Hello, today I had a very serious problem with clam. It crashed while checking its database - on both of my mailservers! So no mail was delivered for quite some time.
This is from freshclamd.log: Received signal: wake up ClamAV update process started at Wed Apr 11 04:15:54 2007 Connecting via stargate.win.topbuero.de main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via stargate.win.topbuero.de daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, builder: sven) -------------------------------------- Received signal: wake up ClamAV update process started at Wed Apr 11 04:45:59 2007 Connecting via stargate.win.topbuero.de main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via stargate.win.topbuero.de daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, builder: sven) As you can see, there was no update between 04:15h and 04:45h. And now the clamd.log: Wed Apr 11 04:00:07 2007 -> SelfCheck: Database status OK. Wed Apr 11 04:30:09 2007 -> SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 04:30:09 2007 -> Reading databases from /var/lib/clamav Wed Apr 11 04:30:21 2007 -> ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 04:30:21 2007 -> Terminating because of a fatal error.Wed Apr 11 04:30:21 2007 -> Socket file removed. Wed Apr 11 04:30:21 2007 -> Pid file removed. Wed Apr 11 04:30:21 2007 -> --- Stopped at Wed Apr 11 04:30:21 2007 At 04:30h it crashed while reading its database. When I realized that clam wasn't running anymore, I tried to restart it, but I diddn't work: Wed Apr 11 14:21:33 2007 -> +++ Started at Wed Apr 11 14:21:33 2007 Wed Apr 11 14:21:33 2007 -> clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i386) Wed Apr 11 14:21:33 2007 -> Log file size limit disabled. Wed Apr 11 14:21:33 2007 -> Reading databases from /var/lib/clamav Wed Apr 11 14:21:44 2007 -> ERROR: Broken or not a CVD file So took a look at /var/lib/clamav. There was a file "*.cvd" (without quotes). After removing it, I could restart clam: Wed Apr 11 14:22:08 2007 -> +++ Started at Wed Apr 11 14:22:08 2007 Wed Apr 11 14:22:08 2007 -> clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i386) Wed Apr 11 14:22:08 2007 -> Log file size limit disabled. Wed Apr 11 14:22:08 2007 -> Reading databases from /var/lib/clamav Wed Apr 11 14:22:21 2007 -> Loaded 107876 signatures. Wed Apr 11 14:22:21 2007 -> Unix socket file /var/amavis/clamd.sock Question is: Why the hell was there this strange file *.cvd and where does it came from? And why does clamd crashes when its present? I'm using clam 0.90.1, build as RPM from source. Greetings, Tom _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
