Luigi Iotti wrote:
> Hi all
>
> I'm new on the list, is this is a FAQ please tell me so. I'm unsure if
> my problem is related to the other one that today is discussed on the
> list.
>
> I have several clamav installations. I use it with Postfix on CentOS
> (very similar to Red Hat). I use the clamav RPM packages available on
> http://crash.fce.vutbr.cz , but recompiled on CentOS.
>
> Last night suddenly, on several of my custoers' mail servers, clamd
> stopped running.
> In the lo I find:
> Wed Apr 11 04:02:13 2007 -> SelfCheck: Database status OK.
> Wed Apr 11 04:38:23 2007 -> SelfCheck: Database modification detected.
> Forcing reload.
> Wed Apr 11 04:38:24 2007 -> Reading databases from /var/lib/clamav
> Wed Apr 11 04:38:24 2007 -> ERROR: reload db failed: Broken or not a
CVD file
> Wed Apr 11 04:38:24 2007 -> Terminating because of a fatal error.
> Wed Apr 11 04:38:24 2007 -> Socket file removed.
> Wed Apr 11 04:38:24 2007 -> Pid file removed.
> Wed Apr 11 04:38:24 2007 -> --- Stopped at Wed Apr 11 04:38:24 2007
>
> This happened on at least 10 different installations, more or less at
> the same time.
>
> I noticed that:
> 1) the problem seems to occur only on 0.90 installations. Servers
> still with 0.8x seem not to be affected.
> 2) In /var/lib/clamav , after clamd stopped running, I find the
> directories daily.inc, main.inc anche the mirrors.dat file. No .cvd
> files.
>
> I'm looking for the reason of this massive problem, and I'd like to
> know if this can be an isolated episode (maybe due to a broken update
> file).
>
> I found a minor problem in the RPM package, too. In the rc file,
> /etc/init.d/clamd, it checks for the existence of
> /var/lib/clamav/main.cvd and , if not found, it exits echoing "ERROR:
> Clamav DB missing! Run 'freshclam --verbose' as root."
> Having main.inc and not main.cvd, my clamd refused to start with this
> error. Maybe the package author is listening reading this ML, so he
> can correct his packages. It seems to me that it is sufficient to
> check for the existence of the file /var/lib/clamav/main.cvd OR the
> directory /var/lib/clamav/main.inc . Is this be correct (I mean,
> main.inc took the place of main.cvd)?
>
> Thanks for the attention.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://lurker.clamav.net/list/clamav-users.html
>
I have the same here...
Tue Apr 10 20:19:34 2007 -> Database correctly reloaded (107793
signatures)
Wed Apr 11 06:19:21 2007 -> SelfCheck: Database modification detected.
Forcing reload.
Wed Apr 11 06:19:22 2007 -> Reading databases from /var/lib/clamav
Wed Apr 11 06:19:22 2007 -> ERROR: reload db failed: Broken or not a
CVD file
Wed Apr 11 06:19:22 2007 -> Terminating because of a fatal error.Wed
Apr 11 06:19:23 2007 -> Socket file removed.
Wed Apr 11 06:19:23 2007 -> Pid file removed.
Wed Apr 11 06:19:23 2007 -> --- Stopped at Wed Apr 11 06:19:23 2007
I tried restarting the deamon with the same results.
My ClamWin also died today on my personal computer!!!
I fixed ClamWin by blowing away the databases and re-downloading them.
I'll try the same for clamav on the server to see if it fixes the
problem. But this error is CATASTROPHIC.
- -James
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
(text/plain)