Re: [Clamav-users] error stops clamd
Some time ago, jacusy wrote: > Hello, > > this night my clamd-process terminated with an error. The reason was > that freshclam took too long to do its update, so that clamd could not > lock the database. So clamd exited. But this behaviour is very fatal > because the mail system (postfix with amavis) relys on clamd, so if it > is down, the whole mail traffic is blocked!! Caused of an error while > updating.. > > What to do against? > this one question initiated a whole lot of replies, which I will not quote here. Now the question I have is: is this problem fixed in 0.90.3? Yesterday, this problem hit us on one small-volume mailserver: Thu Jun 7 06:25:54 2007 -> SelfCheck: Database status OK. Thu Jun 7 06:57:05 2007 -> SelfCheck: Database status OK. Thu Jun 7 07:29:34 2007 -> SelfCheck: Database status OK. Thu Jun 7 07:59:40 2007 -> SelfCheck: Database modification detected. Forcing reload. Thu Jun 7 07:59:40 2007 -> Reading databases from /opt/ClamAV/share/clamav Thu Jun 7 08:01:51 2007 -> ERROR: reload db failed: Unable to lock database directory (try 1) Thu Jun 7 08:04:01 2007 -> ERROR: reload db failed: Unable to lock database directory (try 2) Thu Jun 7 08:06:11 2007 -> ERROR: reload db failed: Unable to lock database directory (try 3) Thu Jun 7 08:06:11 2007 -> ERROR: reload db failed: Unable to lock database directory Thu Jun 7 08:06:11 2007 -> Terminating because of a fatal error.Thu Jun 7 08:06:11 2007 -> Socket file removed. Thu Jun 7 08:06:11 2007 -> --- Stopped at Thu Jun 7 08:06:11 2007 This caused no big problems, but I would like to know if it is fixed in 0.90.3 before I'm going to install 0.90.3; I can't find any reference to it in the changelog on the clamav site and maybe I have to wait for 0.91? Or should I file a bug report somewhere? I have tried to find this problem in the bugtracker, but couldn't find it there either. /rolf > The logs: > clamd.log > >> Wed Apr 11 01:53:40 2007 -> SelfCheck: Database status OK. >> Wed Apr 11 02:27:53 2007 -> SelfCheck: Database modification detected. >> Forcing reload. >> Wed Apr 11 02:28:07 2007 -> Reading databases from >> /usr/local/clamav/share/clamav >> Wed Apr 11 02:30:17 2007 -> ERROR: reload db failed: Unable to lock >> database directory (try 1) >> Wed Apr 11 02:32:27 2007 -> ERROR: reload db failed: Unable to lock >> database directory (try 2) >> Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock >> database directory (try 3) >> Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock >> database directory >> Wed Apr 11 02:34:37 2007 -> Terminating because of a fatal error.Wed >> Apr 11 02:34:37 2007 -> Socket file removed. >> Wed Apr 11 02:34:37 2007 -> Pid file removed. >> Wed Apr 11 02:34:37 2007 -> --- Stopped at Wed Apr 11 02:34:37 2007 >> > > > freshclam.log > >> ClamAV update process started at Wed Apr 11 02:23:01 2007 >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) >> Trying host db.de.clamav.net (85.25.252.58)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) >> Trying host db.de.clamav.net (85.199.169.78)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78) >> Trying host db.de.clamav.net (85.214.44.186)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 85.214.44.186) >> Trying host db.de.clamav.net (88.198.17.100)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.17.100) >> Trying host db.de.clamav.net (88.198.104.251)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.104.251) >> Trying host db.de.clamav.net (89.149.194.18)... >> connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out >> Can't connect to port 80 of host db.de.clamav.net (IP: 89.149.194.18) >> Trying host db.de.clamav.net (194.77.146.139)... >> nonblock_connect: connect(): fd=5 errno=103: Software caused >> connection abort >> Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139) >> Trying host db.de.clamav.net (195.246.234.199)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 195.246.234.199) >> Trying host db.de.clamav.net (213.174.32.130)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130) >> Trying host db.de.clamav.net (217.115.136.166)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166) >> Trying host db.de.clamav.net (217.160.141.39)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.cla
Re: [Clamav-users] error stops clamd
