive allows you to change the database owner. # Default: clamav (may depend on installation options) DatabaseOwner clam # Use DNS to verify virus database version. Freshclam uses DNS TXT records # to verify database and software versions. With this directive you can change # the database verification domain. # WARNING: Do not touch it unless you're configuring freshclam to use your # own database verification domain. # Default: current.cvd.clamav.net #DNSDatabaseInfo current.cvd.clamav.net # Uncomment the following line and replace XY with your country # code. See https://www.iana.org/domains/root/db for the full list. # You can use db.XY.ipv6.clamav.net for IPv6 connections. #DatabaseMirror db.XY.clamav.net # database.clamav.net is a round-robin record which points to our most # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is # not working. DO NOT TOUCH the following line unless you know what you # are doing. DatabaseMirror db.local.clamav.net DatabaseMirror db.local.clamav.net # How many attempts to make before giving up. # Default: 3 (per mirror) #MaxAttempts 5 # With this option you can control scripted updates. It's highly recommended # to keep it enabled. # Default: yes #ScriptedUpdates yes # By default freshclam will keep the local databases (.cld) uncompressed to # make their handling faster. With this option you can enable the compression; # the change will take effect with the next database update. # Default: no #CompressLocalDatabase no # With this option you can provide custom sources (http:// or file://) for # database files. This option can be used multiple times. # Default: no custom URLs #DatabaseCustomURL http://myserver.com/mysigs.ndb #DatabaseCustomURL file:///mnt/nfs/local.hdb # This option allows you to easily point freshclam to private mirrors. # If PrivateMirror is set, freshclam does not attempt to use DNS # to determine whether its databases are out-of-date, instead it will # use the If-Modified-Since request or directly check the headers of the # remote database files. For each database, freshclam first attempts # to download the CLD file. If that fails, it tries to download the # CVD file. This option overrides DatabaseMirror, DNSDatabaseInfo # and ScriptedUpdates. It can be used multiple times to provide # fall-back mirrors. # Default: disabled #PrivateMirror mirror1.mynetwork.com #PrivateMirror mirror2.mynetwork.com # Number of database checks per day. # Default: 12 (every two hours) #Checks 24 # Proxy settings # Default: disabled #HTTPProxyServer myproxy.com #HTTPProxyPort 1234 #HTTPProxyUsername myusername #HTTPProxyPassword mypass # If your servers are behind a firewall/proxy which applies User-Agent # filtering you can use this option to force the use of a different # User-Agent header. # Default: clamav/version_number #HTTPUserAgent SomeUserAgentIdString # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for # multi-homed systems. # Default: Use OS'es default outgoing IP address. #LocalIPAddress aaa.bbb.ccc.ddd # Send the RELOAD command to clamd. # Default: no #NotifyClamd /path/to/clamd.conf # Run command after successful database update. # Default: disabled #OnUpdateExecute command # Run command when database update process fails. # Default: disabled #OnErrorExecute command # Run command when freshclam reports outdated version. # In the command string %v will be replaced by the new version number. # Default: disabled #OnOutdatedExecute command # Don't fork into background. # Default: no #Foreground yes # Enable debug messages in libclamav. # Default: no #Debug yes # Timeout in seconds when connecting to database server. # Default: 30 #ConnectTimeout 60 # Timeout in seconds when reading from database server. # Default: 30 #ReceiveTimeout 60 # With this option enabled, freshclam will attempt to load new # databases into memory to make sure they are properly handled # by libclamav before replacing the old ones. # Default: yes #TestDatabases yes # This option enables support for Google Safe Browsing. When activated for # the first time, freshclam will download a new database file # (safebrowsing.cvd) which will be automatically