Clamd Issues On CentOS 6.10
Hello all,
Been having an issue today that I can’t seem to solve, so reaching out to others much more knowledgeable for help/advice/assistance.
I ran the software update this morning and installed 134 packages, clamd was one of the packages. Upon completion of the update, I needed to reboot the box. During bootup I got the following issue:
Starting Clam AntiVirus Daemon: WARNING: Ignoring deprecated option AllowSupplementaryGroups at line 194
LibClamAV Error: cli_cvdload: Corrupted CVD header LibClamAV Error: Can’t load /var/lib/clamav/main.cvd: Malformed database LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cvd Sat Jul 14 09:04:46 2018 -> !Malformed database
[FAILED]
Clamd failed to start.
I modified the clamd.conf conf file to comment out the deprecated option above, this seemed to allow clamd to start following a second reboot.
I followed some suggested actions from the clamd.net site, namely I ensured my DNS was still working, that I could reach clamd.net, and also removed the mirrors.dat and main.cvd files in an effort to get clamd to update via freshclam.
When I run ‘freshclam -v’ I get the following data return:
[root@CentOS clamav]# freshclam -v Current working dir is /var/lib/clamav Max retries == 3
ClamAV update process started at Sat Jul 14 15:09:47 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1611
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Ignoring mirror 2400:cb00:2048:1::6810:b98a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bd8a (due to previous errors) Ignoring mirror
2400:cb00:2048:1::6810:bc8a
(due to previous errors) Ignoring mirror 2400:cb00:2048:1::6810:ba8a (due to previous errors)
Ignoring mirror 2400:cb00:2048:1::6810:bb8a (due to previous errors) Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.186.138) Downloading main.cvd [100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BA8A.ping.clamav.net Trying again in 5 secs… ClamAV update process started at Sat Jul 14 15:10:09 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1583
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.188.138)
Downloading main.cvd
[100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BC8A.ping.clamav.net Trying again in 5 secs… ClamAV update process started at Sat Jul 14 15:10:31 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1567
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
Downloading main.cvd
[100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BD8A.ping.clamav.net Giving up on db.local.clamav.net… ClamAV update process started at Sat Jul 14 15:10:48 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 1232
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
Downloading main.cvd
[100%]
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BD8A.ping.clamav.net Giving up on db.local.clamav.net… Update failed. Your network may be down or none of the mirrors listed in
/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
—-END Freshclam -v command—
10 thoughts on - Clamd Issues On CentOS 6.10
Am 15.07.2018 um 00:13 schrieb Jay Hart:
The main.cvd you are downloading looks to be corrupted.
No such issue here. I have set in /etc/freshclam.conf
DatabaseMirror db.nl.clamav.net
# freshclam -v Current working dir is /var/lib/clamav Max retries == 3
ClamAV update process started at Sun Jul 15 01:39:31 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 143
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav main.cvd version from DNS: 58
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cvd version from DNS: 24753
Retrieving http://db.nl.clamav.net/daily-24751.cdiff Trying to download http://db.nl.clamav.net/daily-24751.cdiff (IP:
2400:cb00:2048:1::6810:b98a)
Downloading daily-24751.cdiff [100%]
cdiff_apply: Parsed 289 lines and executed 289 commands Retrieving http://db.nl.clamav.net/daily-24752.cdiff Trying to download http://db.nl.clamav.net/daily-24752.cdiff (IP:
2400:cb00:2048:1::6810:b98a)
Downloading daily-24752.cdiff [100%]
cdiff_apply: Parsed 264 lines and executed 264 commands Retrieving http://db.nl.clamav.net/daily-24753.cdiff Trying to download http://db.nl.clamav.net/daily-24753.cdiff (IP:
2400:cb00:2048:1::6810:b98a)
Downloading daily-24753.cdiff [100%]
cdiff_apply: Parsed 264 lines and executed 264 commands Loading signatures from daily.cld Properly loaded 2013647 signatures from new daily.cld daily.cld updated (version: 24753, sigs: 2013647, f-level: 63, builder: neo)
Querying daily.24753.91.1.0.2400cb0020480001000000006810b98a.ping.clamav.net bytecode.cvd version from DNS: 324
bytecode.cld is up to date (version: 324, sigs: 89, f-level: 63, builder: neo)
Database updated (6579985 signatures) from db.nl.clamav.net (IP:
2400:cb00:2048:1::6810:b98a)
Alexander
I fixed the country code issue but that did not resolve the problem.
I also removed all files in /var/lib/clamav and reran freshclam (without rebooting), that also did not fix the problem.
Jay
Libraries: do they look ok????
[root@CentOS clamav]# ldd $(which freshclam)
linux-gate.so.1 => (0x00529000)
libclamav.so.7 => /usr/lib/libclamav.so.7 (0x00bc5000)
libxml2.so.2 => /usr/lib/libxml2.so.2 (0x00124000)
libbz2.so.1 => /lib/libbz2.so.1 (0x04906000)
libssl.so.10 => /usr/lib/libssl.so.10 (0x047fa000)
libcrypto.so.10 => /usr/lib/libcrypto.so.10 (0x03d52000)
libjson-c.so.2 => /lib/libjson-c.so.2 (0x03d42000)
libpcre.so.0 => /lib/libpcre.so.0 (0x00736000)
libm.so.6 => /lib/libm.so.6 (0x00270000)
libclammspack.so.0 => /usr/lib/libclammspack.so.0 (0x00900000)
libdl.so.2 => /lib/libdl.so.2 (0x007ad000)
libz.so.1 => /lib/libz.so.1 (0x00574000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00422000)
libpthread.so.0 => /lib/libpthread.so.0 (0x005f6000)
libc.so.6 => /lib/libc.so.6 (0x00916000)
libgssapi_krb5.so.2 => /lib/libgssapi_krb5.so.2 (0x0466b000)
libkrb5.so.3 => /lib/libkrb5.so.3 (0x0454b000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0x00ed2000)
libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x044f5000)
/lib/ld-linux.so.2 (0x8001b000)
libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x0033d000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00337000)
libselinux.so.1 => /lib/libselinux.so.1 (0x0058a000)
Am 15.07.2018 um 04:39 schrieb Jay Hart:
Jay,
please don’t top-post and trim your quotes.
]# ldd $(which freshclam)
linux-vdso.so.1 => (0x00007ffd7e4f4000)
libclamav.so.7 => /usr/lib64/libclamav.so.7 (0x00007fa4d2595000)
libxml2.so.2 => /usr/lib64/libxml2.so.2 (0x00007fa4d2242000)
libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fa4d2030000)
libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fa4d1dc4000)
libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fa4d19df000)
libjson-c.so.2 => /lib64/libjson-c.so.2 (0x00007fa4d17d4000)
libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fa4d15a7000)
libm.so.6 => /lib64/libm.so.6 (0x00007fa4d1323000)
libclammspack.so.0 => /usr/lib64/libclammspack.so.0
(0x00007fa4d110e000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fa4d0f0a000)
libz.so.1 => /lib64/libz.so.1 (0x00007fa4d0cf4000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fa4d0ad9000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa4d08bc000)
libc.so.6 => /lib64/libc.so.6 (0x00007fa4d0528000)
libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2
(0x00007fa4d02e3000)
libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fa4cfffc000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fa4cfdf8000)
libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fa4cfbcb000)
/lib64/ld-linux-x86-64.so.2 (0x00005573de59f000)
libkrb5support.so.0 => /lib64/libkrb5support.so.0
(0x00007fa4cf9c0000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fa4cf7bc000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa4cf59d000)
Do other applications fail too? Do you have a network connectivity issue?
Alexander
All other apps appear to be working fine. As far as I know I do not have a connectivity issue. If you are reading this email then the email/smtp stack is working and the network forwarded to smtp2go for delivery. IOW, the server appears healthy, just this issue.
What in the update process from a package updating perspective could cause this?
Could I have a bad library? How can I go get a new main.cvd and install it?
Jay
I enabled libclamav logging in freshclam hoping it would shed some light on what may be going on:
ClamAV update process started at Sun Jul 15 16:27:39 2018
Using IPv6 aware code Querying current.cvd.clamav.net TTL: 611
Software version from DNS: 0.100.1
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.100.0 Recommended version: 0.100.1
DON’T PANIC! Read https://www.clamav.net/documents/upgrading-clamav Retrieving http://db.local.clamav.net/main.cvd Trying to download http://db.local.clamav.net/main.cvd (IP: 104.16.189.138)
Downloading main.cvd [100%]
LibClamAV debug: Initialized 0.100.0 engine LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Decoded signature: 57462fd73f1cfdb356b9dca66da2b732
LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload()
LibClamAV debug: in cli_tgzload_cleanup()
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header LibClamAV debug: Cleaning up phishcheck LibClamAV debug: Phishcheck cleaned up ERROR: Verification: Malformed database Querying main.0.91.0.0.6810BD8A.ping.clamav.net Giving up on db.local.clamav.net… Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq for possible reasons.
Is this of any help?
Thanks in advance,
Jay
Am 15.07.2018 um 22:41 schrieb Jay Hart:
Jay,
it is your 32-bit CentOS 6. I am running 64-bit and don’t have that issue. Please see
https://bugzilla.redhat.com/show_bug.cgi?id00458
Alexander
try removign it (yum remove …) reboot and then reinstall it again
(yum install …)?
Am 16.07.2018 um 19:42 schrieb Walter H.:
Seriously, this is not Windows.
Alexander
Seriously, then this guy is telling a story