-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of peter Sent: Monday, May 03, 2004 6:39 AM To: [EMAIL PROTECTED] Subject: [Clamav-users] Re: malformed pattern
peter wrote:
peter wrote:
Jim Maul wrote:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of peter Sent: Friday, April 30, 2004 12:05 PM To: [EMAIL PROTECTED] Subject: [Clamav-users] malformed pattern
Hi, I have problem with clamav 0.70 stable. Malformed patter line 13898 (file /var/spool/qmailscan/tmp/....../viruses.db) Incomplete block read cli_cvdload(): Can't unpack CVD file CVD extraction failure
This problem I see just with clamscan. I tried scan (by
qmail-scanner)
with clamd/clamdscan and this problem did not appear.
I deleted .cvd files and ran freshclam again, but it did not help. I saw somewhere that clamdscan uses internal (lib) unrar routine and clamdscan does not know to use external unrar3.x. And I want to check rar files too. If I understand it, then i have to use clamscan with "--unrar" option to scan rar files. Is it correct.
Are you still using old style .db files? These can be removed in favor of the newer .cvd files.
Jim
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Hi,
As I wrote I am using .cvd files already. I installed clamav 0.70 stable 4 days ago. After istallation I removed .cvd files and ran freshclam few times again (I was thinking that perhaps .cvd files are incorrectly downloaded or something like this). I googled somewhat and found here:
"http://www.mail-archive.com/[EMAIL PROTECTED] ge.net/msg02282.html"
this:
......... I was getting plenty of error messages like this: 28/08/2003 10:10:13:3361: --output of clamscan was: LibClamAV Error: cli_calloc(): Can't allocate memory (98 bytes). calloc_problem: Cannot allocate memory LibClamAV Error: readdb(): Malformed pattern line 8706 (file /usr/local/share/clamav/viruses.db). ERROR: Malformed database. -- 28/08/2003 10:10:13:3361: tempfail: X-Qmail-Scanner-1.16: clam_scanner: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50
If you are getting similar permutations on this theme the clamd/clamdscan pairing may be the way to go for you.
Author: Steve Crowder E-mail: steve (at) crowders (dot) org Date: 28/08/2003 .........
But there is no explanation why to use clamd/clamdscan and what is wrong or how to fix problem with clamscan.
Thanks.
Peter
This message you googled is most likely a problem with the softlimit. The poster mentioned using clamd/clamdscan most likely to reduce the memory/processor overhead of using clamscan. This most likely will NOT help you as i dont believe you have the same problem.
<SNIP>
Now I found that clamscan is still looking for viruses.db file. Now I added "--database=/usr/local/share/clamav/" option to clamscan
and still
the same error message. Clamscan is still looking for .db file(s). In help for clamscan is this: "Load virus database from FILE or load all .db and db2 files from DIR" as decription for option "--database". Question is, how to make it work with .cvd files. Version of
clamscan is
also 0.70. Reason why I want to use clamscan instead of clamd/clamdscan is that clamd cannot use external .rar files unpacker.
Clamav will attempt to use any .db file that it can find. These are old style databases and should most likely be removed from your system. Removing *.cvd and re-downloading will not help as the .db files are still there. Also, you dont have to "make" clamav work with .cvd files as this is the default. Your clam installation is not ignoring your .cvd files, its just using the .db ones also.
I'm running clamscan via qmai-scanner-queue.pl and in $clamscan_option I have "--database=/usr/local/share/clamav/", but /var/spool/qmailscann/qmail-queue.log showes me still the same error message. In this log file I can see correct path pointed to .cvd directory, but it seems that clamscan is looking stil to /var/spool/qmailscan/tmp/host.domain.tld21312312/clamav-424242345/ viruses.db for .db file. If I run clamscan as root (via command line) with the same options which are in qmail-queue-scanner.pl ($clamscan_option) everything looks ok.
Im not sure whats telling clamav to use /var/spool/qmailscan/tmp/host.domain.tld21312312/clamav-424242345/ but you may want to check /etc/clamav.conf and /etc/freshclam.conf and make sure these arent telling it to do so.
Hope this helps.
Jim
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
Look at these lines bottom (/var/spool/qmailscan/qmail-queue.log). In qmail-scanner-queue.pl is exactly what is in this log file '--database=/usr/local/share/clamav'. And next line (--output of clamscan was) showes that clamscan is looking somewhere else '/var/spool/qmailscan/tmp/samko.domain.tld24234/clamav-ab54545/VIRUSES.DB' . I really don't understand WHY. Btw I think, that clamscan does not search for clamav.conf - this should do clamd/clamdscan only. But just to be sure i already put these settings in clamav.conf.
I don't understand why.... I tried check files/mbox as non-privileged user or root via command line and it worked. And if I run it via qmail-scanner I'm falling in this odd situation.
Mon, 03 May 2004 16:59:25 CEST:17541: scanloop: starting scan of directory "/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541"...
Mon, 03 May 2004 16:59:25 CEST:17541: scanloop: scanner=clamscan_scanner,plain_text_msg=0
Mon, 03 May 2004 16:59:25 CEST:17541: clamscan: starting scan of directory "/var/spool/qmailscan/tmp/samko.domain.tld108359636548217541"...
Mon, 03 May 2004 16:59:25 CEST:17541: run /usr/local/bin/clamscan -r -m --disable-summary --database=/usr/local/share/clamav/ /var/spool/qmailscan/tmp/samko.domain.tld108359636548217541 2>&1
Mon, 03 May 2004 16:59:28 CEST:17541: --output of clamscan was:
LibClamAV Error: readdb(): Malformed pattern line 13771 (file /var/spool/qmailscan/tmp/samko.domain.tld108359636548217541/clamav-ab19271867b1b5cf/viruses.db).
LibClamAV Error: Incomplete block read.
LibClamAV Error: cli_cvdload(): Can't unpack CVD file.
ERROR: CVD extraction failure.
--
Mon, 03 May 2004 16:59:28 CEST:17541: error_condition: X-Qmail-Scanner-1.22: clamscan: corrupt or unknown ClamAV scanner error or memory/resource/perms problem - exit status 50
Peter
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
