Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

sorry this is a bit brief...

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


steve at greengecko

Nov 25, 2009, 6:00 PM

Post #1 of 3 (522 views)
Permalink
sorry this is a bit brief...
... one of my other servers is under attack!

I just updated this server to 0.95.3 from 0.95.2 on debian lenny 32bit
( vps ). Everything compiled and installed fine, but clamd seems to be
falling over silently.

All I see in the clamd log is

Thu Nov 26 14:50:39 2009 -> +++ Started at Thu Nov 26 14:50:39 2009
Thu Nov 26 14:50:39 2009 -> clamd daemon 0.95.3 (OS: linux-gnu, ARCH:
i386, CPU: i686)
Thu Nov 26 14:50:39 2009 -> Running as user clamav (UID 1000, GID 108)
Thu Nov 26 14:50:39 2009 -> Log file size limited to 1048576 bytes.
Thu Nov 26 14:50:39 2009 -> Reading databases from /var/lib/clamav
Thu Nov 26 14:50:39 2009 -> Not loading PUA signatures.
Thu Nov 26 14:50:42 2009 -> Loaded 873029 signatures.
Thu Nov 26 14:50:42 2009 -> LOCAL: Removing stale socket
file /var/run/clamav/clamd.sock
Thu Nov 26 14:50:42 2009 -> LOCAL: Unix socket
file /var/run/clamav/clamd.sock
Thu Nov 26 14:50:42 2009 -> LOCAL: Setting connection queue length to 15
Thu Nov 26 14:50:42 2009 -> Limits: Global size limit set to 104857600
bytes.
Thu Nov 26 14:50:42 2009 -> Limits: File size limit set to 26214400
bytes.
Thu Nov 26 14:50:42 2009 -> Limits: Recursion level limit set to 16.
Thu Nov 26 14:50:42 2009 -> Limits: Files limit set to 10000.
Thu Nov 26 14:50:42 2009 -> Archive support enabled.
Thu Nov 26 14:50:42 2009 -> Algorithmic detection enabled.
Thu Nov 26 14:50:42 2009 -> Portable Executable support enabled.
Thu Nov 26 14:50:42 2009 -> ELF support enabled.
Thu Nov 26 14:50:42 2009 -> Mail files support enabled.
Thu Nov 26 14:50:42 2009 -> OLE2 support enabled.
Thu Nov 26 14:50:42 2009 -> PDF support enabled.
Thu Nov 26 14:50:42 2009 -> HTML support enabled.
Thu Nov 26 14:50:42 2009 -> Self checking every 600 seconds.

but it's no longer running. This is exactly the same log I get from a
successful 0.95.2 start.

I've reverted to 0.95.2 - both build with

./configure --enable-milter --disable-clamuko

and is all running fine again. Can anyone suggest where to start with
sorting this one out?? Any config file changes I've missed, for example?

Cheers,

Steve

--
Steve Holdoway <steve [at] greengecko>
http://www.greengecko.co.nz
MSN: steve [at] greengecko
GPG Fingerprint = B337 828D 03E1 4F11 CB90 853C C8AB AF04 EF68 52E0
Attachments: signature.asc (0.19 KB)


cswiger at mac

Nov 26, 2009, 7:20 AM

Post #2 of 3 (471 views)
Permalink
Re: sorry this is a bit brief... [In reply to]
steve wrote:
[ ... ]
> and is all running fine again. Can anyone suggest where to start with
> sorting this one out?? Any config file changes I've missed, for example?

It might be a problem with some of the many third-party signature databases
you are loading; consider restarting 0.95.3 clamd without them, or after
moving them out of /var/lib/clamav one at a time to try and isolate the
specific one. If that doesn't isolate the problem, you might also try
deleting and refetching the official signatures with 0.95.3 freshclam.

The other approach would be to run clamd in foreground mode under a debugger
such as gdb, and see whether it is crashing when you try to use it by running
clamdscan or by email hitting the milter interface.

Regards,
--
-Chuck
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


dennispe at inetnw

Nov 26, 2009, 10:52 AM

Post #3 of 3 (471 views)
Permalink
Re: sorry this is a bit brief... [In reply to]
steve wrote:
> ... one of my other servers is under attack!
>

> I've reverted to 0.95.2 - both build with
>
> ./configure --enable-milter --disable-clamuko
>
> and is all running fine again. Can anyone suggest where to start with
> sorting this one out?? Any config file changes I've missed, for example?

Build and test it on a virtual machine. VMware Player is free and you can dl a
runnable Linux VM from the VMware appliance server. VMware Player runs in
Windows or Linux. You can also clone your existing server to a VM and use that
for your testing. All the software to do this is free.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.