Doc Schneider wrote:
Bill Landry wrote:Bill Landry wrote:Doc Schneider wrote:Bill Landry wrote:Doc Schneider wrote:Hmmm, that's too bad, can't compare the two file then. Anyway, that isBill Landry wrote:Doc Schneider wrote:Oh and using clamav 0.95.1 on CentOS 5.2 Doc Schneider wrote:I've got a server that keeps getting these errors. Using Bills unofficial sigs script v 2.7 Any ideas? Stopping Clam AntiVirus Daemon: [FAILED] Starting Clam AntiVirus Daemon: LibClamAV Error: cli_loadmd5: Malformed MD5 string at line 95073LibClamAV Error: cli_loadmd5: Problem parsing database at line 95073 LibClamAV Error: Can't load /var/clamav/securiteinfo.hdb: Malformeddatabase ERROR: Malformed database [FAILED]Doc, can you provide the output from: ls -l /var/clamav/securiteinfo.hdb and (adjust path to match your "ss-dbs" working directory location): ls -l /usr/unofficial-dbs/ss-dbs/securiteinfo.hdb and: unofficial-clamav-sigs.sh -s securiteinfo.hdb I'm wondering why this file appears to not be updating, as the issue youreport above was resolved by newer signature updates from SecruiteInfofor securiteinfo.hdb. Bill-rw-r--r-- 1 root root 7451460 Apr 16 07:56 /usr/unofficial-dbs/si-dbs/securiteinfo.hdb I removed all the si sigs so none are going into /var/clamav/the correct file size. What about the output from either: unofficial-clamav-sigs.sh -s securiteinfo.hdb or: clamscan -d /usr/unofficial-dbs/si-dbs/securiteinfo.hdb /dev/null If the database is not reporting any errors, then it should not cause clamd any problems. BillClamscan integrity testing database file: /usr/unofficial-dbs/si-dbs/securiteinfo.hdbClamscan reports that the 'scam.ndb' database file integrity tested GOODclamscan -d /usr/unofficial-dbs/si-dbs/securiteinfo.hdb /dev/null ERROR: Not supported file type (/dev/null) ----------- SCAN SUMMARY ----------- Known viruses: 106406 Engine version: 0.95.1 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 0.393 sec (0 m 0 s)Perfect, so there should be no issue with using this database. However, since the file that was previously causing the issue no longer available, there is no way to confirm whether the file was different than the one you just tested in your working directory, and no way to determine if was being updated or not.BTW, have you enabled logging in the script? If so, could you provide log output from an update run that shows this issue? Thanks, BillI've enabled logging in the conf file and will send the output after it runs on the hour.
And of course not much in the log: Apr 16 15:14:29 INFO - Pausing database file updates for 435 seconds...Apr 16 15:21:45 INFO - SaneSecurity mirror site used: www01.masbytes.es 213.194.159.34
Apr 16 15:21:47 INFO - No SaneSecurity database file updates foundApr 16 15:21:48 INFO - MSRBL mirror site used: msrbl.aarboard.ch 88.198.249.108
Apr 16 15:21:50 INFO - No MSRBL database file updates foundApr 16 15:21:50 INFO - Next SecuriteInfo check will be performed in approximately 0 hour(s), 57 minute(s) Apr 16 15:21:50 INFO - Next MalwarePatrol download will be performed in approximately 3 hour(s), 14 minute(s)
Apr 16 15:21:50 INFO - No update(s) detected, NOT reloading ClamAV databases -- Doc Schneider Fort Systems, LTD http://www.fsl.com/ Office Phone: 202 595-7760 ext. 803