Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Sat, 19 Feb 2005, James Lick wrote: Igor Brezac wrote: This is how .80 ran for me. The recent service pack may have done this. What is your os version, uname -v? SunOS tcp.com 5.9 Generic_112233-11 sun4u sparc SUNW,Ultra-2 Solaris I am at Generic_117171-15, which is a lot newer and I am affraid the latest patch is giving me problems. ;( -- Igor ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Sat, 19 Feb 2005, James Lick wrote: Igor Brezac wrote: On Fri, 18 Feb 2005, James Lick wrote: My clamd is at 12mb process size currently. I haven't noticed memory bloat in recent versions. This is the starting clamd memory footprint. How many messages are you scanning? 0.80 ran fine, I noticed the problem since 0.81... It processes up to 50k emails per day, so not that much compared to some people here. It is still at 12m process size, been running for 5 days now, since upgrading to 0.83. This is how .80 ran for me. The recent service pack may have done this. What is your os version, uname -v? -- Igor ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Fri, 18 Feb 2005, James Lick wrote: Igor Brezac wrote: On Thu, 17 Feb 2005, David Blank-Edelman wrote: Solaris 9, gcc built, Solaris 9 stock zlib (1.1.4) I'm running clamd 0.83 on Solaris 9 compiled with gcc 3.4.2 and zlib 1.2.2. The older zlib releases have been known to cause clamd to crash, so you might want to try that first. I use clamd over a named socket instead of TCP, dunno if that would be a difference. You might also want to check if your kernel and thread library patches are up to date. I run things on Solaris 9 as well and I have not run into this problem. However, I am seeing a huge increase in memory usage after .81 release. .80 ran fine. How much memory does your clamd process consume when it stops running? My clamd is at 12mb process size currently. I haven't noticed memory bloat in recent versions. This is the starting clamd memory footprint. How many messages are you scanning? 0.80 ran fine, I noticed the problem since 0.81... -- Igor ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Fri, 18 Feb 2005, David Blank-Edelman wrote: From: Igor Brezac <[EMAIL PROTECTED]>: How much memory does your clamd process consume when it stops running? Hi Igor- I haven't checked (the machine it is running on has plenty of memory and swap), but I will check next time this happens. Would you be willing to share your build configuration with me off list so I can compare? ./configure \ --enable-milter \ --with-dbdir=/var/clamav I compile using gcc 2.95.3, zlib 1.2.2, gmp 4.1.4 and curl 7.12.3; configure auto-detects those properly. -- Igor ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd on Solaris ceases functioning after a while
On Thu, 17 Feb 2005, David Blank-Edelman wrote: Hi- Thanks for such a great program and all of the work being put into it. We're having a nasty problem with clamd 0.8x (even with 0.83 which we just installed yesterday). After running for a while, it will decide to just stop functioning and return failures or refuse connect from the MTA. Here are some specifics: Solaris 9, gcc built, Solaris 9 stock zlib (1.1.4) Here's a sample part of our clamd.log: Tue Feb 15 10:16:43 2005 -> SelfCheck: Database status OK. Tue Feb 15 10:19:53 2005 -> /var/spool/exim/scan/1D14UQ-0005c9-DG/1D14UQ-0005c9- DG.eml: Unable to open file or directory ERROR Tue Feb 15 10:19:53 2005 -> Client disconnected Tue Feb 15 10:19:53 2005 -> ERROR: accept() failed Tue Feb 15 10:19:53 2005 -> ERROR: accept() failed Tue Feb 15 10:19:53 2005 -> ERROR: accept() failed Tue Feb 15 10:25:18 2005 -> /var/spool/exim/scan/1D14ZC-0006sJ-9Q/1D14ZC-0006sJ- 9Q.eml: Worm.Lovgate.T FOUND (which eventually turns into all accept() failed, though it doesn't always say this. Sometimes it just reports "Thu Feb 17 13:41:11 2005 -> No stats for Database check - forcing reload" as the last line before being autorestarted by my monitoring cronjob) Our exim logs have shown: 2005-02-17 08:24:23 1D1kTd-0005w0-32 malware acl condition: clamd: unable to read from socket (No such file or directory) or 2005-02-17 08:24:28 1D1ldr-0004nH-Qm malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file number) When it is in this state, a truss of the process shows several threads