Clamd Issues On CentOS 6.10

Home » CentOS » Clamd Issues On CentOS 6.10
CentOS 10 Comments

Hello all,

Been having an issue today that I can’t seem to solve, so reaching out to others much more knowledgeable for help/advice/assistance.

I ran the software update this morning and installed 134 packages, clamd was one of the packages. Upon completion of the update, I needed to reboot the box. During bootup I got the following issue:

Starting Clam AntiVirus Daemon: WARNING: Ignoring deprecated option AllowSupplementaryGroups at line 194
LibClamAV Error: cli_cvdload: Corrupted CVD header LibClamAV Error: Can’t load /var/lib/clamav/main.cvd: Malformed database LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cvd Sat Jul 14 09:04:46 2018 -> !Malformed database
[FAILED]

Clamd failed to start.

I modified the clamd.conf conf file to comment out the deprecated option above, this seemed to allow clamd to start following a second reboot.

I followed some suggested actions from the clamd.net site, namely I ensured my DNS was still working, that I could reach clamd.net, and also removed the mirrors.dat and main.cvd files in an effort to get clamd to update via freshclam.

When I run ‘freshclam -v’ I get the following data return:

[root@CentOS clamav]# freshclam -v Current working dir is /var/lib/clamav Max retries == 3
ClamAV update process started at Sat Jul 14 15:09:47 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1611
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Ignoring mirror 2400:cb00:2048:1::6810:b98a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bd8a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bc8a
(due to previous errors) Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.186.138) Downloading main.cvd [100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BA8A.ping.clamav.net Trying again in 5 secs… ClamAV update process started at Sat Jul 14 15:10:09 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1583
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.188.138)
Downloading main.cvd
[100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BC8A.ping.clamav.net Trying again in 5 secs… ClamAV update process started at Sat Jul 14 15:10:31 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1567
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
Downloading main.cvd
[100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BD8A.ping.clamav.net Giving up on db.local.clamav.net… ClamAV update process started at Sat Jul 14 15:10:48 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1232
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
Downloading main.cvd
[100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BD8A.ping.clamav.net Giving up on db.local.clamav.net… Update failed. Your network may be down or none of the mirrors listed in
/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
—-END Freshclam -v command—

10 thoughts on - Clamd Issues On CentOS 6.10

  • Am 15.07.2018 um 00:13 schrieb Jay Hart:

    The main.cvd you are downloading looks to be corrupted.

    No such issue here. I have set in /etc/freshclam.conf

    DatabaseMirror db.nl.clamav.net

    # freshclam -v Current working dir is /var/lib/clamav Max retries == 3
    ClamAV update process started at Sun Jul 15 01:39:31 2018
    Using IPv6 aware code Querying current.cvd.clamav.net TTL: 143
    Software version from DNS: 0.100.1
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.100.0 Recommended version: 0.100.1
    DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
    main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
    daily.cvd version from DNS: 24753
    Retrieving http://db.nl.clamav.net/daily-24751.cdiff Trying to download http://db.nl.clamav.net/daily-24751.cdiff (IP:
    2400:cb00:2048:1::6810:b98a)
    Downloading daily-24751.cdiff [100%]
    cdiff_apply: Parsed 289 lines and executed 289 commands Retrieving http://db.nl.clamav.net/daily-24752.cdiff Trying to download http://db.nl.clamav.net/daily-24752.cdiff (IP:
    2400:cb00:2048:1::6810:b98a)
    Downloading daily-24752.cdiff [100%]
    cdiff_apply: Parsed 264 lines and executed 264 commands Retrieving http://db.nl.clamav.net/daily-24753.cdiff Trying to download http://db.nl.clamav.net/daily-24753.cdiff (IP:
    2400:cb00:2048:1::6810:b98a)
    Downloading daily-24753.cdiff [100%]
    cdiff_apply: Parsed 264 lines and executed 264 commands Loading signatures from daily.cld Properly loaded 2013647 signatures from new daily.cld daily.cld updated (version: 24753, sigs: 2013647, f-level: 63, builder: neo)
    Querying daily.24753.91.1.0.2400cb0020480001000000006810b98a.ping.clamav.net bytecode.cvd version from DNS: 324
    bytecode.cld is up to date (version: 324, sigs: 89, f-level: 63, builder: neo)
    Database updated (6579985 signatures) from db.nl.clamav.net (IP:
    2400:cb00:2048:1::6810:b98a)

    Alexander

  • I fixed the country code issue but that did not resolve the problem.

    I also removed all files in /var/lib/clamav and reran freshclam (without rebooting), that also did not fix the problem.

    Jay

  • Libraries: do they look ok????

    [root@CentOS clamav]# ldd $(which freshclam)
    linux-gate.so.1 => (0x00529000)
    libclamav.so.7 => /usr/lib/libclamav.so.7 (0x00bc5000)
    libxml2.so.2 => /usr/lib/libxml2.so.2 (0x00124000)
    libbz2.so.1 => /lib/libbz2.so.1 (0x04906000)
    libssl.so.10 => /usr/lib/libssl.so.10 (0x047fa000)
    libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x03d52000)
    libjson-c.so.2 => /lib/libjson-c.so.2 (0x03d42000)
    libpcre.so.0 => /lib/libpcre.so.0 (0x00736000)
    libm.so.6 => /lib/libm.so.6 (0x00270000)
    libclammspack.so.0 => /usr/lib/libclammspack.so.0 (0x00900000)
    libdl.so.2 => /lib/libdl.so.2 (0x007ad000)
    libz.so.1 => /lib/libz.so.1 (0x00574000)
    libresolv.so.2 => /lib/libresolv.so.2 (0x00422000)
    libpthread.so.0 => /lib/libpthread.so.0 (0x005f6000)
    libc.so.6 => /lib/libc.so.6 (0x00916000)
    libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x0466b000)
    libkrb5.so.3 => /lib/libkrb5.so.3 (0x0454b000)
    libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ed2000)
    libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x044f5000)
    /lib/ld-linux.so.2 (0x8001b000)
    libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x0033d000)
    libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00337000)
    libselinux.so.1 => /lib/libselinux.so.1 (0x0058a000)

  • Am 15.07.2018 um 04:39 schrieb Jay Hart:

    Jay,

    please don’t top-post and trim your quotes.

    ]# ldd $(which freshclam)
    linux-vdso.so.1 => (0x00007ffd7e4f4000)
    libclamav.so.7 => /usr/lib64/libclamav.so.7 (0x00007fa4d2595000)
    libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007fa4d2242000)
    libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fa4d2030000)
    libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fa4d1dc4000)
    libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fa4d19df000)
    libjson-c.so.2 => /lib64/libjson-c.so.2 (0x00007fa4d17d4000)
    libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fa4d15a7000)
    libm.so.6 => /lib64/libm.so.6 (0x00007fa4d1323000)
    libclammspack.so.0 => /usr/lib64/libclammspack.so.0
    (0x00007fa4d110e000)
    libdl.so.2 => /lib64/libdl.so.2 (0x00007fa4d0f0a000)
    libz.so.1 => /lib64/libz.so.1 (0x00007fa4d0cf4000)
    libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa4d0ad9000)
    libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa4d08bc000)
    libc.so.6 => /lib64/libc.so.6 (0x00007fa4d0528000)
    libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
    (0x00007fa4d02e3000)
    libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa4cfffc000)
    libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa4cfdf8000)
    libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa4cfbcb000)
    /lib64/ld-linux-x86-64.so.2 (0x00005573de59f000)
    libkrb5support.so.0 => /lib64/libkrb5support.so.0
    (0x00007fa4cf9c0000)
    libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa4cf7bc000)
    libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa4cf59d000)

    Do other applications fail too? Do you have a network connectivity issue?

    Alexander

  • All other apps appear to be working fine. As far as I know I do not have a connectivity issue. If you are reading this email then the email/smtp stack is working and the network forwarded to smtp2go for delivery. IOW, the server appears healthy, just this issue.

    What in the update process from a package updating perspective could cause this?

    Could I have a bad library? How can I go get a new main.cvd and install it?

    Jay

  • I enabled libclamav logging in freshclam hoping it would shed some light on what may be going on:
    ClamAV update process started at Sun Jul 15 16:27:39 2018
    Using IPv6 aware code Querying current.cvd.clamav.net TTL: 611
    Software version from DNS: 0.100.1
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.100.0 Recommended version: 0.100.1
    DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
    Downloading main.cvd [100%]
    LibClamAV debug: Initialized 0.100.0 engine LibClamAV debug: in cli_cvdload()
    LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
    LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
    LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload()
    LibClamAV debug: in cli_tgzload_cleanup()
    WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BD8A.ping.clamav.net Giving up on db.local.clamav.net… Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.

    Is this of any help?

    Thanks in advance,

    Jay

  • Am 16.07.2018 um 19:42 schrieb Walter H.:

    Seriously, this is not Windows.

    Alexander