Mailing List Archive: ClamAV: users

Freshclam daemon dies during update process

Index | Next | Previous | View Threaded

R.E.Sonneveld at sonnection

Jan 2, 2007, 4:12 AM

Post #1 of 12 (2640 views)
Permalink

Freshclam daemon dies during update process

Hi, all,

running:
ClamAV 0.88.6/2405/Tue Jan 2 09:39:39 2007
on Solaris 9

During the weekend we had problems on two (out of four) mailservers
which run clamav, where freshclam 'died'. i.e. the freshclam process was
gone. We use db.nl.clamav.net (on one mailserver) and db.de.clamav.net
(on the other mailserver) as mirrors. On system 1, in the freshclam
logfile shows:

Received signal: wake up
ClamAV update process started at Sun Dec 31 14:49:23 2006
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
connect_error: getsockopt(SO_ERROR): fd=0 error=145: Connection timed out

According to our monitoring system, the process disappeared between
14:50 and 14:55.

On the 2nd MTA:

Received signal: wake up
ClamAV update process started at Sun Dec 31 14:29:54 2006
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
WARNING: Mirror 194.109.6.74 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Sun Dec 31 14:30:00 2006
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
WARNING: Mirror 194.109.6.74 is not synchronized.
Trying again in 5 secs...
ClamAV update process started at Sun Dec 31 14:30:07 2006
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
WARNING: Mirror 194.109.6.74 is not synchronized.
Giving up on db.nl.clamav.net...
ClamAV update process started at Sun Dec 31 14:30:08 2006
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
connect_error: getsockopt(SO_ERROR): fd=0 error=146: Connection refused
nonblock_connect: connect timing out (30 secs)
--------------------------------------

The two mailservers are in two geographically different regions of
Europe, separate networks, separate access to Internet etc.

According to the monitoring system, the freshclam process disappeared
between 14:29 and 14:34. Running ClamAV on Solaris 9. Any idea why after
a 'connection refused' or 'connection timed out' the freshclam process dies?

NB This problem occurs occassionally. We upgraded to 0.88.6 on November
27th 2006. The freshclam problem occurred first on December 5th 2006,
then on December 14th 2006 and now on December 31st 2006. Each time it
seems to be related to the non-availability of one of the mirrors (or
database.clamav.net?).

Any help appreciated. AFAIK 0.88.7 is a security related upgrade and
will not change the way freshclam behaves?

Kind regards,
/rolf
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

steve at lobefin

Jan 2, 2007, 5:13 AM

Post #2 of 12 (2619 views)
Permalink

Re: Freshclam daemon dies during update process [In reply to]

On Tue, Jan 02, 2007 at 01:12:03PM +0100, Rolf E. Sonneveld said:
> Hi, all,
>
> running:
> ClamAV 0.88.6/2405/Tue Jan 2 09:39:39 2007
> on Solaris 9
>
> During the weekend we had problems on two (out of four) mailservers
> which run clamav, where freshclam 'died'. i.e. the freshclam process was
> gone. We use db.nl.clamav.net (on one mailserver) and db.de.clamav.net
> (on the other mailserver) as mirrors. On system 1, in the freshclam
> logfile shows:

[snip]

> connect_error: getsockopt(SO_ERROR): fd=0 error=145: Connection timed out

[snip]

> connect_error: getsockopt(SO_ERROR): fd=0 error=146: Connection refused
> nonblock_connect: connect timing out (30 secs)

[snip]

> Any help appreciated. AFAIK 0.88.7 is a security related upgrade and
> will not change the way freshclam behaves?

The change was introduced in 0.88.6 - freshclam was not changed in
0.88.7, as far as I can tell. I don't see any changes that should make
freshclm go away off the top of my head. Can you get a core dump? Or
even a logfile with timestamps so it's easier to see what happened when?

Thanks,
--
--------------------------------------------------------------------------
| Stephen Gran | A day without sunshine is like a day |
| steve [at] lobefin | without orange juice. |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------

Attachments:

signature.asc (0.18 KB)

R.E.Sonneveld at sonnection

Jan 2, 2007, 5:50 AM

Post #3 of 12 (2552 views)
Permalink

Re: Freshclam daemon dies during update process [In reply to]

Hi, Stephen,

first of all, thanks for your reply.

Stephen Gran wrote:

>On Tue, Jan 02, 2007 at 01:12:03PM +0100, Rolf E. Sonneveld said:
>
>
>>Hi, all,
>>
>>running:
>>ClamAV 0.88.6/2405/Tue Jan 2 09:39:39 2007
>>on Solaris 9
>>
>>During the weekend we had problems on two (out of four) mailservers
>>which run clamav, where freshclam 'died'. i.e. the freshclam process was
>>gone. We use db.nl.clamav.net (on one mailserver) and db.de.clamav.net
>>(on the other mailserver) as mirrors. On system 1, in the freshclam
>>logfile shows:
>>
>>
>
>[snip]
>
>
>
>>connect_error: getsockopt(SO_ERROR): fd=0 error=145: Connection timed out
>>
>>
>
>[snip]
>
>
>
>>connect_error: getsockopt(SO_ERROR): fd=0 error=146: Connection refused
>>nonblock_connect: connect timing out (30 secs)
>>
>>
>
>[snip]
>
>
>
>>Any help appreciated. AFAIK 0.88.7 is a security related upgrade and
>>will not change the way freshclam behaves?
>>
>>
>
>The change was introduced in 0.88.6 - freshclam was not changed in
>0.88.7, as far as I can tell.
>

Indeed, we had similar (but not necessarily the same) problems under
0.88.5, but much more frequently. Version 0.88.6 solved the problem of
freshclam dying for 90 percent, but now and then the problem shows up.

>I don't see any changes that should make
>freshclm go away off the top of my head. Can you get a core dump? Or
>even a logfile with timestamps so it's easier to see what happened when?
>
>

No core dump was procuded. Furthermore, I tried to enable debugging in
freshclam.conf, by editing the file, removing the comment from the Debug
statement and restarting freshclam, but until now I don't see any
difference regarding the verbosity of the logging in freshclam.log. Does
'Debug' in freshclam.conf require a parameter, like 'enable', or 'on'?
Couldn't find this in the docs.

/rolf

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

abbotti at mev

Jan 2, 2007, 10:20 AM

Post #4 of 12 (2546 views)
Permalink

Re: Freshclam daemon dies during update process [In reply to]

On 02/01/07 12:12, Rolf E. Sonneveld wrote:
> According to the monitoring system, the freshclam process disappeared
> between 14:29 and 14:34. Running ClamAV on Solaris 9. Any idea why after
> a 'connection refused' or 'connection timed out' the freshclam process
> dies?

It would be nice if there was an option to run freshclam as a
"foreground daemon" so you could monitor its exit status, but there
isn't. My guess is that it's receiving a signal whose current action is
set to kill the process.

The signal handling for SIGALRM and SIGUSR1 in freshclam.c's main()
function is a bit buggy. It sets the following actions in the main loop:

sigaction(SIGALRM, &sigact, &oldact);
sigaction(SIGUSR1, &sigact, &oldact);

then later on:

sigaction(SIGALRM, &oldact, NULL);
sigaction(SIGUSR1, &oldact, NULL);

There are two problems here. The two signals shouldn't really be using
the same variable 'oldact', even though the default action for both
signals is the same. The other problem is that the program spends some
of its time with the SIGALRM and SIGUSR1 signals set to the default
action, which is to terminate the process. In fact, the more I look at
the main loop of the freshclam daemon, the worse it gets! It may catch
SIGHUP and set the 'terminate' variable at the wrong time, causing the
main loop to exit prematurely, or it may fail to catch 'SIGALRM' or
'SIGUSR1' some of the time, causing the process to terminate with that
signal.

--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti [at] mev> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

R.E.Sonneveld at sonnection

Jan 2, 2007, 1:51 PM

Post #5 of 12 (2565 views)
Permalink

Re: Re: Freshclam daemon dies during update process [In reply to]

