> Log output, for a start. Then I would suggest running clamd for a while > the various debugging options (LogClean LogVerbose, etc) turned on, to > see if you can capture anyhting useful. finally of course, running an > unstripped copy under gdb if nothing else works.
Here's clamav.log. The last downtime occurred in the gap between Aug 9 and Aug 10. Sun Aug 7 08:34:58 2005 -> SelfCheck: Database status OK. Sun Aug 7 09:38:06 2005 -> SelfCheck: Database status OK. Sun Aug 7 10:38:37 2005 -> SelfCheck: Database status OK. Sun Aug 7 10:39:34 2005 -> /var/spool/clamav-filter/clfi.SQJZ5c: Worm.Mydoom.M FOUND Sun Aug 7 11:38:52 2005 -> SelfCheck: Database status OK. Sun Aug 7 12:28:53 2005 -> /var/spool/clamav-filter/clfi.EHcgjd: HTML.Phishing.Pay-37 FOUND Sun Aug 7 12:34:27 2005 -> Reading databases from /var/lib/clamav/ Sun Aug 7 12:34:32 2005 -> Database correctly reloaded (38184 viruses) Sun Aug 7 12:42:37 2005 -> SelfCheck: Database status OK. Sun Aug 7 13:42:49 2005 -> SelfCheck: Database status OK. Sun Aug 7 14:43:14 2005 -> SelfCheck: Database status OK. Sun Aug 7 15:47:11 2005 -> SelfCheck: Database status OK. Sun Aug 7 16:48:39 2005 -> SelfCheck: Database status OK. Sun Aug 7 17:50:05 2005 -> SelfCheck: Database status OK. Sun Aug 7 18:50:48 2005 -> SelfCheck: Database status OK. Sun Aug 7 19:53:05 2005 -> SelfCheck: Database status OK. Sun Aug 7 20:23:39 2005 -> /var/spool/clamav-filter/clfi.7WVr76: Worm.Mydoom.M FOUND Sun Aug 7 20:53:11 2005 -> SelfCheck: Database status OK. Sun Aug 7 20:55:44 2005 -> /var/spool/clamav-filter/clfi.K6bLBL: Worm.Mydoom.M FOUND Sun Aug 7 21:54:19 2005 -> SelfCheck: Database status OK. Sun Aug 7 22:08:16 2005 -> Reading databases from /var/lib/clamav/ Sun Aug 7 22:08:20 2005 -> Database correctly reloaded (38187 viruses) Sun Aug 7 22:38:54 2005 -> /var/spool/clamav-filter/clfi.JWt4DI: Worm.Mydoom.M FOUND Sun Aug 7 23:01:31 2005 -> SelfCheck: Database status OK. Sun Aug 7 23:08:08 2005 -> /var/spool/clamav-filter/clfi.kSbweh: Worm.Mydoom.M FOUND Mon Aug 8 00:04:19 2005 -> SelfCheck: Database status OK. Mon Aug 8 01:06:16 2005 -> SelfCheck: Database status OK. Mon Aug 8 01:51:01 2005 -> /var/spool/clamav-filter/clfi.5YRARh: Worm.Mydoom.M FOUND Mon Aug 8 01:52:07 2005 -> /var/spool/clamav-filter/clfi.fu2A8z: Worm.SomeFool.P FOUND Mon Aug 8 02:07:42 2005 -> SelfCheck: Database status OK. Mon Aug 8 02:40:34 2005 -> /var/spool/clamav-filter/clfi.UC3IJY: Worm.Mydoom.M FOUND Mon Aug 8 03:06:58 2005 -> /var/spool/clamav-filter/clfi.r05hPc: Worm.Mydoom.M FOUND Mon Aug 8 03:09:16 2005 -> SelfCheck: Database status OK. Mon Aug 8 03:16:00 2005 -> /var/spool/clamav-filter/clfi.hdAEab: Worm.Mydoom.M FOUND Mon Aug 8 03:33:55 2005 -> /var/spool/clamav-filter/clfi.U2SNWq: Worm.Mydoom.M FOUND Mon Aug 8 03:34:21 2005 -> /var/spool/clamav-filter/clfi.vcGfH6: Worm.Mydoom.M FOUND Mon Aug 8 03:37:50 2005 -> /var/spool/clamav-filter/clfi.wHfWxn: Worm.Mydoom.M FOUND Mon Aug 8 04:12:33 2005 -> SelfCheck: Database status OK. Mon Aug 8 04:36:56 2005 -> /var/spool/clamav-filter/clfi.Kp0B1n: Worm.Mydoom.M FOUND Mon Aug 8 04:44:01 2005 -> /var/spool/clamav-filter/clfi.aFM0O6: Worm.Mydoom.M FOUND Mon Aug 8 04:52:50 2005 -> /var/spool/clamav-filter/clfi.Cjbabi: Worm.Mydoom.M FOUND Mon Aug 8 04:59:42 2005 -> /var/spool/clamav-filter/clfi.cgr2SG: Worm.Mydoom.M FOUND Mon Aug 8 05:01:18 2005 -> /var/spool/clamav-filter/clfi.MmiBiq: Worm.Mydoom.M FOUND Mon Aug 8 05:03:08 2005 -> /var/spool/clamav-filter/clfi.9GVwZU: Worm.Mydoom.M FOUND Mon Aug 8 05:14:03 2005 -> SelfCheck: Database status OK. Mon Aug 8 05:20:19 2005 -> /var/spool/clamav-filter/clfi.8mOkH8: Worm.Mydoom.M FOUND Mon Aug 8 05:28:53 2005 -> /var/spool/clamav-filter/clfi.iUdKiI: Worm.Mytob.CL FOUND Mon Aug 8 06:11:32 2005 -> /var/spool/clamav-filter/clfi.ICpe52: Worm.Mydoom.M FOUND Mon Aug 8 06:17:01 2005 -> SelfCheck: Database status OK. Mon Aug 8 06:19:32 2005 -> /var/spool/clamav-filter/clfi.Rva6XS: Worm.Mydoom.M FOUND Mon Aug 8 06:34:20 2005 -> /var/spool/clamav-filter/clfi.lYxzmC: Worm.Mydoom.M FOUND Mon Aug 8 06:35:36 2005 -> /var/spool/clamav-filter/clfi.IxB8Qp: Worm.Mydoom.M FOUND Mon Aug 8 07:11:27 2005 -> /var/spool/clamav-filter/clfi.GU0KMe: Worm.Mydoom.M FOUND Mon Aug 8 07:18:14 2005 -> SelfCheck: Database status OK. Mon Aug 8 07:29:14 2005 -> /var/spool/clamav-filter/clfi.ZyUxTf: Worm.Mydoom.M FOUND Mon Aug 8 08:18:53 2005 -> SelfCheck: Database status OK. Mon Aug 8 09:19:05 2005 -> SelfCheck: Database status OK. Mon Aug 8 09:36:51 2005 -> /var/spool/clamav-filter/clfi.9lqP5r: Worm.SomeFool.P FOUND Mon Aug 8 10:19:11 2005 -> SelfCheck: Database status OK. Mon Aug 8 10:54:47 2005 -> /var/spool/clamav-filter/clfi.jh0THo: Worm.Mydoom.M FOUND Mon Aug 8 11:11:34 2005 -> /var/spool/clamav-filter/clfi.rKPRjT: Worm.Mydoom.M FOUND Mon Aug 8 11:19:14 2005 -> SelfCheck: Database status OK. Mon Aug 8 11:19:52 2005 -> /var/spool/clamav-filter/clfi.WPghD6: Worm.Mydoom.M FOUND Mon Aug 8 11:54:06 2005 -> /var/spool/clamav-filter/clfi.N534hz: Worm.Mydoom.M FOUND Mon Aug 8 12:19:33 2005 -> SelfCheck: Database status OK. Mon Aug 8 13:19:37 2005 -> SelfCheck: Database status OK. Mon Aug 8 13:30:49 2005 -> /var/spool/clamav-filter/clfi.3e7DAg: Worm.Mydoom.M FOUND Mon Aug 8 14:10:14 2005 -> /var/spool/clamav-filter/clfi.rASJEz: Worm.Mytob.GH FOUND Mon Aug 8 14:19:48 2005 -> SelfCheck: Database status OK. Mon Aug 8 14:21:09 2005 -> /var/spool/clamav-filter/clfi.0JT1EY: Worm.Mytob.CL FOUND Mon Aug 8 14:24:39 2005 -> /var/spool/clamav-filter/clfi.uKQNOE: Worm.Mytob.T-2 FOUND Mon Aug 8 14:47:55 2005 -> /var/spool/clamav-filter/clfi.4r2bWb: Worm.Mydoom.M FOUND Mon Aug 8 15:20:18 2005 -> SelfCheck: Database status OK. Mon Aug 8 15:20:48 2005 -> /var/spool/clamav-filter/clfi.OwlwWb: Worm.Mydoom.M FOUND Mon Aug 8 15:51:07 2005 -> /var/spool/clamav-filter/clfi.I7g9uC: Worm.Mydoom.M FOUND Mon Aug 8 15:55:41 2005 -> /var/spool/clamav-filter/clfi.2zJe9I: HTML.Phishing.Auction-72 FOUND Mon Aug 8 16:20:41 2005 -> SelfCheck: Database status OK. Mon Aug 8 17:19:52 2005 -> Reading databases from /var/lib/clamav/ Mon Aug 8 17:19:57 2005 -> Database correctly reloaded (38189 viruses) Mon Aug 8 17:23:30 2005 -> SelfCheck: Database status OK. Mon Aug 8 17:29:29 2005 -> /var/spool/clamav-filter/clfi.Em0TfY: Worm.Mydoom.M FOUND Mon Aug 8 18:25:21 2005 -> SelfCheck: Database status OK. Mon Aug 8 19:13:03 2005 -> /var/spool/clamav-filter/clfi.7cagZo: HTML.Phishing.Pay-25 FOUND Mon Aug 8 19:25:53 2005 -> SelfCheck: Database status OK. Mon Aug 8 20:23:53 2005 -> /var/spool/clamav-filter/clfi.m7vscO: Worm.Mytob.T-2 FOUND Mon Aug 8 20:24:24 2005 -> /var/spool/clamav-filter/clfi.N7lP5p: Worm.Mydoom.M FOUND Mon Aug 8 20:38:10 2005 -> SelfCheck: Database status OK. Mon Aug 8 20:40:09 2005 -> Socket file removed. Mon Aug 8 20:40:09 2005 -> Pid file removed. Mon Aug 8 20:40:09 2005 -> Exiting (clean) Mon Aug 8 20:40:09 2005 -> --- Stopped at Mon Aug 8 20:40:09 2005 Mon Aug 8 20:41:11 2005 -> +++ Started at Mon Aug 8 20:41:11 2005 Mon Aug 8 20:41:11 2005 -> clamd daemon 0.86.2 (OS: linux-gnu, ARCH: sparc, CPU: sparc) Mon Aug 8 20:41:11 2005 -> Log file size limit disabled. Mon Aug 8 20:41:11 2005 -> Running as user clamav (UID 107, GID 107) Mon Aug 8 20:41:11 2005 -> Reading databases from /var/lib/clamav/ Mon Aug 8 20:41:21 2005 -> Protecting against 38549 viruses. Mon Aug 8 20:41:21 2005 -> Unix socket file /var/run/clamav/clamd.ctl Mon Aug 8 20:41:21 2005 -> Setting connection queue length to 15 Mon Aug 8 20:41:21 2005 -> Archive: Archived file size limit set to 10485760 bytes. Mon Aug 8 20:41:21 2005 -> Archive: Recursion level limit set to 5. Mon Aug 8 20:41:21 2005 -> Archive: Files limit set to 1000. Mon Aug 8 20:41:21 2005 -> Archive: Compression ratio limit set to 250. Mon Aug 8 20:41:21 2005 -> Archive support enabled. Mon Aug 8 20:41:21 2005 -> Archive: RAR support disabled. Mon Aug 8 20:41:21 2005 -> Archive: Blocking archives that exceed limits. Mon Aug 8 20:41:21 2005 -> Portable Executable support enabled. Mon Aug 8 20:41:21 2005 -> Detection of broken executables enabled. Mon Aug 8 20:41:21 2005 -> Mail files support enabled. Mon Aug 8 20:41:21 2005 -> OLE2 support enabled. Mon Aug 8 20:41:21 2005 -> HTML support enabled. Mon Aug 8 20:41:21 2005 -> Self checking every 3600 seconds. Tue Aug 9 18:49:37 2005 -> +++ Started at Tue Aug 9 18:49:37 2005 Tue Aug 9 18:49:37 2005 -> clamd daemon 0.86.2 (OS: linux-gnu, ARCH: sparc, CPU: sparc) Tue Aug 9 18:49:37 2005 -> Log file size limit disabled. Tue Aug 9 18:49:38 2005 -> Running as user clamav (UID 107, GID 107) Tue Aug 9 18:49:38 2005 -> Reading databases from /var/lib/clamav/ Tue Aug 9 18:49:42 2005 -> Protecting against 38553 viruses. Tue Aug 9 18:49:42 2005 -> Unix socket file /var/run/clamav/clamd.ctl Tue Aug 9 18:49:42 2005 -> Setting connection queue length to 15 Tue Aug 9 18:49:42 2005 -> Archive: Archived file size limit set to 10485760 bytes. Tue Aug 9 18:49:42 2005 -> Archive: Recursion level limit set to 5. Tue Aug 9 18:49:42 2005 -> Archive: Files limit set to 1000. Tue Aug 9 18:49:42 2005 -> Archive: Compression ratio limit set to 250. Tue Aug 9 18:49:42 2005 -> Archive support enabled. Tue Aug 9 18:49:42 2005 -> Archive: RAR support disabled. Tue Aug 9 18:49:42 2005 -> Archive: Blocking archives that exceed limits. Tue Aug 9 18:49:42 2005 -> Portable Executable support enabled. Tue Aug 9 18:49:42 2005 -> Detection of broken executables enabled. Tue Aug 9 18:49:42 2005 -> Mail files support enabled. Tue Aug 9 18:49:42 2005 -> OLE2 support enabled. Tue Aug 9 18:49:42 2005 -> HTML support enabled. Tue Aug 9 18:49:42 2005 -> Self checking every 3600 seconds. Tue Aug 9 19:51:36 2005 -> No stats for Database check - forcing reload Tue Aug 9 19:51:36 2005 -> Reading databases from /var/lib/clamav/ Tue Aug 9 19:51:39 2005 -> Database correctly reloaded (38553 viruses) Tue Aug 9 19:57:15 2005 -> /var/spool/clamav-filter/clfi.bhCP7J: Worm.Mydoom.M FOUND Tue Aug 9 20:39:29 2005 -> /var/spool/clamav-filter/clfi.o6TFXK: HTML.Phishing.Pay-16 FOUND Tue Aug 9 20:39:51 2005 -> /var/spool/clamav-filter/clfi.OymOVr: Worm.Mydoom.M FOUND Tue Aug 9 20:51:53 2005 -> SelfCheck: Database status OK. Tue Aug 9 20:51:53 2005 -> /var/spool/clamav-filter/clfi.5crsc9: Worm.Mydoom.M FOUND Tue Aug 9 21:53:02 2005 -> SelfCheck: Database status OK. Tue Aug 9 22:23:42 2005 -> /var/spool/clamav-filter/clfi.8dMDhD: Worm.SomeFool.Q FOUND Tue Aug 9 22:45:42 2005 -> /var/spool/clamav-filter/clfi.iKRsg7: Worm.Mydoom.M FOUND Tue Aug 9 22:53:13 2005 -> SelfCheck: Database status OK. Tue Aug 9 23:20:02 2005 -> /var/spool/clamav-filter/clfi.ulwWA8: Worm.SomeFool.Q FOUND Tue Aug 9 23:54:07 2005 -> SelfCheck: Database status OK. Wed Aug 10 09:21:11 2005 -> +++ Started at Wed Aug 10 09:21:11 2005 Wed Aug 10 09:21:11 2005 -> clamd daemon 0.86.2 (OS: linux-gnu, ARCH: sparc, CPU: sparc) Wed Aug 10 09:21:11 2005 -> Log file size limit disabled. Wed Aug 10 09:21:11 2005 -> Running as user clamav (UID 107, GID 107) Wed Aug 10 09:21:11 2005 -> Reading databases from /var/lib/clamav/ Wed Aug 10 09:21:14 2005 -> Protecting against 38553 viruses. Wed Aug 10 09:21:14 2005 -> WARNING: Socket file /var/run/clamav/clamd.ctl exists. Unclean shutdown? Removing... Wed Aug 10 09:21:14 2005 -> Unix socket file /var/run/clamav/clamd.ctl Wed Aug 10 09:21:14 2005 -> Setting connection queue length to 15 Wed Aug 10 09:21:14 2005 -> Archive: Archived file size limit set to 10485760 bytes. Wed Aug 10 09:21:14 2005 -> Archive: Recursion level limit set to 5. Wed Aug 10 09:21:14 2005 -> Archive: Files limit set to 1000. Wed Aug 10 09:21:14 2005 -> Archive: Compression ratio limit set to 250. Wed Aug 10 09:21:14 2005 -> Archive support enabled. Wed Aug 10 09:21:14 2005 -> Archive: RAR support disabled. Wed Aug 10 09:21:14 2005 -> Archive: Blocking archives that exceed limits. Wed Aug 10 09:21:14 2005 -> Portable Executable support enabled. Wed Aug 10 09:21:14 2005 -> Detection of broken executables enabled. Wed Aug 10 09:21:14 2005 -> Mail files support enabled. Wed Aug 10 09:21:14 2005 -> OLE2 support enabled. Wed Aug 10 09:21:14 2005 -> HTML support enabled. Wed Aug 10 09:21:14 2005 -> Self checking every 3600 seconds. Wed Aug 10 11:26:56 2005 -> +++ Started at Wed Aug 10 11:26:56 2005 Wed Aug 10 11:26:56 2005 -> clamd daemon 0.86.2 (OS: linux-gnu, ARCH: sparc, CPU: sparc) Wed Aug 10 11:26:56 2005 -> Log file size limit disabled. Wed Aug 10 11:26:56 2005 -> Running as user clamav (UID 107, GID 107) Wed Aug 10 11:26:56 2005 -> Reading databases from /var/lib/clamav/ Wed Aug 10 11:26:59 2005 -> Protecting against 38553 viruses. Wed Aug 10 11:26:59 2005 -> WARNING: Socket file /var/run/clamav/clamd.ctl exists. Unclean shutdown? Removing... Wed Aug 10 11:26:59 2005 -> Unix socket file /var/run/clamav/clamd.ctl Wed Aug 10 11:26:59 2005 -> Setting connection queue length to 15 Wed Aug 10 11:26:59 2005 -> Archive: Archived file size limit set to 10485760 bytes. Wed Aug 10 11:26:59 2005 -> Archive: Recursion level limit set to 5. Wed Aug 10 11:26:59 2005 -> Archive: Files limit set to 1000. Wed Aug 10 11:26:59 2005 -> Archive: Compression ratio limit set to 250. Wed Aug 10 11:26:59 2005 -> Archive support enabled. Wed Aug 10 11:26:59 2005 -> Archive: RAR support disabled. Wed Aug 10 11:26:59 2005 -> Archive: Blocking archives that exceed limits. Wed Aug 10 11:26:59 2005 -> Portable Executable support enabled. Wed Aug 10 11:26:59 2005 -> Detection of broken executables enabled. Wed Aug 10 11:26:59 2005 -> Mail files support enabled. Wed Aug 10 11:26:59 2005 -> OLE2 support enabled. Wed Aug 10 11:26:59 2005 -> HTML support enabled. Wed Aug 10 11:26:59 2005 -> Self checking every 3600 seconds. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
