The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problem with starting ClamAV

Discussion in 'E-mail Discussions' started by anton_latvia, Feb 28, 2009.

  1. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    348
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Hello,
    Suddenly ClamAV does not want to start on one of our servers. It fails during startup with error in the shell:

    Starting clamd: LibClamAV Error: cli_loadmd5: Problem parsing database at line 11703
    LibClamAV Error: Can't load daily.mdb: Malformed database
    LibClamAV Error: cli_tgzload: Can't load daily.mdb
    LibClamAV Error: Can't load /usr/share/clamav/daily.cld: Malformed database
    ERROR: Malformed database

    I tried upgrading, reinstalling ClamAV and few other softwares, but so far with no luck.

    Any ideas, dear community?

    Anton.
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    That means the DBs are corrupted. Do this:
    cd /usr/share/clamav/
    Empty the content of these 3 files:

    Code:
    daily.cvd
    main.cld
    mirrors.dat
    Then run this command to download fresh copies for your DBs:
    Code:
    /etc/cron.daily/freshclam
    Although this is not necessary, but restart clamd:
    Code:
    /scripts/restartsrv_clamd
    Hope this helps!
     
  3. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    348
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Thanks for help, although to me it seems, that there sort of error at clamav part, here is output of freshclam:

    Code:
    ClamAV update process started at Sun Mar  1 11:29:39 2009
    LibClamAV Error: cl_cvdhead: Can't read CVD header in main.cld
    Downloading main.cvd [100%]
    ERROR: Verification: MD5 verification error
    Trying again in 5 secs...
    ClamAV update process started at Sun Mar  1 11:30:17 2009
    LibClamAV Error: cl_cvdhead: Can't read CVD header in main.cld
    Trying host database.clamav.net (212.7.0.71)...
    Downloading main.cvd [100%]
    main.cvd updated (version: 50, sigs: 500667, f-level: 38, builder: sven)
    LibClamAV Error: cl_cvdhead: Can't read CVD header in daily.cld
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9059, sigs: 13941, f-level: 38, builder: mcichosz)
    Database updated (514608 signatures) from database.clamav.net (IP: 212.7.0.71)
    
     
  4. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    348
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Well, it helped to completely delete those 3 files (instead of making them empty) and rerun freshclam. ;)
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Sounds good.

    This demonstartes that every server is unique and what works for one server may not work for another. :)
     
  6. cyexx

    cyexx Well-Known Member

    Joined:
    Sep 3, 2004
    Messages:
    70
    Likes Received:
    0
    Trophy Points:
    6
    Just had this Hit

    I just had this hit me and I tried the above suggestions with no change, any ideas?

    Code:
    root@kasei [/usr/share/clamav]# ls
    ./            honeynet.hdb  malware.db                 MSRBL-SPAM.ndb  scam.ndb          spam.ldb
    ../           junk.ndb      mirrors.dat                phish.ndb       scam.ndb.gz       spear.ndb
    antispam.ndb  lott.ndb      MSRBL-Images-FULL-SoN.hdb  phish.ndb.gz    securiteinfo.hdb  vx.hdb
    daily.cld     main.cld      MSRBL-Images.hdb           rogue.hdb       spamimg.hdb
    root@kasei [/usr/share/clamav]# rm daily.cld
    rm: remove regular file `daily.cld'? y
    root@kasei [/usr/share/clamav]# rm main.cld
    rm: remove regular file `main.cld'? y
    root@kasei [/usr/share/clamav]# rm mirrors.dat
    rm: remove regular file `mirrors.dat'? y
    root@kasei [/usr/share/clamav]# /usr/local/bin/freshclam
    ClamAV update process started at Mon May 18 07:47:40 2009
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.94 Recommended version: 0.95.1
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Downloading main-49.cdiff [100%]
    Downloading main-50.cdiff [100%]
    Downloading main-51.cdiff [100%]
    main.cld updated (version: 51, sigs: 545035, f-level: 42, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 35, recommended = 42
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 64.142.100.50)
    WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
    Trying host database.clamav.net (65.120.238.5)...
    WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
    WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
    Trying host database.clamav.net (65.120.238.5)...
    WARNING: getfile: daily-8168.cdiff not found on remote server (IP: 65.120.238.5)
    WARNING: getpatch: Can't download daily-8168.cdiff from database.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host database.clamav.net (65.120.238.5)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9366, sigs: 5454, f-level: 42, builder: ccordes)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 35, recommended = 42
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Database updated (550489 signatures) from database.clamav.net (IP: 65.120.238.5)
    root@kasei [/usr/share/clamav]# /scripts/restartsrv_clamd
    clamd: no process killed
    clamd: no process killed
    LibClamAV Error: Malformed pattern line 1
    LibClamAV Error: Problem parsing database at line 1
    LibClamAV Error: Can't load /usr/share/clamav/malware.db: Malformed database
    ERROR: Malformed database
    root@kasei [/usr/share/clamav]#
    
     
  7. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Try uninstalling then re-installing ClamAv via WHM's Plugin section by un-checking the "ClamAV Connector" then clicking "save" then going back to that page and checking it to re-install ClamAV.
     
Loading...

Share This Page