Since a long time my clamd is unable to start on most of my servers (installed via Custombuild). I would like your help to make clamd work again, both to have AV scanning and to stop having the long list of warnings in the messages.
In an attempt to resolve this I have:
1 - removed the old databases in the destination directory that is mentioned in the error (/usr/local/share/clamav), without any change/improvement;
2 - followed the instructions on the DirectAdmin help pages: https://help.directadmin.com/item.php?id=444 and https://help.directadmin.com/item.php?id=370 which did not resolve the problem.
3 - To remove the continuous errors, I set the clamd service to 'no' in the services list for DA to check. Every update somehow automatically sets it to 'yes' again, so I gave up on decluttering this way.
4 - using Custombuild, I removed Clamav in the options.conf and uninstalled it completely, then reinstalled it. To no avail, the same error remains.
Some logs below (in the past there used to be an option to format text more legibly as code with a nice box around it, etc. but this seems no longer possible?):
server]# freshclam -v
ClamAV update process started at Thu Jan 16 04:36:04 2020
Current working dir is /usr/local/share/clamav/
Querying current.cvd.clamav.net
TTL: 1725
fc_dns_query_update_info: Software version from DNS: 0.102.1
Current working dir is /usr/local/share/clamav/
check_for_new_database_version: No local copy of "daily" database.
query_remote_database_version: daily.cvd version from DNS: 25696
daily database available for download (remote version: 25696)
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source: https://database.clamav.net/daily.cvd
downloadFile: Download destination: /usr/local/share/clamav/tmp/clamav-edf7d394f7f4e9d09ee94f8ca5f4ddd1.tmp
* Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NPN, negotiated HTTP2 (h2)
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com
* start date: Aug 24 00:00:00 2019 GMT
* expire date: Mar 1 23:59:59 2020 GMT
* subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x8aafd50)
> GET /daily.cvd HTTP/2
Host: database.clamav.net
user-agent: ClamAV/0.102.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
accept: */*
connection: close
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Thu, 16 Jan 2020 03:36:04 GMT
< content-type: application/octet-stream
< content-length: 57426414
< set-cookie: __cfduid=d03eb603bb1123af257a1b7c87fd1bd201579145764; expires=Sat, 15-Feb-20 03:36:04 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax
< last-modified: Wed, 15 Jan 2020 13:34:00 GMT
< etag: "5e1f14c8-36c41ee"
< expires: Thu, 16 Jan 2020 07:36:04 GMT
< cache-control: public, max-age=14400
< cf-cache-status: HIT
< age: 13765
< accept-ranges: bytes
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 555d0b06ea4a726f-AMS
<
Time: 0.7s, ETA; 0.0s [=======================================>] 54.77MiB/54.77MiB
* Connection #0 to host database.clamav.net left intact
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
ERROR: getcvd: Verification: Malformed database
Trying again in 5 secs...
check_for_new_database_version: No local copy of "daily" database.
query_remote_database_version: daily.cvd version from DNS: 25696
daily database available for download (remote version: 25696)
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source: https://database.clamav.net/daily.cvd
downloadFile: Download destination: /usr/local/share/clamav/tmp/clamav-fdf85705bfae653846deabb2fe0134da.tmp
* Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NPN, negotiated HTTP2 (h2)
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com
* start date: Aug 24 00:00:00 2019 GMT
* expire date: Mar 1 23:59:59 2020 GMT
* subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x8438798)
> GET /daily.cvd HTTP/2
Host: database.clamav.net
user-agent: ClamAV/0.102.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
accept: */*
connection: close
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Thu, 16 Jan 2020 03:37:01 GMT
< content-type: application/octet-stream
< content-length: 57426414
< set-cookie: __cfduid=d7e402ccb18cc62c3e2a9568e5f349fcf1579145821; expires=Sat, 15-Feb-20 03:37:01 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax
< last-modified: Wed, 15 Jan 2020 13:34:00 GMT
< etag: "5e1f14c8-36c41ee"
< expires: Thu, 16 Jan 2020 07:37:01 GMT
< cache-control: public, max-age=14400
< cf-cache-status: HIT
< age: 13822
< accept-ranges: bytes
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 555d0c6b09dac82b-AMS
<
Time: 0.7s, ETA; 0.0s [=======================================>] 54.77MiB/54.77MiB
* Connection #0 to host database.clamav.net left intact
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
ERROR: getcvd: Verification: Malformed database
Giving up on https://database.clamav.net...
ERROR: Update failed for database: daily
WARNING: fc_update_databases: fc_update_database failed: Invalid or corrupted CVD/CLD database (7)
ERROR: Database update process failed: Invalid or corrupted CVD/CLD database (7)
ERROR: Update failed.
And when I try to start clamd manually:
server]# service clamd start
Starting clamd: LibClamAV Error: cli_loaddbdir(): No supported database files found in /usr/local/share/clamav
ERROR: Can't open file or directory [FAILED]
And looking at the folder attributes/rights:
server]# la /usr/local/share/
4 drwxr-xr-x 2 clamav clamav 4096 Jan 16 03:21 clamav
Does anyone have suggestions or experience that could resolve this issue?
Thank you and kind regards,
Harro
In an attempt to resolve this I have:
1 - removed the old databases in the destination directory that is mentioned in the error (/usr/local/share/clamav), without any change/improvement;
2 - followed the instructions on the DirectAdmin help pages: https://help.directadmin.com/item.php?id=444 and https://help.directadmin.com/item.php?id=370 which did not resolve the problem.
3 - To remove the continuous errors, I set the clamd service to 'no' in the services list for DA to check. Every update somehow automatically sets it to 'yes' again, so I gave up on decluttering this way.
4 - using Custombuild, I removed Clamav in the options.conf and uninstalled it completely, then reinstalled it. To no avail, the same error remains.
Some logs below (in the past there used to be an option to format text more legibly as code with a nice box around it, etc. but this seems no longer possible?):
server]# freshclam -v
ClamAV update process started at Thu Jan 16 04:36:04 2020
Current working dir is /usr/local/share/clamav/
Querying current.cvd.clamav.net
TTL: 1725
fc_dns_query_update_info: Software version from DNS: 0.102.1
Current working dir is /usr/local/share/clamav/
check_for_new_database_version: No local copy of "daily" database.
query_remote_database_version: daily.cvd version from DNS: 25696
daily database available for download (remote version: 25696)
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source: https://database.clamav.net/daily.cvd
downloadFile: Download destination: /usr/local/share/clamav/tmp/clamav-edf7d394f7f4e9d09ee94f8ca5f4ddd1.tmp
* Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NPN, negotiated HTTP2 (h2)
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com
* start date: Aug 24 00:00:00 2019 GMT
* expire date: Mar 1 23:59:59 2020 GMT
* subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x8aafd50)
> GET /daily.cvd HTTP/2
Host: database.clamav.net
user-agent: ClamAV/0.102.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
accept: */*
connection: close
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Thu, 16 Jan 2020 03:36:04 GMT
< content-type: application/octet-stream
< content-length: 57426414
< set-cookie: __cfduid=d03eb603bb1123af257a1b7c87fd1bd201579145764; expires=Sat, 15-Feb-20 03:36:04 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax
< last-modified: Wed, 15 Jan 2020 13:34:00 GMT
< etag: "5e1f14c8-36c41ee"
< expires: Thu, 16 Jan 2020 07:36:04 GMT
< cache-control: public, max-age=14400
< cf-cache-status: HIT
< age: 13765
< accept-ranges: bytes
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 555d0b06ea4a726f-AMS
<
Time: 0.7s, ETA; 0.0s [=======================================>] 54.77MiB/54.77MiB
* Connection #0 to host database.clamav.net left intact
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
ERROR: getcvd: Verification: Malformed database
Trying again in 5 secs...
check_for_new_database_version: No local copy of "daily" database.
query_remote_database_version: daily.cvd version from DNS: 25696
daily database available for download (remote version: 25696)
Retrieving https://database.clamav.net/daily.cvd
downloadFile: Download source: https://database.clamav.net/daily.cvd
downloadFile: Download destination: /usr/local/share/clamav/tmp/clamav-fdf85705bfae653846deabb2fe0134da.tmp
* Trying 104.16.219.84:443...
* TCP_NODELAY set
* Connected to database.clamav.net (104.16.219.84) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NPN, negotiated HTTP2 (h2)
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
* Server certificate:
* subject: OU=Domain Control Validated; OU=PositiveSSL Multi-Domain; CN=ssl392509.cloudflaressl.com
* start date: Aug 24 00:00:00 2019 GMT
* expire date: Mar 1 23:59:59 2020 GMT
* subjectAltName: host "database.clamav.net" matched cert's "*.clamav.net"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO ECC Domain Validation Secure Server CA 2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x8438798)
> GET /daily.cvd HTTP/2
Host: database.clamav.net
user-agent: ClamAV/0.102.1 (OS: linux-gnu, ARCH: i386, CPU: i686)
accept: */*
connection: close
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Thu, 16 Jan 2020 03:37:01 GMT
< content-type: application/octet-stream
< content-length: 57426414
< set-cookie: __cfduid=d7e402ccb18cc62c3e2a9568e5f349fcf1579145821; expires=Sat, 15-Feb-20 03:37:01 GMT; path=/; domain=.clamav.net; HttpOnly; SameSite=Lax
< last-modified: Wed, 15 Jan 2020 13:34:00 GMT
< etag: "5e1f14c8-36c41ee"
< expires: Thu, 16 Jan 2020 07:37:01 GMT
< cache-control: public, max-age=14400
< cf-cache-status: HIT
< age: 13822
< accept-ranges: bytes
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< strict-transport-security: max-age=15552000
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 555d0c6b09dac82b-AMS
<
Time: 0.7s, ETA; 0.0s [=======================================>] 54.77MiB/54.77MiB
* Connection #0 to host database.clamav.net left intact
WARNING: [LibClamAV] cli_cvdload: Corrupted CVD header
ERROR: getcvd: Verification: Malformed database
Giving up on https://database.clamav.net...
ERROR: Update failed for database: daily
WARNING: fc_update_databases: fc_update_database failed: Invalid or corrupted CVD/CLD database (7)
ERROR: Database update process failed: Invalid or corrupted CVD/CLD database (7)
ERROR: Update failed.
And when I try to start clamd manually:
server]# service clamd start
Starting clamd: LibClamAV Error: cli_loaddbdir(): No supported database files found in /usr/local/share/clamav
ERROR: Can't open file or directory [FAILED]
And looking at the folder attributes/rights:
server]# la /usr/local/share/
4 drwxr-xr-x 2 clamav clamav 4096 Jan 16 03:21 clamav
Does anyone have suggestions or experience that could resolve this issue?
Thank you and kind regards,
Harro