Hi there, On Tue, 27 Jul 2021, Ashtec Cerenuela via clamav-users wrote:
I've been monitoring the clamd.log for my email server this past few weeks and I've seen errors like this everyday. Sat Jul 24 19:28:27 2021 -> SelfCheck: Database modification detected. Forcing reload. Sat Jul 24 19:28:27 2021 -> Reading databases from C:\ProgramData\.clamwin\db Sat Jul 24 19:28:39 2021 -> ERROR: reload_th: Database load failed: Malformed database
Are you sure that you're using an up-to-date clamd version? Clutching at straws here, perhaps when you upgraded the daemon wasn't restarted?
... ClamUpdateLog.txt says: ClamAV update process started at Sat Jul 24 19:19:00 2021 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.103.2 Recommended version: 0.103.3
Since you seem to be using ClamWin you will either have to live with these warnings or use the Windows version from upstream. Personally after what I've seen of ClamWin I'd steer clear of it. See comments in the list archives for example: https://lists.clamav.net/pipermail/clamav-users/2021-June/011286.html
daily database available for update (local version: 26241, remote version: 26242) Testing database: 'C:\ProgramData\.clamwin\db\tmp.5c43b1ecb8\clamav-632317d6ea0ad37e91e81295e905073d.tmp-daily.cld' ... Database test passed. daily.cld updated (version: 26242, sigs: 1963537, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Your update process seem to be working OK. Here's my freshclam log (on Linux!) for about that time, as you see the numbers all match: Sat Jul 24 20:21:55 2021 -> Received signal: wake up Sat Jul 24 20:21:55 2021 -> ClamAV update process started at Sat Jul 24 20:21:55 2021 Sat Jul 24 20:21:56 2021 -> daily.cld database is up-to-date (version: 26242, sigs: 1963537, f-level: 90, builder: raynman) Sat Jul 24 20:21:56 2021 -> main.cvd database is up-to-date (version: 61, sigs: 6607162, f-level: 90, builder: sigmgr) Sat Jul 24 20:21:56 2021 -> bytecode.cld database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Deleted daily.cld/main.cvd and downloaded with a new copy from clamwin website. After 24hrs of monitoring, the error occured again after the update. I'm not sure if this is normal or what.
I'm not sure what's normal for ClamWin. Why not just use the official sources and CDN? In case it helps, if you check the MD5sum for the main database it should be 8192d77d0032163244c7323a80d5f228 and I wouldn't expect that file to change for quite some time since it's only very recently been updated. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml