ClamAV unofficial signatures BAD SKIPPING

Good morning ClamAV – what is this? You are complaining about a bunch of your unofficial signatures, and that is causing you much pain – specifically the entertaining concept of BAD SKIPPING.

The logging looks a bunch like this (there is more than this – but it gets a bit TL;DR):

Clamscan reports SecuriteInfo honeynet.hdb database integrity tested BAD – SKIPPING
rsync: link_stat “/var/cache/clamav-unofficial-sigs/si-dbs/honeynet.hdb” failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: honeynet.hdb – SKIPPING
Clamscan reports SecuriteInfo securiteinfo.hdb database integrity tested BAD – SKIPPING
rsync: link_stat “/var/cache/clamav-unofficial-sigs/si-dbs/securiteinfo.hdb” failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfo.hdb – SKIPPING
Clamscan reports SecuriteInfo securiteinfobat.hdb database integrity tested BAD – SKIPPING
rsync: link_stat “/var/cache/clamav-unofficial-sigs/si-dbs/securiteinfobat.hdb” failed: No such file or directory (2)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.1]
Failed to successfully update SecuriteInfo production database file: securiteinfobat.hdb – SKIPPING
Clamscan reports SecuriteInfo securiteinfodos.hdb database integrity tested BAD – SKIPPING

So – after a bit of trying to figure out what was going on – the solution is a simple one – stop it from replicating those

/usr/share/clamav-unofficial-sigs/conf.d/00-clamav-unofficial-sigs.conf is your friend – so comment out the references to the SecuriteInfo resources as such:

# ========================
# SecuriteInfo Database(s)
# ========================
# Add or remove database file names between quote marks as needed. To
# disable any SecuriteInfo database downloads, remove the appropriate
# lines below. To disable all SecuriteInfo database file downloads,
# comment all of the following lines.
#si_dbs=”
#honeynet.hdb
#securiteinfo.hdb
#securiteinfobat.hdb
#securiteinfodos.hdb
#securiteinfoelf.hdb
#securiteinfohtml.hdb
#securiteinfooffice.hdb
#securiteinfopdf.hdb
#securiteinfosh.hdb
#”

The upshot at the next freshclam (which heads off to get new shiny versions of virus definitions) run is that it logs the removal of the files that do not exist (apparently) in the following way. Great success \o/.

File removed: /var/cache/clamav-unofficial-sigs/si-dbs/honeynet.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfobat.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfodos.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfoelf.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfo.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfohtml.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfooffice.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfopdf.hdb
File removed: /var/cache/clamav-unofficial-sigs/si-dbs/securiteinfosh.hdb
File removed: /var/lib/clamav/honeynet.hdb
File removed: /var/lib/clamav/securiteinfobat.hdb
File removed: /var/lib/clamav/securiteinfodos.hdb
File removed: /var/lib/clamav/securiteinfoelf.hdb
File removed: /var/lib/clamav/securiteinfo.hdb
File removed: /var/lib/clamav/securiteinfohtml.hdb
File removed: /var/lib/clamav/securiteinfooffice.hdb
File removed: /var/lib/clamav/securiteinfopdf.hdb
File removed: /var/lib/clamav/securiteinfosh.hdb

So while not strictly a solution – it allows things to continue without issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this:
Skip to toolbar