Hey folks, just closing the loop on this, unsurprisingly, this turned out to be a problem on our side. I had forgotten but we were running a custom build of clamav a couple of commits before the 0.98.7 release that apparently had a signature parsing regression, upgrading to the release commit fixed the issue for us.
Thanks everyone for the help! On Sun, Oct 18, 2015 at 5:31 PM, Al Varnell <alvarn...@mac.com> wrote: > I just had a Mac OS X 10.11/ClamXav 2.8.5/ClamAV 0.98.7 user with a > similar situation. Appears to be in the US, but I need to get more > information to verify that and the results of sigtool -i: > > Checking official ClamAV definitions > -------------------------------------- > ClamAV update process started at Sat Oct 17 11:58:34 2015 > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > neo) > Downloading daily-20931.cdiff [100%] > Downloading daily-20932.cdiff [100%] > Downloading daily-20933.cdiff [100%] > Downloading daily-20934.cdiff [100%] > Downloading daily-20935.cdiff [100%] > Downloading daily-20936.cdiff [100%] > Downloading daily-20937.cdiff [100%] > Downloading daily-20938.cdiff [100%] > Downloading daily-20939.cdiff [100%] > Downloading daily-20940.cdiff [100%] > Downloading daily-20941.cdiff [100%] > Downloading daily-20942.cdiff [100%] > Downloading daily-20943.cdiff [100%] > Downloading daily-20944.cdiff [100%] > Downloading daily-20945.cdiff [100%] > Downloading daily-20946.cdiff [100%] > Downloading daily-20947.cdiff [100%] > Downloading daily-20948.cdiff [100%] > Downloading daily-20949.cdiff [100%] > Downloading daily-20950.cdiff [100%] > Downloading daily-20951.cdiff [100%] > Downloading daily-20952.cdiff [100%] > Downloading daily-20953.cdiff [100%] > Downloading daily-20954.cdiff [100%] > Downloading daily-20955.cdiff [100%] > Downloading daily-20956.cdiff [100%] > Downloading daily-20957.cdiff [100%] > Downloading daily-20958.cdiff [100%] > Downloading daily-20959.cdiff [100%] > Downloading daily-20960.cdiff [100%] > Downloading daily-20961.cdiff [100%] > Downloading daily-20962.cdiff [100%] > Downloading daily-20963.cdiff [100%] > Downloading daily-20964.cdiff [100%] > Downloading daily-20965.cdiff [100%] > Downloading daily-20966.cdiff [100%] > Downloading daily-20967.cdiff [100%] > Downloading daily-20968.cdiff [100%] > Downloading daily-20969.cdiff [100%] > Downloading daily-20970.cdiff [100%] > Downloading daily-20971.cdiff [100%] > Downloading daily-20972.cdiff [100%] > Downloading daily-20973.cdiff [100%] > Downloading daily-20974.cdiff [100%] > Downloading daily-20975.cdiff [100%] > Downloading daily-20976.cdiff [100%] > Downloading daily-20977.cdiff [100%] > ERROR: Failed to load new database: Malformed database > ERROR: Failed to load new database > -------------------------------------- > ClamAV update process started at Sun Oct 18 05:45:07 2015 > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > neo) > Downloading daily-20931.cdiff [100%] > Downloading daily-20932.cdiff [100%] > Downloading daily-20933.cdiff [100%] > Downloading daily-20934.cdiff [100%] > Downloading daily-20935.cdiff [100%] > Downloading daily-20936.cdiff [100%] > Downloading daily-20937.cdiff [100%] > Downloading daily-20938.cdiff [100%] > Downloading daily-20939.cdiff [100%] > Downloading daily-20940.cdiff [100%] > Downloading daily-20941.cdiff [100%] > Downloading daily-20942.cdiff [100%] > ERROR: cdiff_apply: Incorrect digital signature > ERROR: getpatch: Can't apply patch > Downloading daily.cvd [100%] > ERROR: Verification: Can't verify database integrity > Trying again in 5 secs... > ClamAV update process started at Sun Oct 18 05:52:05 2015 > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > neo) > Downloading daily-20931.cdiff [100%] > Downloading daily-20932.cdiff [100%] > Downloading daily-20933.cdiff [100%] > Downloading daily-20934.cdiff [100%] > Downloading daily-20935.cdiff [100%] > Downloading daily-20936.cdiff [100%] > Downloading daily-20937.cdiff [100%] > Downloading daily-20938.cdiff [100%] > Downloading daily-20939.cdiff [100%] > Downloading daily-20940.cdiff [100%] > Downloading daily-20941.cdiff [100%] > Downloading daily-20942.cdiff [100%] > Downloading daily-20943.cdiff [100%] > Downloading daily-20944.cdiff [100%] > Downloading daily-20945.cdiff [100%] > Downloading daily-20946.cdiff [100%] > Downloading daily-20947.cdiff [100%] > Downloading daily-20948.cdiff [100%] > ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb > ERROR: cdiff_apply: Can't execute command CLOSE > ERROR: cdiff_apply: Error executing command at line 19 > ERROR: getpatch: Can't apply patch > Downloading daily.cvd [100%] > ERROR: Verification: Can't verify database integrity > Trying again in 5 secs... > ClamAV update process started at Sun Oct 18 05:53:10 2015 > main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: > neo) > Downloading daily-20931.cdiff [100%] > Downloading daily-20932.cdiff [100%] > Downloading daily-20933.cdiff [100%] > Downloading daily-20934.cdiff [100%] > Downloading daily-20935.cdiff [100%] > Downloading daily-20936.cdiff [100%] > Downloading daily-20937.cdiff [100%] > Downloading daily-20938.cdiff [100%] > Downloading daily-20939.cdiff [100%] > Downloading daily-20940.cdiff [100%] > Downloading daily-20941.cdiff [100%] > Downloading daily-20942.cdiff [100%] > Downloading daily-20943.cdiff [100%] > Downloading daily-20944.cdiff [100%] > Downloading daily-20945.cdiff [100%] > Downloading daily-20946.cdiff [100%] > Downloading daily-20947.cdiff [100%] > Downloading daily-20948.cdiff [100%] > ERROR: cdiff_cmd_close: Can't apply DEL at line 1493879 of daily.mdb > ERROR: cdiff_apply: Can't execute command CLOSE > ERROR: cdiff_apply: Error executing command at line 19 > ERROR: getpatch: Can't apply patch > Downloading daily.cvd [100%] > ERROR: Verification: Can't verify database integrity > Giving up on database.clamav.net... > Update failed. Your network may be down or none of the mirrors listed in > /usr/local/clamXav/etc/freshclam.conf is working. Check > http://www.clamav.net/doc/mirrors-faq.html for possible reasons. > > -Al- > > On Thu, Oct 15, 2015 at 01:41 PM, Rafael Ferreira wrote: > > > > Odd, we run Debian (Jessie) Linux and we see this problem on quite a few > of our hosts; nothing obviously relevant seems to have changed on our side. > We will keep looking and report back. > > > >> On Oct 15, 2015, at 1:15 PM, Steven Morgan <smor...@sourcefire.com> > wrote: > >> Thanks, that is working for me with ClamAV 0.98.7. It even worked using > >> http://scanii-assets.s3.amazonaws.com/daily.cvd. What OS and hardware > are > >> you using? > >> > >> On Thu, Oct 15, 2015 at 1:30 PM, Rafael Ferreira <r...@uvasoftware.com> > >> wrote: > >>> 0.98.7 > >>> > >>>>> On Oct 15, 2015, at 8:46 AM, Steven Morgan > >>>> wrote: > >>>> Rafael, > >>>> > >>>> I don't see this. Which version of ClamAV are you using? > >>>> > >>>> Steve > >>>> > >>>> > >>>> On Thu, Oct 15, 2015 at 11:24 AM, Rafael Ferreira > >>>> wrote: > >>>>> Howdy folks, we started noticing problems with daily.cvd: > >>>>> > >>>>> Retrieving http://scanii-assets.s3.amazonaws.com/daily.cvd > >>>>> > >>>>> Trying to download http://scanii-assets.s3.amazonaws.com/daily.cvd > (IP: > >>>>> 54.231.34.41) > >>>>> > >>>>> Downloading daily.cvd [100%] > >>>>> > >>>>> Loading signatures from daily.cvd > >>>>> > >>>>> WARNING: [LibClamAV] cli_parseadd(): Problem adding signature (1b). > >>>>> > >>>>> WARNING: [LibClamAV] Problem parsing database at line 1097 > >>>>> > >>>>> WARNING: [LibClamAV] Can't load daily.ldb: Malformed database > >>>>> > >>>>> WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb > >>>>> > >>>>> WARNING: [LibClamAV] Can't load > >>>>> > /var/lib/clamav/clamav-bde1e525a5ccd73f8aef9d297171cfdc.tmp/clamav-d1391230fbba45ed1a1ab05e2a069102.cvd: > >>>>> Malformed database > >>>>> > >>>>> ERROR: Failed to load new database: Malformed database > >>>>> > >>>>> ERROR: During database load : WARNING: [LibClamAV] cli_parse_add(): > >>>>> Problem > >>>>> adding signature (1). [...] ERROR: Failed to load new database: > >>>>> Malformed > >>>>> database > >>>>> > >>>>> WARNING: Database load exited with status 55 > >>>>> > >>>>> ERROR: Failed to load new database > >>>>> > >>>>> couple of things worth noting, there's no indication of memory > pressure > >>>>> on > >>>>> the hosts, the databases do pass a sigtool dump of its contents and > were > >>>>> tested for potential in flight corruption. > >>>>> > >>>>> Anyone else seeing this? > >>>>> > >>>>> - Rafael > > > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Rafael Ferreira Uva Software, LLC _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
