This morning at 4:18 EST, we started getting the following notification every minute from our server, i tried to restart clamd but it fails. It seems to be a issue with the clam honeypot DB i think becuase of the message but not sure how to clear it out or get it to re-download the rule. I rebooted a couple times but it still has the issue & we have not done any updates or anything else to the server since the clam update last week when it came out. It seems to have started when the rules were updated this morning.
[psmon/xxx-1.xxxxxxxxxx.com] Failed to spawn 'clamd' with '/sbin/service clamd restart'
Command executed: /sbin/service clamd restart Exit value: 1 Signal number: 0 Dumped core?: 0
Stopping Clam AntiVirus Daemon: [FAILED]
Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
LibClamAV Error: cli_loadhash: Problem parsing database at line 183974 LibClamAV Error: Can't load /var/clamav/ASL-honeypot.hdb: Malformed database
ERROR: Malformed database
Also getting this message but not as much as the one above.
OSSEC HIDS Notification.
2011 Jun 22 07:30:11
Received From: xxx-1->/var/log/psa/maillog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Jun 22 07:30:10 xxx-1 X-Qmail-Scanner-2.08st: [xxx-1.xxxxxxxxxx.com130874220979828301] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2