Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

clamd abending at selfcheck

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


David.Alix at isc

Oct 20, 2011, 11:28 AM

Post #1 of 8 (558 views)
Permalink
clamd abending at selfcheck
I am running Clamav and freshclam 0.97.1, called from mimedefang, with
sendmail on Solaris 2.9. Starting yesterday morning, clamd has abended
whenever it selfchecks.

The clamd.log reported the following when the problem began:

Wed Oct 19 09:52:25 2011 -> SelfCheck: Database modification detected.
Forcing reload.
Wed Oct 19 09:52:25 2011 -> Reading databases from /opt/ClamAV/share/clamav
Wed Oct 19 09:52:37 2011 -> Database correctly reloaded (1056463 signatures)

Wed Oct 19 10:52:38 2011 -> SelfCheck: Database status OK.
Wed Oct 19 10:56:01 2011 -> +++ Started at Wed Oct 19 10:56:01 2011
Wed Oct 19 10:56:01 2011 -> clamd daemon 0.97.1 (OS: solaris2.9, ARCH:
sparc, CPU: sparc)
Wed Oct 19 10:56:01 2011 -> Log file size limited to 1048576000 bytes.

daily.clv was updated from 13820 to 13822 at 8:54 that morning.


Since, then, a "self-check:database status OK" has not been recorded. The
freshclam log reports:

Received signal: wake up
ClamAV update process started at Thu Oct 20 10:03:18 2011
WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): connect_error: getsockopt(SO_ERROR): fd=5
error=146: Connection refused
Can't connect to port 80 of host db.us.clamav.net (IP: 69.12.162.28)
OK
main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder:
sven)
Reading CVD header (daily.cvd): OK (IMS)
daily.cld is up to date (version: 13828, sigs: 15076, f-level: 60, builder:
neo)
Can't query daily.13828.61.1.0.194.186.47.19.ping.clamav.net
Reading CVD header (bytecode.cvd): OK (IMS)
bytecode.cld is up to date (version: 148, sigs: 39, f-level: 60, builder:
acab)
Can't query bytecode.148.61.1.0.194.186.47.19.ping.clamav.net
--------------------------------------
Update process interrupted
--------------------------------------

The daily.cld continues to be updated successfully.

I have a script that checks for an active clamd daemon every minute, and
restarts it when necessary.

ANyone else seeing this problem with clamd and selfchecks, or can give me
some suggestions on how to address it?

As a side note, at 9:30 AM this morning I changed the clamd.conf file to
perform a selfcheck every 7200 seconds. The clamd died, and was restarted
a few minutes after 10AM. But the selfcheck was performed a few minutes
after 11AM (3600 seconds later). I don't understand why it wouldn't go at
two hour intervals.


Thanks

___________________________________
David Alix
Information Systems and Computing
David.Alix [at] isc
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


tkojm at clamav

Oct 20, 2011, 12:03 PM

Post #2 of 8 (553 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
On Thu, 20 Oct 2011 11:28:50 -0700 David Alix <David.Alix [at] isc>
wrote:
> I am running Clamav and freshclam 0.97.1, called from mimedefang, with
> sendmail on Solaris 2.9. Starting yesterday morning, clamd has abended
> whenever it selfchecks.
>
> The clamd.log reported the following when the problem began:

Please post the output of 'clamconf -n'

--
oo ..... Tomasz Kojm <tkojm [at] clamav>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu Oct 20 21:01:14 CEST 2011
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


David.Alix at isc

Oct 20, 2011, 12:12 PM

Post #3 of 8 (553 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
--On Thursday, October 20, 2011 9:03 PM +0200 Tomasz Kojm
<tkojm [at] clamav> wrote:

> On Thu, 20 Oct 2011 11:28:50 -0700 David Alix <David.Alix [at] isc>
> wrote:
>> I am running Clamav and freshclam 0.97.1, called from mimedefang, with
>> sendmail on Solaris 2.9. Starting yesterday morning, clamd has abended
>> whenever it selfchecks.
>>
>> The clamd.log reported the following when the problem began:
>
> Please post the output of 'clamconf -n'


Checking configuration files in /opt/ClamAV/etc

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamd.log"
LogFileMaxSize = "1048576000"
LogTime = "yes"
LogSyslog = "yes"
LogVerbose = "yes"
PidFile = "/var/run/clamd.pid"
LocalSocket = "/var/spool/MIMEDefang/clamd.sock"
StreamMaxLength = "52428800"
SelfCheck = "7200"
PhishingScanURLs disabled
StructuredSSNFormatNormal disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "10485760"
PidFile = "/var/run/freshclam.pid"
UpdateLogFile = "/var/log/freshclam.log"
Checks = "24"
DatabaseMirror = "db.us.clamav.net", "database.clamav.net"

Config file: clamav-milter.conf
-------------------------------
ERROR: Please edit the example config file
/opt/ClamAV/etc/clamav-milter.conf

Software settings
-----------------
Version: 0.97.1
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 RAR

Database information
--------------------
Database directory: /opt/ClamAV/share/clamav
main.cld: version 54, sigs: 1044387, built on Tue Oct 11 07:34:20 2011
daily.cld: version 13829, sigs: 15078, built on Thu Oct 20 10:40:19 2011
bytecode.cld: version 148, sigs: 39, built on Mon Oct 17 14:19:59 2011
Total number of signatures: 1059504

Platform information
--------------------
uname: solaris2.9
OS: solaris2.9, ARCH: sparc, CPU: sparc
Full OS version: Solaris 9 9/04 s9s_u7wos_09 SPARC
zlib version: 1.1.4 (1.1.4)
platform id: 0x0e613d3d1800000000030403

Build information
-----------------
GNU C: 3.4.3 (3.4.3)
CPPFLAGS: -I/opt/GNUmp/include -I/opt/sendmail/include
CFLAGS: -g -O2
CXXFLAGS:
LDFLAGS: -static-libgcc -L/opt/GNUmp/slib -L/opt/sendmail/lib
Configure: '--prefix=/opt/ClamAV' '--sysconfdir=/opt/ClamAV/etc'
'--with-user=clamav' '--with-group=clamav' '--enable-readdir_r'
'--enable-milter' 'CC=gcc' 'LDFLAGS=-static-libgcc -L/opt/GNUmp/slib
-L/opt/sendmail/lib' 'CPPFLAGS=-I/opt/GNUmp/include
-I/opt/sendmail/include' --enable-ltdl-convenience
sizeof(void*) = 8
Engine flevel: 61, dconf: 61

___________________________________
David Alix
Information Systems and Computing
David.Alix [at] isc
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


David.Alix at isc

Oct 20, 2011, 4:16 PM

Post #4 of 8 (547 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
Thinking that the problem was the selfcheck, I disabled it in clamd.conf.
I also stopped the freshclamd process. When clamd was restarted the next
time, the log reported:

Self checking disabled.

But, the clamd daemon continues to abend one hour after it starts.

What other clamd process could be running one hour after starting? Is the
report that selfcheck is disabled bogus?

Any ideas?

Thanks

David

--On Thursday, October 20, 2011 11:28 AM -0700 David Alix
<David.Alix [at] isc> wrote:

> I am running Clamav and freshclam 0.97.1, called from mimedefang, with
> sendmail on Solaris 2.9. Starting yesterday morning, clamd has abended
> whenever it selfchecks.
>
> The clamd.log reported the following when the problem began:
>
> Wed Oct 19 09:52:25 2011 -> SelfCheck: Database modification detected.
> Forcing reload.
> Wed Oct 19 09:52:25 2011 -> Reading databases from
> /opt/ClamAV/share/clamav
> Wed Oct 19 09:52:37 2011 -> Database correctly reloaded (1056463
> signatures)
>
> Wed Oct 19 10:52:38 2011 -> SelfCheck: Database status OK.
> Wed Oct 19 10:56:01 2011 -> +++ Started at Wed Oct 19 10:56:01 2011
> Wed Oct 19 10:56:01 2011 -> clamd daemon 0.97.1 (OS: solaris2.9, ARCH:
> sparc, CPU: sparc)
> Wed Oct 19 10:56:01 2011 -> Log file size limited to 1048576000 bytes.
>
> daily.clv was updated from 13820 to 13822 at 8:54 that morning.
>
>
> Since, then, a "self-check:database status OK" has not been recorded.
> The freshclam log reports:
>
> Received signal: wake up
> ClamAV update process started at Thu Oct 20 10:03:18 2011
> WARNING: Can't query current.cvd.clamav.net
> WARNING: Invalid DNS reply. Falling back to HTTP mode.
> Reading CVD header (main.cvd): connect_error: getsockopt(SO_ERROR): fd=5
> error=146: Connection refused
> Can't connect to port 80 of host db.us.clamav.net (IP: 69.12.162.28)
> OK
> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder:
> sven)
> Reading CVD header (daily.cvd): OK (IMS)
> daily.cld is up to date (version: 13828, sigs: 15076, f-level: 60,
> builder: neo)
> Can't query daily.13828.61.1.0.194.186.47.19.ping.clamav.net
> Reading CVD header (bytecode.cvd): OK (IMS)
> bytecode.cld is up to date (version: 148, sigs: 39, f-level: 60, builder:
> acab)
> Can't query bytecode.148.61.1.0.194.186.47.19.ping.clamav.net
> --------------------------------------
> Update process interrupted
> --------------------------------------
>
> The daily.cld continues to be updated successfully.
>
> I have a script that checks for an active clamd daemon every minute, and
> restarts it when necessary.
>
> ANyone else seeing this problem with clamd and selfchecks, or can give me
> some suggestions on how to address it?
>
> As a side note, at 9:30 AM this morning I changed the clamd.conf file to
> perform a selfcheck every 7200 seconds. The clamd died, and was
> restarted a few minutes after 10AM. But the selfcheck was performed a
> few minutes after 11AM (3600 seconds later). I don't understand why it
> wouldn't go at two hour intervals.
>
>
> Thanks
>
> ___________________________________
> David Alix
> Information Systems and Computing
> David.Alix [at] isc
> (805)893-4456
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml



___________________________________
David Alix
Information Systems and Computing
David.Alix [at] isc
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


tkojm at clamav

Oct 21, 2011, 2:17 AM

Post #5 of 8 (551 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
On Fri Oct 21 2011 01:16:32 GMT+0200 (CEST)
David Alix <David.Alix [at] isc> wrote:
> Thinking that the problem was the selfcheck, I disabled it in
> clamd.conf. I also stopped the freshclamd process. When clamd was
> restarted the next time, the log reported:
>
> Self checking disabled.
>
> But, the clamd daemon continues to abend one hour after it starts.
>
> What other clamd process could be running one hour after starting? Is
> the report that selfcheck is disabled bogus?

Please run clamd under gdb as described here:
http://www.clamav.net/lang/en/bugs/ Hopefully this will shed some light
on the problem.
Also please consider upgrading to 0.97.3, which is the latest stable.

--
oo ..... Tomasz Kojm <tkojm [at] clamav>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Oct 21 11:13:05 CEST 2011
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


David.Alix at isc

Oct 21, 2011, 6:29 AM

Post #6 of 8 (539 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
when I start gdb with the command:
gdb /opt/ClamAV/sbin/clamd 6761

I get the message:

Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.9"...
Attaching to program `/opt/ClamAV/sbin/clamd', process 6761
/proc/6761: Value too large for defined data type.
do_attach: couldn't save traced faults.
/export/home/9531alix/6761: No such file or directory.

I don't know gdb, but the "Value too large for defined data type" and
"couldn't sage traced faults" looks like it's not going to work.

I am not getting a coredump when clamd dies.

David

--On Friday, October 21, 2011 11:17 AM +0200 Tomasz Kojm <tkojm [at] clamav>
wrote:

> http://www.clamav.net/lang/en/bugs/



___________________________________
David Alix
Information Systems and Computing
David.Alix [at] isc
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


edwin at clamav

Oct 21, 2011, 6:36 AM

Post #7 of 8 (551 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
On 10/21/2011 04:29 PM, David Alix wrote:
> when I start gdb with the command:
> gdb /opt/ClamAV/sbin/clamd 6761
>
> I get the message:
>
> Copyright (C) 2008 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "sparc-sun-solaris2.9"...
> Attaching to program `/opt/ClamAV/sbin/clamd', process 6761
> /proc/6761: Value too large for defined data type.

You probably have 64-bit kernel, but run a 32-bit gdb.
Try running a 64-bit gdb.

--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


David.Alix at isc

Oct 23, 2011, 11:35 AM

Post #8 of 8 (528 views)
Permalink
Re: clamd abending at selfcheck [In reply to]
I have been unable to locate a 84-bit gdb binary for solaris 9, and haven't
been able to successfully compile one.

However, the problem went away yesterday soon after daily.cld was updated
to 13840.

Thanks

David

--On Friday, October 21, 2011 4:36 PM +0300 Török Edwin <edwin [at] clamav>
wrote:

> On 10/21/2011 04:29 PM, David Alix wrote:
>> when I start gdb with the command:
>> gdb /opt/ClamAV/sbin/clamd 6761
>>
>> I get the message:
>>
>> Copyright (C) 2008 Free Software Foundation, Inc.
>> License GPLv3+: GNU GPL version 3 or later
>> <http://gnu.org/licenses/gpl.html> This is free software: you are free
>> to change and redistribute it. There is NO WARRANTY, to the extent
>> permitted by law. Type "show copying" and "show warranty" for details.
>> This GDB was configured as "sparc-sun-solaris2.9"...
>> Attaching to program `/opt/ClamAV/sbin/clamd', process 6761
>> /proc/6761: Value too large for defined data type.
>
> You probably have 64-bit kernel, but run a 32-bit gdb.
> Try running a 64-bit gdb.
>
> --Edwin
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml



___________________________________
David Alix
Information Systems and Computing
David.Alix [at] isc
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.