Hi,
the patched version of clamav-milter is running since 5 days without problems.
I can confirm that your patch solved the problem.
Thanks and regards
Urban Loesch
-------- Original-Nachricht --------
Betreff: Re: [clamav-users] clamav-milter: Failed to create temporary file
Datum: Thu, 04 Sep 2014 15:21:00 +0200
Von: Urban Loesch <b...@enas.net>
An: Steven Morgan <smor...@sourcefire.com>, "J. David Rye"
<d....@roadtech.co.uk>
Kopie (CC): Shawn Webb (shawebb) <shaw...@cisco.com>
Hi,
I installed the patch on one of my servers where it happens.
Now I have to wait some days, because to me it does not happen very frequently.
I let you know the result.
Many thanks
Urban
Am 04.09.2014 00:57, schrieb Steven Morgan:
> Hi,
>
> We may have an answer. Is it possible try the following patch and see if it
> fixes the problem?
>
> Thanks,
> Steve
>
> --- a/clamav-milter/clamav-milter.c
> +++ b/clamav-milter/clamav-milter.c
> @@ -56,6 +56,8 @@ int main(int argc, char **argv) {
> mode_t umsk;
> int ret;
>
> + cl_initialize_crypto();
> +
> memset(&descr, 0, sizeof(struct smfiDesc));
> descr.xxfi_name = "ClamAV"; /* filter name */
> descr.xxfi_version = SMFI_VERSION; /* milter version */
>
>
> On Tue, Sep 2, 2014 at 6:12 PM, Steven Morgan <smor...@sourcefire.com
> <mailto:smor...@sourcefire.com>> wrote:
>
> Hi J. David,
>
> Thanks for the additional analysis and information. I've been looking at
> this for a bit today. I have opened a ticket in the ClamAV bugzilla
> system to track the issue. The ticket number is 11089. Hope to have an
> answer soon.
>
> Steve
>
>
> On Sun, Aug 31, 2014 at 5:52 AM, J. David Rye <d....@roadtech.co.uk
> <mailto:d....@roadtech.co.uk>> wrote:
>
> On Thu, 2014-08-21 at 19:22 -0400, Steven Morgan wrote:
> > Hi Urban,
> >
> > I took a look at this code. The real problem is the inability to
> > create a
> > temporary file. The second message just results from the return code
> > of the
> > function that attempts to create the temp file. We need to find out
> > why the
> > temp file creation fails. There should also be a clamav error
> message
> > written from: cli_errmsg("cli_gentempfd: Can't create temporary
> file
> > %s:
> > %s\n", *name, strerror(errno)); Can you find this message?
> >
> > Otherwise, it is a memory allocation failure for space for the temp
> > file
> > name, which seems unlikely.
> >
> > Steve
>
> I am also seeing this issue. Mostly intermitant but see further down.
>
> cli_errmsg wont work if clamav-milter has daemonezed.
> it only writes to STDERR and the function daemonize closes standard
> error even if you recompile with CL_DEBUG set.
>
> Only way to get is to get the error messages from cli_gentempfd seams
> to be to uncomment the line
>
> "#Foreground yes"
>
> In clamav-milter.conf, then run in foreground from command line.
>
> As an aside I wonder why cli_gentempfd does not use the function
> logg()
> and output to file or syslog depending on configuration file.
>
> I am running clamav-milter on a VM. OS is CentoOS 6.5
> VM has 4 vcpu, and 2GB RAM
> clamav-milter is version 0.98.4-1.el6.rf installed from rpmforge
> repository.
>
> Looking at he logs if time stamps in syslog for calls to clamav-milter
> are two seconds or more apart the problem never shows.
>
> However if 4 or more messages arrive in two seconds problem always
> shows
> up, the failure to create temp file is usually time stamped 2 seconds
> after the first message in the burst that triggered it.
>
> On a sustained burst of traffic pretty much all the messages trip the
> issue.
> In a 1 hour period last week when I had a lot of messages due to a
> different issue. I had 20,000 temp file failures, and 23 messages
> delivered.
>
> [root@mailhost-c6 etc]# clamav-milter
> --config-file=/etc/clamav-milter.conf.foreground
> Local socket unix:/var/run/clamav/clamd.sock added to the pool (slot
> 1)
> Probe for slot 1 returned: success
> LibClamAV Error: cli_gentempfd: Can't create temporary
> file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
> ERROR: Failed to create temporary file
> ERROR: Failed to initiate streaming/fdpassing
> LibClamAV Error: cli_gentempfd: Can't create temporary
> file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
> ERROR: Failed to create temporary file
> ERROR: Failed to initiate streaming/fdpassing
> LibClamAV Error: cli_gentempfd: Can't create temporary
> file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
> ERROR: Failed to create temporary file
> ERROR: Failed to initiate streaming/fdpassing
> LibClamAV Error: cli_gentempfd: Can't create temporary
> file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
> ERROR: Failed to create temporary file
> ERROR: Failed to initiate streaming/fdpassing
> LibClamAV Error: cli_gentempfd: Can't create temporary
> file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
> ERROR: Failed to create temporary file
> ERROR: Failed to initiate streaming/fdpassing
> Message from <n0r3ply812...@scotland117.wanadoo.co.uk
> <mailto:n0r3ply812...@scotland117.wanadoo.co.uk>> to
> <stevensonbros> infected by Heuristics.Phishing.Email.SpoofedDomain
> Message from <n0r3ply620...@aughamullan.dungannon.ni.sch.uk
> <mailto:n0r3ply620...@aughamullan.dungannon.ni.sch.uk>> to
> <brett01> infected by Heuristics.Phishing.Email.SpoofedDomain
> Probe for slot 1 returned: success
>
>
> I think
>
> clamav-milter does a lot of initialization, including setting up a
> structure with a list of function entry points it then calls
> smfi_main.
>
> smfi_main in turn forks one thread for each message, and calls the
> entry
> points in the context of the thread.
>
> call back to function clamfi_header
> that calls sendchunk
> which calls nc_connect_rand
> which calls cli_gentempfd which prints the EEXISTS errors to stderr
> shown above.
>
> File name looks like it is supposed to be based on a 16 byte MD5
> digest
> printed in hex.
>
> cli_gentempfd builds the name by calling cli_gentemp
> which adds 32 bytes of random data from cli_rndnum to a 16
> byte seed
> passes a pointer the the 48 buffer to cli_md5buff
> which in turn calls cl_hash_data
> digest returned is used to create the file name,
> and update the seed for the next name.
>
>
> Note cli_gentemp is common to all programs in the clam set.
>
> Note cl_hash_data is calling openssl library functions to calculate
> the
> digest.
>
> Note cli_md5buff does not check for an error in cl_hash_data
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/support/ml
>
>
>
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
