The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

clamd failing. Bad update?

Discussion in 'General Discussion' started by sozotech, Nov 16, 2015.

  1. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I am seeing clamd trying to restart on all of our servers and am getting the following error message.

    Starting clamd: LibClamAV Error: cli_loadhash: Problem parsing database at line 1
    LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/honeynet.hdb: Malformed database
    LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/honeynet.hdb
    ERROR: Malformed database

    Running freshclam doesn't seem to pull down a good database. Any ideas how to get clamd back up and running?
     
  2. mobboss

    mobboss Member

    Joined:
    Jan 29, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    I have been getting this as well.

    LibClamAV Error: cli_loadhash: Problem parsing database at line 1
    LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/securiteinfooffice.hdb: Malformed database
    LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/securiteinfooffice.hdb
    ERROR: Malformed database

    clamd has failed. Contact your system administrator if the service does not automagically recover.
     
  3. supporto

    supporto Registered

    Joined:
    Jun 8, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    same issue

    LibClamAV Error: cli_loadhash: Problem parsing database at line 1
    LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb: Malformed database
    LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb
    ERROR: Malformed database

    clamd has failed. Contact your system administrator if the service does not automagically recover.
     
  4. tm2004

    tm2004 Member

    Joined:
    Mar 1, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Same here, started a few days ago. Any ideas?

    Code:
    root@srv3006 [/]# /scripts/restartsrv_clamd
    Waiting for “clamd” to start ……
    …failed.
    
    Service Error
            The “clamd” service failed to start.
    
    Startup Log
            LibClamAV Error: cli_loadhash: Problem parsing database at line 1
            LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb: Malformed database
            LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb
            ERROR: Malformed database
    
    clamd has failed. Contact your system administrator if the service does not automagically recover.
     
    #4 tm2004, Nov 17, 2015
    Last edited: Nov 17, 2015
  5. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I assume we probably need to open a ticket. I will do so now and see what cPanel has to say.

    Eric
     
  6. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    My ticket id is 7386817.

    Eric
     
    #6 sozotech, Nov 17, 2015
    Last edited by a moderator: Nov 17, 2015
  7. tm2004

    tm2004 Member

    Joined:
    Mar 1, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Hmm, this is the contents of /usr/local/cpanel/3rdparty/share/clamav/securiteinfohtml.hdb after a fresh cPanel update to 11.52 (23)


    Code:
    clamav.securiteinfo.com/securiteinfoelf.hdb has been removed
    
    New up-to-date signatures are available for download
    
    Please see the following link for more information :
    
    https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
    
     
  8. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Sounds like this database just needs to be removed from clamav? How do you do that?

    Eric
     
  9. tm2004

    tm2004 Member

    Joined:
    Mar 1, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Something needs to be changed.. there is another set of files here: /usr/share/clamav/

    When I run FRESHCLAM I get this:
    Code:
    Using username "root".
    Last login: Tue Nov 17 05:49:54 2015
    root@srv3006 [~]# freshclam
    ClamAV update process started at Tue Nov 17 05:53:30 2015
    main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
    daily.cld is up to date (version: 21062, sigs: 1687373, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
    root@srv3006 [~]#
    
     
  10. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I got a the following response back from cPanel.

    "The following databases are no longer used and weren't able to be loaded by ClamAv. They were located in /usr/local/cpanel/3rdparty/share/clamav and have been moved to /root/cpanelzone"

    The following commands should work to move these DB's out of the way and get clamav started again.

    Code:
    mkdir /root/cpanelzone/
    cd /usr/local/cpanel/3rdparty/share/clamav
    mv honeynet.hdb /root/cpanelzone/
    mv securiteinfobat.hdb /root/cpanelzone/
    mv securiteinfodos.hdb /root/cpanelzone/
    mv securiteinfoelf.hdb /root/cpanelzone/
    mv securiteinfohtml.hdb /root/cpanelzone/
    mv securiteinfooffice.hdb /root/cpanelzone/
    mv securiteinfopdf.hdb /root/cpanelzone/
    mv securiteinfosh.hdb /root/cpanelzone/
    service exim restart
    Not sure why their update script did not remove these when they stopped supporting them.

    Best regards,
    Eric
     
  11. tm2004

    tm2004 Member

    Joined:
    Mar 1, 2005
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the details from cPanel. Crazy thing for me... about an hour after I upgraded to 11.52 (and finally gave up making it work), I get a system email that the dang thing restarted and has been working all afternoon. Maybe a cached config file somewhere?? Who knows but a FORCED UPCP eventually worked for us.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Were these databases manually implemented at some point? I can't reproduce their existence on a fresh installation, and I see no previous references to them.

    Thank you.
     
  13. Sanesecurity

    Sanesecurity Registered

    Joined:
    Nov 24, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    Root Administrator
    Securiteinfo changed their database location and setup a while back.

    [Removed]

    The above script is kept up-to-date with the various new databases, such as badmacro.ndb, foxhole_filename.cdb and foxhole_generic.cdb etc.

    Hope that helps,

    Steve
     
Loading...

Share This Page