loaded by clamd and # clamscan during the next reload, provided that the heuristic phishing # detection is turned on. This database includes information about websites # that may be phishing sites or possible sources of malware. When using this # option, it's mandatory to run freshclam at least every 30 minutes. # Freshclam uses the ClamAV's mirror infrastructure to distribute the # database and its updates but all the contents are provided under Google's # terms of use. See https://www.google.com/transparencyreport/safebrowsing # and https://www.clamav.net/documents/safebrowsing # for more information. # Default: disabled #SafeBrowsing yes # This option enables downloading of bytecode.cvd, which includes additional # detection mechanisms and improvements to the ClamAV engine. # Default: enabled #Bytecode yes # Download an additional 3rd party signature database distributed through # the ClamAV mirrors. # This option can be used multiple times. #ExtraDatabase dbname1 #ExtraDatabase dbname2 ====== This flood of info was not needed (especially contents of a standard freshclam.conf). The cause is already known, the workaround is written in the description: "It works with main.cld, but fails with any cvd file (main.cvd, daily.cvd or bytecode.cvd)". (In reply to Nerijus Baliūnas from comment #19) > The cause is already known, the workaround is written in > the description: "It works with main.cld, but fails with any cvd file > (main.cvd, daily.cvd or bytecode.cvd)". Is there a way to convert CVD to CLD? I am not able to find a download location for 'main.cld'. I don't know, but maybe this works - delete main.cvd and run freshclam? #locate main.cvd # #locate main.cvd; echo $? 1 # #find / | grep main.cvd # #find / | grep main.cvd| echo $? 0 # ( Shell logic is working. That's good. Unable to find main.cvd? The file doesn't exist on the system for me to delete it? ) ====== freshclam ClamAV update process started at Thu Aug 9 08:10:58 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... ClamAV update process started at Thu Aug 9 08:11:09 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... ClamAV update process started at Thu Aug 9 08:11:20 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Giving up on db.local.clamav.net... ClamAV update process started at Thu Aug 9 08:11:25 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Giving up on db.local.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons. ====== locate libclamav /usr/lib/libclamav.so.7 /usr/lib/libclamav.so.7.1.1 ls -l /usr/lib/libclamav* lrwxrwxrwx. 1 root root 18 Aug 7 21:10 /usr/lib/libclamav.so.7 -> libclamav.so.7.1.1 -rwxr-xr-x. 1 root root 2358032 Jul 11 16:08 /usr/lib/libclamav.so.7.1.1 file /usr/lib/libclamav.so.7 /usr/lib/libclamav.so.7: symbolic link to `libclamav.so.7.1.1' file /usr/lib/libclamav.so.7.1.1 /usr/lib/libclamav.so.7.1.1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, stripped ====== Tried “catting” the file but it's an ELF library. A lot of garbled output that system fonts aren't able to process. It's a program obviously. If libclamav.so.7 or 7.1.1 has corrupted headers; how can they be edited? I've removed these files before; applied sync and ldconfig -vvv for the system to re-index itself, and re-ran freshclam without success. I'd like to re-compile it but I don't know where start? Still stuck. Hopefully someone is working on a fix. Gulp! I tested too, deleting main.cvd and running freshclam does not work. So you have to find main.cld yourself (I found it in one of my servers /var/lib/clamav). I rebuilt and installed zlib-1.2.7-17.el7.src.rpm from CentOS 7.x on CentOS 6.x, but unfortunately it did not help - clamd hangs on starting with main.cvd. Went to the following website to find the package instead of using yum: https://centos.pkgs.org/6/epel-i386/clamav-0.100.1-1.el6.i686.rpm.html Downloaded the following binary: Binary Package clamav-0.100.1-1.el6.i686.rpm === ( Removing the program from my system ) # #yum remove clamav Loaded plugins: auto-update-debuginfo, fastestmirror, filter-data, fs-snapshot, : keys, list-data, local, merge-conf, post-transaction-actions, : priorities, protectbase, refresh-packagekit, remove-with-leaves, : rpm-warm-cache, show-leaves, tsflags, upgrade-helper Setting up Remove Process Resolving Dependencies --> Running transaction check ---> Package clamav.i686 0:0.100.1-1.el6 will be erased --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: clamav i686 0.100.1-1.el6 @_local 3.3 M Transaction Summary ================================================================================ Remove 1 Package(s) Installed size: 3.3 M Is this ok [y/N]: y Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Erasing : clamav-0.100.1-1.el6.i686 1/1 warning: /etc/freshclam.conf saved as /etc/freshclam.conf.rpmsave Verifying : clamav-0.100.1-1.el6.i686 1/1 Removed: clamav.i686 0:0.100.1-1.el6 Complete! New leaves: clamav-db.i686 ( Having the system re-index itself to find any left over files ) # sync && updatedb && ldconfig -vvv && rpm –rebuilddb # # locate clamav /home/Adam/Downloads/clamav-0.100.1-1.el6.i686.rpm /var/lib/clamav /var/lib/clamav/mirrors.dat /var/lib/yum/plugins/local/clamav-0.100.1-1.el6.i686.rpm /var/log/clamav /var/log/clamav/freshclam.log /var/log/clamav/freshclam.log-20180730 /var/log/clamav/freshclam.log-20180806 # # rm -rf /var/lib/clamav # rm -rf /var/lib/yum/plugins/local/clamav-0.100.1-1.el6.i686.rpm # rm -rf /var/log/clamav/freshclam.log* # # sync && updatedb && ldconfig -vvv && rpm –rebuilddb # locate clamav /home/Adam/Downloads/clamav-0.100.1-1.el6.i686.rpm /var/log/clamav ( Whoops! Forgot one. ) # rm -rf /var/log/clamav/ # # locate clamav /home/Adam/Downloads/clamav-0.100.1-1.el6.i686.rpm # ( Nothing left except the downloaded binary. Manual install time! ) # # rpm -ivh clamav-0.100.1-1.el6.i686.rpm Preparing... ########################################### [100%] 1:clamav ########################################### [100%] # # sync && updatedb && ldconfig -vvv && rpm –rebuilddb # # locate clamav /home/Adam/Downloads/clamav-0.100.1-1.el6.i686.rpm /usr/lib/libclamav.so.7 /usr/lib/libclamav.so.7.1.1 /usr/share/doc/clamav-0.100.1 /usr/share/doc/clamav-0.100.1/clamdoc.pdf /usr/share/doc/clamav-0.100.1/freshclam.conf /usr/share/doc/clamav-0.100.1/phishsigs_howto.pdf /usr/share/doc/clamav-0.100.1/signatures.pdf # # freshclam ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). # ( I have to create the directory and file. ) # # mkdir /var/log/clamav/ # touch /var/log/clamav/freshclam.log # # freshclam ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). # #ls -l /var/log/clamav/freshclam.log -rw-r--r--. 1 root root 0 Aug 9 20:44 /var/log/clamav/freshclam.log # #stat /var/log/clamav/freshclam.log File: `/var/log/clamav/freshclam.log' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd00h/64768d Inode: 2493517 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2018-08-09 20:44:57.237483313 -0700 Modify: 2018-08-09 20:44:57.237483313 -0700 Change: 2018-08-09 20:44:57.237483313 -0700 # # chmod 755 /var/log/clamav/freshclam.log # # stat /var/log/clamav/freshclam.log File: `/var/log/clamav/freshclam.log' Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd00h/64768d Inode: 2493517 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2018-08-09 20:44:57.237483313 -0700 Modify: 2018-08-09 20:44:57.237483313 -0700 Change: 2018-08-09 20:54:24.702341030 -0700 # ( Freshclam won't launch. Changed permissions to 777. Yikes! ) # # chmod 777 /var/log/clamav/freshclam.log # # freshclam ERROR: Can't change dir to /var/lib/clamav # ( Directory doesn't exist. Time to make it. ) # # mkdir /var/lib/clamav # # freshclam ERROR: Can't create temporary directory /var/lib/clamav/clamav-bb9ace8815ffc17996eb71054442e3f7.tmp Hint: The database directory must be writable for UID 492 or GID 485 # #stat /var/lib/clamav File: `/var/lib/clamav' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fd00h/64768d Inode: 2493542 Links: 2 Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2018-08-09 21:03:42.190943228 -0700 Modify: 2018-08-09 20:58:30.351458756 -0700 Change: 2018-08-09 20:58:30.351458756 -0700 # # chmod 777 /var/lib/clamav # # freshclam ClamAV update process started at Thu Aug 9 21:05:09 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... ClamAV update process started at Thu Aug 9 21:05:31 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Trying again in 5 secs... ClamAV update process started at Thu Aug 9 21:05:44 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Giving up on db.local.clamav.net... ClamAV update process started at Thu Aug 9 21:05:50 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Giving up on db.local.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons. # # ls -l /var/lib/clamav total 4 -rw-------. 1 clam clam 104 Aug 9 21:05 mirrors.dat ( I don't know what else to do at this point? Maybe compile from source? I guess until a new version of clamav is released; the program is broke. Queue in sad trombone ). (In reply to Adam Brown from comment #24) > ( I don't know what else to do at this point? Maybe compile from source? I > guess until a new version of clamav is released; the program is broke. Queue > in sad trombone ). Could you please do not flood this bug report with irrelevant info? You could have posted this instead: I installed clamav-0.100.1-1.el6.i686.rpm from https://centos.pkgs.org/6/epel-i386/clamav-0.100.1-1.el6.i686.rpm.html but it still does not work: # freshclam ClamAV update process started at Thu Aug 9 21:05:09 2018 Downloading main.cvd [100%] WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database It would still be irrelevant, but at least there would be less flood. (In reply to Adam Brown from comment #24) TLDR , but I think the safe solution is back to clamav-0.99.x package , if you can't make libz working , my problem is about this bug be only in i686 not in x86_64, to make the decision in rollback this package in el6 , roolback only in i686 . Well, you may ask, how I do the rollback ? You may do something like (I don't have any el6 to test these lines) : koji download-build -a i686 clamav-0.99.4-1.el6 yum localinstall "clamav*-0.99.4" --allowdowngrade More references [1] [1] https://koji.fedoraproject.org/koji/buildinfo?buildID=1052727 sorry I miss some writing (*) roolback only in i686 , is not usual at all , normally if we rollback we have to rollback in all arches , in this case we will have x86_64 users complain about a nonsense roolback , so opinions are welcome . Best regards, I've just installed Debian 9 32 bit VM, installed clamav (version 0.100.1) and here it works with both cvd and cld files: # ls -l /var/lib/clamav/ total 258512 -rw-r--r-- 1 clamav clamav 187426 Aug 11 12:09 bytecode.cvd -rw-r--r-- 1 clamav clamav 146621952 Aug 11 12:13 daily.cld -rw-r--r-- 1 clamav clamav 117892267 Aug 11 12:09 main.cvd -rw------- 1 clamav clamav 104 Aug 11 12:13 mirrors.dat # clamscan /tmp ----------- SCAN SUMMARY ----------- Known viruses: 6605379 Engine version: 0.100.1 Scanned directories: 1 I'd suggest to look what patches/build config Debian uses in its clamav package. Why can't we simply bundle a newer zlib with ClamAV on EPEL 6? We could use the zlib from EPEL 7, no? Of course we would have to mark that it is bundled, but that would provide security updates until EPEL 6 is EOL. I tried to rebuild both CentOS 7 and Fedora 28 zlib on CentOS 6, clamd then does not print "ERROR: Malformed database" message, but hangs on startup. So unfortunately it is not so simple. I see Debian uses LLVM to build clamav, maybe we should try too. Sorry, I was wrong - earlier I've just installed newer zlib packages and did not rebuild clamav. Now I rebuilt zlib-1.2.7-17.el7.src.rpm from CentOS 7, installed it (zlib-1.2.7-17.el6.i686 and zlib-devel-1.2.7-17.el6.i686), then rebuilt clamav - rpmbuild --rebuild clamav-0.100.1-1.el6.src.rpm and it works. So yes, just bundling a newer zlib with clamav should work. Thank you for testing this! I will try to prepare a patch suggestion tonight. https://src.fedoraproject.org/rpms/clamav/pull-request/6 - tests and reviews are welcome. For me, clamd started successfully on up-to-date CentOS 6 (i686). I explicitly build all architectures against newer zlib to avoid hopefully a different behaviour (e.g. new issues) for other architectures due to old zlib. Scratch build containing above patch suggestion is available at Koji at https://koji.fedoraproject.org/koji/taskinfo?taskID=29003841, specifically i686 at https://koji.fedoraproject.org/koji/taskinfo?taskID=29003847 I just downloaded and installed new packages from Koji and they seem to be working well: # freshclam --verbose Current working dir is /var/lib/clamav Max retries == 3 ClamAV update process started at Sun Aug 12 08:54:40 2018 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 513 Software version from DNS: 0.100.1 Retrieving http://db.XX.clamav.net/main.cvd Trying to download http://db.XX.clamav.net/main.cvd (IP: 104.16.187.138) Downloading main.cvd [100%] Loading signatures from main.cvd Properly loaded 4566249 signatures from new main.cvd main.cvd updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Querying main.58.92.1.0.6810BB8A.ping.clamav.net Retrieving http://db.XX.clamav.net/daily.cvd Trying to download http://db.XX.clamav.net/daily.cvd (IP: 104.16.187.138) Downloading daily.cvd [100%] Loading signatures from daily.cvd Properly loaded 2045937 signatures from new daily.cvd daily.cvd updated (version: 24834, sigs: 2045937, f-level: 63, builder: neo) Querying daily.24834.92.1.0.6810BB8A.ping.clamav.net Retrieving http://db.XX.clamav.net/bytecode.cvd Trying to download http://db.XX.clamav.net/bytecode.cvd (IP: 104.16.187.138) Downloading bytecode.cvd [100%] Loading signatures from bytecode.cvd Properly loaded 91 signatures from new bytecode.cvd bytecode.cvd updated (version: 327, sigs: 91, f-level: 63, builder: neo) Querying bytecode.327.92.1.0.6810BB8A.ping.clamav.net Database updated (6612277 signatures) from db.XX.clamav.net (IP: 104.16.187.138) # service clamd.amavisd restart Stopping clamd.amavisd: [ OK ] Starting clamd.amavisd: [ OK ] # Aug 12 08:57:01 avs2 clamd.amavisd[2163]: --- Stopped at Sun Aug 12 08:57:01 2018 Aug 12 08:57:01 avs2 clamd.amavisd[2163]: Socket file removed. Aug 12 08:57:01 avs2 clamd[29484]: Received 0 file descriptor(s) from systemd. Aug 12 08:57:01 avs2 clamd[29484]: clamd daemon 0.100.1 (OS: linux-gnu, ARCH: i386, CPU: i686) Aug 12 08:57:01 avs2 clamd[29484]: Running as user amavis (UID 497, GID 496) Aug 12 08:57:01 avs2 clamd[29484]: Log file size limited to 1048576 bytes. Aug 12 08:57:01 avs2 clamd[29484]: Reading databases from /var/lib/clamav Aug 12 08:57:01 avs2 clamd[29484]: Not loading PUA signatures. Aug 12 08:57:01 avs2 clamd[29484]: Bytecode: Security mode set to "TrustSigned". Aug 12 08:57:16 avs2 clamd[29484]: Loaded 6605950 signatures. Aug 12 08:57:18 avs2 clamd[29484]: LOCAL: Unix socket file /var/spool/amavisd/clamd.sock Aug 12 08:57:18 avs2 clamd[29484]: LOCAL: Setting connection queue length to 200 Aug 12 08:57:18 avs2 clamd[29498]: Limits: Global size limit set to 104857600 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: File size limit set to 26214400 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: Recursion level limit set to 16. Aug 12 08:57:18 avs2 clamd[29498]: Limits: Files limit set to 10000. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxEmbeddedPE limit set to 10485760 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxHTMLNormalize limit set to 10485760 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxHTMLNoTags limit set to 2097152 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxScriptNormalize limit set to 5242880 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxZipTypeRcg limit set to 1048576 bytes. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxPartitions limit set to 50. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxIconsPE limit set to 100. Aug 12 08:57:18 avs2 clamd[29498]: Limits: MaxRecHWP3 limit set to 16. Aug 12 08:57:18 avs2 clamd[29498]: Limits: PCREMatchLimit limit set to 100000. Aug 12 08:57:18 avs2 clamd[29498]: Limits: PCRERecMatchLimit limit set to 5000. Aug 12 08:57:18 avs2 clamd[29498]: Limits: PCREMaxFileSize limit set to 26214400. Aug 12 08:57:18 avs2 clamd[29498]: Archive support enabled. Aug 12 08:57:18 avs2 clamd[29498]: BlockMax heuristic detection disabled. Aug 12 08:57:18 avs2 clamd[29498]: Algorithmic detection enabled. Aug 12 08:57:18 avs2 clamd[29498]: Portable Executable support enabled. Aug 12 08:57:18 avs2 clamd[29498]: ELF support enabled. Aug 12 08:57:18 avs2 clamd[29498]: Mail files support enabled. Aug 12 08:57:18 avs2 clamd[29498]: OLE2 support enabled. Aug 12 08:57:18 avs2 clamd[29498]: PDF support enabled. Aug 12 08:57:18 avs2 clamd[29498]: SWF support enabled. Aug 12 08:57:18 avs2 clamd[29498]: HTML support enabled. Aug 12 08:57:18 avs2 clamd[29498]: XMLDOCS support enabled. Aug 12 08:57:18 avs2 clamd[29498]: HWP3 support enabled. Aug 12 08:57:18 avs2 clamd[29498]: Self checking every 600 seconds. # clamscan --verbose Scanning /var/lib/clamav/main.cvd /var/lib/clamav/main.cvd: OK Scanning /var/lib/clamav/mirrors.dat /var/lib/clamav/mirrors.dat: OK Scanning /var/lib/clamav/bytecode.cvd /var/lib/clamav/bytecode.cvd: OK Scanning /var/lib/clamav/daily.cvd /var/lib/clamav/daily.cvd: OK ----------- SCAN SUMMARY ----------- Known viruses: 6605950 Engine version: 0.100.1 Scanned directories: 1 Scanned files: 4 Infected files: 0 Data scanned: 0.36 MB Data read: 159.63 MB (ratio 0.00:1) Time: 16.827 sec (0 m 16 s) New packages from Koji work OK. (In reply to Robert Scheck from comment #33) > https://src.fedoraproject.org/rpms/clamav/pull-request/6 - tests and reviews > are welcome. For me, clamd started successfully on up-to-date CentOS 6 > (i686). Looks good > I explicitly build all architectures against newer zlib to avoid hopefully a > different behaviour (e.g. new issues) for other architectures due to old > zlib. Explicitly for all arches seems to me a little aggressive , %bcond conditions to enable or disable bundle libz would be a good thing to have but I won't have time to review this patch until day 20 , so, for me, you may go head. Thanks. I would like to see the same behaviour on all architectures, given that future ClamAV versions are anyway likely to require a newer zlib version than RHEL/CentOS 6 is shipping. As you can see, it has been made somehow conditional, but in the future we're likely unable to build without the bundled zlib due to changed requirements in ClamAV. clamav-0.100.1-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ecc69a2903 Just another spam to report that clamav-0.100.1-2.el6 is working in my system! Thanks! clamav-0.100.1-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-ecc69a2903 clamav-0.100.1-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. The new EPEL update to clamav is working. MANY THANKS! # date Fri Aug 31 04:49:52 PDT 2018 # cat /etc/redhat-release CentOS release 6.10 (Final) uname -a Linux 2.6.32-754.3.5.el6.i686 #1 SMP Tue Aug 14 21:12:17 UTC 2018 i686 i686 i386 GNU/Linux # rpm -q clamav clamav-0.100.1-1.el6.i686 ================================================================================ Package Arch Version Repository Size ================================================================================ Updating: clamav i686 0.100.1-2.el6 _local 1.4 M clamav-db i686 0.100.1-2.el6 _local 159 M # rpm -q clamav clamav-0.100.1-2.el6.i686 # freshclam ClamAV update process started at Fri Aug 31 05:04:42 2018 main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) WARNING: getfile: daily-24742.cdiff not found on db.local.clamav.net (IP: 104.16.189.138) WARNING: getpatch: Can't download daily-24742.cdiff from db.local.clamav.net WARNING: getfile: daily-24742.cdiff not found on db.local.clamav.net (IP: 104.16.185.138) WARNING: getpatch: Can't download daily-24742.cdiff from db.local.clamav.net Trying host db.local.clamav.net (104.16.186.138)... WARNING: getfile: daily-24742.cdiff not found on db.local.clamav.net (IP: 104.16.186.138) WARNING: getpatch: Can't download daily-24742.cdiff from db.local.clamav.net WARNING: Incremental update failed, trying to download daily.cvd Downloading daily.cvd [100%] daily.cvd updated (version: 24889, sigs: 2070145, f-level: 63, builder: neo) Downloading bytecode-325.cdiff [100%] Downloading bytecode-326.cdiff [100%] Downloading bytecode-327.cdiff [100%] bytecode.cld updated (version: 327, sigs: 91, f-level: 63, builder: neo) Database updated (6636485 signatures) from db.local.clamav.net (IP: 104.16.188.138) |