Ian Abbott wrote:
> On 02/01/07 12:12, Rolf E. Sonneveld wrote:
>> According to the monitoring system, the freshclam process disappeared
>> between 14:29 and 14:34. Running ClamAV on Solaris 9. Any idea why
>> after a 'connection refused' or 'connection timed out' the freshclam
>> process dies?
>
> It would be nice if there was an option to run freshclam as a
> "foreground daemon" so you could monitor its exit status, but there
> isn't. My guess is that it's receiving a signal whose current action
> is set to kill the process.
>
> The signal handling for SIGALRM and SIGUSR1 in freshclam.c's main()
> function is a bit buggy. It sets the following actions in the main loop:
>
> sigaction(SIGALRM, &sigact, &oldact);
> sigaction(SIGUSR1, &sigact, &oldact);
>
> then later on:
>
> sigaction(SIGALRM, &oldact, NULL);
> sigaction(SIGUSR1, &oldact, NULL);
>
> There are two problems here. The two signals shouldn't really be
> using the same variable 'oldact', even though the default action for
> both signals is the same. The other problem is that the program
> spends some of its time with the SIGALRM and SIGUSR1 signals set to
> the default action, which is to terminate the process. In fact, the
> more I look at the main loop of the freshclam daemon, the worse it
> gets! It may catch SIGHUP and set the 'terminate' variable at the
> wrong time, causing the main loop to exit prematurely, or it may fail
> to catch 'SIGALRM' or 'SIGUSR1' some of the time, causing the process
> to terminate with that signal.

Thanks, Ian. This sounds interesting. If I understand you correctly,
this can be related to the problem we see, with the disappearing
freshclam daemon process? I'm not a programmer so I'm afraid I can't
contribute code here; also, I'm not familiar with the way ClamAV
changes/fixes are done. Is anyone in charge of the freshclam code?

I'd be happy to test changes in the code; and if I can increase the
debugging level I'd be happy to send feedback to the list with
debug/logging information.

/rolf

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

abbotti at mev

Jan 3, 2007, 3:00 AM

Post #6 of 12 (2547 views)
Permalink

Re: Freshclam daemon dies during update process [In reply to]

On 02/01/07 21:51, Rolf E. Sonneveld wrote:
> Ian Abbott wrote:
>> On 02/01/07 12:12, Rolf E. Sonneveld wrote:
>>> According to the monitoring system, the freshclam process disappeared
>>> between 14:29 and 14:34. Running ClamAV on Solaris 9. Any idea why
>>> after a 'connection refused' or 'connection timed out' the freshclam
>>> process dies?
>>
>> It would be nice if there was an option to run freshclam as a
>> "foreground daemon" so you could monitor its exit status, but there
>> isn't. My guess is that it's receiving a signal whose current action
>> is set to kill the process.
>>
>> The signal handling for SIGALRM and SIGUSR1 in freshclam.c's main()
>> function is a bit buggy. It sets the following actions in the main loop:
>>
>> sigaction(SIGALRM, &sigact, &oldact);
>> sigaction(SIGUSR1, &sigact, &oldact);
>>
>> then later on:
>>
>> sigaction(SIGALRM, &oldact, NULL);
>> sigaction(SIGUSR1, &oldact, NULL);
>>
>> There are two problems here. The two signals shouldn't really be
>> using the same variable 'oldact', even though the default action for
>> both signals is the same. The other problem is that the program
>> spends some of its time with the SIGALRM and SIGUSR1 signals set to
>> the default action, which is to terminate the process. In fact, the
>> more I look at the main loop of the freshclam daemon, the worse it
>> gets! It may catch SIGHUP and set the 'terminate' variable at the
>> wrong time, causing the main loop to exit prematurely, or it may fail
>> to catch 'SIGALRM' or 'SIGUSR1' some of the time, causing the process
>> to terminate with that signal.
>
> Thanks, Ian. This sounds interesting. If I understand you correctly,
> this can be related to the problem we see, with the disappearing
> freshclam daemon process? I'm not a programmer so I'm afraid I can't
> contribute code here; also, I'm not familiar with the way ClamAV
> changes/fixes are done. Is anyone in charge of the freshclam code?

It might be the problem, especially if you are sending a signal (SIGHUP)
to the freshclam process from a log rotation script. If this occurs
almost immediately after an internally generated SIGALRM, it could cause
the main loop to terminate early, though that is extremely unlikely as
the time window is very small. A far more likely cause is that the
process is woken up by the SIGHUP and then the internally generated
SIGALRM occurs later, killing the process. The program uses the default
SIGALRM handler while it is doing all the network stuff, for example, so
if the process is woken by an external SIGHUP, spends a lot of time
doing network stuff, and receives the internally generated SIGALRM at
this time, the process will be killed.

I'll mention my theory on the devel list, anyway.

--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti [at] mev> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

R.E.Sonneveld at sonnection

Jan 3, 2007, 3:14 AM

Post #7 of 12 (2552 views)
Permalink

Re: Re: Freshclam daemon dies during update process [In reply to]

Ian Abbott wrote:

[snip]

> It might be the problem, especially if you are sending a signal
> (SIGHUP) to the freshclam process from a log rotation script. If this
> occurs almost immediately after an internally generated SIGALRM, it
> could cause the main loop to terminate early, though that is extremely
> unlikely as the time window is very small. A far more likely cause is
> that the process is woken up by the SIGHUP and then the internally
> generated SIGALRM occurs later, killing the process. The program uses
> the default SIGALRM handler while it is doing all the network stuff,
> for example, so if the process is woken by an external SIGHUP, spends
> a lot of time doing network stuff, and receives the internally
> generated SIGALRM at this time, the process will be killed.
>
> I'll mention my theory on the devel list, anyway.

thanks a lot. As far as I know there is no external SIGHUP involved; no
specific log file rotation or whatever. But, as the problem does exist,
I welcome the fact that someone is delving into the code to see whether
there are any possible problems.

Regards,
/rolf

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

R.E.Sonneveld at sonnection

Feb 8, 2007, 12:34 AM

Post #8 of 12 (2435 views)
Permalink

Re: Re: Freshclam daemon dies during update process [In reply to]

Dear Ian,

some time ago you wrote, in answer to one of my questions:

> On 02/01/07 21:51, Rolf E. Sonneveld wrote:
>
>> Ian Abbott wrote:
>>
>>> On 02/01/07 12:12, Rolf E. Sonneveld wrote:
>>>
>>>> According to the monitoring system, the freshclam process
>>>> disappeared between 14:29 and 14:34. Running ClamAV on Solaris 9.
>>>> Any idea why after a 'connection refused' or 'connection timed out'
>>>> the freshclam process dies?
>>>
>>>
>>> It would be nice if there was an option to run freshclam as a
>>> "foreground daemon" so you could monitor its exit status, but there
>>> isn't. My guess is that it's receiving a signal whose current
>>> action is set to kill the process.
>>>
>>> The signal handling for SIGALRM and SIGUSR1 in freshclam.c's main()
>>> function is a bit buggy. It sets the following actions in the main
>>> loop:
>>>
>>> sigaction(SIGALRM, &sigact, &oldact);
>>> sigaction(SIGUSR1, &sigact, &oldact);
>>>
>>> then later on:
>>>
>>> sigaction(SIGALRM, &oldact, NULL);
>>> sigaction(SIGUSR1, &oldact, NULL);
>>>
>>> There are two problems here. The two signals shouldn't really be
>>> using the same variable 'oldact', even though the default action for
>>> both signals is the same. The other problem is that the program
>>> spends some of its time with the SIGALRM and SIGUSR1 signals set to
>>> the default action, which is to terminate the process. In fact, the
>>> more I look at the main loop of the freshclam daemon, the worse it
>>> gets! It may catch SIGHUP and set the 'terminate' variable at the
>>> wrong time, causing the main loop to exit prematurely, or it may
>>> fail to catch 'SIGALRM' or 'SIGUSR1' some of the time, causing the
>>> process to terminate with that signal.
>>
>>
>> Thanks, Ian. This sounds interesting. If I understand you correctly,
>> this can be related to the problem we see, with the disappearing
>> freshclam daemon process? I'm not a programmer so I'm afraid I can't
>> contribute code here; also, I'm not familiar with the way ClamAV
>> changes/fixes are done. Is anyone in charge of the freshclam code?
>
>
> It might be the problem, especially if you are sending a signal
> (SIGHUP) to the freshclam process from a log rotation script. If this
> occurs almost immediately after an internally generated SIGALRM, it
> could cause the main loop to terminate early, though that is extremely
> unlikely as the time window is very small. A far more likely cause is
> that the process is woken up by the SIGHUP and then the internally
> generated SIGALRM occurs later, killing the process. The program uses
> the default SIGALRM handler while it is doing all the network stuff,
> for example, so if the process is woken by an external SIGHUP, spends
> a lot of time doing network stuff, and receives the internally
> generated SIGALRM at this time, the process will be killed.
>
> I'll mention my theory on the devel list, anyway.
>