apparently continuing to run but it won't accept new connections as seen above. I haven't seen any indication in the log that I've reached a threading limit, but I don't know if I should expect one. I haven't been able to determine a specific pattern to when this happens and I can't seem to get it to repeat at will. The closest thing I've seen to a pattern is I've seen it happen several times when: a) the server has been started, b) it hasn't performed a successful SelfCheck yet. It doesn't always happen in this state (i.e. the first check doesn't always fail). I wish I could tell what the difference was between when it will work and when it will fail. I wonder if it happens to center around load, but I have no data to back that supposition up. I think I've seen this situation also happen (but I'm not sure) after a freshclam update that actually touched the database. Here's my non default answer in our config file: LogFile /priv/log/clamd/clamd.log LogFileMaxSize 100M LogTime LogSyslog LogFacility LOG_MAIL LogVerbose DatabaseDirectory /priv/daemons/packages/clamav-0.83/share/clamav TCPSocket 3310 TCPAddr 127.0.0.1 MaxConnectionQueueLength 30 StreamMaxLength 20M MaxThreads 20 # this set to 600 in the hopes I could cause the problem to surface faster, was set to default SelfCheck 600 Debug ScanRAR ArchiveBlockMax Any suggestions on where to look? Any other information I should gather for you? Should I try the current snapshot? Thanks for any help you can offer. I run things on Solaris 9 as well and I have not run into this problem. However, I am seeing a huge increase in memory usage after .81 release. .80 ran fine. How much memory does your clamd process consume when it stops running? -- Igor ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] clamav 0.8[12] memory leak
I am seeing a pretty significant memory leak in the last two releases of clamav on Solaris 9. I have not had a chance to look in the code and I did not run the binary through a memory profiler, but I was wondering if this this is a known issue. clamav 0.80 ran fine. -- Igor ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Re: MD5 crashes... (fwd)
On Wed, 1 Sep 2004, Christopher X. Candreva wrote: On Wed, 1 Sep 2004, Andy Fiddaman wrote: ; > Since the latest daily update, ClamAV has been crashing here with every ; > email it scans, has anyone else seen this ? ; Yes. I get almost the same backtrace as you. I've had to disable clam ; ... ; I'm running today's CVS on Solaris 9/SPARC -- haven't made much progress Same here, Solaris 9. Me too -- Solaris 8 on Sparc, gcc 3.4.0, was running 20040805 Now back at 0.75.1, was going to try the devel-20040901 snapshot before posting when I saw this thread. Do not try. It is broken as well... -- Igor --- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd devel-20040728 memory usage growing
On Fri, 30 Jul 2004, Tomasz Kojm wrote: On Thu, 29 Jul 2004 18:21:23 -0400 (EDT) Igor Brezac <[EMAIL PROTECTED]> wrote: On Thu, 29 Jul 2004, Mike Lambert wrote: OS: FreeBSD 4.9-RELEASE-p2 ClamAV: devel-20040728 Build options: --enable-milter --disable-clamuko --enable-bigstack --disable-dependency-tracking In 24 hours of running, memory usage for clamd (devel-20040728) has steadily increased from 5MB to 63MB. Does anyone have suggestions for building/configuring clamd on FreeBSD to stop or at least reduce the leaks? Version 0.70 leaked, but not nearly as bad as this snapshot. Does version 0.75 leak much? It leaks on Solaris 9 as well (snapshot from today). I am not very intimate with the clamd code, but a quick run through a profiler (FncCheck) shows that the leak may come from cli_parse_add(). I cannot find where bm_new structure is freed. If any of the developers in matcher.c:cl_free() -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Jul 30 00:47:46 CEST 2004 How about this? --- matcher-bm.c.orig Mon Jul 19 13:54:40 2004 +++ matcher-bm.cThu Jul 29 21:59:42 2004 @@ -91,11 +91,27 @@ void cli_bm_free(struct cl_node *root) { +struct cli_bm_patt *b1, *b2; +int i; + if(root->bm_shift) free(root->bm_shift); -if(root->bm_suffix) +if(root->bm_suffix) { + for(i = 0; i < 65536; i++) { + b1 = root->bm_suffix[i]; + while(b1) { + b2 = b1; + b1 = b1->next; + if (b2->virname) + free(b2->virname); + if (b2->pattern) + free(b2->pattern); + free(b2); + } + } free(root->bm_suffix); +} } int cli_bm_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root) -- Igor --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamd devel-20040728 memory usage growing
On Thu, 29 Jul 2004, Mike Lambert wrote: OS: FreeBSD 4.9-RELEASE-p2 ClamAV: devel-20040728 Build options: --enable-milter --disable-clamuko --enable-bigstack --disable-dependency-tracking In 24 hours of running, memory usage for clamd (devel-20040728) has steadily increased from 5MB to 63MB. Does anyone have suggestions for building/configuring clamd on FreeBSD to stop or at least reduce the leaks? Version 0.70 leaked, but not nearly as bad as this snapshot. Does version 0.75 leak much? It leaks on Solaris 9 as well (snapshot from today). I am not very intimate with the clamd code, but a quick run through a profiler (FncCheck) shows that the leak may come from cli_parse_add(). I cannot find where bm_new structure is freed. If any of the developers is interested, I can email tham the memory report I produced. -- Igor --- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Problems with clamd 0.70-rc: Hangs on Solaris 9
It seems that ScanMail is broken since 0.68 (it appears broken in 0.70-rc as well). eicar standard test virus is no longer recognized when attached in an email messages. The same setup works fine with clamav-0.67. -Igor On Wed, 17 Mar 2004, trustem dotcom wrote: > Upgraded to clamd 0.70-rc on Solaris 9 sparc. > > A few minor issues we have observed: > 1) When trying to stop clamd (SIGTERM), clamd claims > to exit successfully (see log, below) but hangs > forever. Have to give it a SIGKILL to actually > terminate the process. > 2) Have not had enough time to adequate investigate > why, but clamd now always seems to be in the top 20 > processes, whereas with 0.65 and 0.68, it almost never > was. No noticable difference in the number of > processes using clamd either. > 3) Two really near-trivial freshclam issues: > a) The freshclam man page does not make any > mention of the (apparently) new freshclam.conf file. > b) There is no man page for freshclam.conf. > > Keep up the great work y'all! > > Jon R. Kibler > A.S.E.T., Inc. > Charleston, SC USA > (843) 849-8214 > > P.S. Have to use Yahoo to post to this group because > for some reason sourceforge's MTA says that it 'cannot > verify sender' whenever we try to post to mail list. > > > LOG FILE FOR clamd SHOWING IT THINKS IT STOPPED: > > > Tue Mar 16 16:01:53 2004 -> +++ Started at Tue Mar > 16 16:01:53 2004 > > Tue Mar 16 16:01:53 2004 -> Log file size limited to > 8388608 bytes. > > Tue Mar 16 16:01:53 2004 -> Verbose logging > activated. > > Tue Mar 16 16:01:53 2004 -> Running as user defang > (UID 104, GID 25) > > Tue Mar 16 16:01:53 2004 -> Reading databases from > /var/clamav/databases > > Tue Mar 16 16:01:55 2004 -> Protecting against 20486 > viruses. > > Tue Mar 16 16:01:56 2004 -> Unix socket file > /var/clamav/clamd.sock > > Tue Mar 16 16:01:56 2004 -> Setting connection queue > length to 60 > > Tue Mar 16 16:01:56 2004 -> Listening daemon: PID: > 332 > > Tue Mar 16 16:01:56 2004 -> Archive: Archived file > size limit set to 10485760 bytes. > > Tue Mar 16 16:01:56 2004 -> Archive: Recursion level > limit set to 9. > > Tue Mar 16 16:01:56 2004 -> Archive: Files limit set > to 1000. > > Tue Mar 16 16:01:56 2004 -> Archive: Compression > ratio limit set to 200. > > Tue Mar 16 16:01:56 2004 -> Archive support enabled. > > Tue Mar 16 16:01:56 2004 -> RAR support disabled. > > Tue Mar 16 16:01:56 2004 -> Blocking encrypted > archives. > > Tue Mar 16 16:01:56 2004 -> Mail files support > enabled. > > Tue Mar 16 16:01:56 2004 -> OLE2 support enabled. > > Tue Mar 16 16:01:56 2004 -> Self checking every 3600 > seconds. > > Tue Mar 16 17:02:26 2004 -> No stats for Database > check - forcing reload > > Tue Mar 16 17:02:26 2004 -> Reading databases from > /var/clamav/databases > > Tue Mar 16 17:02:30 2004 -> Database correctly > reloaded (20486 viruses) > > Tue Mar 16 18:05:51 2004 -> SelfCheck: Database > status OK. > > > > Wed Mar 17 09:31:04 2004 -> SelfCheck: Database > status OK. > > Wed Mar 17 10:12:53 2004 -> Shutting down the main > socket. > > Wed Mar 17 10:12:53 2004 -> Closing the main socket. > > Wed Mar 17 10:12:53 2004 -> Socket file removed. > > Wed Mar 17 10:12:53 2004 -> Pid file removed. > > Wed Mar 17 10:12:53 2004 -> Exiting (clean) > > Wed Mar 17 10:12:53 2004 -> --- Stopped at Wed Mar > 17 10:12:53 2004 > > > > > > __ > Do you Yahoo!? > Yahoo! Mail - More reliable, more storage, less spam > http://mail.yahoo.com > > > --- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > -- Igor --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ArchiveDetectEncrypted and --detect-encrypted
On Thu, 4 Mar 2004, Tomasz Kojm wrote: > Hello, > > due to many requests ClamAV is now able to detect and mark password > protected archives as a virus type "Encrypted.Zip" (big thanks to > Michael L Torrie). You have to enable this feature manually with > ArchiveDetectEncrypted in clamav.conf and --detect-encrypted in > clamscan. Please be careful and WARN YOUR USERS before enabling it. > I may have missed something in this discussion, but why isn't it possible to treat this zip file as a regular file (non archive) and check it against virus patterns? This is how trendmicro engine is able to identify the virus. -- Igor --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ArchiveDetectEncrypted and --detect-encrypted
This does not appear to be available in CVS. Am I missing something? Thanks, -Igor On Thu, 4 Mar 2004, Tomasz Kojm wrote: > Hello, > > due to many requests ClamAV is now able to detect and mark password > protected archives as a virus type "Encrypted.Zip" (big thanks to > Michael L Torrie). You have to enable this feature manually with > ArchiveDetectEncrypted in clamav.conf and --detect-encrypted in > clamscan. Please be careful and WARN YOUR USERS before enabling it. > > -- Igor --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Undefined symbol "_deny_severity"
On Wed, 18 Feb 2004, Lynn Duerksen wrote: > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:clamav-users- > > [EMAIL PROTECTED] On Behalf Of Igor Brezac > > Sent: Wednesday, February 18, 2004 3:57 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [Clamav-users] Undefined symbol "_deny_severity" > > > > > > My guess is that your clamd/clam*scan is linked with libwrap. What > does > > 'ldd clamd' say? > > > > /usr/local/sbin/clamd: > -lclamav.1 => /usr/local/lib/libclamav.so.1.3 (0x40025000) > -lz.2 => /usr/lib/libz.so.2.0 (0x4003d000) > -lbz2.10 => /usr/local/lib/libbz2.so.10.2 (0x4004a000) > -lgmp.6 => /usr/local/lib/libgmp.so.6.2 (0x40059000) > -lpthread.1 => /usr/lib/libpthread.so.1.0 (0x40083000) > -lc.29 => /usr/lib/libc.so.29.0 (0x4009a000) > Based on your runtime error, I expected libwrap in this output. I just checked the build process and libwrap should be linked with libclamav.so.1.3. This is were the undefined symbol is coming from. -- Igor --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
RE: [Clamav-users] Undefined symbol "_deny_severity"
My guess is that your clamd/clam*scan is linked with libwrap. What does 'ldd clamd' say? -Igor On Wed, 18 Feb 2004, Lynn Duerksen wrote: > I'm not using milter. Why does this affect an install with postfix? > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:clamav-users- > > [EMAIL PROTECTED] On Behalf Of Igor Brezac > > Sent: Wednesday, February 18, 2004 3:15 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Clamav-users] Undefined symbol "_deny_severity" > > > > > > Clamav assumes that everyone uses a static verison of libwrap. > > > > Here is a patch for clamav-milter.c. A similar patch needs to be > applied > > to configure script for the tcpwrappers detection and libwrap needs to > be > > linked against the clamav-milter binary only. > > > > --- clamav-milter.c.origWed Feb 18 15:56:29 2004 > > +++ clamav-milter.c Mon Feb 16 07:32:02 2004 > > @@ -401,6 +401,10 @@ > > > > #ifdef WITH_TCPWRAP > > #include > > + > > +int allow_severity = LOG_DEBUG; > > +int deny_severity = LOG_ERR; > > + > > #endif > > > > #if defined(CL_DEBUG) && defined(C_LINUX) > > > > -Igor > > > > On Wed, 18 Feb 2004, Lynn Duerksen wrote: > > > > > Just update a system running .65 to .67-1 > > > > > > /usr/libexec/ld.so: Undefined symbol "_deny_severity" in > > > clamd:/usr/lib/libwrap.so.3.0 > > > > > > I tried the OpenBSD port as well as the stable code. Same results > > > > > > Any suggestions? > > > > > > > > > Lynn Duerksen > > > Technical Manager > > > Futureware Distributing, Inc > > > OpenBSD 3.3 > > > Amavisd-new > > > > > > > > > > > > > > > > > > --- > > > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > > > Build and deploy apps & Web services for Linux with > > > a free DVD software kit from IBM. Click Now! > > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > > > ___ > > > Clamav-users mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/clamav-users > > > > > > > -- > > Igor > > > > > > --- > > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > > Build and deploy apps & Web services for Linux with > > a free DVD software kit from IBM. Click Now! > > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > > ___ > > Clamav-users mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/clamav-users > > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > -- Igor --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Undefined symbol "_deny_severity"
Clamav assumes that everyone uses a static verison of libwrap. Here is a patch for clamav-milter.c. A similar patch needs to be applied to configure script for the tcpwrappers detection and libwrap needs to be linked against the clamav-milter binary only. --- clamav-milter.c.origWed Feb 18 15:56:29 2004 +++ clamav-milter.c Mon Feb 16 07:32:02 2004 @@ -401,6 +401,10 @@ #ifdef WITH_TCPWRAP #include + +int allow_severity = LOG_DEBUG; +int deny_severity = LOG_ERR; + #endif #if defined(CL_DEBUG) && defined(C_LINUX) -Igor On Wed, 18 Feb 2004, Lynn Duerksen wrote: > Just update a system running .65 to .67-1 > > /usr/libexec/ld.so: Undefined symbol "_deny_severity" in > clamd:/usr/lib/libwrap.so.3.0 > > I tried the OpenBSD port as well as the stable code. Same results > > Any suggestions? > > > Lynn Duerksen > Technical Manager > Futureware Distributing, Inc > OpenBSD 3.3 > Amavisd-new > > > > > > --- > SF.Net is sponsored by: Speed Start Your Linux Apps Now. > Build and deploy apps & Web services for Linux with > a free DVD software kit from IBM. Click Now! > http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click > ___ > Clamav-users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/clamav-users > -- Igor --- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] ClamAV instabilities
On Thu, 22 Jan 2004, Everton da Silva Marques wrote: > On Thu, Jan 22, 2004 at 06:37:14PM +0100, Tomasz Kojm wrote: > > On Thu, 22 Jan 2004 08:29:53 +0100 > > Marc Balmer <[EMAIL PROTECTED]> wrote: > > > > > Tomasz Kojm wrote: > > > > > > >>clamd hangs at leats twice a day, does no longer respond to network > > > >>connections. It has to be killed and restarted. It has become > > > >>unusable on OpenBSD. > > > > > > > > Sorry, we're not telepathic - we need backtraces, logs, etc. > > > > > > If there only was an error message. clamd still runs, according to > > > ps, to does no longer handle the network protocol. > > > > Please try to attach gdb to the broken clamd process next time. > > I often see a very similar problem in clamav 0.65 under Solaris 7. > clamd writes the following to logs: > > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > Thu Jan 22 11:23:51 2004 -> ERROR: accept() failed. > > An work-around is to stop clamd and restart it. > > I'll try to attach gdb to clamd next time. > Try increasing MaxConnectionQueueLength or if you use Unix sockets (LocalSocket) use TCPAddr/TCPSocket instead. Solaris unix sockets are known to have problems. -- Igor --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Recursion limit exceeded bug in clamav-0.65
On Sat, 15 Nov 2003, Tomasz Kojm wrote: > On Wed, 12 Nov 2003 23:32:44 -0500 (EST) > Igor Brezac <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > I get the following error when ScanMail is enabled and ScanArchive is > > disabled. > > > > /var/src/clamav-0.65/test/test1: Recursion limit exceeded. ERROR > > How to reproduce it ? In clamav.conf StreamSaveToDisk ScanMail #ScanArchive Run clamdscan /var/src/clamav-0.65/test/test1 Hope this helps. I can email you the whole config if you need... -- Igor --- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Recursion limit exceeded bug in clamav-0.65
Hello, I get the following error when ScanMail is enabled and ScanArchive is disabled. /var/src/clamav-0.65/test/test1: Recursion limit exceeded. ERROR Here is a possible fix: --- scanners.c.orig Wed Nov 12 23:20:27 2003 +++ scanners.c Wed Nov 12 23:18:45 2003 @@ -640,7 +640,7 @@ if(SCAN_ARCHIVE || SCAN_MAIL) { /* Need to examine file type */ - if(limits && limits->maxreclevel) + if(SCAN_ARCHIVE && limits && limits->maxreclevel) if(*reclev > limits->maxreclevel) return CL_EMAXREC; -- Igor --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] clamav-milter.8'
On Wed, 12 Nov 2003, Vincent Aniello wrote: > I am trying to compile ClamAV 0.65 on RedHat Linux 7. When compiling the > make stops with the following error: > > make[1]: Entering directory `/home/vincent/src/clamav-0.65/clamav-milter' > make[1]: *** No rule to make target `../docs/clamav-milter.8', needed by > `all-am'. Stop. > make[1]: Leaving directory `/home/vincent/src/clamav-0.65/clamav-milter' > make: *** [all-recursive] Error 1 > > Can anyone tell me how to correct this error? > You can ignore this error or apply the following patch and rebuild clamav. --- clamav-milter/Makefile.in.orig Wed Nov 12 16:55:17 2003 +++ clamav-milter/Makefile.in Wed Nov 12 16:55:36 2003 @@ -122,7 +122,7 @@ @BUILD_CLAMD_TRUE@@[EMAIL PROTECTED] = ../clamd/cfgfile.o ../clamd/others.o ../clamscan/getopt.o [EMAIL PROTECTED]@@[EMAIL PROTECTED] = ../docs/clamav-milter.8 [EMAIL PROTECTED]@@[EMAIL PROTECTED] = ../docs/man/clamav-milter.8 DEFS = @DEFS@ # CLAMD_LIBS is used, because clamav-milter requires the same libraries as clamd -- Igor --- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] scan stops after the first virus is found
On Thu, 16 Oct 2003, Tomasz Kojm wrote: > On Thu, 16 Oct 2003 12:24:18 -0400 (EDT) > Igor Brezac <[EMAIL PROTECTED]> wrote: > > > $ telnet localhost 3310 > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > SCAN /var/src/clamav-devel-20031015 > > /var/src/clamav-devel-20031015/test/test1: ClamAV-Test-Signature FOUND > > Connection to localhost closed by foreign host. > > $ > > > > Is this desired behavior or a bug? > > This is a normal behaviour. If you want clamd to continue scanning you > should use CONTSCAN. > I get the same with CONTSCAN $ telnet localhost 3310 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. CONTSCAN /var/src/clamav-devel-20031015/ /var/src/clamav-devel-20031015//test/test1: ClamAV-Test-Signature FOUND /var/src/clamav-devel-20031015/: OK Connection to localhost closed by foreign host. -- Igor --- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] A small cosmetic bug in clamd.c
I get 'Protecting against -4185375 viruses.' in the syslog when clamd starts. --- clamd.c.origMon Oct 20 16:33:14 2003 +++ clamd.c Mon Oct 20 16:33:32 2003 @@ -49,7 +49,7 @@ time_t currtime; struct cl_node *root = NULL; const char *dbdir, *cfgfile; - int ret, virnum, tcpsock; + int ret, virnum = 0, tcpsock; /* initialize some important variables */ -- Igor --- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] scan stops after the first virus is found
On Thu, 16 Oct 2003, Tomasz Kojm wrote: > On Thu, 16 Oct 2003 12:24:18 -0400 (EDT) > Igor Brezac <[EMAIL PROTECTED]> wrote: > > > $ telnet localhost 3310 > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > SCAN /var/src/clamav-devel-20031015 > > /var/src/clamav-devel-20031015/test/test1: ClamAV-Test-Signature FOUND > > Connection to localhost closed by foreign host. > > $ > > > > Is this desired behavior or a bug? > > This is a normal behaviour. If you want clamd to continue scanning you > should use CONTSCAN. > I get the same with CONTSCAN $ telnet localhost 3310 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. CONTSCAN /var/src/clamav-devel-20031015/ /var/src/clamav-devel-20031015//test/test1: ClamAV-Test-Signature FOUND /var/src/clamav-devel-20031015/: OK Connection to localhost closed by foreign host. -- Igor --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] scan stops after the first virus is found
Hello, I am testing the latest clamd snapshot (Oct 15th) and the scanning stops after the first virus is found. There are more viruses in the 'test' directory. $ telnet localhost 3310 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. SCAN /var/src/clamav-devel-20031015 /var/src/clamav-devel-20031015/test/test1: ClamAV-Test-Signature FOUND Connection to localhost closed by foreign host. $ Is this desired behavior or a bug? -- Igor --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users