ClamAV stopped and does not start with custom viruses definition bases

ClamAV shut down and no longer starts. And Directadmin Alert: The ‘clamd’ service on server server.domain.com is currently down. Here is a possible cause and solution.

Popular installations for the DirectAdmin server recommend adding a virus definition base to malware. Experts, they used to be free, and now they’re commercial, and because of the way they’ve turned things around, all ClamAV installations are at risk. ClamAV stops working.

Remove malware. Expert from ClamAV

First we remove the broken virus definition base

rm -f /usr/local/share/clamav/malware.expert*
cp -p /etc/freshclam.conf /etc/freshclam.conf.bak
perl -pi -e 's#^DatabaseCustomURL  /etc/freshclam.conf

Restart the clamd process:

service clamd restart

Make sure the ClamAV daemon is started:

ps aux | grep clam

If clamed started, now the problem is solved. If it still fails, then the reason is something else.

Remove malware. Expert from Maldet (Malware Scanner)

Remove malware. Expert from configuration, it’s stored in options: import_custsigs_md5_url And import_custsigs_hex_url,

cp -p /usr/local/maldetect/conf.maldet /usr/local/maldetect/conf.maldet.bak
perl -pi -e 's#^import_custsigs_md5_url=.*#import_custsigs_md5_url=""#' /usr/local/maldetect/conf.maldet
perl -pi -e 's#^import_custsigs_hex_url=.*#import_custsigs_hex_url=""#' /usr/local/maldetect/conf.maldet
grep ^import_custsigs /usr/local/maldetect/conf.maldet

From then on you should save.

Have fun

Leave a Comment