clamd failing. Bad update?

sozotech

Well-Known Member
Jul 26, 2013
106
5
68
cPanel Access Level
Root Administrator
I am seeing clamd trying to restart on all of our servers and am getting the following error message.

Starting clamd: LibClamAV Error: cli_loadhash: Problem parsing database at line 1
LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/honeynet.hdb: Malformed database
LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/honeynet.hdb
ERROR: Malformed database

Running freshclam doesn't seem to pull down a good database. Any ideas how to get clamd back up and running?
 

mobboss

Member
Jan 29, 2014
8
0
1
cPanel Access Level
DataCenter Provider
I have been getting this as well.

LibClamAV Error: cli_loadhash: Problem parsing database at line 1
LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/securiteinfooffice.hdb: Malformed database
LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/securiteinfooffice.hdb
ERROR: Malformed database

clamd has failed. Contact your system administrator if the service does not automagically recover.
 

supporto

Registered
Jun 8, 2008
1
0
51
same issue

LibClamAV Error: cli_loadhash: Problem parsing database at line 1
LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb: Malformed database
LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb
ERROR: Malformed database

clamd has failed. Contact your system administrator if the service does not automagically recover.
 

tm2004

Member
Mar 1, 2005
23
0
151
Same here, started a few days ago. Any ideas?

Code:
[email protected] [/]# /scripts/restartsrv_clamd
Waiting for “clamd” to start ……
…failed.

Service Error
        The “clamd” service failed to start.

Startup Log
        LibClamAV Error: cli_loadhash: Problem parsing database at line 1
        LibClamAV Error: Can't load /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb: Malformed database
        LibClamAV Error: cli_loaddbdir(): error loading database /usr/local/cpanel/3rdparty/share/clamav/securiteinfoelf.hdb
        ERROR: Malformed database

clamd has failed. Contact your system administrator if the service does not automagically recover.
 
Last edited:

tm2004

Member
Mar 1, 2005
23
0
151
Hmm, this is the contents of /usr/local/cpanel/3rdparty/share/clamav/securiteinfohtml.hdb after a fresh cPanel update to 11.52 (23)


Code:
clamav.securiteinfo.com/securiteinfoelf.hdb has been removed

New up-to-date signatures are available for download

Please see the following link for more information :

https://www.securiteinfo.com/services/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml
 

tm2004

Member
Mar 1, 2005
23
0
151
Something needs to be changed.. there is another set of files here: /usr/share/clamav/

When I run FRESHCLAM I get this:
Code:
Using username "root".
Last login: Tue Nov 17 05:49:54 2015
[email protected] [~]# freshclam
ClamAV update process started at Tue Nov 17 05:53:30 2015
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 21062, sigs: 1687373, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 270, sigs: 46, f-level: 63, builder: shurley)
[email protected] [~]#
 

sozotech

Well-Known Member
Jul 26, 2013
106
5
68
cPanel Access Level
Root Administrator
I got a the following response back from cPanel.

"The following databases are no longer used and weren't able to be loaded by ClamAv. They were located in /usr/local/cpanel/3rdparty/share/clamav and have been moved to /root/cpanelzone"

The following commands should work to move these DB's out of the way and get clamav started again.

Code:
mkdir /root/cpanelzone/
cd /usr/local/cpanel/3rdparty/share/clamav
mv honeynet.hdb /root/cpanelzone/
mv securiteinfobat.hdb /root/cpanelzone/
mv securiteinfodos.hdb /root/cpanelzone/
mv securiteinfoelf.hdb /root/cpanelzone/
mv securiteinfohtml.hdb /root/cpanelzone/
mv securiteinfooffice.hdb /root/cpanelzone/
mv securiteinfopdf.hdb /root/cpanelzone/
mv securiteinfosh.hdb /root/cpanelzone/
service exim restart
Not sure why their update script did not remove these when they stopped supporting them.

Best regards,
Eric
 

tm2004

Member
Mar 1, 2005
23
0
151
Thanks for the details from cPanel. Crazy thing for me... about an hour after I upgraded to 11.52 (and finally gave up making it work), I get a system email that the dang thing restarted and has been working all afternoon. Maybe a cached config file somewhere?? Who knows but a FORCED UPCP eventually worked for us.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello :)

Were these databases manually implemented at some point? I can't reproduce their existence on a fresh installation, and I see no previous references to them.

Thank you.
 

Sanesecurity

Registered
Nov 24, 2015
1
0
1
Earth
cPanel Access Level
Root Administrator
Securiteinfo changed their database location and setup a while back.

[Removed]

The above script is kept up-to-date with the various new databases, such as badmacro.ndb, foxhole_filename.cdb and foxhole_generic.cdb etc.

Hope that helps,

Steve