2

Since updating clamd to 0.99.2-1.e15 on our RedHat 5 x86_64 system, it has failed to start successfully. The error we get is as follows:

LibClamAV Error: cli_pcre_compile: PCRE compilation failed at offset 52: unrecognized character after (?<
LibClamAV Error: cli_pcre_build: failed to build pcre regex
ERROR: Database initialization error: Malformed database [FAILED]

Freshclam works fine. I've even removed clamd, clamav-milter, and freshclam, then re-installed them (using "yum install clamd" and "yum install clamav-milter"), but even after running freshclam, I get the same error when trying to start clamd (using service clamd start).

I've been Googling this error and found a Mac OS X with a similar issue but the patch was not available

Please advise because I'm not sure how to correct this issue. It appears to be something with PCRE, but I'm not sure (we're running pcre.x86_64, version 6.6-9.el5).

Tolsadus
  • 1,123
  • 11
  • 22
Jamen McGranahan
  • 21
  • 1
  • 2
  • clamav is an EPEL package. Have you [filed a bug report](https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=clamav)? Also keep in mind that RHEL 5 support ends March 31 (in 27 days). – Michael Hampton Mar 03 '17 at 23:04
  • I'm seeing this problem on a CentOS 5 server as of a few hours ago. ClamAV is installed via WHM 56.0 (build 43). – Trane Francks Mar 04 '17 at 00:48

2 Answers2

3

In summary:
This temporary workaround from the CentOS 5 CLI (Command Line Interface) got our mail happily flowing again via amavisd-new:

sudo sh -c "cat << EOF >> /var/lib/clamav/daily-23161.ign2
Doc.Macro.GenericHeuristic-5901772-0
Doc.Macro.GenericHeuristic-5931846-1
EOF
service clamd restart"

More details:
The (filename doesn't matter).ign2 whitelists the troublesome entries from the latest daily.cvd
Thanks @Jamen-McGranahan for the OP (Original Post) and @Michael-Hampton for mentioning bug report. Found these resources useful:
ClamAV Bugzilla: Bug 11800 - 23161 seems to break clamd
Stack Overflow: How do I use sudo to redirect output ...
Unix & Linux Stack Exchange: How to append multiple lines to a file with bash

Community
  • 1
raymov
  • 31
  • 4
1

The problem is the daily update. I restored the daily.cld from a few days ago and it works fine. I also disabled freshclam for now so it doesn't mess it up again.

Peter
  • 11
  • 2
  • 1
    Just ran freshclam and it appears that the updates are now fixed. – Peter Mar 04 '17 at 04:14
  • They reversed the PCRE 7+ requirement for the signatures. We can expect this problem to happen again once RHEL/CentOS/CloudLinux 5 reach EOL later this month. – Trane Francks Mar 05 '17 at 01:29