Results 1 to 6 of 6

Thread: [SOLVED] clamd won't start: malformed database

  1. #1
    thenetmonkey is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    6

    Exclamation [SOLVED] clamd won't start: malformed database

    As my subject indicates, I'm having a problem where clamd won't start because it reports "malformed database" in my clamd.log file.

    here is the log from freshclam:
    --------------------------------------
    Received signal: wake up
    ClamAV update process started at Sun Jun 22 07:43:03 2008
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.92.1 Recommended version: 0.93.1
    DON'T PANIC! Read Clam AntiVirus
    main.inc is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven)
    Downloading daily-7532.cdiff [100%]
    daily.inc updated (version: 7532, sigs: 93812, f-level: 31, builder: ccordes)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 26, recommended = 31
    DON'T PANIC! Read Clam AntiVirus
    Database updated (325646 signatures) from db.us.clamav.net (IP: 65.120.238.2)
    Clamd successfully notified about the update.
    --------------------------------------

    Here is the log of the update that failed from clamd.log:
    Sun Jun 22 07:43:06 2008 -> SelfCheck: Database modification detected. Forcing reload.
    Sun Jun 22 07:43:06 2008 -> Reading databases from /opt/zimbra/data/clamav/db
    Sun Jun 22 07:43:13 2008 -> ERROR: reload db failed: Malformed database
    Sun Jun 22 07:43:13 2008 -> Terminating because of a fatal error.
    Sun Jun 22 07:43:13 2008 -> Pid file removed.
    Sun Jun 22 07:43:13 2008 -> --- Stopped at Sun Jun 22 07:43:13 2008

    here is the output of clamscan -d dail.cvd:
    /opt/zimbra/clamav/bin/clamscan -d daily.cvd
    LibClamAV Warning: **************************************************
    LibClamAV Warning: *** The virus database is older than 7 days! ***
    LibClamAV Warning: *** Please update it as soon as possible. ***
    LibClamAV Warning: **************************************************
    /opt/zimbra/data/clamav/db/main.cvd: OK
    /opt/zimbra/data/clamav/db/mirrors.dat: OK
    /opt/zimbra/data/clamav/db/daily.cvd: OK

    ----------- SCAN SUMMARY -----------
    Known viruses: 6307
    Engine version: 0.92.1
    Scanned directories: 1
    Scanned files: 3
    Infected files: 0
    Data scanned: 11.04 MB
    Time: 0.623 sec (0 m 0 s)

    here is output of clamscan -d main.cvd:
    /opt/zimbra/clamav/bin/clamscan -d main.cvd
    /opt/zimbra/data/clamav/db/main.cvd: OK
    /opt/zimbra/data/clamav/db/mirrors.dat: OK
    /opt/zimbra/data/clamav/db/daily.cvd: OK

    ----------- SCAN SUMMARY -----------
    Known viruses: 169676
    Engine version: 0.92.1
    Scanned directories: 1
    Scanned files: 3
    Infected files: 0
    Data scanned: 11.04 MB
    Time: 6.866 sec (0 m 6 s)

    ----------------------------------------------
    As far as I can tell, the databases are good.
    I've even tried renaming them (daily and main), and having freshclam pull in new ones; the new files have the same md5sum as my old files, so I don't think they are actually corrupt.

    I've disabled the antivirus service for now so that the company can send and receive email.

    Anyone have any suggestions on how to get clamd running again?

    Let me know if you need any other information.

    Thanks,
    Billy

  2. #2
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Welcome to the forums,

    What was the process you followed to grab new defs?
    su - zimbra
    mkdir /tmp/clamdb
    mv /opt/zimbra/clamav/db/* /tmp/clamdb
    zmprov ms `zmhostname` +zimbraServiceEnabled antivirus
    /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
    zmamavisctl stop
    zmamavisctl start

    http://www.zimbra.com/forums/announc...html#post62754 so we know which version you are running (though clamav 0.92.1 does narrow it some).

  3. #3
    thenetmonkey is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    6

    Default

    thanks for the tip, i just updated my profile.
    zmcontrol -v reports:
    Release 5.0.4_GA_2101.UBUNTU6 UBUNTU6 FOSS edition
    this is running in a vmware image.

    I used this process to grab the new defs:
    #ran as user zimbra
    zmantivirusctl stop
    #made sure no amavis or clam processes were running

    #backed up old DBs
    cd /opt/zimbra/data/clamav/db
    mv daily.cvd .daily.cvd.bak
    mv main.cvd .main.cvd.bak

    #started freshclam to grab new DBs
    /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
    #verified that daily.cvd and main.cvd were created
    #verified that md5sums were identical to old files

    #removed old dbs
    rm .daily.cvd.bak .main.cvd.bak

    #started antivirus
    zmantivirusctl start
    #script reported that amavisd was running, but clamd was not
    #checked /opt/zimbra/logs/clamd.log and it showed malformed database error again

    #tried starting clamd directly
    zmclamdctl start
    #clamd.log had another malformed database error

    amavisd starts up fine... it's just clamd that has the problem.

    the antivirus service was already enabled in zimbra, so I didn't think I needed to reprovision it... it had been working fine for a couple months prior to the DB update on Jun 22 at 7:43am.

  4. #4
    thenetmonkey is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    6

    Default

    OK, looks like i was doing the freshclam update wrong, and i was using clamscan wrong as well.

    here is how i should have been using clamscan to test the dbs:
    zimbra@zimbra:~/data/clamav/db$ /opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db
    LibClamAV Error: cli_loadmd5: Problem parsing database at line 84369
    LibClamAV Error: Can't load /opt/zimbra/data/clamav/db/daily.inc/daily.mdb: Malformed database
    ERROR: Malformed database

    ----------- SCAN SUMMARY -----------
    Known viruses: 355
    Engine version: 0.92.1
    Scanned directories: 0
    Scanned files: 0
    Infected files: 0
    Data scanned: 0.00 MB
    Time: 0.864 sec (0 m 0 s)

    this shows that my data/clamav/db/daily.inc/daily.mdb file had a problem at line 84369

    My other problem was that I had only removed the .cvd files from the db directory, not the daily.inc directory as well. So, I moved all the files out of the db directory, and ran freshclam again. This time it took quite a bit longer to grab all the updates. After the update, I ran:
    zimbra@zimbra:~/data/clamav/db$ /opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db
    LibClamAV Warning: ************************************************** *********
    LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
    LibClamAV Warning: *** DON'T PANIC! Read Clam AntiVirus ***
    LibClamAV Warning: ************************************************** *********
    LibClamAV Warning: ************************************************** *********
    LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
    LibClamAV Warning: *** DON'T PANIC! Read Clam AntiVirus ***
    LibClamAV Warning: ************************************************** *********
    /opt/zimbra/data/clamav/db/main.cvd: OK
    /opt/zimbra/data/clamav/db/daily.cvd: OK
    /opt/zimbra/data/clamav/db/mirrors.dat: OK

    ----------- SCAN SUMMARY -----------
    Known viruses: 405927
    Engine version: 0.92.1
    Scanned directories: 1
    Scanned files: 3
    Infected files: 0
    Data scanned: 31.41 MB
    Time: 14.455 sec (0 m 14 s)

    this time it showed my that my db files were OK.

    then it was just a matter of provisioning/enabling the antivirus service, and restarting zimbra.

    Now my clamd is running correctly.

  5. #5
    thenetmonkey is offline Junior Member
    Join Date
    Jun 2008
    Posts
    5
    Rep Power
    6

    Default

    hmm... i just replied with my solution, but it looks like it didn't get added.
    my problem boiled down to using clamscan -d wrong, and to not updateding the virus DBs correctly with fresh clam.

    i had to remove all the files from the data/clamav/db directory, and then run freshclam to have them all repopulated.

    Once I did that, clamd was able to start successfully

    Also, the proper way to check the DB files for errors is this to pass the path to the DB directory as the parameter to -d, like this:
    zimbra@zimbra:~/data/clamav/db$ /opt/zimbra/clamav/bin/clamscan -d /opt/zimbra/data/clamav/db/

    LibClamAV Error: cli_loadmd5: Problem parsing database at line 84369
    LibClamAV Error: Can't load /opt/zimbra/data/clamav/db//daily.inc/daily.mdb: Malformed database
    ERROR: Malformed database

    ----------- SCAN SUMMARY -----------
    Known viruses: 355
    Engine version: 0.92.1
    Scanned directories: 0
    Scanned files: 0
    Infected files: 0
    Data scanned: 0.00 MB
    Time: 0.864 sec (0 m 0 s)
    Last edited by thenetmonkey; 06-23-2008 at 02:42 PM.

  6. #6
    mmorse's Avatar
    mmorse is offline Moderator
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    20

    Default

    Cool, you just hit our watchdog fido (post should show up now).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Errors installing Outlook Connector
    By Tim G in forum Zimbra Connector for Outlook
    Replies: 57
    Last Post: 05-05-2011, 02:27 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Clamd: ERROR: Unable to lock database directory!
    By zibra in forum Administrators
    Replies: 4
    Last Post: 03-11-2008, 10:07 AM
  4. Error Installing Outlook Connector
    By DanO in forum Zimbra Connector for Outlook
    Replies: 17
    Last Post: 08-28-2007, 09:35 AM
  5. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •