[Clamav-users] clamfi_eom: read nothing from clamd
Hello, I have installed ClamAV version 0.75.1 to our mail server on FreeBSD 5.0+ sendmail and have a same problem listed before: Any solution to this problem?? Thanks to answers. -messages from list From: Bill Pitz Subject: [Clamav-users] clamd segfault Date: Fri, 16 Apr 2004 11:23:46 -0700 I've had an occasional problem with clamd segfaulting. The basics of my system are as follows:Red Hat Linux 9 / 2.4.25 kernel Sendmail 8.12.11 clamav-0.68 + clamav-milterHere are a few lines from my clamd logfile, leading up to the point of the segfault:Thu Apr 15 13:16:09 2004 -> /var/spool/quarantine/msg.RUn5yx: Worm.Bagle.N FOUNDThu Apr 15 13:16:10 2004 -> /var/spool/quarantine/msg.cCKcwi: Worm.Bagle.N FOUNDThu Apr 15 13:16:17 2004 -> /var/spool/quarantine/msg.4wGSbv: Worm.SomeFool.Gen-1 FOUNDThu Apr 15 13:16:28 2004 -> /var/spool/quarantine/msg.65IM3b: Worm.SomeFool.Gen-1 FOUNDThu Apr 15 13:16:36 2004 -> /var/spool/quarantine/msg.XtmPzP: Worm.SomeFool.Gen-1 FOUNDThu Apr 15 13:21:48 2004 -> /var/spool/quarantine/msg.OMoBrW: Worm.SomeFool.Gen-2 FOUNDThu Apr 15 13:22:20 2004 -> /var/spool/quarantine/msg.KJ6QsC: Worm.SomeFool.P FOUNDThu Apr 15 13:22:22 2004 -> /var/spool/quarantine/msg.pdBMFc: Worm.SomeFool.P FOUNDThu Apr 15 13:22:58 2004 -> Segmentation fault :-( Bye..At the same time, the following appears in /var/log/messages: Apr 15 13:22:58 svn clamav-milter: clamfi_eom: read nothing from clamdMy /etc/clamav.conf: --snip-- LogFile /var/log/clamd.log LogFileMaxSize 20M LogTime PidFile /var/run/clamav/clamd.pid DataDirectory /usr/share/clamav LocalSocket /var/run/clamav/clamd.sock StreamSaveToDisk StreamMaxLength 2M MaxThreads 20 ThreadTimeout 300 MaxDirectoryRecursion 15 User clamav ScanMail ScanArchive ArchiveMaxFileSize 10M ArchiveMaxRecursion 5 ArchiveMaxFiles 1000#ClamukoScanOnLine ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home #ClamukoIncludePath /students #ClamukoExcludePath /home/guru ClamukoMaxFileSize 1M ClamukoScanArchive --snip--clamav-mitler is being started with the following arguments:--max-children=15 local:/var/run/clamav/clamav.sock -q -U /var/spool/quarantine -dAny ideas as to what could be causing this or what I can do to prevent it? Unfortunately, this is all of the information I have been able to get. It's happened twice now.. the first time was a couple of months ago, with clamav-0.67.Thanks,
Re: [Clamav-users] milter errors
--- Joe Maimon <[EMAIL PROTECTED]> wrote: > > > > >INPUT_MAIL_FILTER(`clamav-milter', > >`S=local:/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl > >define(`confINPUT_MAIL_FILTERS', > `clamav-milter')dnl > > > > > > > > > You need to pass the proper socket path to the > milter as its startup > arguments > > > > >LocalSocket /clamav/clmilter.sock > > > > > > > Sendmail need one socket to talk to the > clamav-milter > > The clamav-milter uses ANOTHER socket to talk to > clamd > > They cannot be set to the same one > A ok I got it.. I have to start the milter with its own socket and the socket listed in the milter conf should be the same as the one for the clamd. People should actually say that instead of what you said. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] milter errors
--- Joe Maimon <[EMAIL PROTECTED]> wrote: > > > > >INPUT_MAIL_FILTER(`clamav-milter', > >`S=local:/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl > >define(`confINPUT_MAIL_FILTERS', > `clamav-milter')dnl > > > > > > > > > You need to pass the proper socket path to the > milter as its startup > arguments > > > > >LocalSocket /clamav/clmilter.sock > > > > > > > Sendmail need one socket to talk to the > clamav-milter > > The clamav-milter uses ANOTHER socket to talk to > clamd > > They cannot be set to the same one Uhh explain ? --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] milter errors
INPUT_MAIL_FILTER(`clamav-milter', `S=local:/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clamav-milter')dnl You need to pass the proper socket path to the milter as its startup arguments LocalSocket /clamav/clmilter.sock Sendmail need one socket to talk to the clamav-milter The clamav-milter uses ANOTHER socket to talk to clamd They cannot be set to the same one --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] milter errors
--- Nigel Horne <[EMAIL PROTECTED]> wrote: > Version of operating system? Mandrake 10 > output of clamav-milter --version? ClamAV version 0.75.1, clamav-milter version 0.75c > what runtime arguments are you giving to -lo > clamav-milter? what about it? > What did you put into sendmail.mc? INPUT_MAIL_FILTER(`clamav-milter', `S=local:/clamav/clmilter.sock,F=, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `clamav-milter')dnl > What's in your clamav.conf? # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamav/clamav.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. #LogFileMaxSize 2M # Log time with an each message. #LogTime # Log also clean files. May be useful in debugging but will drastically # increase the log size. #LogClean # Use system logger (can work together with LogFile). LogSyslog # Enable verbose logging. LogVerbose # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default is system specific - usually /var/tmp or /tmp. TemporaryDirectory /tmp # Path to the database directory. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # but it depends on installation options). DatabaseDirectory /var/lib/clamav # The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /clamav/clmilter.sock # Remove stale socket after unclean shutdown. FixStaleSocket # TCP port address. #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default is 15. MaxConnectionQueueLength 30 # When activated, input stream (see STREAM command) will be saved to disk before # scanning - this allows scanning within archives. StreamSaveToDisk # Close the connection if this limit is exceeded. # StreamMaxLength 2M # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. MaxThreads 64 # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. # ThreadTimeout 500 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 15 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. FollowDirectorySymlinks # Follow regular file symlinks. FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). #SelfCheck 600 # Execute a command when virus is found. In the command string %v and %f will # be replaced by the virus name and the infected file name respectively. # # SECURITY WARNING: Make sure the virus event command cannot be exploited, # eg. by using some special file name when %f is used. # Always use a full path to the command. # Never delete/move files with this directive ! #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v" # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. User clamav # Initialize the supplementary group access (for all groups in /etc/group # user is added in. clamd must be started by root). AllowSupplementaryGroups # Don't fork into background. Useful in debugging. #Foreground # Enable debug messages in libclamav. #Debug ## ## Mail support ## # Uncomment this option if you are planning to scan mail files. ScanMail ## ## Archive support ## # Comment this line to disable scanning of the archives. ScanArchive # By default the built-in RAR unpacker is disabled by default because the code # terribly leaks, however it's probably a good idea to enable it. #ScanRAR # Options below protect your system against Denial
[Clamav-users] Unusual Problem
I have two mail servers. One is used by users sending mail, the other receives mail. When a user sends me mail it goes through both servers. Both are running sendmail with clamav-milter and clamav. Normally I see the following header elements in such mail: X-Virus-Scanned: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c on zoon.lafn.org X-Virus-Scanned: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c on zoot.lafn.org I have one user who has been trying for days to send me a message. He has not been able to tell me the error message he gets accuratly so I had no idea whtat was happening. However, today he got one through to me. It contains a virus, CHRISTM3.EXE. Now I know why he was having a hard time sending to me. However, he eventually succeeded. The message has the virus and no clamav headers from either system. There is quite a bit of time lag between when it was accepted by the send server and when it was accepted by the receive server so the send server must have kept trying over and over again till it managed to get it through. The lack of messages indicates that somehow it got through without invoking clam-milter. Any ideas how that could have occurred? I see no evidence of any significant mail loads during that time. The actual volume of mail was very low at that time. No system error were generated and no other evidence of other mail slipping through. Every message I check around them show the clamav headers and check messages in maillog. --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] milter errors
Scott Grayban wrote: Hi, I installed clamav but I am getting errors with it. Milter: data, reject=451 4.7.1 Please try again later Any ideas? TIA Version of operating system? output of clamav-milter --version? what runtime arguments are you giving to clamav-milter? What did you put into sendmail.mc? What's in your clamav.conf? Is clamd running? Did clamav-milter start? What are you seeing in /var/log/maillog? -Nigel --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] milter errors
Scott Grayban wrote: I did see this in the syslog also... Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: Received: (from [EMAIL PROTECTED]) ^Iby removed (8.12.11/8.12.11/Submit) id i7LM4E5M032621; ^ISat, 21 Aug 2004 15:04:14 -0700 Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: Date: Sat, 21 Aug 2004 15:04:14 -0700 Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: From: root <[EMAIL PROTECTED]> Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: MIME-Version: 1.0 Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: To: [EMAIL PROTECTED] Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: Subject: testing Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: Message-ID: <[EMAIL PROTECTED]> Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: Content-ID: <[EMAIL PROTECTED]> Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_header: Content-type: text/plain Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_eoh Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_envbody: 9 bytes Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_eom Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_close Aug 21 16:26:16 webcp clamav-milter[14068]: clamfi_eom: read nothing from clamd Aug 21 16:26:16 webcp sendmail[14154]: i7LNQGus014154: Milter: data, reject=451 4.7.1 Please try again later --- Scott Grayban <[EMAIL PROTECTED]> wrote: Hi, I installed clamav but I am getting errors with it. Milter: data, reject=451 4.7.1 Please try again later Any ideas? TIA You have compiled with debug enabled. -Nigel --- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