Did you get any response on this issue on the development list? The
problem still occurs now and then (occassionally, once every two or
three weeks, without a pattern). Today I came in the office and found
freshclam had died again. Logfile:

--------------------------------------
Received signal: wake up
ClamAV update process started at Thu Feb 8 04:03:52 2007
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
daily.cvd is up to date (version: 2533, sigs: 5388, f-level: 9, builder:
sven)
--------------------------------------
Received signal: wake up
ClamAV update process started at Thu Feb 8 04:33:52 2007
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.88.6 Recommended version: 0.88.7
DON'T PANIC! Read http://www.clamav.net/faq.html
main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
tkojm)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
nonblock_connect: connect timing out (30 secs)
connect_error: getsockopt(SO_ERROR): fd=0 error=145: Connection timed out

No core file found. Unfortunately, enabling Debug does not show timestamps.
Running:

-bash-3.00$ /opt/ClamAV/sbin/clamd -V
ClamAV 0.88.6/2534/Thu Feb 8 04:28:17 2007

The ClamAV mirror defined is:

bash-3.00# grep -i db /opt/ClamAV/etc/freshclam.conf
DatabaseMirror db.DE.clamav.net

We have seen the same problem when using db.NL.clamav.net. Looking at
the availability figures for Germany
(http://www.clamav.net/mirrors.html#de) it seems there has only been one
server with a temp. failure tonight (which matches roughly the time the
problem occurred).

What does freshclam daemon do:

a) do one DNS lookup (find multiple A reocrds), and after the first host
fails, take the second host and so on.
b) perform a DNS lookup after each failed connection

In case a) I can't understand why freshclam would fail seven times,
except when there has been a network problem for this host (there
wasn't). In case b) it is possible that the system each time gets the
same IP address (depends on the DNS client library and the way the
results are sorted).

FYI, the system on which ClamAV is running is a Solaris 10 system. I
hope there will be a fix for this in the next release.

Regards,
/rolf
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

abbotti at mev

Feb 8, 2007, 4:34 AM

Post #9 of 12 (2459 views)
Permalink

Re: Re: Freshclam daemon dies during update process [In reply to]

On 08/02/2007 08:34, Rolf E. Sonneveld wrote:
> Dear Ian,
>
> some time ago you wrote, in answer to one of my questions:
>
>> On 02/01/07 21:51, Rolf E. Sonneveld wrote:
>>
>>> Ian Abbott wrote:
>>>
>>>> On 02/01/07 12:12, Rolf E. Sonneveld wrote:
>>>>
>>>>> According to the monitoring system, the freshclam process
>>>>> disappeared between 14:29 and 14:34. Running ClamAV on Solaris 9.
>>>>> Any idea why after a 'connection refused' or 'connection timed out'
>>>>> the freshclam process dies?
>>>>
>>>>
>>>> It would be nice if there was an option to run freshclam as a
>>>> "foreground daemon" so you could monitor its exit status, but there
>>>> isn't. My guess is that it's receiving a signal whose current
>>>> action is set to kill the process.
>>>>
>>>> The signal handling for SIGALRM and SIGUSR1 in freshclam.c's main()
>>>> function is a bit buggy. It sets the following actions in the main
>>>> loop:
>>>>
>>>> sigaction(SIGALRM, &sigact, &oldact);
>>>> sigaction(SIGUSR1, &sigact, &oldact);
>>>>
>>>> then later on:
>>>>
>>>> sigaction(SIGALRM, &oldact, NULL);
>>>> sigaction(SIGUSR1, &oldact, NULL);
>>>>
>>>> There are two problems here. The two signals shouldn't really be
>>>> using the same variable 'oldact', even though the default action for
>>>> both signals is the same. The other problem is that the program
>>>> spends some of its time with the SIGALRM and SIGUSR1 signals set to
>>>> the default action, which is to terminate the process. In fact, the
>>>> more I look at the main loop of the freshclam daemon, the worse it
>>>> gets! It may catch SIGHUP and set the 'terminate' variable at the
>>>> wrong time, causing the main loop to exit prematurely, or it may
>>>> fail to catch 'SIGALRM' or 'SIGUSR1' some of the time, causing the
>>>> process to terminate with that signal.
>>>
>>>
>>> Thanks, Ian. This sounds interesting. If I understand you correctly,
>>> this can be related to the problem we see, with the disappearing
>>> freshclam daemon process? I'm not a programmer so I'm afraid I can't
>>> contribute code here; also, I'm not familiar with the way ClamAV
>>> changes/fixes are done. Is anyone in charge of the freshclam code?
>>
>>
>> It might be the problem, especially if you are sending a signal
>> (SIGHUP) to the freshclam process from a log rotation script. If this
>> occurs almost immediately after an internally generated SIGALRM, it
>> could cause the main loop to terminate early, though that is extremely
>> unlikely as the time window is very small. A far more likely cause is
>> that the process is woken up by the SIGHUP and then the internally
>> generated SIGALRM occurs later, killing the process. The program uses
>> the default SIGALRM handler while it is doing all the network stuff,
>> for example, so if the process is woken by an external SIGHUP, spends
>> a lot of time doing network stuff, and receives the internally
>> generated SIGALRM at this time, the process will be killed.
>>
>> I'll mention my theory on the devel list, anyway.
>>
>
> Did you get any response on this issue on the development list? The

No, I never got a response. Here is the message I posted:

http://lurker.clamav.net/message/20070103.113220.c158b650.en.html

I was too snowed-under with "proper" work at the time, so didn't have
time to follow things up.

> problem still occurs now and then (occassionally, once every two or
> three weeks, without a pattern). Today I came in the office and found
> freshclam had died again. Logfile:
>
> --------------------------------------
> Received signal: wake up
> ClamAV update process started at Thu Feb 8 04:03:52 2007
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.88.6 Recommended version: 0.88.7
> DON'T PANIC! Read http://www.clamav.net/faq.html
> main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
> tkojm)
> daily.cvd is up to date (version: 2533, sigs: 5388, f-level: 9, builder:
> sven)
> --------------------------------------
> Received signal: wake up
> ClamAV update process started at Thu Feb 8 04:33:52 2007
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.88.6 Recommended version: 0.88.7
> DON'T PANIC! Read http://www.clamav.net/faq.html
> main.cvd is up to date (version: 42, sigs: 83951, f-level: 10, builder:
> tkojm)
> nonblock_connect: connect timing out (30 secs)
> nonblock_connect: connect timing out (30 secs)
> nonblock_connect: connect timing out (30 secs)
> nonblock_connect: connect timing out (30 secs)
> nonblock_connect: connect timing out (30 secs)
> nonblock_connect: connect timing out (30 secs)
> nonblock_connect: connect timing out (30 secs)
> connect_error: getsockopt(SO_ERROR): fd=0 error=145: Connection timed out
>
> No core file found. Unfortunately, enabling Debug does not show timestamps.
> Running:
>
> -bash-3.00$ /opt/ClamAV/sbin/clamd -V
> ClamAV 0.88.6/2534/Thu Feb 8 04:28:17 2007
>
> The ClamAV mirror defined is:
>
> bash-3.00# grep -i db /opt/ClamAV/etc/freshclam.conf
> DatabaseMirror db.DE.clamav.net
>
> We have seen the same problem when using db.NL.clamav.net. Looking at
> the availability figures for Germany
> (http://www.clamav.net/mirrors.html#de) it seems there has only been one
> server with a temp. failure tonight (which matches roughly the time the
> problem occurred).
>
> What does freshclam daemon do:
>
> a) do one DNS lookup (find multiple A reocrds), and after the first host
> fails, take the second host and so on.
> b) perform a DNS lookup after each failed connection

It does one DNS lookup (case a), according to the source code (see the
'wwwconnect()' function in "freshclam/manager.c": it does one call to
'gethostbyname()' followed by a 'for' loop, calling 'wait_connect()' for
each returned IP address until one succeeds or it reaches the end of the
list.

> In case a) I can't understand why freshclam would fail seven times,
> except when there has been a network problem for this host (there
> wasn't). In case b) it is possible that the system each time gets the
> same IP address (depends on the DNS client library and the way the
> results are sorted).

For case a, it does seem strange that all seven IPs were unreachable.

> FYI, the system on which ClamAV is running is a Solaris 10 system. I
> hope there will be a fix for this in the next release.

You could always run it from a cron job, but yes, a fix would be nice.

--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti [at] mev> )=-
-=( Tel: +44 (0)161 477 1898 FAX: +44 (0)161 718 3587 )=-
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

R.E.Sonneveld at sonnection

Feb 8, 2007, 4:47 AM

Post #10 of 12 (2448 views)
Permalink

Re: Re: Freshclam daemon dies during update process [In reply to]

Hi, Ian,

[...]

>> We have seen the same problem when using db.NL.clamav.net. Looking at
>> the availability figures for Germany
>> (http://www.clamav.net/mirrors.html#de) it seems there has only been
>> one server with a temp. failure tonight (which matches roughly the
>> time the problem occurred).
>>
>> What does freshclam daemon do:
>>
>> a) do one DNS lookup (find multiple A reocrds), and after the first
>> host fails, take the second host and so on.
>> b) perform a DNS lookup after each failed connection
>
>
> It does one DNS lookup (case a), according to the source code (see the
> 'wwwconnect()' function in "freshclam/manager.c": it does one call to
> 'gethostbyname()' followed by a 'for' loop, calling 'wait_connect()'
> for each returned IP address until one succeeds or it reaches the end
> of the list.
>
>> In case a) I can't understand why freshclam would fail seven times,
>> except when there has been a network problem for this host (there
>> wasn't). In case b) it is possible that the system each time gets the
>> same IP address (depends on the DNS client library and the way the
>> results are sorted).
>
>
> For case a, it does seem strange that all seven IPs were unreachable.
>
>> FYI, the system on which ClamAV is running is a Solaris 10 system. I
>> hope there will be a fix for this in the next release.
>
>
> You could always run it from a cron job, but yes, a fix would be nice.

Aha. Never thought about running it from cron, but yes, that would be an
option.

Thanks,
/rolf
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

ged at jubileegroup

Feb 8, 2007, 6:05 AM

Post #11 of 12 (2483 views)
Permalink

Re: Freshclam daemon dies during update process [In reply to]

Hi there,

On Thu, 8 Feb 2007 Rolf E. Sonneveld wrote:

> Did you get any response on this issue on the development list? The
> problem still occurs now and then (occassionally, once every two or
> three weeks, without a pattern). Today I came in the office and found
> freshclam had died again. Logfile:
>
> --------------------------------------
> Received signal: wake up
> ClamAV update process started at Thu Feb 8 04:03:52 2007
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.88.6 Recommended version: 0.88.7

Looks like you're using an out of date installation, although it also
looks like the version you're running should have the fix for a known
problem which caused these symptoms:

http://www.mail-archive.com/clamav-users [at] lists/msg24614.html

Check that the version of freshclam that you're using is at least from
the 0.88.6 release. If it isn't, it may indicate that you're seeing a
problem that's already been fixed. I'd upgrade anyway, developers very
seldom like to see bug reports on out of date packages...

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

R.E.Sonneveld at sonnection

Feb 8, 2007, 6:17 AM

Post #12 of 12 (2431 views)
Permalink

Re: Re: Freshclam daemon dies during update process [In reply to]

G.W. Haywood wrote:

>Hi there,
>
>On Thu, 8 Feb 2007 Rolf E. Sonneveld wrote:
>
>
>
>>Did you get any response on this issue on the development list? The
>>problem still occurs now and then (occassionally, once every two or
>>three weeks, without a pattern). Today I came in the office and found
>>freshclam had died again. Logfile:
>>
>>--------------------------------------
>>Received signal: wake up
>>ClamAV update process started at Thu Feb 8 04:03:52 2007
>>WARNING: Your ClamAV installation is OUTDATED!
>>WARNING: Local version: 0.88.6 Recommended version: 0.88.7
>>
>>
>
>Looks like you're using an out of date installation, although it also
>looks like the version you're running should have the fix for a known
>problem which caused these symptoms:
>
>http://www.mail-archive.com/clamav-users [at] lists/msg24614.html
>
>Check that the version of freshclam that you're using is at least from
>the 0.88.6 release.
>

It is, as far as I can see:

-bash-3.00$ /opt/ClamAV/bin/freshclam --version
ClamAV 0.88.6/2537/Thu Feb 8 11:22:43 2007

>If it isn't, it may indicate that you're seeing a
>problem that's already been fixed. I'd upgrade anyway, developers very
>seldom like to see bug reports on out of date packages...
>
>

I agree, but as ClamAV had quite a number of new releases last year, and
we had to implement them on multiplet systems each time, I was waiting
for 0.90. That may have been too optimistic ;-)

/rolf

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads