[Clamav-users] clamav-milter & nscd problem

Tue, 09 Aug 2005 05:57:43 -0700 

        Last month I started getting 10-20 random clamav-milter segfaults
each day. The load is a few tens of thousand scans daily.

        The very same clamav-milter segfaults can also be induced
persistently by "clmilter_watch". That was a surprize to me, because
clmilter_watch is only a health monitoring utility for the clamav-milter
daemon (see http://www.itg.uiuc.edu/itg_software/clmilter_watch).

        On a completely quiet system when tested with clmilter_watch, the
segfaults happen only when using nscd (name service cache daemon) which
comes as a part of glibc (v2.3.5). This means that if I just "pkill nscd"
then the problem vanishes, but if I have nscd running, restart clamav-milter,
then probe it with clmilter_watch, clamav-milter segfaults immediately.

Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_eoh
Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_envbody: 4756 bytes
Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_eom
Aug  8 22:07:30 alpha clamav-milter[13116]: j78RCJ7TXH930484: clean message 
from <>
Aug  8 22:07:30 alpha clamav-milter[13116]: clamfi_close
Aug  8 22:07:30 alpha clamav-milter[13116]: Segmentation fault :-( Bye..

        I have enabled debug code and modes and then tried to strace the
problem, with limited results. It seems that clamav-milter segfaults right
after reading from the nscd socket a hostname resolution result (for
localhost.localdomain), and before anything else. It maybe a glibc problem
as there was a glibc upgrade last month indeed.

        Here are the command lines used:

        /usr/sbin/clamav-milter --debug --max-children 150 --force-scan 
--timeout=0 --quiet --local inet:33100
        /noc/scripts/nst/clmilter_watch -L /dev/null -s 43210  -t 5 # monitor 
of clamav-milter

        Here are the options from /etc/clamd.conf

LogClean
LogSyslog
LogVerbose
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
StreamMaxLength 20M
MaxThreads 150
User clamav
Foreground
Debug
DetectBrokenExecutables
ScanRAR

        I am currently in the process of testing with a previous version of
glibc, just in case I have hit a new bug, but this will take time. Does any
body else have another hint?

-- 
Apostolis Papayanakis
[EMAIL PROTECTED], 2310-998416
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html

Reply via email to