Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

clamd stops during selfcheck (here too)

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


dehaenp at drever

Oct 24, 2011, 5:09 AM

Post #1 of 1 (416 views)
Permalink
clamd stops during selfcheck (here too)

Hi,

Following the thread of David Alix "clamd abending at selfcheck" (th:e2ab86f7), I would like to
report my related issue. I am running Clamav and freshclam 0.97.1 too, called from
mimedefang too, but with sendmail on Solaris 10. This sever has been running for a long
time without problem.

Suddenly, yesterday I got this message in freshclam.log:
--------------------------------------
ClamAV update process started at Sun Oct 23 11:37:00 2011
main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 13841, sigs: 15898, f-level: 60, builder: mallan)
Downloading bytecode-149.cdiff [100%]
bytecode.cld updated (version: 149, sigs: 39, f-level: 60, builder: edwin)
Can't query bytecode.149.61.1.0.193.1.193.64.ping.clamav.net
Database updated (1060324 signatures) from db.be.clamav.net (IP: 193.1.193.64)
Clamd successfully notified about the update.
--------------------------------------

There was never anything about ping.clamav.net before, and since then the "Can't query"
messages comes regularly but the rest of the line changes. Anyway it said the darabase was
updated and clamd notified. Now, in the clamd.log file, it's worse:
--------------------------------------
Oct 23 11:38:11 2011 -> +++ Started at Sun Oct 23 11:38:11 2011
Sun Oct 23 11:38:11 2011 -> clamd daemon 0.97.1 (OS: solaris2.10, ARCH: sparc, CPU:
sparc)
Sun Oct 23 11:38:11 2011 -> Running as user defang (UID 101, GID 102)
Sun Oct 23 11:38:11 2011 -> Log file size limited to 2097152 bytes.
Sun Oct 23 11:38:11 2011 -> Reading databases from /opt/clamav/share/clamav
Sun Oct 23 11:38:11 2011 -> Not loading PUA signatures.
Sun Oct 23 11:38:11 2011 -> Bytecode: Security mode set to "TrustSigned".
Sun Oct 23 11:38:31 2011 -> Loaded 1159267 signatures.
Sun Oct 23 11:38:32 2011 -> LOCAL: Unix socket file /opt/clamav/var/clamav/clamd.sock
Sun Oct 23 11:38:32 2011 -> LOCAL: Setting connection queue length to 200
Sun Oct 23 11:38:32 2011 -> Limits: Global size limit set to 104857600 bytes.
Sun Oct 23 11:38:32 2011 -> Limits: File size limit set to 26214400 bytes.
Sun Oct 23 11:38:32 2011 -> Limits: Recursion level limit set to 16.
Sun Oct 23 11:38:32 2011 -> Limits: Files limit set to 10000.
Sun Oct 23 11:38:32 2011 -> Archive support enabled.
Sun Oct 23 11:38:32 2011 -> Algorithmic detection enabled.
Sun Oct 23 11:38:32 2011 -> Portable Executable support enabled.
Sun Oct 23 11:38:32 2011 -> ELF support enabled.
Sun Oct 23 11:38:32 2011 -> Mail files support enabled.
Sun Oct 23 11:38:32 2011 -> OLE2 support enabled.
Sun Oct 23 11:38:32 2011 -> PDF support enabled.
Sun Oct 23 11:38:32 2011 -> HTML support enabled.
Sun Oct 23 11:38:32 2011 -> Self checking every 600 seconds.
Sun Oct 23 11:44:03 2011 -> /var/run/MIMEDefang/mdefang-
p9N9hxhE011873/Work/INPUTMBOX: Sanesecurity.Jurlbl.15054.UNOFFICIAL FOUND
Sun Oct 23 11:48:50 2011 -> No stats for Database check - forcing reload
Sun Oct 23 11:48:50 2011 -> Reading databases from /opt/clamav/share/clamav
Sun Oct 23 11:49:12 2011 -> ERROR: Database initialization error: can't compile engine:
Failure in bytecode testmode
Sun Oct 23 11:49:13 2011 -> Terminating because of a fatal error.
Sun Oct 23 11:49:13 2011 -> Pid file removed.
Sun Oct 23 11:49:13 2011 -> --- Stopped at Sun Oct 23 11:49:13 2011
--------------------------------------

Just like David, clamd starts, scans correctly for 600 seconds, then a selfcheck is done and
clamd gives an error and stops without dumping a core. Hopefully it is under control of SMF
(Service Management Facility) which restarts it. And since yeaterday the cycle continues...

I trussed (equivalent of strace on linux) the clamd daemon:
--------------------------------------
[...]
4166/1: open("/opt/clamav/share/clamav/MSRBL-SPAM.ndb", O_RDONLY) = 12
4166/1: fstat64(12, 0xFFBF62D8) = 0
4166/1: fstat64(12, 0xFFBF6180) = 0
4166/1: ioctl(12, TCGETA, 0xFFBF6264) Err#25 ENOTTY
4166/1: read(12, " M S R B L - S P A M . W".., 8192) = 8192
4166/1: read(12, " 0 6 5 7 2 2 D 6 D 2 0 7".., 8192) = 8192
4166/1: read(12, " 9 3 8 3 4 5 F 3 0 3 1 3".., 8192) = 8192
[...]
4166/1: read(12, " . M e d s . 2 7 1 6 : 4".., 8192) = 8192
4166/1: read(12, " 7 4 2 0 4 C 2 C 2 0 4 D".., 8192) = 7075
4166/1: read(12, 0x000C74AC, 8192) = 0
4166/1: llseek(12, 0, SEEK_CUR) = 244643
4166/1: close(12) = 0
4166/1: open("/opt/clamav/share/clamav/bytecode.cld", O_RDONLY) = 12
4166/1: lseek(12, 0, SEEK_SET) = 0
4166/1: fstat64(12, 0xFFBF7F60) = 0
4166/1: fstat64(12, 0xFFBF7E08) = 0
4166/1: ioctl(12, TCGETA, 0xFFBF7EEC) Err#25 ENOTTY
4166/1: read(12, " C l a m A V - V D B : 2".., 8192) = 8192
4166/1: access("/opt/clamav/share/clamav/bytecode.cvd", R_OK) Err#2 ENOENT
4166/1: lseek(12, 512, SEEK_SET) = 512
4166/1: read(12, " C O P Y I N G", 7) = 7
4166/1: lseek(12, 512, SEEK_SET) = 512
4166/1: dup(12) = 13
4166/1: fcntl(13, F_GETFD, 0x00000000) = 0
4166/1: fstat64(13, 0xFFBF7EC8) = 0
4166/1: fstat64(13, 0xFFBF7D70) = 0
4166/1: ioctl(13, TCGETA, 0xFFBF7E54) Err#25 ENOTTY
4166/1: read(13, " C O P Y I N G\0\0\0\0\0".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 8704
4166/1: llseek(13, 0, SEEK_CUR) = 8704
4166/1: lseek(13, 10752, SEEK_CUR) = 19456
4166/1: read(13, " b y t e c o d e . i n f".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 27648
4166/1: llseek(13, 0xFFFFFFFFFFFFF08E, SEEK_CUR) = 23694
4166/1: close(13) = 0
4166/1: lseek(12, 512, SEEK_SET) = 512
4166/1: read(12, " C O P Y I N G", 7) = 7
4166/1: lseek(12, 512, SEEK_SET) = 512
4166/1: dup(12) = 13
4166/1: fcntl(13, F_GETFD, 0x00000000) = 0
4166/1: fstat64(13, 0xFFBF7EC8) = 0
4166/1: fstat64(13, 0xFFBF7D70) = 0
4166/1: ioctl(13, TCGETA, 0xFFBF7E54) Err#25 ENOTTY
4166/1: read(13, " C O P Y I N G\0\0\0\0\0".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 8704
4166/1: llseek(13, 0, SEEK_CUR) = 8704
4166/1: lseek(13, 10752, SEEK_CUR) = 19456
4166/1: read(13, " b y t e c o d e . i n f".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 27648
4166/1: llseek(13, 0, SEEK_CUR) = 27648
4166/1: lseek(13, 0xFFFFF200, SEEK_CUR) = 24064
4166/1: read(13, " l a s t . h d b\0\0\0\0".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 32256
4166/1: llseek(13, 0, SEEK_CUR) = 32256
4166/1: lseek(13, 0xFFFFE400, SEEK_CUR) = 25088
4166/1: read(13, " 0 0 0 0 8 2 4 7 1 6 . c".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 33280
4166/1: llseek(13, 0, SEEK_CUR) = 33280
4166/1: lseek(13, 0, SEEK_CUR) = 33280
[...]
4166/1: read(13, " 0 0 0 1 0 1 4 9 5 6 . c".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 237056
4166/1: read(13, " k h A h d b ` b b d i a".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 245248
4166/1: lseek(13, 0xFFFFF600, SEEK_CUR) = 242688
4166/1: read(13, " 0 0 0 1 0 7 1 7 5 3 . c".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 250880
4166/1: read(13, " o k ` b g o b h o b ` b".., 8192) = 8192
4166/1: read(13, " c c ` b A b d b ` b ` b".., 8192) = 8192
4166/1: read(13, " ` b m c ` b l f e f c c".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 275456
4166/1: lseek(13, 0xFFFFF800, SEEK_CUR) = 273408
4166/1: read(13, " 0 0 0 1 0 7 8 2 1 7 . c".., 8192) = 8192
4166/1: llseek(13, 0, SEEK_CUR) = 281600
4166/1: read(13, " f k e c c d c m e h c f".., 8192) = 7168
4166/1: llseek(13, 0, SEEK_CUR) = 288768
4166/1: lseek(13, 0, SEEK_CUR) = 288768
4166/1: read(13, 0x000C74AC, 8192) = 0
4166/1: llseek(13, 0, SEEK_CUR) = 288768
4166/1: close(13) = 0
4166/1: llseek(12, 0xFFFFFFFFFFFFE200, SEEK_CUR) = 281088
4166/1: close(12) = 0
4166/1: getdents64(11, 0xFF074000, 8192) = 0
4166/1: close(11) = 0
4166/1: munmap(0xF4AC6000, 237568) = 0
4166/1: fstat64(2, 0xFFBFEBD0) = 0
4166/1: write(2, " L i b C l a m A V E r".., 71) = 71
4166/1: write(2, " L i b C l a m A V E r".., 79) = 79
4166/1: stat("/opt/clamav/var/clamav/clamd.log", 0xFFBFF230) = 0
4166/1: time() = 1319442428
4166/1: write(4, " M o n O c t 2 4 0".., 117) = 117
4166/1: write(2, " E R R O R : ", 7) = 7
4166/1: write(2, " D a t a b a s e i n i".., 82) = 82
4166/1: munmap(0xF4AC0000, 24576) = 0
4166/1: munmap(0xF4B10000, 262144) = 0
[...]
4166/1: stat("/opt/clamav/var/clamav/clamd.log", 0xFFBFF2A8) = 0
4166/1: time() = 1319442429
4166/1: write(4, " M o n O c t 2 4 0".., 66) = 66
4166/1: write(1, " T e r m i n a t i n g ".., 38) = 38
4166/1: close(1) = 0
4166/1: write(9, "\0", 1) = 1
4166/2: pollsys(0x0008DB70, 2, 0x00000000, 0x00000000) = 1
4166/2: read(8, "\0", 1025) = 1
4166/2: shutdown(5, SHUT_RDWR, SOV_DEFAULT) Err#134 ENOTCONN
4166/2: close(5) = 0
4166/2: shutdown(8, SHUT_RDWR, SOV_DEFAULT) Err#95 ENOTSOCK
4166/2: close(8) = 0
4166/2: write(7, "\0", 1) = 1
4166/2: lwp_sigmask(SIG_SETMASK, 0xFFBFFEFF, 0x0000FFF7) = 0xFFBFFEFF
[0x0000FFFF]
4166/2: lwp_exit()
4166/1: lwp_wait(2, 0xFFBFF76C) = 0
4166: close(9) = 0
4166: close(7) = 0
4166: shutdown(5, SHUT_RDWR, SOV_DEFAULT) Err#9 EBADF
4166: unlink("/opt/clamav/var/clamav/clamd.pid") = 0
4166: stat("/opt/clamav/var/clamav/clamd.log", 0xFFBFF2A8) = 0
4166: time() = 1319442429
4166: write(4, " M o n O c t 2 4 0".., 46) = 46
4166: write(1, " P i d f i l e r e m".., 18) Err#9 EBADF
4166: time() = 1319442429
4166: stat("/opt/clamav/var/clamav/clamd.log", 0xFFBFF2A8) = 0
4166: time() = 1319442429
4166: stat("/opt/clamav/var/clamav/clamd.log", 0xFFBFF2A8) = 0
4166: time() = 1319442429
4166: write(4, " M o n O c t 2 4 0".., 68) = 68
4166: write(1, " - - - S t o p p e d ".., 40) Err#9 EBADF
4166: close(5) Err#9 EBADF
4166: unlink("/opt/clamav/var/clamav/clamd.sock") = 0
4166: stat("/opt/clamav/var/clamav/clamd.log", 0xFFBFF878) = 0
4166: time() = 1319442429
4166: write(4, " M o n O c t 2 4 0".., 49) = 49
4166: write(1, " S o c k e t f i l e ".., 21) Err#9 EBADF
4166: close(4) = 0
4166: _exit(1)
--------------------------------------

Well, while writing this I see Mathew Slowe has the same problem...

Focusing on the writes containing the error messages, I see:
--------------------------------------
10231/1: write(2, 0xFFBFEEE0, 71) = 71
10231/1: L i b C l a m A V E r r o r : b y t e c o d e : a l r e a
10231/1: d y t u r n e d o f f , c a n ' t t u r n i t o n
10231/1: a g a i n !\n
10231/1: write(2, 0xFFBFF260, 79) = 79
10231/1: L i b C l a m A V E r r o r : U n a b l e t o c o m p i
10231/1: l e / l o a d b y t e c o d e : F a i l u r e i n b y t
10231/1: e c o d e t e s t m o d e\n
--------------------------------------


For more information, here is my clamconf -n:
--------------------------------------
Checking configuration files in /opt/clamav/etc

Config file: clamd.conf
-----------------------
LogFile = "/opt/clamav/var/clamav/clamd.log"
LogFileMaxSize = "2097152"
LogTime = "yes"
PidFile = "/opt/clamav/var/clamav/clamd.pid"
LocalSocket = "/opt/clamav/var/clamav/clamd.sock"
User = "defang"

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "2097152"
UpdateLogFile = "/opt/clamav/var/clamav/freshclam.log"
DatabaseMirror = "db.be.clamav.net", "database.clamav.net"

Config file: clamav-milter.conf
-------------------------------
ERROR: Please edit the example config file /opt/clamav/etc/clamav-milter.conf

Software settings
-----------------
Version: 0.97.1
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 RAR

Database information
--------------------
Database directory: /opt/clamav/share/clamav
daily.cld: version 13843, sigs: 15910, built on Mon Oct 24 05:10:43 2011
main.cld: version 54, sigs: 1044387, built on Tue Oct 11 16:34:20 2011
[3rd Party] winnow_malware.hdb: 70 sigs
[3rd Party] junk.ndb: 38314 sigs
[3rd Party] jurlbl.ndb: 15386 sigs
[3rd Party] phish.ndb: 18187 sigs
[3rd Party] rogue.hdb: 2260 sigs
[3rd Party] scam.ndb: 11531 sigs
[3rd Party] spamimg.hdb: 896 sigs
[3rd Party] winnow_malware_links.ndb: 7892 sigs
[3rd Party] MSRBL-Images.hdb: 3004 sigs
[3rd Party] MSRBL-SPAM.ndb: 2785 sigs
bytecode.cld: version 149, sigs: 39, built on Sun Oct 23 10:29:41 2011
Total number of signatures: 1160661

Platform information
--------------------
uname: solaris2.10
OS: solaris2.10, ARCH: sparc, CPU: sparc
Full OS version: Solaris 10 10/09 s10s_u8wos_08a SPARC
zlib version: 1.2.3 (1.2.3), compile flags: 55
platform id: 0x0e613d3d1400000000030403

Build information
-----------------
GNU C: 3.4.3 (csl-sol210-3_4-branch+sol_rpath) (3.4.3)
CPPFLAGS: -I/opt/csw/include
CFLAGS: -mcpu=v8 -g -O2
CXXFLAGS:
LDFLAGS:
Configure: '--prefix=/opt/clamav' '--libdir=/opt/csw/lib/32' '--with-zlib=/opt/csw' '--with-
user=clamav' '--with-group=clamav' '--disable-static' '--enable-milter' 'CFLAGS=-mcpu=v8 -g -
O2' --enable-ltdl-convenience
sizeof(void*) = 4
Engine flevel: 61, dconf: 61
--------------------------------------


Thanks for any help.
Regards,
Pierre


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.