I'm running clamav on OpenBSD/amd64 5.5 (with various sanesecurity
hdb's, if that matters). Built from ports (with LLVM 3.3).
Config is:
LogSyslog true
LogFacility LOG_MAIL
TCPSocket 3310
TCPAddr 127.0.0.1
SelfCheck 600
User _clamav
AllowSupplementaryGroups true
This setup was stable with 0.98.1 but since updating to 0.98.3 I've
seen several segfaults like below (debug, backtrace and a couple of
prints from gdb included). Any ideas? Any requests for further
information next time it happens?
$THRMGR: queue (single) crossed low threshold -> signaling
$THRMGR: queue (bulk) crossed low threshold -> signaling
$Received POLLIN|POLLHUP on fd 8
$Got new connection, FD 13
$Received POLLIN|POLLHUP on fd 9
$fds_poll_recv: timeout after 5 seconds
$Received POLLIN|POLLHUP on fd 13
$got command CONTSCAN
/var/amavisd/tmp/amavis-20140512T125548-02478-meKXMAUm/parts (69, 7), argument:
/var/amavisd/tmp/amavis-20140512T125548-02478-meKXMAUm/parts
$mode -> MODE_WAITREPLY
$THRMGR: queue (single) crossed low threshold -> signaling
$Breaking command loop, mode is no longer MODE_COMMAND
$THRMGR: queue (bulk) crossed low threshold -> signaling
$Consumed entire command
$Number of file descriptors polled: 1 fds
$fds_poll_recv: timeout after 600 seconds
LibClamAV debug: in cli_magic_scandesc (reclevel: 0/16)
LibClamAV debug: Recognized Raw mail file
LibClamAV debug: cache_check: 508dfbcb3a25db9c5b22eaa7ee97081e is negative
LibClamAV debug: Starting cli_scanmail(), recursion = 1
LibClamAV debug: in mbox()
LibClamAV debug: parseEmailFile
LibClamAV debug: parseEmailFile: check 'Received: from localhost (unknown
[123.16.129.96])' fullline 0x0
LibClamAV debug: parseEmailFile: check ' by [REDACTED] (Postfix) with
ESMTP id 3gS1nn3QPBz74R3' fullline 0x0
LibClamAV debug: parseEmailFile: check ' for [REDACTED]; Mon, 12 May
2014 13:35:23 +0100 (BST)' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Received: from [167.39.199.27]
(helo=jnxfcznftn.fxztsfyhme.info)' fullline 0x0
LibClamAV debug: parseEmailFile: check ' by localhost with esmtpa (Exim
4.69)' fullline 0x0
LibClamAV debug: parseEmailFile: check ' (envelope-from )' fullline 0x0
LibClamAV debug: parseEmailFile: check ' id 1MMK6T-0496yb-WZ' fullline
0x0
LibClamAV debug: parseEmailFile: check ' for [REDACTED]; Mon, 12 May
2014 19:35:24 +0700' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Date: Mon, 12 May 2014 19:35:24
+0700' fullline 0x0
LibClamAV debug: parseEmailFile: check 'From: "UPS Quantum View"
<auto-not...@ups.com>' fullline 0x0
LibClamAV debug: parseEmailFile: check 'X-Mailer: The Bat! (v3.0.0.15)
Professional' fullline 0x0
LibClamAV debug: parseEmailFile: check 'X-Priority: 3 (Normal)' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Message-ID:
<2465346162.j7a29kv6581...@moezlge.bpkpejifhl.net>' fullline 0x0
LibClamAV debug: parseEmailFile: check 'To: [REDACTED]' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Cc: [REDACTED]' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Subject: UPS Notification, Tracking
Number 1484-527152' fullline 0x0
LibClamAV debug: parseEmailFile: check 'MIME-Version: 1.0' fullline 0x0
LibClamAV debug: parseEmailFile: check 'Content-Type: multipart/mixed;'
fullline 0x0
LibClamAV debug: parseEmailFile: check '
boundary="----------9305594F5ADCAB39"' fullline 0x443d5bd6ce0
LibClamAV debug: parseEmailHeader 'Content-Type: multipart/mixed;
boundary="----------9305594F5ADCAB39"'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' multipart/mixed;
boundary="----------9305594F5ADCAB39"'
LibClamAV debug: messageSetMimeType: 'multipart'
LibClamAV debug: mimeArgs = ' boundary="----------9305594F5ADCAB39"'
LibClamAV debug: Add arguments ' boundary="----------9305594F5ADCAB39"'
LibClamAV debug: messageAddArgument, arg='boundary=----------9305594F5ADCAB39'
LibClamAV debug: parseEmailFile: check '' fullline 0x0
LibClamAV debug: End of header information
LibClamAV debug: newline_in_header, check "------------9305594F5ADCAB39"
LibClamAV debug: getline_from_mbox: fmap need failed
LibClamAV debug: parseEmailFile: return
LibClamAV debug: in parseEmailBody, 0 files saved so far
LibClamAV debug: Parsing mail file
LibClamAV debug: mimeType = 5
LibClamAV debug: Content-type 'multipart' handler
LibClamAV debug: boundaryStart: found ----------9305594F5ADCAB39 in
------------9305594F5ADCAB39
LibClamAV debug: Now read in part 0
LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type:
multipart/alternative; boundary="----------7F07E60B2BC74B5"'
LibClamAV debug: parseEmailHeader 'Content-Type: multipart/alternative;
boundary="----------7F07E60B2BC74B5"'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg='
multipart/alternative; boundary="----------7F07E60B2BC74B5"'
LibClamAV debug: messageSetMimeType: 'multipart'
LibClamAV debug: mimeArgs = ' boundary="----------7F07E60B2BC74B5"'
LibClamAV debug: Add arguments ' boundary="----------7F07E60B2BC74B5"'
LibClamAV debug: messageAddArgument, arg='boundary=----------7F07E60B2BC74B5'
LibClamAV debug: Multipart 0: End of header information
LibClamAV debug: boundaryStart: found ----------9305594F5ADCAB39 in
------------9305594F5ADCAB39
LibClamAV debug: Part 0 has 86 lines, rc = 1
LibClamAV debug: Mixed message part 0 is of type 5
LibClamAV debug: Found multipart inside multipart
LibClamAV debug: in parseEmailBody, 0 files saved so far
LibClamAV debug: Parsing mail file
LibClamAV debug: mimeType = 5
LibClamAV debug: Content-type 'multipart' handler
LibClamAV debug: boundaryStart: found ----------7F07E60B2BC74B5 in
------------7F07E60B2BC74B5
LibClamAV debug: Now read in part 0
LibClamAV debug: Multipart 0: About to parse folded header 'Content-Type:
text/plain; charset=us-ascii'
LibClamAV debug: parseEmailHeader 'Content-Type: text/plain; charset=us-ascii'
LibClamAV debug: parseMimeHeader: cmd='Content-Type', arg=' text/plain;
charset=us-ascii'
LibClamAV debug: messageSetMimeType: 'text'
LibClamAV debug: mimeArgs = ' charset=us-ascii'
LibClamAV debug: Add arguments ' charset=us-ascii'
LibClamAV debug: messageAddArgument, arg='charset=us-ascii'
LibClamAV debug: Discarding unwanted argument 'charset=us-ascii'
LibClamAV debug: Multipart 0: About to parse folded header
'Content-Transfer-Encoding: 7bit'
LibClamAV debug: parseEmailHeader 'Content-Transfer-Encoding: 7bit'
LibClamAV debug: parseMimeHeader: cmd='Content-Transfer-Encoding', arg=' 7bit'
LibClamAV debug: messageSetEncoding: '7bit'
LibClamAV debug: Encoding type 1 is "7bit"
LibClamAV debug: Multipart 0: End of header information
Program received signal SIGSEGV, Segmentation fault.
0x00000443d0135d0a in poll () at <stdin>:2
2 <stdin>: No such file or directory.
(gdb) bt
#0 0x00000443d0135d0a in poll () at <stdin>:2
#1 0x00000443d07e4c0d in poll (fds=0x443d1b96ed0, nfds=1, timeout=600000) at
/usr/src/lib/librthread/rthread_cancel.c:334
#2 0x00000441c9419388 in fds_poll_recv (data=0x7f7fffff9c48, timeout=600000,
check_signals=1, event=<optimized out>) at others.c:593
#3 0x00000441c94163d0 in recvloop_th (socketds=0x443cd8f9cd0, nsockets=1,
engine=0x443d410b400, dboptions=8202, opts=0x443ce303600)
at server-th.c:1210
#4 0x00000441c941172e in main (argc=<optimized out>, argv=<optimized out>) at
clamd.c:721
(gdb) frame 2
#2 0x00000441c9419388 in fds_poll_recv (data=0x7f7fffff9c48, timeout=600000,
check_signals=1, event=<optimized out>) at others.c:593
593 retval = poll (data->poll_data, n, timeout);
(gdb) p *data
$1 = {buf_mutex = 0x7f7fffff9d40, buf = 0x443ca054b00, nfds = 1, poll_data =
0x443d1b96ed0, poll_data_nfds = 1}
(gdb) p *data->poll_data
$2 = {fd = 9, events = 1, revents = 0}
(gdb) p *data->buf
$3 = {buffer = 0x0, bufsize = 0, off = 0, fd = 9, term = 0 '\000', got_newdata
= 0, recvfd = -1, mode = MODE_COMMAND, id = 0, dumpfd = -1,
chunksize = 0, quota = 0, dumpname = 0x0, timeout_at = 0, group = 0x0}
(gdb) p *data->buf_mutex
$4 = (pthread_mutex_t) 0x443d6269ac0
(gdb) p data->buf_mutex
$5 = (pthread_mutex_t *) 0x7f7fffff9d40
(gdb) frame 3
#3 0x00000441c94163d0 in recvloop_th (socketds=0x443cd8f9cd0, nsockets=1,
engine=0x443d410b400, dboptions=8202, opts=0x443ce303600)
at server-th.c:1210
1210 new_sd = fds_poll_recv(fds, selfchk ? (int)selfchk : -1, 1,
event_wake_recv);
(gdb) p *engine
$6 = {refcount = 2, sdb = 0, dboptions = 9226, dbversion = {18969, 1399893209},
ac_only = 0, ac_mindepth = 2, ac_maxdepth = 3,
tmpdir = 0x0, keeptmp = 0, engine_options = 0, maxscansize = 104857600,
maxfilesize = 26214400, maxreclevel = 16, maxfiles = 10000,
min_cc_count = 3, min_ssn_count = 3, root = 0x443cd874348, hm_hdb =
0x443d7dbdeb8, hm_mdb = 0x443d3978898, hm_fp = 0x443d20a9380,
cdb = 0x443e6202040, whitelist_matcher = 0x443ca3c7020, domainlist_matcher =
0x443d11a6000, phishcheck = 0x443cd8743e8,
dconf = 0x443cd8743b8, ftypes = 0x443cd9a69e8, ptypes = 0x443cb9a5e48,
ignored = 0x0, pua_cats = 0x0, iconcheck = 0x443d0716308,
cache = 0x443cd874418, dbinfo = 0x0, mempool = 0x443cd874000, cmgr = {crts =
0x0, items = 0}, cb_pre_cache = 0x0, cb_pre_scan = 0x0,
cb_post_scan = 0x0, cb_sigload = 0x0, cb_sigload_ctx = 0x0, cb_hash =
0x441c9417e20 <hash_callback>, cb_meta = 0x0, bcs = {
all_bcs = 0x443c9c2f000, count = 41, engine = 0x0, env = {platform_id_a =
52514125, platform_id_b = 134217728, platform_id_c = 262657,
c_version = 262657, cpp_version = 0, functionality_level = 77,
dconf_level = 77,
engine_version = "0.98.3", '\000' <repeats 58 times>, triple = '\000'
<repeats 64 times>, cpu = '\000' <repeats 64 times>,
sysname = "OpenBSD", '\000' <repeats 57 times>, release = "5.5", '\000'
<repeats 61 times>,
version = "GENERIC.MP#295", '\000' <repeats 50 times>, machine = "amd64",
'\000' <repeats 59 times>, big_endian = 0 '\000',
sizeof_ptr = 8 '\b', arch = 2 '\002', os_category = 3 '\003', os = 0
'\000', compiler = 1 '\001', has_jit_compiled = 0 '\000',
os_features = 0 '\000', reserved0 = 0 '\000'}, inited = 1}, hooks = {0x0,
0x443c9b77ef0, 0x443c9b940f0, 0x443c9b94af0}, hooks_cnt = {
0, 3, 2, 1}, hook_lsig_ids = 4, bytecode_security =
CL_BYTECODE_TRUST_SIGNED, bytecode_timeout = 5000,
bytecode_mode = CL_BYTECODE_MODE_AUTO, maxembeddedpe = 10485760,
maxhtmlnormalize = 10485760, maxhtmlnotags = 2097152,
maxscriptnormalize = 5242880, maxziptypercg = 1048576, stats_data =
0x443c9bbfac0, cb_stats_add_sample = 0x0,
cb_stats_remove_sample = 0x443cc0d9480 <clamav_stats_remove_sample>,
cb_stats_decrement_count = 0x443cc0d9570 <clamav_stats_decrement_count>,
cb_stats_submit = 0x0,
cb_stats_flush = 0x443cc0d9900 <clamav_stats_flush>, cb_stats_get_num =
0x443cc0d9110 <clamav_stats_get_num>,
cb_stats_get_size = 0x443cc0d9200 <clamav_stats_get_size>,
cb_stats_get_hostid = 0x443cc0d91d0 <clamav_stats_get_hostid>,
maxpartitions = 50, maxiconspe = 100}
(gdb) p *socketds
$7 = 8
(gdb) p *opts
$8 = {name = 0x0, cmd = 0x443cf7d4fd0 "help", strarg = 0x0, numarg = 0, enabled
= 0, active = 0, flags = 0, idx = 0, nextarg = 0x0,
next = 0x443ce303e00, filename = 0x0}
-rw-r--r-- 1 _clamav _clamav 24990 May 12 12:49 blurl.ndb
-rw-r--r-- 1 _clamav _clamav 1462122 May 12 12:46 bofhland_cracked_URL.ndb
-rw-r--r-- 1 _clamav _clamav 13960 May 12 10:49 bofhland_malware_URL.ndb
-rw-r--r-- 1 _clamav _clamav 50659 May 12 10:49
bofhland_malware_attach.hdb
-rw-r--r-- 1 _clamav _clamav 17116 May 12 12:46
bofhland_phishing_URL.ndb
-rw-r--r-- 1 _clamav _clamav 345088 Feb 5 18:35 bytecode.cld
-rw-r--r-- 1 _clamav _clamav 358337 May 12 12:46 crdfam.clamav.hdb
-rw-r--r-- 1 _clamav _clamav 60596224 May 12 13:31 daily.cld
-rw-r--r-- 1 _clamav _clamav 65 Jul 26 2013 doppelstern.hdb
-rw-r--r-- 1 _clamav _clamav 1297 Mar 18 09:51 foxhole_filename.cdb
-rw-r--r-- 1 _clamav _clamav 22549 Feb 15 2012 honeynet.hdb
-rw-r--r-- 1 _clamav _clamav 5990949 May 12 08:49 junk.ndb
-rw-r--r-- 1 _clamav _clamav 675757 May 12 12:49 jurlbl.ndb
-rw-r--r-- 1 _clamav _clamav 163468288 Sep 17 2013 main.cld
-rw-r--r-- 1 _clamav _clamav 260 May 12 13:31 mirrors.dat
-rw-r--r-- 1 _clamav _clamav 3545696 May 12 11:49 phish.ndb
-rw-r--r-- 1 _clamav _clamav 4279887 May 12 12:45 phishtank.ndb
-rw-r--r-- 1 _clamav _clamav 226187 May 11 07:45 porcupine.ndb
-rw-r--r-- 1 _clamav _clamav 60243 May 12 10:54 rogue.hdb
-rw-r--r-- 1 _clamav _clamav 9849 Jan 27 10:00 sanesecurity.ftm
-rw-r--r-- 1 _clamav _clamav 1846273 May 6 15:21 scam.ndb
-rw-r--r-- 1 _clamav _clamav 21037450 May 12 05:49 securiteinfo.hdb
-rw-r--r-- 1 _clamav _clamav 200405 Aug 21 2012 securiteinfobat.hdb
-rw-r--r-- 1 _clamav _clamav 391274 Nov 28 13:02 securiteinfodos.hdb
-rw-r--r-- 1 _clamav _clamav 75040 Jan 21 06:13 securiteinfoelf.hdb
-rw-r--r-- 1 _clamav _clamav 5457344 Feb 19 17:58 securiteinfohtml.hdb
-rw-r--r-- 1 _clamav _clamav 264154 Jan 15 2013 securiteinfooffice.hdb
-rw-r--r-- 1 _clamav _clamav 468241 Aug 16 2012 securiteinfopdf.hdb
-rw-r--r-- 1 _clamav _clamav 29520 Aug 21 2012 securiteinfosh.hdb
-rw-r--r-- 1 _clamav _clamav 5082 May 7 10:55 sigwhitelist.ign2
-rw-r--r-- 1 _clamav _clamav 80 Feb 25 10:51 spamattach.hdb
-rw-r--r-- 1 _clamav _clamav 2358 Apr 22 08:17 spamimg.hdb
-rw-r--r-- 1 _clamav _clamav 104505 May 12 06:45 winnow.attachments.hdb
-rw-r--r-- 1 _clamav _clamav 11601 May 12 12:45 winnow_bad_cw.hdb
-rw-r--r-- 1 _clamav _clamav 647636 May 12 06:45
winnow_extended_malware.hdb
-rw-r--r-- 1 _clamav _clamav 433522 May 12 06:45 winnow_malware.hdb
-rw-r--r-- 1 _clamav _clamav 1640277 May 12 06:45 winnow_malware_links.ndb
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
