Problem with starting ClamAV

anton_latvia

Well-Known Member
PartnerNOC
May 11, 2004
423
44
178
Latvia
cPanel Access Level
Root Administrator
Hello,
Suddenly ClamAV does not want to start on one of our servers. It fails during startup with error in the shell:

Starting clamd: LibClamAV Error: cli_loadmd5: Problem parsing database at line 11703
LibClamAV Error: Can't load daily.mdb: Malformed database
LibClamAV Error: cli_tgzload: Can't load daily.mdb
LibClamAV Error: Can't load /usr/share/clamav/daily.cld: Malformed database
ERROR: Malformed database

I tried upgrading, reinstalling ClamAV and few other softwares, but so far with no luck.

Any ideas, dear community?

Anton.
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
Starting clamd: LibClamAV Error: cli_loadmd5: Problem parsing database at line 11703
LibClamAV Error: Can't load daily.mdb: Malformed database
LibClamAV Error: cli_tgzload: Can't load daily.mdb
LibClamAV Error: Can't load /usr/share/clamav/daily.cld: Malformed database
ERROR: Malformed database
That means the DBs are corrupted. Do this:
cd /usr/share/clamav/
Empty the content of these 3 files:

Code:
daily.cvd
main.cld
mirrors.dat
Then run this command to download fresh copies for your DBs:
Code:
/etc/cron.daily/freshclam
Although this is not necessary, but restart clamd:
Code:
/scripts/restartsrv_clamd
Hope this helps!
 

anton_latvia

Well-Known Member
PartnerNOC
May 11, 2004
423
44
178
Latvia
cPanel Access Level
Root Administrator
Thanks for help, although to me it seems, that there sort of error at clamav part, here is output of freshclam:

Code:
ClamAV update process started at Sun Mar  1 11:29:39 2009
LibClamAV Error: cl_cvdhead: Can't read CVD header in main.cld
Downloading main.cvd [100%]
ERROR: Verification: MD5 verification error
Trying again in 5 secs...
ClamAV update process started at Sun Mar  1 11:30:17 2009
LibClamAV Error: cl_cvdhead: Can't read CVD header in main.cld
Trying host database.clamav.net (212.7.0.71)...
Downloading main.cvd [100%]
main.cvd updated (version: 50, sigs: 500667, f-level: 38, builder: sven)
LibClamAV Error: cl_cvdhead: Can't read CVD header in daily.cld
Downloading daily.cvd [100%]
daily.cvd updated (version: 9059, sigs: 13941, f-level: 38, builder: mcichosz)
Database updated (514608 signatures) from database.clamav.net (IP: 212.7.0.71)
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
Well, it helped to completely delete those 3 files (instead of making them empty) and rerun freshclam. ;)
Sounds good.

This demonstartes that every server is unique and what works for one server may not work for another. :)
 

cyexx

Well-Known Member
Sep 3, 2004
70
0
156
Just had this Hit

I just had this hit me and I tried the above suggestions with no change, any ideas?

