Hi,
I have been running clamAV 0.91.2 software on our Solaris email server
for a few weeks and all has been well, but I have noticed in the last
few days that "clamscan" does not end on a specific HTML email.
I have caught the email and run clamscan by hand on the file and this
what happens:
# /usr/local/clamav0912/bin/clamscan --verbose -r --stdout --infected ./Work
Scanning ./Work/INPUTMBOX
Strangely when I run it with the older version the program works:
# /usr/local/clamav0902/bin/clamscan --verbose -r --stdout --infected ./Work
Scanning ./Work/INPUTMBOX
----------- SCAN SUMMARY -----------
Known viruses: 118783
Engine version: 0.90.2
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.02 MB
Time: 44.042 sec (0 m 44 s)
When I run it via truss it the last few lines look like:
12517: write(1, " S c a n n i n g . / W".., 26) = 26
12517: open("./Work/INPUTMBOX", O_RDONLY) = 4
12517: fxstat(2, 4, 0x080453A0) = 0
12517: lseek(4, 0, SEEK_SET) = 0
12517: read(4, " F r o m m e s s a g e".., 256) = 256
12517: lseek(4, 0, SEEK_SET) = 0
12517: times(0x08044F00) = 424043996
....
12517: times(0x08044F00) = 424043996
12517: times(0x08044F00) = 424043996
12517: mkdir("/var/tmp//clamav-7d9a1d4a6e4a6578dc28281bbe429acc", 0700) = 0
12517: dup(4) = 5
12517: fcntl(5, F_GETFD, 0x00000004) = 0
12517: llseek(5, 0, SEEK_CUR) = 0
12517: llseek(5, 0, SEEK_SET) = 0
12517: fstat64(5, 0x08043B60) = 0
12517: fstat64(5, 0x08043AA0) = 0
12517: ioctl(5, TCGETA, 0x08043B34) Err#25 ENOTTY
12517: read(5, " F r o m m e s s a g e".., 8192) = 7501
12517: read(5, 0x09F9079C, 8192) = 0
12517: llseek(5, 0, SEEK_CUR) = 7501
12517: close(5) = 0
12517: sysconfig(_CONFIG_PAGESIZE) = 4096
I have run it on a few Solaris platforms with the same results....
Thanks
Andrew
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
