I poked around based on the 'Disable Official Database' thread previously
mentioned. Clam wanted nothing to do with either missing or zero length main
and daily files.
However digging in to syslogs, I found this interesting tidbit of information:
Nov 17 09:10:20 mkdir[4491]: /bin/mkdir: cannot create directory
‘/run/clamav’: File exists
Nov 17 09:10:57 clamd[4496]: LibClamAV Error: mpool_malloc(): Can't allocate
memory (262144 bytes).
Nov 17 09:10:58 clamd[4496]: LibClamAV Error: hm_addhash_bin: failed to grow
virusname array to 4097 entries
Nov 17 09:10:59 clamd[4496]: LibClamAV Error: cli_loadhash: Malformed hash
string at line 2737562
Nov 17 09:11:01 clamd[4496]: LibClamAV Error: cli_loadhash: Problem parsing
database at line 2737562
Nov 17 09:11:01 clamd[4496]: LibClamAV Error: Can't load main.mdb: Can't
allocate memory
Nov 17 09:11:01 clamd[4496]: LibClamAV Error: cli_tgzload: Can't load main.mdb
Nov 17 09:11:01 clamd[4496]: LibClamAV Error: Can't load
/var/lib/clamav/main.cvd: Malformed database
Nov 17 09:11:01 clamd[4496]: LibClamAV Error: cli_loaddbdir(): error loading
database /var/lib/clamav/main.cvd
Nov 17 09:11:01 clamd[4496]: Sun Nov 17 09:10:57 2019 -> !Malformed database
Nov 17 09:11:01 clamd[4496]: Sun Nov 17 09:10:57 2019 -> *Closing the main
socket.
Nov 17 09:11:01 systemd[1]: clamav-daemon.service: Main process exited,
code=exited, status=1/FAILURE
Nov 17 09:11:01 systemd[1]: clamav-daemon.service: Unit entered failed state.
Nov 17 09:11:01 systemd[1]: clamav-daemon.service: Failed with result
'exit-code'.
free -m
totalusedfree shared buff/cache available
Mem:994 250 692 12 51 642
Swap: 0 0 0
So the question now is where to go from here
From: clamav-users on behalf of Jim
Ward via clamav-users
Sent: Saturday, November 16, 2019 9:45 AM
To: ClamAV users ML
Cc: Jim Ward
Subject: Re: [clamav-users] ERROR: Malformed database -> Closing the main
socket.
Thank you for the reply. Let me clarify. Build is definitely the wrong term.
I am ultimately building out a Mailman system using Amavis and Postfix all on
an Amazon EC2 Instance. I started out grabbing the Mailman3 package from the
amazon community which loaded with Postfix and I'm not sure what OS. Upon
installing ClamAV attempt I received my now infamous ERROR: Malformed database.
I will mention that I also installed SpamAssassin. As I have familiarity with
Debian for a number of years, but consider myself novice at best, probably
closer to newb, I decided to abort the Mailman EC2 package effort and create an
EC2 Instance using Debian Stretch as the Debian Buster packages came with a
monetary cost. Targeting Mailman3 as the final goal I upgraded the
distribution to Debian Buster but based on some of the package upgrade messages
I aborted that effort. So to present moment, I have decided to target Mailman2
on Debian Stretch with Postfix and Amavis. I have not done, nor do I intend to
do, any builds from source. My 'builds', as poorly stated, have all been
simply EC2 machines with OS and package loads. I'm trying to keep it as simple
as possible. All package loads have been done via apt-get.
freshclam is running to update the databases, if I'm even in the ballpark on
that suspicion. Nothing that I know of is updating the databases but ...
:/var/lib/clamav$ ls -ltr
total 548360
-rw-r--r-- 1 clamav clamav 117892267 Nov 10 10:27 main.cvd.old
-rw-r--r-- 1 clamav clamav296388 Nov 10 10:28 bytecode.cvd.old
-rw-r--r-- 1 clamav clamav 162196992 Nov 13 04:30 daily.cld.old
-rw-r--r-- 1 clamav clamav 117892267 Nov 13 05:07 main.cvd
-rw-r--r-- 1 clamav clamav296388 Nov 13 05:08 bytecode.cvd
-rw-r--r-- 1 clamav clamav 162930688 Nov 16 05:10 daily.cld
-rw--- 1 clamav clamav 256 Nov 16 09:10 mirrors.dat
/var/log/clamav/freshclam.log
Sat Nov 16 05:10:17 2019 -> Received signal: wake up
Sat Nov 16 05:10:17 2019 -> ClamAV update process started at Sat Nov 16
05:10:17 2019
Sat Nov 16 05:10:17 2019 -> main.cvd is up to date (version: 58, sigs: 4566249,
f-level: 60, builder: sigmgr)
Sat Nov 16 05:10:18 2019 -> Downloading daily-25635.cdiff [100%]
Sat Nov 16 05:10:46 2019 -> daily.cld updated (version: 25635, sigs: 1993543,
f-level: 63, builder: raynman)
Can't query daily.25635.105.1.0.6810DB54.ping.clamav.net
Sat Nov 16 05:10:51 2019 -> bytecode.cvd is up to date (version: 331, sigs: 94,
f-level: 63, builder: anvilleg)
Sat Nov 16 05:10:55 2019 -> Database updated (6559886 signatures) from
db.local.clamav.net (IP: 104.16.219.84)
Sat Nov 16 05:10:55 2019 -> WARNING: Clamd was NOT notified: Can't connect to
clamd through /var/run/clamav/clamd.ctl: No such file or directory
Sat Nov 16 05:10:55 2019 -> --
Sat Nov 16 06:10:55 2019 -> Received signal: