Re: [Clamav-users] What's broken?
On Tue, 10 Apr 2007, Dennis Peterson wrote: ; Has the ClamAV backbone died? ; ; Trying host db.us.clamav.net (129.64.99.170)... ; nonblock_connect: connect timing out (30 secs) ; Can't connect to port 80 of host db.us.clamav.net (IP: 129.64.99.170) ; Trying host db.us.clamav.net (199.239.233.95)... ; nonblock_connect: connect timing out (30 secs) It's possible you're seeing bb#413 as well. If the first mirror is down then the others appear to time out. Tue Mar 20 15:16:33 CET 2007 (tk) - * freshclam/manager.c: close and re-open client socket for each connect attempt (bb#413), patch from Andy Fiddaman ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] What's broken?
Hello Dennis, Has the ClamAV backbone died? no, only some mirrors[*]. Most of our users are still running 0.8x and that causes big spikes of traffic when we release a new main.cvd . [snip] Trying host db.us.clamav.net (66.111.55.10)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.us.clamav.net (IP: 66.111.55.10) ERROR: Can't download main.cvd from db.us.clamav.net Best regards [*]: our backbone is separated from the public mirror infrastructure. -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Solaris 9 and clamd
Hi Has anybody else noticed this. When running clamd with the ScanArchive config option set to yes, after a couple of minutes of running cpu usage will look like this: last pid: 2470; load averages: 6.43, 4.06, 2.71 12:16:16 77 processes: 75 sleeping, 2 on cpu CPU states: 2.6% idle, 85.0% user, 12.4% kernel, 0.0% iowait, 0.0% swap Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND 833 popuser 11 590 43M 40M cpu/28:50 91.13% clamd 234 root 9 590 47M 15M sleep 14:15 0.22% java 2220 root 1 590 2888K 1776K cpu/10:00 0.20% top 2381 popuser1 590 3968K 2784K sleep0:00 0.09% exim-4.52-1 1405 popuser1 590 3464K 2664K sleep0:00 0.09% exim-4.52-1 A truss -p 833 reveals /6: lwp_park(0x, 0) = 0 /10:lwp_park(0x, 0) = 0 /3: lwp_unpark(10, 1) = 0 /4: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 /2: lwp_park(0x, 0) = 0 /3: lwp_unpark(4, 1)= 0 /4: lwp_park(0x, 0) = 0 /8: lwp_unpark(6, 1)= 0 /6: lwp_park(0x, 0) = 0 /2: lwp_park(0x, 0) = 0 /4: lwp_unpark(6, 1)= 0 /6: lwp_park(0x, 0) = 0 /3: lwp_unpark(2, 1)= 0 /8: lwp_unpark(4, 1)= 0 /2: lwp_park(0x, 0) = 0 /6: lwp_unpark(2, 1)= 0 /3: lwp_park(0x, 0) = 0 /8: lwp_unpark(3, 1)= 0 /3: lwp_park(0x, 0) = 0 /2: lwp_unpark(3, 1)= 0 /6: lwp_unpark(3, 1)= 0 /3: lwp_park(0x, 0) = 0 /8: lwp_unpark(2, 1)= 0 /2: lwp_park(0x, 0) = 0 /8: lwp_unpark(6, 1)= 0 /3: lwp_unpark(2, 1)= 0 /2: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 /3: lwp_unpark(8, 1)= 0 /8: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 ^C/2: lwp_unpark(8, 1)= 0 /10:lwp_unpark(6, 1)= 0 /4: lwp_park(0x, 0) = 0 /8: lwp_park(0x, 0) = 0 /5: lwp_park(0x, 0) = 0 /9: lwp_park(0x, 0) = 0 /3: lwp_unpark(6, 1)= 0 /11:lwp_unpark(5, 1)= 0 /7: lwp_unpark(2, 1)= 0 and that's all that seems to be happening - seems to be in an endless loop. The clamd log file has the following entries Wed Apr 11 12:11:30 2007 - +++ Started at Wed Apr 11 12:11:30 2007 Wed Apr 11 12:11:30 2007 - clamd daemon 0.90.1 (OS: solaris2.9, ARCH: sparc, CPU: sparc) Wed Apr 11 12:11:30 2007 - Log file size limit disabled. Wed Apr 11 12:11:30 2007 - Reading databases from /usr/local/share/clamav Wed Apr 11 12:11:46 2007 - Loaded 107793 signatures. Wed Apr 11 12:11:46 2007 - Unix socket file /usr/local/share/clamav/clamd.socket Wed Apr 11 12:11:46 2007 - Setting connection queue length to 30 Wed Apr 11 12:11:46 2007 - Archive: Archived file size limit set to 7340032 bytes. Wed Apr 11 12:11:46 2007 - Archive: Recursion level limit set to 5. Wed Apr 11 12:11:46 2007 - Archive: Files limit set to 250. Wed Apr 11 12:11:46 2007 - Archive: Compression ratio limit set to 250. Wed Apr 11 12:11:46 2007 - Archive support enabled. Wed Apr 11 12:11:46 2007 - Algorithmic detection enabled. Wed Apr 11 12:11:46 2007 - Portable Executable support enabled. Wed Apr 11 12:11:46 2007 - ELF support enabled. Wed Apr 11 12:11:46 2007 - Mail files support enabled. Wed Apr 11 12:11:46 2007 - Mail: Recursion level limit set to 64. Wed Apr 11 12:11:46 2007 - OLE2 support enabled. Wed Apr 11 12:11:46 2007 - PDF support disabled. Wed Apr 11 12:11:46 2007 - HTML support enabled. Wed Apr 11 12:11:46 2007 - Self checking every 1800 seconds. Wed Apr 11 12:11:51 2007 - /var/spool/exim/scan/1HbZno-Fq-6x/1HbZno-Fq-6x.eml: OK Wed Apr 11 12:11:51 2007 -
[Clamav-users] error stops clamd
Hello, this night my clamd-process terminated with an error. The reason was that freshclam took too long to do its update, so that clamd could not lock the database. So clamd exited. But this behaviour is very fatal because the mail system (postfix with amavis) relys on clamd, so if it is down, the whole mail traffic is blocked!! Caused of an error while updating.. What to do against? The logs: clamd.log Wed Apr 11 01:53:40 2007 - SelfCheck: Database status OK. Wed Apr 11 02:27:53 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 02:28:07 2007 - Reading databases from /usr/local/clamav/share/clamav Wed Apr 11 02:30:17 2007 - ERROR: reload db failed: Unable to lock database directory (try 1) Wed Apr 11 02:32:27 2007 - ERROR: reload db failed: Unable to lock database directory (try 2) Wed Apr 11 02:34:37 2007 - ERROR: reload db failed: Unable to lock database directory (try 3) Wed Apr 11 02:34:37 2007 - ERROR: reload db failed: Unable to lock database directory Wed Apr 11 02:34:37 2007 - Terminating because of a fatal error.Wed Apr 11 02:34:37 2007 - Socket file removed. Wed Apr 11 02:34:37 2007 - Pid file removed. Wed Apr 11 02:34:37 2007 - --- Stopped at Wed Apr 11 02:34:37 2007 freshclam.log ClamAV update process started at Wed Apr 11 02:23:01 2007 nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) Trying host db.de.clamav.net (85.25.252.58)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) Trying host db.de.clamav.net (85.199.169.78)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78) Trying host db.de.clamav.net (85.214.44.186)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.214.44.186) Trying host db.de.clamav.net (88.198.17.100)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.17.100) Trying host db.de.clamav.net (88.198.104.251)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.104.251) Trying host db.de.clamav.net (89.149.194.18)... connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out Can't connect to port 80 of host db.de.clamav.net (IP: 89.149.194.18) Trying host db.de.clamav.net (194.77.146.139)... nonblock_connect: connect(): fd=5 errno=103: Software caused connection abort Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139) Trying host db.de.clamav.net (195.246.234.199)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 195.246.234.199) Trying host db.de.clamav.net (213.174.32.130)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130) Trying host db.de.clamav.net (217.115.136.166)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166) Trying host db.de.clamav.net (217.160.141.39)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 217.160.141.39) ERROR: getpatch: Can't download main-43.cdiff from db.de.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) (this goes on for some pages) Trying host database.clamav.net (194.77.146.139)... nonblock_connect: connect(): fd=9 errno=103: Software caused connection abort Can't connect to port 80 of host database.clamav.net (IP: 194.77.146.139) Ignoring mirror 195.246.234.199 (due to previous errors) Trying host database.clamav.net (213.174.32.130)... Downloading daily-3065.cdiff [0%] daily.inc updated (version: 3065, sigs: 3293, f-level: 14, builder: sven) Database updated (107793 signatures) from database.clamav.net (IP: 213.174.32.130) WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd -- ClamAV update process started at Wed Apr 11 05:23:01 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, builder: sven) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Same here. :-(( This behavior is terrible! jacusy wrote: Hello, this night my clamd-process terminated with an error. The reason was that freshclam took too long to do its update, so that clamd could not lock the database. So clamd exited. But this behaviour is very fatal because the mail system (postfix with amavis) relys on clamd, so if it is down, the whole mail traffic is blocked!! Caused of an error while updating.. What to do against? The logs: clamd.log Wed Apr 11 01:53:40 2007 - SelfCheck: Database status OK. Wed Apr 11 02:27:53 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 02:28:07 2007 - Reading databases from /usr/local/clamav/share/clamav Wed Apr 11 02:30:17 2007 - ERROR: reload db failed: Unable to lock database directory (try 1) Wed Apr 11 02:32:27 2007 - ERROR: reload db failed: Unable to lock database directory (try 2) Wed Apr 11 02:34:37 2007 - ERROR: reload db failed: Unable to lock database directory (try 3) Wed Apr 11 02:34:37 2007 - ERROR: reload db failed: Unable to lock database directory Wed Apr 11 02:34:37 2007 - Terminating because of a fatal error.Wed Apr 11 02:34:37 2007 - Socket file removed. Wed Apr 11 02:34:37 2007 - Pid file removed. Wed Apr 11 02:34:37 2007 - --- Stopped at Wed Apr 11 02:34:37 2007 freshclam.log ClamAV update process started at Wed Apr 11 02:23:01 2007 nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) Trying host db.de.clamav.net (85.25.252.58)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) Trying host db.de.clamav.net (85.199.169.78)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78) Trying host db.de.clamav.net (85.214.44.186)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.214.44.186) Trying host db.de.clamav.net (88.198.17.100)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.17.100) Trying host db.de.clamav.net (88.198.104.251)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.104.251) Trying host db.de.clamav.net (89.149.194.18)... connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out Can't connect to port 80 of host db.de.clamav.net (IP: 89.149.194.18) Trying host db.de.clamav.net (194.77.146.139)... nonblock_connect: connect(): fd=5 errno=103: Software caused connection abort Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139) Trying host db.de.clamav.net (195.246.234.199)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 195.246.234.199) Trying host db.de.clamav.net (213.174.32.130)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130) Trying host db.de.clamav.net (217.115.136.166)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166) Trying host db.de.clamav.net (217.160.141.39)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 217.160.141.39) ERROR: getpatch: Can't download main-43.cdiff from db.de.clamav.net nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) (this goes on for some pages) Trying host database.clamav.net (194.77.146.139)... nonblock_connect: connect(): fd=9 errno=103: Software caused connection abort Can't connect to port 80 of host database.clamav.net (IP: 194.77.146.139) Ignoring mirror 195.246.234.199 (due to previous errors) Trying host database.clamav.net (213.174.32.130)... Downloading daily-3065.cdiff [0%] daily.inc updated (version: 3065, sigs: 3293, f-level: 14, builder: sven) Database updated (107793 signatures) from database.clamav.net (IP: 213.174.32.130) WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd -- ClamAV update process started at Wed Apr 11 05:23:01 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, builder: sven) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html -- Christian Kühn (Technical Consultant / Hostmaster) == MCS MOORBEK COMPUTER SYSTEME GmbH Essener Bogen 17 - 22419 Hamburg - Germany Tel +49 (0)40 53773 0 - Fax: +49 (0)40 53773 200 E-Mail: [EMAIL PROTECTED] Web: http://www.mcs.de Eingetragen im
[Clamav-users] error stops clamd
Hello :-) Same here since 12:45h MESZ. After some tests this helped me to get all working again: sudo killall freshclam sudo rcclamd restart sudo rcapplication restart And do NOT forget to comment you freshclam Updtes in cron out. Hope this quick hack helps... ISC Handler Marteen told me just a few minutes ago: Last night the ClamAV project released a new main.cvd, which was about 9 megabytes in size. As many users are still using Clamav 0.8, which downloads this file in full, this causes high stress for a number of mirrors. As more users upgrade from 0.8 to 0.9, this problem will disappear with future updates. Version 0.9 only transfers the difference between CVDs instead of the files in full. Regards, Alexander ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Alexander Grüner schrieb: Hello :-) Same here since 12:45h MESZ. After some tests this helped me to get all working again: sudo killall freshclam sudo rcclamd restart sudo rcapplication restart And do NOT forget to comment you freshclam Updtes in cron out. Hope this quick hack helps... The problem is not to restart my applications, the problem is the time between clamd going down and restarting my application. As my clamd was killed about 2.15 MEZ and the service was restarted at 9.30 MEZ, this is a serious problem! 7 hours we were not able to send / receive mail cause of a terribly made update of 9 megabytes.. ISC Handler Marteen told me just a few minutes ago: Last night the ClamAV project released a new main.cvd, which was about 9 megabytes in size. As many users are still using Clamav 0.8, which downloads this file in full, this causes high stress for a number of mirrors. As more users upgrade from 0.8 to 0.9, this problem will disappear with future updates. Version 0.9 only transfers the difference between CVDs instead of the files in full. Does this mean that every time they have a new main.cvd, my clamd will stop working??? I cannot believe that they just hope that people update to clamav 0.9 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
jacusy wrote: Hello, this night my clamd-process terminated with an error. The reason was that freshclam took too long to do its update, so that clamd could not lock the database. So clamd exited. But this behaviour is very fatal because the mail system (postfix with amavis) relys on clamd, so if it is down, the whole mail traffic is blocked!! I'd say that it is more dangerous to stop mail delivery due to failed virus scanning than it is not to scan mail while clamd is unresponsive. -- Brian Morrison [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav suddenly died on several boxes
Hi all I'm new on the list, is this is a FAQ please tell me so. I'm unsure if my problem is related to the other one that today is discussed on the list. I have several clamav installations. I use it with Postfix on CentOS (very similar to Red Hat). I use the clamav RPM packages available on http://crash.fce.vutbr.cz , but recompiled on CentOS. Last night suddenly, on several of my custoers' mail servers, clamd stopped running. In the lo I find: Wed Apr 11 04:02:13 2007 - SelfCheck: Database status OK. Wed Apr 11 04:38:23 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 04:38:24 2007 - Reading databases from /var/lib/clamav Wed Apr 11 04:38:24 2007 - ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 04:38:24 2007 - Terminating because of a fatal error. Wed Apr 11 04:38:24 2007 - Socket file removed. Wed Apr 11 04:38:24 2007 - Pid file removed. Wed Apr 11 04:38:24 2007 - --- Stopped at Wed Apr 11 04:38:24 2007 This happened on at least 10 different installations, more or less at the same time. I noticed that: 1) the problem seems to occur only on 0.90 installations. Servers still with 0.8x seem not to be affected. 2) In /var/lib/clamav , after clamd stopped running, I find the directories daily.inc, main.inc anche the mirrors.dat file. No .cvd files. I'm looking for the reason of this massive problem, and I'd like to know if this can be an isolated episode (maybe due to a broken update file). I found a minor problem in the RPM package, too. In the rc file, /etc/init.d/clamd, it checks for the existence of /var/lib/clamav/main.cvd and , if not found, it exits echoing ERROR: Clamav DB missing! Run 'freshclam --verbose' as root. Having main.inc and not main.cvd, my clamd refused to start with this error. Maybe the package author is listening reading this ML, so he can correct his packages. It seems to me that it is sufficient to check for the existence of the file /var/lib/clamav/main.cvd OR the directory /var/lib/clamav/main.inc . Is this be correct (I mean, main.inc took the place of main.cvd)? Thanks for the attention. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Experienced it a few times after 0.90 was released (end february / first half march)... Nothing changed in 0.90.1. The nice thing is, freshclam still kept reporting that updates were fine, after clamd went dead... Luckily, clam was configured as secondary scanner in amavis, so mail delivery wasn't also down. While before 0.90, these problems weren't exhibited, I doubt that they'll just vanish, after most users will update... from time to time they'll show their ugly head again, when a mirror experiences difficulties or the ISP connection is down. Best solution would be to fix freshclam to bail out gracefully in case of problems - better a somewhat older database than no one at all. ISC Handler Marteen told me just a few minutes ago: Last night the ClamAV project released a new main.cvd, which was about 9 megabytes in size. As many users are still using Clamav 0.8, which downloads this file in full, this causes high stress for a number of mirrors. As more users upgrade from 0.8 to 0.9, this problem will disappear with future updates. Version 0.9 only transfers the difference between CVDs instead of the files in full. Regards, Alexander ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] ERROR: Broken or not a CVD file
Hi clamd won't start running +++ Started at Wed Apr 11 14:03:38 2007 clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 2097152 bytes. Reading databases from /var/lib/clamav ERROR: Broken or not a CVD file it has been since 90.1 was introduced. Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Member IPStag Holder CentralNic Accredited Reseller ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR: Broken or not a CVD file
This morning I had the same problem. I solved this launching clamd with the reload argument. # clamd reload I hope this help. Guillermo Gomez Valcarcel GRAFIA S.A. Madrid, Spain -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Obantec Support Enviado el: miércoles, 11 de abril de 2007 15:26 Para: ClamAV users ML Asunto: [Clamav-users] ERROR: Broken or not a CVD file Hi clamd won't start running +++ Started at Wed Apr 11 14:03:38 2007 clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 2097152 bytes. Reading databases from /var/lib/clamav ERROR: Broken or not a CVD file it has been since 90.1 was introduced. Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Member IPStag Holder CentralNic Accredited Reseller ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html __ Informacisn de NOD32, revisisn 2180 (20070411) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Serious Problem
Hello, today I had a very serious problem with clam. It crashed while checking its database - on both of my mailservers! So no mail was delivered for quite some time. This is from freshclamd.log: Received signal: wake up ClamAV update process started at Wed Apr 11 04:15:54 2007 Connecting via stargate.win.topbuero.de main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via stargate.win.topbuero.de daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, builder: sven) -- Received signal: wake up ClamAV update process started at Wed Apr 11 04:45:59 2007 Connecting via stargate.win.topbuero.de main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) Connecting via stargate.win.topbuero.de daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, builder: sven) As you can see, there was no update between 04:15h and 04:45h. And now the clamd.log: Wed Apr 11 04:00:07 2007 - SelfCheck: Database status OK. Wed Apr 11 04:30:09 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 04:30:09 2007 - Reading databases from /var/lib/clamav Wed Apr 11 04:30:21 2007 - ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 04:30:21 2007 - Terminating because of a fatal error.Wed Apr 11 04:30:21 2007 - Socket file removed. Wed Apr 11 04:30:21 2007 - Pid file removed. Wed Apr 11 04:30:21 2007 - --- Stopped at Wed Apr 11 04:30:21 2007 At 04:30h it crashed while reading its database. When I realized that clam wasn't running anymore, I tried to restart it, but I diddn't work: Wed Apr 11 14:21:33 2007 - +++ Started at Wed Apr 11 14:21:33 2007 Wed Apr 11 14:21:33 2007 - clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i386) Wed Apr 11 14:21:33 2007 - Log file size limit disabled. Wed Apr 11 14:21:33 2007 - Reading databases from /var/lib/clamav Wed Apr 11 14:21:44 2007 - ERROR: Broken or not a CVD file So took a look at /var/lib/clamav. There was a file *.cvd (without quotes). After removing it, I could restart clam: Wed Apr 11 14:22:08 2007 - +++ Started at Wed Apr 11 14:22:08 2007 Wed Apr 11 14:22:08 2007 - clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i386) Wed Apr 11 14:22:08 2007 - Log file size limit disabled. Wed Apr 11 14:22:08 2007 - Reading databases from /var/lib/clamav Wed Apr 11 14:22:21 2007 - Loaded 107876 signatures. Wed Apr 11 14:22:21 2007 - Unix socket file /var/amavis/clamd.sock Question is: Why the hell was there this strange file *.cvd and where does it came from? And why does clamd crashes when its present? I'm using clam 0.90.1, build as RPM from source. Greetings, Tom ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, Deleting the database directory and restarting freshclam to get the databases again seems to have fixed the problem on both systems. This problem may be related to getting incremental updates and not being able to update the .CVD database properly. This is the only clue I can give. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHObJkNLDmnu1kSkRAgHYAJ9Fr2zUdedPA9RUXUxBMx8Vu4zQ9gCdE/cs T+OJjNC65ht0Yi63uwCWKLc= =HHqU -END PGP SIGNATURE- -- Scanned by ClamAV - http://www.clamav.net ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On 4/11/07, Brian Morrison [EMAIL PROTECTED] wrote: I'd say that it is more dangerous to stop mail delivery due to failed virus scanning than it is not to scan mail while clamd is unresponsive. But then the potential for virus infected email to get through is raised. While I realize that end-users *should* have virus scanners on their machines, the comfort factor knowing that the email server is scanning for virii makes them a tad complacent. Thus it's more likely that a user can be infected if they believe that no virus laden mail can reach them. So, instead, blocking mail until the virus scanner is back online is, imho, a better option. Of course, at that point you're relying on the SMTP capabilities of the senders... But on the upside, it stops spam from coming in for a while! :) Brian Morrison [EMAIL PROTECTED] -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
On 4/11/07, James Kosin [EMAIL PROTECTED] wrote: Well, Deleting the database directory and restarting freshclam to get the databases again seems to have fixed the problem on both systems. This problem may be related to getting incremental updates and not being able to update the .CVD database properly. This is the only clue I can give. Agreed. Since my first email I've gone through and read the rest of the clamav mail for the night.. It looks like a new main.cvd released caused some congestion on servers. Coupled with a bug that caused retries to time out, this caused clamd to crash. It's working this morning, so I'm not too distraught over the problem.. :) - -James -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
As more users upgrade from 0.8 to 0.9, this problem will disappear with future updates. Version 0.9 only transfers the difference between CVDs instead of the files in full. Which isn't going to happen, at least for me, until 0.9 runs on mac os x 10.3.9. Right now, it wont compile. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR: Broken or not a CVD file
- Original Message - From: Guillermo Gómez Valcárcel [EMAIL PROTECTED] To: 'ClamAV users ML' clamav-users@lists.clamav.net Sent: Wednesday, April 11, 2007 2:45 PM Subject: Re: [Clamav-users] ERROR: Broken or not a CVD file This morning I had the same problem. I solved this launching clamd with the reload argument. # clamd reload I hope this help. Guillermo Gomez Valcarcel GRAFIA S.A. Madrid, Spain -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Obantec Support Enviado el: miércoles, 11 de abril de 2007 15:26 Para: ClamAV users ML Asunto: [Clamav-users] ERROR: Broken or not a CVD file Hi clamd won't start running +++ Started at Wed Apr 11 14:03:38 2007 clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) Log file size limited to 2097152 bytes. Reading databases from /var/lib/clamav ERROR: Broken or not a CVD file it has been since 90.1 was introduced. Mark -- Obantec Support www.obantec.net 0845 458 3121 WebHosting and Domains Nominet UK Member IPStag Holder CentralNic Accredited Reseller ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html __ Informacisn de NOD32, revisisn 2180 (20070411) __ Este mensaje ha sido analizado con NOD32 antivirus system http://www.nod32.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Exact same problem. already tried this. i think freshclam has trashed a file during an update but not sure which. Mark ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR: Broken or not a CVD file
Вы писали 11 квітня 2007 р., 16:26:24: OS Hi OS clamd won't start running OS +++ Started at Wed Apr 11 14:03:38 2007 OS clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) OS Log file size limited to 2097152 bytes. OS Reading databases from /var/lib/clamav OS ERROR: Broken or not a CVD file show: ls -la /var/lib/clamav === haplopelma lividum (aka [EMAIL PROTECTED]) e-mail: [EMAIL PROTECTED] icq uin: 32764934 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Solaris 9 and clamd
Also, if I leave ScanArchive yes and set MaxThreads 1 then it seems to run Ok. Only problem then is that the exim processes build up waiting for service. Is there any possibility that the code used by whatever ScanArchive enables is not thread safe? Hi Has anybody else noticed this. When running clamd with the ScanArchive config option set to yes, after a couple of minutes of running cpu usage will look like this: last pid: 2470; load averages: 6.43, 4.06, 2.71 12:16:16 77 processes: 75 sleeping, 2 on cpu CPU states: 2.6% idle, 85.0% user, 12.4% kernel, 0.0% iowait, 0.0% swap Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND 833 popuser 11 590 43M 40M cpu/28:50 91.13% clamd 234 root 9 590 47M 15M sleep 14:15 0.22% java 2220 root 1 590 2888K 1776K cpu/10:00 0.20% top 2381 popuser1 590 3968K 2784K sleep0:00 0.09% exim-4.52-1 1405 popuser1 590 3464K 2664K sleep0:00 0.09% exim-4.52-1 A truss -p 833 reveals /6: lwp_park(0x, 0) = 0 /10:lwp_park(0x, 0) = 0 /3: lwp_unpark(10, 1) = 0 /4: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 /2: lwp_park(0x, 0) = 0 /3: lwp_unpark(4, 1)= 0 /4: lwp_park(0x, 0) = 0 /8: lwp_unpark(6, 1)= 0 /6: lwp_park(0x, 0) = 0 /2: lwp_park(0x, 0) = 0 /4: lwp_unpark(6, 1)= 0 /6: lwp_park(0x, 0) = 0 /3: lwp_unpark(2, 1)= 0 /8: lwp_unpark(4, 1)= 0 /2: lwp_park(0x, 0) = 0 /6: lwp_unpark(2, 1)= 0 /3: lwp_park(0x, 0) = 0 /8: lwp_unpark(3, 1)= 0 /3: lwp_park(0x, 0) = 0 /2: lwp_unpark(3, 1)= 0 /6: lwp_unpark(3, 1)= 0 /3: lwp_park(0x, 0) = 0 /8: lwp_unpark(2, 1)= 0 /2: lwp_park(0x, 0) = 0 /8: lwp_unpark(6, 1)= 0 /3: lwp_unpark(2, 1)= 0 /2: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 /3: lwp_unpark(8, 1)= 0 /8: lwp_park(0x, 0) = 0 /6: lwp_park(0x, 0) = 0 ^C/2: lwp_unpark(8, 1)= 0 /10:lwp_unpark(6, 1)= 0 /4: lwp_park(0x, 0) = 0 /8: lwp_park(0x, 0) = 0 /5: lwp_park(0x, 0) = 0 /9: lwp_park(0x, 0) = 0 /3: lwp_unpark(6, 1)= 0 /11:lwp_unpark(5, 1)= 0 /7: lwp_unpark(2, 1)= 0 and that's all that seems to be happening - seems to be in an endless loop. The clamd log file has the following entries Wed Apr 11 12:11:30 2007 - +++ Started at Wed Apr 11 12:11:30 2007 Wed Apr 11 12:11:30 2007 - clamd daemon 0.90.1 (OS: solaris2.9, ARCH: sparc, CPU: sparc) Wed Apr 11 12:11:30 2007 - Log file size limit disabled. Wed Apr 11 12:11:30 2007 - Reading databases from /usr/local/share/clamav Wed Apr 11 12:11:46 2007 - Loaded 107793 signatures. Wed Apr 11 12:11:46 2007 - Unix socket file /usr/local/share/clamav/clamd.socket Wed Apr 11 12:11:46 2007 - Setting connection queue length to 30 Wed Apr 11 12:11:46 2007 - Archive: Archived file size limit set to 7340032 bytes. Wed Apr 11 12:11:46 2007 - Archive: Recursion level limit set to 5. Wed Apr 11 12:11:46 2007 - Archive: Files limit set to 250. Wed Apr 11 12:11:46 2007 - Archive: Compression ratio limit set to 250. Wed Apr 11 12:11:46 2007 - Archive support enabled. Wed Apr 11 12:11:46 2007 - Algorithmic detection enabled. Wed Apr 11 12:11:46 2007 - Portable Executable support enabled. Wed Apr 11 12:11:46 2007 - ELF support enabled. Wed Apr 11 12:11:46 2007 - Mail files support enabled. Wed Apr 11 12:11:46 2007 - Mail: Recursion level limit set to 64. Wed Apr 11 12:11:46 2007 - OLE2 support enabled. Wed Apr 11 12:11:46
Re: [Clamav-users] error stops clamd
Hi, We had similar problems: Apr 10 18:50:07 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] SelfCheck: Database status OK. Apr 10 19:20:13 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] SelfCheck: Database status OK. Apr 10 19:50:41 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] SelfCheck: Database modification detected. Forcing reload. Apr 10 19:50:42 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] Reading databases from /var/sendmail/clamav-db Apr 10 19:52:52 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 1) Apr 10 19:55:02 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 2) Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] Terminating because of a fatal error. Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] Socket file removed. Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] --- Stopped at Tue Apr 10 19:57:12 2007 Apr 10 20:47:41 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] No stats for Database check - forcing reload Apr 10 20:47:41 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] Reading databases from /var/sendmail/clamav-db Apr 10 20:49:51 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 1) Apr 10 20:52:01 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 2) Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] Terminating because of a fatal error. Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] Socket file removed. Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] --- Stopped at Tue Apr 10 20:54:11 2007 On Wed, Apr 11, 2007 at 12:46:44PM +0200, jacusy wrote: Hello, this night my clamd-process terminated with an error. The reason was that freshclam took too long to do its update, so that clamd could not lock the database. So clamd exited. But this behaviour is very fatal because the mail system (postfix with amavis) relys on clamd, so if it is down, the whole mail traffic is blocked!! Caused of an error while updating.. What to do against? The logs: clamd.log Wed Apr 11 01:53:40 2007 - SelfCheck: Database status OK. Wed Apr 11 02:27:53 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 02:28:07 2007 - Reading databases from /usr/local/clamav/share/clamav Wed Apr 11 02:30:17 2007 - ERROR: reload db failed: Unable to lock database directory (try 1) Wed Apr 11 02:32:27 2007 - ERROR: reload db failed: Unable to lock database directory (try 2) Wed Apr 11 02:34:37 2007 - ERROR: reload db failed: Unable to lock database directory (try 3) Wed Apr 11 02:34:37 2007 - ERROR: reload db failed: Unable to lock database directory Wed Apr 11 02:34:37 2007 - Terminating because of a fatal error.Wed Apr 11 02:34:37 2007 - Socket file removed. Wed Apr 11 02:34:37 2007 - Pid file removed. Wed Apr 11 02:34:37 2007 - --- Stopped at Wed Apr 11 02:34:37 2007 freshclam.log ClamAV update process started at Wed Apr 11 02:23:01 2007 nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) Trying host db.de.clamav.net (85.25.252.58)... nonblock_connect: connect timing
Re: [Clamav-users] ERROR: Broken or not a CVD file
OS +++ Started at Wed Apr 11 14:03:38 2007 OS clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) OS Log file size limited to 2097152 bytes. OS Reading databases from /var/lib/clamav OS ERROR: Broken or not a CVD file I had this on 4 different servers that I support. /var/lib/clamav contained a file with 0 bytes called: *.cvd That is correct, the asterisk (*) was actually in the filename. I deleted this file and re-ran freshclam and restarted clamd. All is fine now. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamdmon.sh
I am amazed at the number of people here that apparently not using SOMETHING to monitor clamd. Esp. when the developers include a nice script to check and restart clamd. I run three different mail servers and quickly found clamdmon and just a bit of PERL programming created a means of being notified of an issue. Yes, you have to have a means of being notified 'out of band'. But if you are serious about uptime, you need to know promptly when a mail server is not processing email and at that point you cann't depend on that email server to tell you it's broken. Lyle ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
At 05:46 AM 4/11/2007, jacusy wrote: Hello, this night my clamd-process terminated with an error. The reason was that freshclam took too long to do its update, so that clamd could not lock the database. So clamd exited. But this behaviour is very fatal because the mail system (postfix with amavis) relys on clamd, so if it is down, the whole mail traffic is blocked!! Caused of an error while updating.. What to do against? Make sure your amavisd.conf defines clamscan as a secondary scanner. If clamd is unavailable then amavsid-new will continue to process mail using clamscan to check for viruses. When using clamscan, system load will increase and throughput will decrease, but mail will still be processed. If clamscan fails too, no mail will pass through, which is good. It is possible to configure amavisd-new to pass mail unscanned if that's what you want, but that is not recommended. Use some sort of monitor to check if clamd (and other critical processes) are running, and restart them if necessary. I like monit because it's simple and flexible, but there are lots of other choices. Here, monit restarted clamd a couple times on several servers last night because of the update problems. Everything was running smoothly when I arrived this morning. Yes, clamd and the whole clamav structure should be more resistant to failure. Your choices are to either work with it as is, or wait until clamav is more mature. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luigi Iotti wrote: Hi all I'm new on the list, is this is a FAQ please tell me so. I'm unsure if my problem is related to the other one that today is discussed on the list. I have several clamav installations. I use it with Postfix on CentOS (very similar to Red Hat). I use the clamav RPM packages available on http://crash.fce.vutbr.cz , but recompiled on CentOS. Last night suddenly, on several of my custoers' mail servers, clamd stopped running. In the lo I find: Wed Apr 11 04:02:13 2007 - SelfCheck: Database status OK. Wed Apr 11 04:38:23 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 04:38:24 2007 - Reading databases from /var/lib/clamav Wed Apr 11 04:38:24 2007 - ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 04:38:24 2007 - Terminating because of a fatal error. Wed Apr 11 04:38:24 2007 - Socket file removed. Wed Apr 11 04:38:24 2007 - Pid file removed. Wed Apr 11 04:38:24 2007 - --- Stopped at Wed Apr 11 04:38:24 2007 This happened on at least 10 different installations, more or less at the same time. I noticed that: 1) the problem seems to occur only on 0.90 installations. Servers still with 0.8x seem not to be affected. 2) In /var/lib/clamav , after clamd stopped running, I find the directories daily.inc, main.inc anche the mirrors.dat file. No .cvd files. I'm looking for the reason of this massive problem, and I'd like to know if this can be an isolated episode (maybe due to a broken update file). I found a minor problem in the RPM package, too. In the rc file, /etc/init.d/clamd, it checks for the existence of /var/lib/clamav/main.cvd and , if not found, it exits echoing ERROR: Clamav DB missing! Run 'freshclam --verbose' as root. Having main.inc and not main.cvd, my clamd refused to start with this error. Maybe the package author is listening reading this ML, so he can correct his packages. It seems to me that it is sufficient to check for the existence of the file /var/lib/clamav/main.cvd OR the directory /var/lib/clamav/main.inc . Is this be correct (I mean, main.inc took the place of main.cvd)? Thanks for the attention. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html I have the same here... Tue Apr 10 20:19:34 2007 - Database correctly reloaded (107793 signatures) Wed Apr 11 06:19:21 2007 - SelfCheck: Database modification detected. Forcing reload. Wed Apr 11 06:19:22 2007 - Reading databases from /var/lib/clamav Wed Apr 11 06:19:22 2007 - ERROR: reload db failed: Broken or not a CVD file Wed Apr 11 06:19:22 2007 - Terminating because of a fatal error.Wed Apr 11 06:19:23 2007 - Socket file removed. Wed Apr 11 06:19:23 2007 - Pid file removed. Wed Apr 11 06:19:23 2007 - --- Stopped at Wed Apr 11 06:19:23 2007 I tried restarting the deamon with the same results. My ClamWin also died today on my personal computer!!! I fixed ClamWin by blowing away the databases and re-downloading them. I'll try the same for clamav on the server to see if it fixes the problem. But this error is CATASTROPHIC. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHOMokNLDmnu1kSkRAtrXAKCDadn1zNJV6vAapYF/K2sx04ZDWgCfUu0t 1BeA/U5w9rwchiI9ED0IsX4= =u5Vg -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Solaris 9 and clamd
[EMAIL PROTECTED] wrote: Hi Has anybody else noticed this. When running clamd with the ScanArchive config option set to yes, after a couple of minutes of running cpu usage will look like this: last pid: 2470; load averages: 6.43, 4.06, 2.71 12:16:16 77 processes: 75 sleeping, 2 on cpu CPU states: 2.6% idle, 85.0% user, 12.4% kernel, 0.0% iowait, 0.0% swap Memory: 1536M real, 1128M free, 147M swap in use, 2026M swap free PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND 833 popuser 11 590 43M 40M cpu/28:50 91.13% clamd I corrected this problem on my servers by removing the MSRBL databases from the system. CPU usage immediately dropped to normal values. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
Same here, three servers. Had this happen a few weeks ago on one of those servers, but I thought it was an isolated incident.. Well, on the opposite end of the spectrum, all four of my OpenBSD servers running 0.90.1 got the update just fine, and none of them died. I saw a few complaints in the freshclam log about not being able to download the update, but they all chugged right along and got it a bit later. Since 0.9x, I haven't had _any_ of my clamd or freshclam processes die. Benny -- I've said it before and I'll say it again: If I ever catch a spammer, I will hang him upside down with rusty barbed wire by his nether-regions over a pit of rabid lawyers who haven't eaten in days... -- Benjamin A. Shelton ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamdmon.sh
On 4/11/07, Lyle Giese [EMAIL PROTECTED] wrote: I am amazed at the number of people here that apparently not using SOMETHING to monitor clamd. Esp. when the developers include a nice script to check and restart clamd. I'm not sure it was a matter of not having clamd monitored, I think it was more of a notice that clamd failed and everyone is making sure that others on the list know.. I know I have all my services (clam, spam, smtp, pop3, imap, etc) monitored out of band. Lyle -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR: Broken or not a CVD file
- Original Message - From: [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Wednesday, April 11, 2007 3:09 PM Subject: Re: [Clamav-users] ERROR: Broken or not a CVD file OS +++ Started at Wed Apr 11 14:03:38 2007 OS clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i686) OS Log file size limited to 2097152 bytes. OS Reading databases from /var/lib/clamav OS ERROR: Broken or not a CVD file I had this on 4 different servers that I support. /var/lib/clamav contained a file with 0 bytes called: *.cvd That is correct, the asterisk (*) was actually in the filename. I deleted this file and re-ran freshclam and restarted clamd. All is fine now. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Yep that fixed it! Thanks Mark ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamdmon.sh
Hi! In my case just restarting clamd wouldn't have worked, because clam didn't start because of a broken database (or a least one file in the database directory which doesn't belong there). And because of that clamscan as backup didn't worked either. Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Lyle Giese Sent: Wednesday, April 11, 2007 4:17 PM To: clamav-users@lists.clamav.net Subject: [Clamav-users] Clamdmon.sh I am amazed at the number of people here that apparently not using SOMETHING to monitor clamd. Esp. when the developers include a nice script to check and restart clamd. I run three different mail servers and quickly found clamdmon and just a bit of PERL programming created a means of being notified of an issue. Yes, you have to have a means of being notified 'out of band'. But if you are serious about uptime, you need to know promptly when a mail server is not processing email and at that point you cann't depend on that email server to tell you it's broken. Lyle ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Dennis Peterson wrote: You need to have better monitoring and notification, and a mail system that delivers mail even if there is a fatal error in the AV tool. This is hardly a ClamAV problem. Depends on what your goals are. For me, a reliable email system does not just mean mail gets delivered. It also means that we reliably reject detectable viruses. If we're letting viruses through because our pants are down (because our AV tool has failed), then that's not a reliable email system. That's a dysfunctional email system. better monitoring and notification: yes, good. letting potentially virus laden email through because your AV tool is down: very bad. It's like using condoms. Just because you run out of condoms doesn't make unprotected sex suddenly safe. Accepting email from the world without your AV tool processing it is as irresponsible as having unprotected sex with the entire world. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On 4/11/07, John Rudd [EMAIL PROTECTED] wrote: Depends on what your goals are. For me, a reliable email system does not just mean mail gets delivered. It also means that we reliably reject detectable viruses. If we're letting viruses through because our pants are down (because our AV tool has failed), then that's not a reliable email system. That's a dysfunctional email system. Agreed... better monitoring and notification: yes, good. Check out argus (http://argus.tcp4me.com) .. Works wonderfully for me. It's like using condoms. Just because you run out of condoms doesn't make unprotected sex suddenly safe. Accepting email from the world without your AV tool processing it is as irresponsible as having unprotected sex with the entire world. Ugh.. Thanks.. I'm gonna have nightmares for weeks now.. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Jason Frisvold wrote: On 4/11/07, John Rudd [EMAIL PROTECTED] wrote: Depends on what your goals are. For me, a reliable email system does not just mean mail gets delivered. It also means that we reliably reject detectable viruses. If we're letting viruses through because our pants are down (because our AV tool has failed), then that's not a reliable email system. That's a dysfunctional email system. Agreed... better monitoring and notification: yes, good. Check out argus (http://argus.tcp4me.com) .. Works wonderfully for me. It's like using condoms. Just because you run out of condoms doesn't make unprotected sex suddenly safe. Accepting email from the world without your AV tool processing it is as irresponsible as having unprotected sex with the entire world. Ugh.. Thanks.. I'm gonna have nightmares for weeks now.. nightmares? hah to some that is their dream! ;) -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
John Rudd wrote: Dennis Peterson wrote: You need to have better monitoring and notification, and a mail system that delivers mail even if there is a fatal error in the AV tool. This is hardly a ClamAV problem. Depends on what your goals are. For me, a reliable email system does not just mean mail gets delivered. It also means that we reliably reject detectable viruses. If we're letting viruses through because our pants are down (because our AV tool has failed), then that's not a reliable email system. That's a dysfunctional email system. better monitoring and notification: yes, good. letting potentially virus laden email through because your AV tool is down: very bad. Send it to your next AV tool. You don't rely on a single tool for this, do you? It's like using condoms. Just because you run out of condoms doesn't make unprotected sex suddenly safe. Accepting email from the world without your AV tool processing it is as irresponsible as having unprotected sex with the entire world. Or maybe get second condom source, not to mention do better condom monitoring. Bad choices have bad consequences. Seriously - if you know you're going to use five or six condoms each day and you see you have only two left (because your monitoring works), you have plenty of time to get more condoms. Owing to defects in manufacture it is never a good thing to find yourself looking over your breakfast at a box with only one condom left in it - very risky, as this increases the urgency to replenish sooner than later. Fortunately there is a good chance the system has built-in redundancy in that any or all of your partners that day may have their own condoms in which case problem solved and the expense is shared. It would be a good idea though to inspect the product to ensure it satisfies your quality requirements. Good planning pays off. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Clamav suddenly died on several boxes
I can verify this worked for me as well. Wipe the database, let freshclam update again, restart the clamd process and everything was running smooth again. Thanks, Michael James Kosin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, Deleting the database directory and restarting freshclam to get the databases again seems to have fixed the problem on both systems. This problem may be related to getting incremental updates and not being able to update the .CVD database properly. This is the only clue I can give. - -James -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGHObJkNLDmnu1kSkRAgHYAJ9Fr2zUdedPA9RUXUxBMx8Vu4zQ9gCdE/cs T+OJjNC65ht0Yi63uwCWKLc= =HHqU -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Solaris 9 and clamd
I corrected this problem on my servers by removing the MSRBL databases from the system. CPU usage immediately dropped to normal values. dp ___ Thanks. But I don't beleive I make use of MSRBL. Don't see anything like that in the clamd.conf file or in the clamav documentation for that matter. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Noel Jones schrieb: Make sure your amavisd.conf defines clamscan as a secondary scanner. If clamd is unavailable then amavsid-new will continue to process mail using clamscan to check for viruses. When using clamscan, system load will increase and throughput will decrease, but mail will still be processed. If clamscan fails too, no mail will pass through, which is good. It is possible to configure amavisd-new to pass mail unscanned if that's what you want, but that is not recommended. This is a good idea, did not think of this possibility yet.. Use some sort of monitor to check if clamd (and other critical processes) are running, and restart them if necessary. I like monit because it's simple and flexible, but there are lots of other choices. Here, monit restarted clamd a couple times on several servers last night because of the update problems. Everything was running smoothly when I arrived this morning. I had something like this in mind, but did not find the time yet. Yes, clamd and the whole clamav structure should be more resistant to failure. Your choices are to either work with it as is, or wait until clamav is more mature. It should not be too hard to rewrite freshclam so it downloads the update to a temporary file first, and then processes the database. Then there would be no problem about network speed and 0.8-clients wasting bandwith. If freshclam works already like this, then I cannot understand why clamd died cause of a lock-failure. And another point is: I got an email about problems updating with freshclam. Ok so far. But why on hell is there no mail indicating that clamd cannot open its database?? (Perhaps because my mailsystem was down at this point^^) I do not like email passing my system unscanned, but scanned with a database not up to date is better than no mail passing the system. (By the way: this would be the same thing as restarting clamd after the crash, because clamd rereads the database every hour, doesnt it.) I do not blame clamav for mail not passing, but I would like to inform the developers that there is a problem. Ok, I could have solved it by monitoring clamd, but this crash was an unnecessary one. In addition, it is not acceptable to say: Ok, almost every clamd out there died cause of this update, but the problem are the users with clamav 0.8 I have 0.9, and I dislike to see my clamd fucked up with every update.. But to this point, great antivirus software :-) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] ERROR: Broken or not a CVD file
I found this file too when I was investigating the problem I talk about in my post Clamav suddenly died on several boxes. I found the the '*.cvd' file is created by a daily cron script, /etc/cron.daily/freshclam, which issues the command /bin/touch -a /var/lib/clamav/*.cvd Thanks. I amended my freshclam cron job. It was exactly as you described. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Ok same thing occured now again. What to do now to solve this problem?? The main.inc seems to be up to date, but the daily.inc should be updated And this update busts my clamd-process. And if I start it now, i guess it will be busted one hour later again. (The problem here is not a corrupted database, but a freshclam updating to long i think.) freshclam output: ClamAV update process started at Wed Apr 11 22:32:40 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) Trying host db.de.clamav.net (85.25.252.58)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) Trying host db.de.clamav.net (85.199.169.78)... nonblock_connect: connect timing out (30 secs) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Last for today: I guess the german update server is down / overloaded. I changed to austrian, and freshclam worked in seconds. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] db.de.clamav.net Can't connect
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi @ll, since yesterday i have problems with update mirror db.de.clamav.net is this a known problem, should i change the mirror? some grep from mail log pr 11 23:53:40 postmailer freshclam[28032]: Trying host db.de.clamav.net (194.77.146.139)... Apr 11 23:53:40 postmailer freshclam[28032]: nonblock_connect: connect(): fd=6 errno=103: Software caused connection abort Apr 11 23:53:40 postmailer freshclam[28032]: Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139) Apr 11 23:53:40 postmailer freshclam[28032]: Ignoring mirror 195.246.234.199 (due to previous errors) Apr 11 23:53:40 postmailer freshclam[28032]: Trying host db.de.clamav.net (213.174.32.130)... Apr 11 23:53:40 postmailer freshclam[28032]: connect_error: getsockopt(SO_ERROR): fd=6 error=111: Connection refused Apr 11 23:53:40 postmailer freshclam[28032]: Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130) Apr 11 23:53:40 postmailer freshclam[28032]: Trying host db.de.clamav.net (217.115.136.166)... Apr 11 23:53:40 postmailer freshclam[28032]: nonblock_connect: connect(): fd=6 errno=103: Software caused connection abort Apr 11 23:53:40 postmailer freshclam[28032]: Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166) Apr 11 23:53:40 postmailer freshclam[28032]: Ignoring mirror 217.160.141.39 (due to previous errors) Apr 11 23:53:40 postmailer freshclam[28032]: getpatch: Can't download daily-3073.cdiff from db.de.clamav.net Apr 11 23:53:40 postmailer freshclam[28032]: Retrieving http://db.de.clamav.net/daily-3073.cdiff - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGHV0mfGH2AvR16oERAgxUAJoDgfJee0gf8C97P+eLQkXF8rluiACeJ6Ti hoqBs3vvpRobPF7ZF2Ffz68= =b0I2 -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] db.de.clamav.net Can't connect
Robert Schetterer schrieb: Hi @ll, since yesterday i have problems with update mirror db.de.clamav.net is this a known problem, should i change the mirror? Form me db.at.clamav.net worked fine, and .de. did not at all. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] db.de.clamav.net Can't connect
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jacusy schrieb: Robert Schetterer schrieb: Hi @ll, since yesterday i have problems with update mirror db.de.clamav.net is this a known problem, should i change the mirror? Form me db.at.clamav.net worked fine, and .de. did not at all. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html Jep i see db.at.clamav.net works fine - -- Mit freundlichen Gruessen Best Regards Robert Schetterer https://www.schetterer.org Munich/Bavaria/Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGHWFXfGH2AvR16oERAnKpAKCJXdXiKwvCpY+zmsxMxvnYF14qIQCeOUm3 NVqQjs4iRakTyAB2dLJGwSM= =FjBy -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Dennis Peterson wrote: John Rudd wrote: Dennis Peterson wrote: You need to have better monitoring and notification, and a mail system that delivers mail even if there is a fatal error in the AV tool. This is hardly a ClamAV problem. Depends on what your goals are. For me, a reliable email system does not just mean mail gets delivered. It also means that we reliably reject detectable viruses. If we're letting viruses through because our pants are down (because our AV tool has failed), then that's not a reliable email system. That's a dysfunctional email system. better monitoring and notification: yes, good. letting potentially virus laden email through because your AV tool is down: very bad. Send it to your next AV tool. You don't rely on a single tool for this, do you? A single virus detecting program? No. A single decision point about deliver vs reject vs tempfail? Yes. (and, AV tool to me means all of these programs collectively (sophos, clamav, and/or mcaffee as the detection programs, and mailscanner or mimedefang or some other milter as the decision maker) If, at the point of making the decision of should I deliver? I have not gotten a definitive answer to is this message clean? then it would be very bad to go with deliver. There is no next tool to pass the decision on to, because at that point all of the available detection programs have answered. So, when you say You need to have a mail system that delivers even if there is a fatal error in the AV tool, I say: no. A fatal error means that the collective tool hasn't been able to determine whether or not the message contains a known infection (no matter how many detection programs I'm running). Therefore, we tempfail it. I do not see any other available and acceptable outcome. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] centos/clamav update: errors
Hi, I just did a yum update clamav for my server, and it went OK during the update, but in attepting to start the service, I see errors which appear to be somewhat false in that the /etc/clamd.conf file is present, and has the proper permissions (I checked them against my non-broken/non-updated box. --snip- [EMAIL PROTECTED] etc]# service clamd restart Stopping Clam AntiVirus Daemon:[FAILED] Starting Clam AntiVirus Daemon: ERROR: Parse error at line 34: Option LogTime requires boolean argument. ERROR: Can't open/parse the config file /etc/clamd.conf [FAILED] -snip--- I did however add some 'boolean' values of 0 or 1, and got it to start. My question is, -is it clamav/clamd really going to work properly, or was I just performing a useless hack? -krb ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Please help me any one for my problem Actually i have problem when i was trying to upgrade clamav from 0.887 to 0.90 version Following is my setup 1, Solaris Sparc server Enterprise Edition, 2. O/S Solaris 8 with complete patches, 3. Amavisd, spamassin, Clamav and postfix, As per the instrustion from the http://www.clamav.net.faq when ever i was trying to do so with following script but it come out with following error, please if any one you guys can help me in this then iam very very thankfull to u, awk: syntax error near line 1 awk: bailing out near line 1 Thanks in advance ##!/bin/ksh # updateclamconf # Merge two clamd.conf or freshclam.conf files and write the result to # the standard output. The result file contains all comments from the # second file with the active (i.e. not commented-out) settings from # the first file merged into it. Settings which were only in the first # file file and not mentioned in the second file any more, are appended # at the end, but commented out. # # Any comment must start with a hash and a space: ## comment # while any commented out setting must start with a hash and no space: ##settingname settingvalue # # The first file may optionally have the format that was used up to # version 0.88.7. In that case the settings will be converted to the # format that is used in version 0.90 and newer. # # Known issues: # # If an option exists more than once in eiter file, all occurrences are # moved to the position of the first occurrence. AFAIK this # currently only applies to the DatabaseMirror option in # freshclam.conf. # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # # Authors: Reinhard Max [EMAIL PROTECTED] # Kurt Keller [EMAIL PROTECTED] # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. BEGIN { if (ARGC != 3) { print usage: updateclamconf /usr/local/etc/freshclam.conf etc/freshclam.conf /dev/stderr exit 1 } # some options may be overridden from the command line $0 = override for (i=1; i=NF; i+=2) { options[$i] = $(i+1) } pass = 0 } lastname != FILENAME { lastname = FILENAME pass++ } pass == 1 $0 ~ /^[[:space:]]*[^#]/ { if (NF == 1) { $2 = yes } if (!($1 in options)) { options[$1]=$0 } else { options[$1] = options[$1] \n $0 } } # merge options into the content of the second file pass == 2 { # copy $1, so that sub() doesn't modify $0 o = $1 sub(^#, , o) if (o in options) { if (o == NotifyClamd options[o] ~ / yes$/) { sub(^#, ) options[o] = $0 } print options[o] delete options[o] } else { print } } # print out any options that were only found in the first file END { for (o in options) { print \n# These options weren't found in the new config file for (o in options) { print # o, options[o] } break } } :q! bash-2.03# awk stest1 awk: syntax error near line 1 awk: bailing out near line 1 Regards, __ Mohammed Ejaz Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Fax: +966-1-4654735 - Original Message - From: jacusy [EMAIL PROTECTED] To: ClamAV users ML [EMAIL PROTECTED] Sent: Wednesday, April 11, 2007 3:22 PM Subject: Re: [Clamav-users] error stops clamd Alexander Grüner schrieb: Hello :-) Same here since 12:45h MESZ. After some tests this helped me to get all working again: sudo killall freshclam sudo rcclamd restart sudo rcapplication restart And do NOT forget to comment you freshclam Updtes in cron out. Hope this quick hack helps... The problem is not to restart my applications, the problem is the time between clamd going down and restarting my application. As my clamd was killed about 2.15 MEZ and the service was restarted at 9.30 MEZ, this is a serious problem! 7 hours we were not able to send / receive mail cause of a terribly made update of 9 megabytes.. ISC Handler Marteen told me just a few minutes ago: Last night the ClamAV project released a new main.cvd, which was about 9 megabytes in size. As many users are still using Clamav 0.8, which downloads this file in full, this causes high stress for a number of mirrors. As more users upgrade from 0.8 to 0.9, this problem will disappear with future updates. Version 0.9 only transfers the difference between CVDs instead of the files in full. Does this mean that every time they have a new main.cvd, my clamd will
Re: [Clamav-users] error stops clamd
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd Lyons Sent: Wednesday, April 11, 2007 8:52 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Apr 11, 2007 at 02:24:52PM -0400, Jim Maul wrote: However, it is illogical that clamd would die completely due to issues with a recently downloaded definition file. Why can it not just roll back to the old, previously working, definitions? Can someone please explain this? Im having trouble trying to comprehend the current behavior. Neutral question: What's worse? a) AV that dies because of problems with virus definitions b) AV that reverts back to previously working definitions but then leaves you with a system that lets the latest things through and the whole time you think you're protected Taken into account that by default freshclam updates every 2 hours (and it is often configured to update every 1 hour), I would prefer the risk of being running with signatures 4 hours old, than having a denial of service. Obviously, I think to the case where the update failure is sporadic. a is not great, but then neither is b. In the case of a, cron scripts watching the daemon process fixes things if it can and notifies you via pager (and 10 pages coming in simultaneously definitely indicates that something is wrong). In the case of b, you see no interruption so you assume all is well (and in this case, all IS well, but suppose some corporation changes their firewall blocking traffic outbound from your clamav box and you never know that it's not getting the latest updates). Notification is a part of the solution IMHO. If clamd recognizes that it's not able to load the new ones because the update process is still occurring, then it should continue running *AND* notify the sysadmin that it's running in what should be considered a degraded mode. The ease with which this is attained will vary by system. I agree. Only it's worth noticing that if I have a script that can inform me via a pager that clamd is not running, than it's likely to be able to inform me that an update did not go well, or that sigtool reports my virus signatures to be 4 or 24 or NN hours old. I would be equally informed, but I would have no denial of service. Just my opinion. Luigi ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Luigi Iotti wrote: Notification is a part of the solution IMHO. If clamd recognizes that it's not able to load the new ones because the update process is still occurring, then it should continue running *AND* notify the sysadmin that it's running in what should be considered a degraded mode. The ease with which this is attained will vary by system. I agree. Only it's worth noticing that if I have a script that can inform me via a pager that clamd is not running, than it's likely to be able to inform me that an update did not go well, or that sigtool reports my virus signatures to be 4 or 24 or NN hours old. I would be equally informed, but I would have no denial of service. Just my opinion. The environment I support is a forest of gateway servers. If any/all lose the ability to scan viruses, the inside server forest, running a completely different tool suite, can pick up the load. My job is to bring full service back to my systems as quickly as possible. That happened - logs show no viruses were ingested, and this is a million message/week system. Fault tolerance, notification, redundancy. Oh - and expensive. Very expensive, in fact. Anyone know if this event caused Barracuda systems to fold up the tent? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html