Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Problem with starting ClamAV

Discussion in 'E-mail Discussion' started by anton_latvia, Feb 28, 2009.

  1. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    358
    Likes Received:
    4
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Hello,
    Suddenly ClamAV does not want to start on one of our servers. It fails during startup with error in the shell:

    Starting clamd: LibClamAV Error: cli_loadmd5: Problem parsing database at line 11703
    LibClamAV Error: Can't load daily.mdb: Malformed database
    LibClamAV Error: cli_tgzload: Can't load daily.mdb
    LibClamAV Error: Can't load /usr/share/clamav/daily.cld: Malformed database
    ERROR: Malformed database

    I tried upgrading, reinstalling ClamAV and few other softwares, but so far with no luck.

    Any ideas, dear community?

    Anton.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    That means the DBs are corrupted. Do this:
    cd /usr/share/clamav/
    Empty the content of these 3 files:

    Code:
    daily.cvd
    main.cld
    mirrors.dat
    Then run this command to download fresh copies for your DBs:
    Code:
    /etc/cron.daily/freshclam
    Although this is not necessary, but restart clamd:
    Code:
    /scripts/restartsrv_clamd
    Hope this helps!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    358
    Likes Received:
    4
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Thanks for help, although to me it seems, that there sort of error at clamav part, here is output of freshclam:

    Code:
    ClamAV update process started at Sun Mar  1 11:29:39 2009
    LibClamAV Error: cl_cvdhead: Can't read CVD header in main.cld
    Downloading main.cvd [100%]
    ERROR: Verification: MD5 verification error
    Trying again in 5 secs...
    ClamAV update process started at Sun Mar  1 11:30:17 2009
    LibClamAV Error: cl_cvdhead: Can't read CVD header in main.cld
    Trying host database.clamav.net (212.7.0.71)...
    Downloading main.cvd [100%]
    main.cvd updated (version: 50, sigs: 500667, f-level: 38, builder: sven)
    LibClamAV Error: cl_cvdhead: Can't read CVD header in daily.cld
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9059, sigs: 13941, f-level: 38, builder: mcichosz)
    Database updated (514608 signatures) from database.clamav.net (IP: 212.7.0.71)
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    358
    Likes Received:
    4
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Well, it helped to completely delete those 3 files (instead of making them empty) and rerun freshclam. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    4
    Trophy Points:
    193
    Location:
    Minneapolis, MN
    Sounds good.

    This demonstartes that every server is unique and what works for one server may not work for another. :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cyexx

    cyexx Well-Known Member

    Joined:
    Sep 3, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    156
    Just had this Hit

    I just had this hit me and I tried the above suggestions with no change, any ideas?

    Code:
    root@kasei [/usr/share/clamav]# ls
    ./            honeynet.hdb  malware.db                 MSRBL-SPAM.ndb  scam.ndb          spam.ldb
    ../           junk.ndb      mirrors.dat                phish.ndb       scam.ndb.gz       spear.ndb
    antispam.ndb  lott.ndb      MSRBL-Images-FULL-SoN.hdb  phish.ndb.gz    securiteinfo.hdb  vx.hdb
    daily.cld     main.cld      MSRBL-Images.hdb           rogue.hdb       spamimg.hdb
    root@kasei [/usr/share/clamav]# rm daily.cld
    rm: remove regular file `daily.cld'? y
    root@kasei [/usr/share/clamav]# rm main.cld
    rm: remove regular file `main.cld'? y
    root@kasei [/usr/share/clamav]# rm mirrors.dat
    rm: remove regular file `mirrors.dat'? y
    root@kasei [/usr/share/clamav]# /usr/local/bin/freshclam
    ClamAV update process started at Mon May 18 07:47:40 2009
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.94 Recommended version: 0.95.1
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Downloading main-49.cdiff [100%]
    Downloading main-50.cdiff [100%]
    Downloading main-51.cdiff [100%]
    main.cld updated (version: 51, sigs: 545035, f-level: 42, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 35, recommended = 42
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 64.142.100.50)
    WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
    Trying host database.clamav.net (65.120.238.5)...
    WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
    WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
    Trying host database.clamav.net (65.120.238.5)...
    WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
    WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host database.clamav.net (65.120.238.5)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9366, sigs: 5454, f-level: 42, builder: ccordes)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 35, recommended = 42
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Database updated (550489 signatures) from database.clamav.net (IP: 65.120.238.5)
    root@kasei [/usr/share/clamav]# /scripts/restartsrv_clamd
    clamd: no process killed
    clamd: no process killed
    LibClamAV Error: Malformed pattern line 1
    LibClamAV Error: Problem parsing database at line 1
    LibClamAV Error: Can't load /usr/share/clamav/malware.db: Malformed database
    ERROR: Malformed database
    root@kasei [/usr/share/clamav]#
    
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Try uninstalling then re-installing ClamAv via WHM's Plugin section by un-checking the "ClamAV Connector" then clicking "save" then going back to that page and checking it to re-install ClamAV.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice