Hi Micah, did you have time to investigate those issues?
Should I create bug reports for them or are those issues being tracked already? Do you need any more information from my side? Kr, Jens From: Micah Snyder (micasnyd) <micas...@cisco.com> Sent: Thursday, August 9, 2018 2:39 PM To: ClamAV users ML <clamav-users@lists.clamav.net> Subject: Re: [clamav-users] ScanOnAccess: ... (null) FOUND I've been running clamd with OnAccess on a box using Firefox and just yesterday saw the (null) FOUND as well. I haven't had a chance to take the file in question and debug with clamscan to reproduce it and figure out what's causing it but I will do so soon. Regarding your second issue, I believe there is a memory leak with the OnAccessExtraScanning feature because the threads that process the extra scanning work aren't being join()'d. I have a feeling that may be why you're seeing "Unable to kick off extra scanning". We're getting near the end of our development cycle for 0.101 and still have some tough work left, but we'll try to find a solution to the OnAccessExtraScanning thread joining issue if time permits. Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Aug 9, 2018, at 4:03 AM, Kretschmer, Jens <kretschmer.j...@siemens.com<mailto:kretschmer.j...@siemens.com>> wrote: Do you have the OnAccessExtraScanning option on by chance? Yes, OnAccessExtraScanning is turned on. I was able to reproduce this behavior on a different machine. It uses the same configuration as the first machine (the clamconf output can be found in my previous E-Mail). I rebooted the machine yesterday at 13:45 and left it untouched. I did not even log in. Today I logged in via ssh and the first ScanOnAccess message since the reboot in the journal was: Aug 09 09:36:47 hostname2 clamd[8888]: SelfCheck: Database status OK. Aug 09 09:37:24 hostname2 clamd[8888]: ScanOnAccess: Performing additional scanning on file '/home/user1/.sh_histdir/hostname2.0' Aug 09 09:37:24 hostname2 clamd[8888]: ScanOnAccess: /home/user1/.sh_histdir/hostname2.0: (null) FOUND Aug 09 09:39:34 hostname2 clamd[8888]: ScanOnAccess: Performing additional scanning on file '/home/user1/test2' Aug 09 09:39:34 hostname2 clamd[8888]: ScanOnAccess: /home/user1/test2: (null) FOUND On the first machine I restarted clamd@scan yesterday 13:32:05 and ran the following script #!/bin/ksh file="testfile.txt" while true; do echo "test123" > $file sync rm $file done after about 13 hours clamd starts to show only the messages: "ScanOnAccess: Unable to kick off extra scanning." Aug 09 02:40:37 hostname1 clamd[15866]: ScanOnAccess: Performing additional scanning on file '/home/user1/test/testfile.txt' Aug 09 02:40:38 hostname1 clamd[15866]: ScanOnAccess: Performing additional scanning on file '/home/user1/test/testfile.txt' Aug 09 02:40:39 hostname1 clamd[15866]: ScanOnAccess: Unable to kick off extra scanning. Aug 09 02:40:39 hostname1 clamd[15866]: ScanOnAccess: Unable to kick off extra scanning. Best regards, Jens _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
