On Mon, 26 Apr 2010, Christian Gonzalez wrote: > Hi, > > I have a mailserver running Slackware 12.1 with Postfix, Dovecot, > Amavis-new, SpamAssassin and Clamav. It has been working fine for more > than a year. I builded it following a howto from workaround.org. But like > many others, I suffered Clamav 0.94 EOL process since 16th this month. I > managed to upgrade it to 0.96 but was not able to use it due to an error: > > > LibClamAV debug: Loaded 117 filetype definitions > LibClamAV debug: daily.ftm loaded > LibClamAV debug: daily.db loaded > LibClamAV Error: cli_caloff: Offset string too long > LibClamAV Error: cli_bm_addpatt: Can't calculate offset for signature > Exploit.PDF-11591 > LibClamAV Error: cli_loadmd5: Error adding BM pattern > LibClamAV Error: cli_loadmd5: Problem parsing database at line 1 > LibClamAV Error: Can't load daily.hdb: Malformed database > LibClamAV Error: cli_tgzload: Can't load daily.hdb > LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Malformed database > ERROR: Malformed database > Closing the main socket [snip..]
That signature "Exploit.PDF-11591" is in the current ClamAV distro and a proper install of ClamAV 0.96 has no trouble using it. My guess is that error is caused by an old version of LibClamAV trying to parse that signature. I would bet that there are three possible causes of your problem: 1) the update/install did not complete successfuly so the old version is still installed (not replaced). 2) The ClamAV update/install completed successfully but didn't install it in the place that Amavis-new uses, so Amavis-new is still using the old version. 3) Everything is new and where it should be but you didn't restart Amavis-new so it still has the old library loaded and in use. Suggestions; completely kill and restart Amavis-new, see if it loads and uses the new LibClamAV library. If that doesn't fix it, find -all- instances of LibClamAV on your system, remove them, re-do the 0.96 install and restart. If it still isn't working, ask your question on the Amavis list as there may be some update for Amavis-new that is also needed. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{