Bug#1069825: [Pkg-clamav-devel] Bug#1069825: clamav-daemon stops working with LibClamAV Error: cl_engine_addref: engine == NULL
On 2024-04-25 13:38:51 [+0200], Michael Braun wrote: > Hi, Hi, > I'm scanning incoming mails using clamav-daemon and clamav-milter. > From time to time, my mailserver stops working due to clamav-daemon locking > up. > > The clamav logs read: > >6889 Apr 25 11:28:12 gate clamd[939931]: Thu Apr 25 11:28:11 2024 -> > !accept() failed: Too many open files > 1 Apr 25 11:32:11 gate systemd-journald[311]: Suppressed 490085 > messages from clamav-daemon.service > > (with many repetitions) > > 1 Apr 25 11:33:41 gate clamd[939931]: LibClamAV Error: > cl_engine_addref: engine == NULL > 1 Apr 25 11:33:41 gate clamd[939931]: Thu Apr 25 11:33:41 2024 -> > !cl_engine_addref() failed > 1 Apr 25 11:33:41 gate clamd[939931]: Thu Apr 25 11:33:41 2024 -> > !Command dispatch failed > > (with many repetitions) > > Workaround: systemctl restart clamav-daemon fixes the problem temporarely. My guess is that _something_ within clamd forgets to close a fd and then you hit the limit followed by the fallout later on. 0.103.10 isn't the latest version, it is 0.103.11 but judging from the changelog there isn't anything that changed. Now. You could look at /proc/$CLAMD_PID/fd/ and check what kind of fd is raising. I have here 10 fds in total, your limit should be at 1024 so you have an idea how danlging fd you should. That 10 depends on your setup in terms of IP listeners and/ or IP. On average it should remain constant except if it creates temporary files during scans or opens sockets for clients. The files are visible in /proc, sockets have just an inode number but `ss' will show you more details here. Once you identified those then I could start looking closer in the source once I know where to look. The other alternative you have is to update to Bookworm hoping that bug is gone. Sebastian
Bug#1069825: clamav-daemon stops working with LibClamAV Error: cl_engine_addref: engine == NULL
Package: clamav Version: 0.103.10+dfsg-0+deb11u1 Severity: important Hi, I'm scanning incoming mails using clamav-daemon and clamav-milter. From time to time, my mailserver stops working due to clamav-daemon locking up. The clamav logs read: 6889 Apr 25 11:28:12 gate clamd[939931]: Thu Apr 25 11:28:11 2024 -> !accept() failed: Too many open files 1 Apr 25 11:32:11 gate systemd-journald[311]: Suppressed 490085 messages from clamav-daemon.service (with many repetitions) 1 Apr 25 11:33:41 gate clamd[939931]: LibClamAV Error: cl_engine_addref: engine == NULL 1 Apr 25 11:33:41 gate clamd[939931]: Thu Apr 25 11:33:41 2024 -> !cl_engine_addref() failed 1 Apr 25 11:33:41 gate clamd[939931]: Thu Apr 25 11:33:41 2024 -> !Command dispatch failed (with many repetitions) Workaround: systemctl restart clamav-daemon fixes the problem temporarely. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf --- AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName = "ClamAV" LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "30" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" ConcurrentDatabaseReload disabled DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "6" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertBrokenMedia disabled AlertEncrypted disabled StructuredCCOnly disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime = "12" MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "1" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled OnAccessCurlTimeout = "5000" OnAccessMaxThreads = "5" OnAccessRetryAttempts disabled OnAccessDenyOnError disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled AlgorithmicDetection = "yes" BlockMax disabled PhishingAlwaysBlockSSLMismatch disabled PhishingAlwaysBlockCloak disabled PartitionIntersection disabled OLE2BlockMacros disabled ArchiveBlockEncrypted disabled Config file: freshclam.conf --- LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled ExcludeDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled