[clamav-users] daily-23474 & daily-23475 updates are failing to load
Hi Guys, Earlier this evening all of our healthchecks for the freshness of our ClamAV servers' databases started to go off indicating all of them were 2 versions behind. Investigating the freshclam logs, all of the servers are reporting the same error loading the daily cdiffs: freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) ClamAV update process started at Thu Jun 15 06:30:48 2017 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.98.7 Recommended version: 0.99.2 DON'T PANIC! Read http://www.clamav.net/support/faq Downloading main-58.cdiff [100%] main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Downloading daily-23474.cdiff [100%] Downloading daily-23475.cdiff [100%] WARNING: [LibClamAV] cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0 is too short WARNING: [LibClamAV] cli_parse_add(): Problem adding signature (3). WARNING: [LibClamAV] Problem parsing database at line 2793 WARNING: [LibClamAV] Can't load daily.ldb: Malformed database WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb WARNING: [LibClamAV] Can't load /var/lib/clamav/clamav-67926f9ec604f961a16747a484057689.tmp/clamav-250dc2257e1473258a61b534dbdef759.cld: Malformed database ERROR: Failed to load new database: Malformed database WARNING: Database load exited with status 55 ERROR: Failed to load new database Is this a known issue, or is there something else we should be doing to clear the problem? Thank you in advance for your help. -J ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load
n 06/15/2017 01:37 AM, Jason J. W. Williams wrote: > WARNING: [LibClamAV] cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0 is > too short > WARNING: [LibClamAV] cli_parse_add(): Problem adding signature (3). > WARNING: [LibClamAV] Problem parsing database at line 2793 > WARNING: [LibClamAV] Can't load daily.ldb: Malformed database > WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb > WARNING: [LibClamAV] Can't load > /var/lib/clamav/clamav-67926f9ec604f961a16747a484057689.tmp/clamav-250dc2257e1473258a61b534dbdef759.cld: > Malformed database > ERROR: Failed to load new database: Malformed database > WARNING: Database load exited with status 55 > ERROR: Failed to load new database > I am also seeing this issue... with identical error messages - only it's causing our mail daemon to lock up during the load process. What I need to know is whether a) this issue is limited to past releases (I'm also using 0.98.7 in production, and haven't had time to recompile with 0.99.2), and b) was it intentional, or did someone push out a corrupted database by accident... ? For those desperately searching for a solution... deleting daily.cld will side step the issue. Just make sure you also disable freshclam... at least until the issue is resolved... LibClamAV Error: cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0 is too short LibClamAV Error: cli_parse_add(): Problem adding signature (3). LibClamAV Error: Problem parsing database at line 2793 LibClamAV Error: Can't load daily.ldb: Malformed database LibClamAV Error: cli_tgzload: Can't load daily.ldb LibClamAV Error: Can't load /var/lib/clamav/daily.cld: Malformed database ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load
Thanks for reporting it. That signature is marked with the wrong "Engine" limits, so that error message only affects some point releases of 0.98. We are dropping that signature in the next daily CVD and will add a replacement later. To work around the trouble, you can add the "Win.Worm.Fadok-6328944-0" to a local ign2 file in the same directory as the daily.cvd or daily.cld and any affected ClamAV versions will load properly. Dave R. On Thu, Jun 15, 2017 at 2:37 AM, Jason J. W. Williams < jasonjwwilli...@gmail.com> wrote: > Hi Guys, > > Earlier this evening all of our healthchecks for the freshness of our > ClamAV servers' databases started to go off indicating all of them were 2 > versions behind. Investigating the freshclam logs, all of the servers are > reporting the same error loading the daily cdiffs: > > freshclam daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) > ClamAV update process started at Thu Jun 15 06:30:48 2017 > WARNING: Your ClamAV installation is OUTDATED! > WARNING: Local version: 0.98.7 Recommended version: 0.99.2 > DON'T PANIC! Read http://www.clamav.net/support/faq > Downloading main-58.cdiff [100%] > main.cld updated (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) > Downloading daily-23474.cdiff [100%] > Downloading daily-23475.cdiff [100%] > WARNING: [LibClamAV] cli_ac_addsig: Signature for Win.Worm.Fadok-6328944-0 > is too short > WARNING: [LibClamAV] cli_parse_add(): Problem adding signature (3). > WARNING: [LibClamAV] Problem parsing database at line 2793 > WARNING: [LibClamAV] Can't load daily.ldb: Malformed database > WARNING: [LibClamAV] cli_tgzload: Can't load daily.ldb > WARNING: [LibClamAV] Can't load > /var/lib/clamav/clamav-67926f9ec604f961a16747a484057689.tmp/clamav- > 250dc2257e1473258a61b534dbdef759.cld: > Malformed database > ERROR: Failed to load new database: Malformed database > WARNING: Database load exited with status 55 > ERROR: Failed to load new database > > Is this a known issue, or is there something else we should be doing to > clear the problem? Thank you in advance for your help. > > -J > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- --- Dave Raynor Talos Security Intelligence and Research Group dray...@sourcefire.com ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load
draynor at sourcefire.com wrote: > To work around the trouble, you can add the "Win.Worm.Fadok-6328944-0" to a > local ign2 file in the same directory as the daily.cvd or daily.cld and any > affected ClamAV versions will load properly. I am seeing the issue in 0.98.6 and I tried to create a ign2 file, however this doesn't fix the issue, it looks like the entry is processed regardless. Is there another way to fix that other than waiting for the update? Thanks. Alexander -- Alexander Lehmann https://about.me/alexlehm ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] daily-23474 & daily-23475 updates are failing to load
On Fri, Jun 16, 2017 at 03:18 AM, Alexander Lehmann wrote: > > draynor at sourcefire.com wrote: > >> To work around the trouble, you can add the "Win.Worm.Fadok-6328944-0" to a >> local ign2 file in the same directory as the daily.cvd or daily.cld and any >> affected ClamAV versions will load properly. > > I am seeing the issue in 0.98.6 and I tried to create a ign2 file, however > this doesn't fix the issue, it looks like the entry is processed regardless. > > Is there another way to fix that other than waiting for the update? > > > Thanks. Alexander Update to a 0.99.x scan engine. Yours is almost two years old now. -Al- -- Al Varnell Mountain View, CA smime.p7s Description: S/MIME cryptographic signature ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