Code:
[email protected] [/usr/share/clamav]# ls
./            honeynet.hdb  malware.db                 MSRBL-SPAM.ndb  scam.ndb          spam.ldb
../           junk.ndb      mirrors.dat                phish.ndb       scam.ndb.gz       spear.ndb
antispam.ndb  lott.ndb      MSRBL-Images-FULL-SoN.hdb  phish.ndb.gz    securiteinfo.hdb  vx.hdb
daily.cld     main.cld      MSRBL-Images.hdb           rogue.hdb       spamimg.hdb
[email protected] [/usr/share/clamav]# rm daily.cld
rm: remove regular file `daily.cld'? y
[email protected] [/usr/share/clamav]# rm main.cld
rm: remove regular file `main.cld'? y
[email protected] [/usr/share/clamav]# rm mirrors.dat
rm: remove regular file `mirrors.dat'? y
[email protected] [/usr/share/clamav]# /usr/local/bin/freshclam
ClamAV update process started at Mon May 18 07:47:40 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94 Recommended version: 0.95.1
DON'T PANIC! Read http://www.clamav.net/support/faq
Downloading main-49.cdiff [100%]
Downloading main-50.cdiff [100%]
Downloading main-51.cdiff [100%]
main.cld updated (version: 51, sigs: 545035, f-level: 42, builder: sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 35, recommended = 42
DON'T PANIC! Read http://www.clamav.net/support/faq
WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 64.142.100.50)
WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
Trying host database.clamav.net (65.120.238.5)...
WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
Trying host database.clamav.net (65.120.238.5)...
WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (65.120.238.5)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 9366, sigs: 5454, f-level: 42, builder: ccordes)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 35, recommended = 42
DON'T PANIC! Read http://www.clamav.net/support/faq
Database updated (550489 signatures) from database.clamav.net (IP: 65.120.238.5)
[email protected] [/usr/share/clamav]# /scripts/restartsrv_clamd
clamd: no process killed
clamd: no process killed
LibClamAV Error: Malformed pattern line 1
LibClamAV Error: Problem parsing database at line 1
LibClamAV Error: Can't load /usr/share/clamav/malware.db: Malformed database
ERROR: Malformed database
[email protected] [/usr/share/clamav]#
 

cPanelDavidG

Technical Product Specialist
Nov 29, 2006
11,212
13
313
Houston, TX
cPanel Access Level
Root Administrator
I just had this hit me and I tried the above suggestions with no change, any ideas?

Code:
[email protected] [/usr/share/clamav]# ls
./            honeynet.hdb  malware.db                 MSRBL-SPAM.ndb  scam.ndb          spam.ldb
../           junk.ndb      mirrors.dat                phish.ndb       scam.ndb.gz       spear.ndb
antispam.ndb  lott.ndb      MSRBL-Images-FULL-SoN.hdb  phish.ndb.gz    securiteinfo.hdb  vx.hdb
daily.cld     main.cld      MSRBL-Images.hdb           rogue.hdb       spamimg.hdb
[email protected] [/usr/share/clamav]# rm daily.cld
rm: remove regular file `daily.cld'? y
[email protected] [/usr/share/clamav]# rm main.cld
rm: remove regular file `main.cld'? y
[email protected] [/usr/share/clamav]# rm mirrors.dat
rm: remove regular file `mirrors.dat'? y
[email protected] [/usr/share/clamav]# /usr/local/bin/freshclam
ClamAV update process started at Mon May 18 07:47:40 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.94 Recommended version: 0.95.1
DON'T PANIC! Read http://www.clamav.net/support/faq
Downloading main-49.cdiff [100%]
Downloading main-50.cdiff [100%]
Downloading main-51.cdiff [100%]
main.cld updated (version: 51, sigs: 545035, f-level: 42, builder: sven)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 35, recommended = 42
DON'T PANIC! Read http://www.clamav.net/support/faq
WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 64.142.100.50)
WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
Trying host database.clamav.net (65.120.238.5)...
WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
Trying host database.clamav.net (65.120.238.5)...
WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Trying host database.clamav.net (65.120.238.5)...
Downloading daily.cvd [100%]
daily.cvd updated (version: 9366, sigs: 5454, f-level: 42, builder: ccordes)
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Current functionality level = 35, recommended = 42
DON'T PANIC! Read http://www.clamav.net/support/faq
Database updated (550489 signatures) from database.clamav.net (IP: 65.120.238.5)
[email protected] [/usr/share/clamav]# /scripts/restartsrv_clamd
clamd: no process killed
clamd: no process killed
LibClamAV Error: Malformed pattern line 1
LibClamAV Error: Problem parsing database at line 1
LibClamAV Error: Can't load /usr/share/clamav/malware.db: Malformed database
ERROR: Malformed database
[email protected] [/usr/share/clamav]#
Try uninstalling then re-installing ClamAv via WHM's Plugin section by un-checking the "ClamAV Connector" then clicking "save" then going back to that page and checking it to re-install ClamAV.