ClamAv problem started today with "lmd.user.hdb" [#38042]

Submitted by PaliGap on Sat, 09/19/2015 - 05:16 Pro Licensee

I am having this problem suddenly with the lmd.user.hdb file:

Sep 19 10:59:39 myserver systemd: Starting Generic clamav scanner daemon...
Sep 19 10:59:39 myserver systemd: Started Generic clamav scanner daemon.
Sep 19 10:59:39 myserver clamd[20349]: clamd daemon 0.98.5 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 19 10:59:39 myserver clamd[20349]: Running as user clamscan (UID 995, GID 995)
Sep 19 10:59:39 myserver clamd[20349]: Log file size limited to 1048576 bytes.
Sep 19 10:59:39 myserver clamd[20349]: Reading databases from /var/lib/clamav
Sep 19 10:59:39 myserver clamd[20349]: Not loading PUA signatures.
Sep 19 10:59:39 myserver clamd[20349]: Bytecode: Security mode set to "TrustSigned".
Sep 19 10:59:46 myserver clamd: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/lmd.user.hdb
Sep 19 10:59:46 myserver clamd: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/lmd.user.hdb
Sep 19 10:59:46 myserver clamd: ERROR: Can't open file or directory
Sep 19 10:59:46 myserver clamd[20349]: Can't open file or directory
Sep 19 10:59:46 myserver systemd: clamd@scan.service: main process exited, code=exited, status=1/FAILURE

Perhaps it is corrupt? Any ideas how to fix?

Status:

Closed (fixed)

Comments

Submitted by andreychek on Sat, 09/19/2015 - 09:07 Comment #1

Howdy -- hmm, what is the output of this command:

rpm -qa | grep clam

Submitted by JamieCameron on Sat, 09/19/2015 - 12:16 Comment #2

Also, does that /var/lib/clamav/lmd.user.hdb file exist? And if not, does running freshclam create it?

Submitted by PaliGap on Sat, 09/19/2015 - 14:47 Pro Licensee Comment #3

Output of rpm -qa | grep clam is

clamav-filesystem-0.98.5-1.el7.centos.vm.noarch
clamav-server-systemd-0.98.5-1.el7.centos.vm.noarch
clamav-0.98.5-1.el7.centos.vm.x86_64
clamav-data-0.98.5-1.el7.centos.vm.noarch
clamav-server-0.98.5-1.el7.centos.vm.x86_64
clamav-scanner-systemd-0.98.5-1.el7.centos.vm.noarch
clamav-update-0.98.5-1.el7.centos.vm.x86_64
clamav-lib-0.98.5-1.el7.centos.vm.x86_64
clamav-scanner-0.98.5-1.el7.centos.vm.noarch

Submitted by andreychek on Sat, 09/19/2015 - 14:52 Comment #4

Does running the freshclam command help?

Submitted by PaliGap on Sat, 09/19/2015 - 14:53 Pro Licensee Comment #5

That's interesting.

/var/lib/clamav/lmd.user.hdb does exist as a symbolic link to "/usr/local/maldetect/sigs/lmd.user.hdb"!

I use https://www.rfxn.com/projects/linux-malware-detect/

Submitted by andreychek on Sat, 09/19/2015 - 14:57 Comment #6

I wonder if a Linux Malware Detect update caused a problem of some sort.

What happens if you delete that symlink, and then re-run "freshclam".

Does that get ClamAV up and running?

Submitted by PaliGap on Sat, 09/19/2015 - 15:03 Pro Licensee Comment #7

That doesn't seem to help, no. (I mean running freshclam. I haven't tried deleting the symlink yet).

I think perhaps I'll try to contact the Linux Malware Detect folks first

Submitted by PaliGap on Sun, 09/20/2015 - 02:32 Pro Licensee Comment #8

...and it seems it was a Linux Malware Detect update that caused the issue. Ryan at R-fx Networks has fixed it already.

(BTW I use Ryan's APF firewall as well as Malware Detect with Virtualmin and find them to be excellent).

Thanks for your help!