Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 2171869

Summary: daily.cvd in clamav-0.103.8-1 fails md5sum by clamscan
Product: [Fedora] Fedora Reporter: Neil Hanlon <neil>
Component: clamavAssignee: Sergio Basto <sergio>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: anon.amish, bennie.joubert, gbcox, j, lee.jnk, ondrejj, orion, pgnet.dev, redhat-bugzilla, rh-bugzilla, sergio, steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: clamav-0.103.8-3.fc36 clamav-0.103.8-3.fc37 clamav-0.103.8-3.el7 clamav-0.103.8-3.el8 clamav-0.103.8-3.el9 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-21 01:54:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Neil Hanlon 2023-02-20 16:54:49 UTC
Description of problem:

clamav-0.103.8-1 in Fedora & EPEL from [1] has a daily.cvd database which displays an error to the user when running clamscan due to failed signature verification of daily.cvd:

```
LibClamAV Error: Can't load /var/lib/clamav/daily.cvd: Can't verify database integrity
LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/daily.cvd
ERROR: Can't verify database integrity
```

(trimmed for brevity)

With debug on, the following is printed:

```
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9a3223dfc90446e2384856212b2a446f
LibClamAV debug: cli_cvdverify: MD5 verification error
```

Version-Release number of selected component (if applicable): clamav-0.103.8-1


How reproducible: Always


Steps to Reproduce:
1. Install release 0.103.8-1 of clamav-data
2. Run a clamscan command e.g. `clamscan --infected --recursive .`

Actual results:

The scan results in error messages like the above.

Expected results:

Scan completes without an error message regarding the database integrity

Additional info:

This can be mitigated by using `freshclam` provided by `clamav-update` to upgrade to a newer CVD manually.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2170297

Comment 1 Fedora Update System 2023-02-20 17:09:32 UTC
FEDORA-EPEL-2023-d1e7c4387e has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d1e7c4387e

Comment 2 Fedora Update System 2023-02-20 17:09:33 UTC
FEDORA-2023-e272374534 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-e272374534

Comment 3 Fedora Update System 2023-02-20 17:09:34 UTC
FEDORA-EPEL-2023-466d8ae059 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-466d8ae059

Comment 4 Fedora Update System 2023-02-20 17:09:34 UTC
FEDORA-2023-3ba365d538 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2023-3ba365d538

Comment 5 Fedora Update System 2023-02-20 17:09:35 UTC
FEDORA-EPEL-2023-5cb6798308 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5cb6798308

Comment 6 Fedora Update System 2023-02-21 01:23:25 UTC
FEDORA-2023-e272374534 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-e272374534`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-e272374534

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2023-02-21 01:53:32 UTC
FEDORA-EPEL-2023-d1e7c4387e has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d1e7c4387e

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2023-02-21 01:54:11 UTC
FEDORA-2023-3ba365d538 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 9 Fedora Update System 2023-02-21 02:06:49 UTC
FEDORA-EPEL-2023-466d8ae059 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-466d8ae059

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 10 Fedora Update System 2023-02-21 02:23:26 UTC
FEDORA-EPEL-2023-5cb6798308 has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5cb6798308

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 11 Fedora Update System 2023-02-22 10:11:50 UTC
FEDORA-2023-e272374534 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 12 Fedora Update System 2023-02-22 10:39:45 UTC
FEDORA-EPEL-2023-466d8ae059 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2023-03-01 00:35:05 UTC
FEDORA-EPEL-2023-5cb6798308 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 14 Fedora Update System 2023-03-01 02:55:41 UTC
FEDORA-EPEL-2023-d1e7c4387e has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.