ClamAV/Freshclam problem

NethServer Version: 7.7.1908

Since sometime last night, I’ve been seeing cron messages as follow:

    ERROR: Database test FAILED.
    ERROR: Unexpected error when attempting to update database: daily
    ERROR: Database update process failed: Test failed (8)
    ERROR: Update failed.

Apart from flooding my mail, I suspect that this may have something to do with a failure I’m seeing getting mail from an SME system. I monitor a number of SME servers through email, which covers everything from Fail2Ban to backups. Checking the system in question, I’ve found a number of messages sitting in its outgoing message queue. Having a look at the Nethserver maillog, I’m seeing this sort of error:

May 26 20:44:54 barracuda rspamd[10710]: <ab853e>; proxy; rspamd_task_write_log: id: <e3cfbcd5e6c640ceaae3f13f330fa7c4@1777052651>, qid: <6156B300C3B83>, ip:, from: <>, (default: F (soft reject): [3.58/20.00] [HTML_SHORT_LINK_IMG_2
S_LIST_UNSUB(-0.01){},MX_GOOD(-0.01){cached:;},ASN(0.00){asn:43898, ipnet:, country:NL;},CLAM_VIRUS_FAIL(0.00){failed to scan and retransmits exceed;},FORCE_ACTION_CLAM_VIRUS_FAIL(0.00){soft reject;},FROM_HAS_DN(0.00){},FROM_NEQ_
0.216:from;},RCVD_TLS_LAST(0.00){},REPLYTO_DN_EQ_FROM_DN(0.00){},REPLYTO_DOM_EQ_FROM_DOM(0.00){},RWL_MAILSPIKE_VERYGOOD(0.00){;},R_DKIM_NA(0.00){},TO_DN_NONE(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 76333, time: 320.469ms, dns req: 66, digest:
 <68da22568cbc76a78009191f8dc19d9c>, rcpts: <>, mime_rcpts: <>, forced: soft reject "Cannot validate the message now. Try again later"; score=nan (set by force_actions)
May 26 20:44:54 barracuda rspamd[10710]: <ab853e>; proxy; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 3 regexps matched, 184 regexps total, 96 regexps cached, 0B scanned using pcre, 78.45KiB scanned total
May 26 20:44:54 barracuda postfix/cleanup[1174]: 6156B300C3B83: milter-reject: END-OF-MESSAGE from[]: 4.7.1 Cannot validate the message now. Try again later; from=<> to=<> proto=ESMTP hel
May 26 20:44:55 barracuda postfix/smtpd[10780]: disconnect from[]
May 26 20:44:55 barracuda rspamd[10710]: <883804>; proxy; proxy_milter_finish_handler: finished milter connection

That was a rejection of a message from my Gmail account. So a lot of mail is being blocked.

How do I fix this - while some mail is getting through, a lot isn’t…

In case anyone else hits this, I moved the faulty daily.cvd out of the way. After a bit, a new one was picked up and the problem has now gone away.


Same problem, but no luck solving. Can you be more specific on what you mean by “moved the faulty daily.cvd out of the way”? Thx.

Hi @Rixware,

welcome to NethServer Community.

I assume the faulty file /var/lib/clamav/daily.cvd was moved away to another directory to have a backup if needed.
Freshclam should then be able to pull a working version.

Yep, that’s what I assumed as well, and what I tried. But it didn’t work…

Correct assumption. It wasn’t very quick, but the next time freshclam raun, it replaced the faulty file, after which rspamd went back to normal function.

:slight_smile: Come to think of it, I’m not sure I ever remembered to go and delete the faulty version. Have to check sometime…

1 Like