On Wed, 11 Apr 2007 12:46:44 +0200 jacusy <[EMAIL PROTECTED]> wrote: > freshclam.log > > ClamAV update process started at Wed Apr 11 02:23:01 2007 > > nonblock_connect: connect timing out (30 secs) > > Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) > > Trying host db.de.clamav.net (85.25.252.58)... > > nonblock_connect: connect timing out (30 secs) > > Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) > > Trying host db.de.clamav.net (85.199.169.78)... > > nonblock_connect: connect timing out (30 secs) > > Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78) > > Trying host db.de.clamav.net (85.214.44.186)... > > nonblock_connect: connect timing out (30 secs) [...] This will be fixed in 0.90.2 (already fixed in SVN). -- oo. Tomasz Kojm <[EMAIL PROTECTED]> (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Thu Apr 12 10:07:51 CEST 2007 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Luigi Iotti wrote: >> >> Notification is a part of the solution IMHO. If clamd recognizes that >> it's not able to load the new ones because the update process is still >> occurring, then it should continue running *AND* notify the sysadmin >> that it's running in what should be considered a degraded mode. The >> ease with which this is attained will vary by system. > > I agree. Only it's worth noticing that if I have a script that can inform me > via a pager that clamd is not running, than it's likely to be able to inform > me that an update did not go well, or that sigtool reports my virus > signatures to be 4 or 24 or NN hours old. I would be equally informed, but I > would have no denial of service. > > Just my opinion. The environment I support is a forest of gateway servers. If any/all lose the ability to scan viruses, the inside server forest, running a completely different tool suite, can pick up the load. My job is to bring full service back to my systems as quickly as possible. That happened - logs show no viruses were ingested, and this is a million message/week system. Fault tolerance, notification, redundancy. Oh - and expensive. Very expensive, in fact. Anyone know if this event caused Barracuda systems to fold up the tent? dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
> From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Todd Lyons > Sent: Wednesday, April 11, 2007 8:52 PM > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Wed, Apr 11, 2007 at 02:24:52PM -0400, Jim Maul wrote: > > >However, it is illogical that clamd would die completely due to issues > >with a recently downloaded definition file. Why can it not just roll > >back to the old, previously working, definitions? Can someone please > >explain this? Im having trouble trying to comprehend the > current behavior. > > Neutral question: > What's worse? > a) AV that dies because of problems with virus definitions > b) AV that reverts back to previously working definitions but then > leaves you with a system that lets the latest things through > and the whole time you think you're protected Taken into account that by default freshclam updates every 2 hours (and it is often configured to update every 1 hour), I would prefer the risk of being running with signatures 4 hours old, than having a denial of service. Obviously, I think to the case where the update failure is sporadic. > a is not great, but then neither is b. In the case of a, cron scripts > watching the daemon process fixes things if it can and notifies you via > pager (and 10 pages coming in simultaneously definitely indicates > that something is wrong). In the case of b, you see no interruption so > you assume all is well (and in this case, all IS well, but suppose some > corporation changes their firewall blocking traffic outbound from your > clamav box and you never know that it's not getting the latest updates). > > Notification is a part of the solution IMHO. If clamd recognizes that > it's not able to load the new ones because the update process is still > occurring, then it should continue running *AND* notify the sysadmin > that it's running in what should be considered a degraded mode. The > ease with which this is attained will vary by system. I agree. Only it's worth noticing that if I have a script that can inform me via a pager that clamd is not running, than it's likely to be able to inform me that an update did not go well, or that sigtool reports my virus signatures to be 4 or 24 or NN hours old. I would be equally informed, but I would have no denial of service. Just my opinion. Luigi ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Please help me any one for my problem Actually i have problem when i was trying to upgrade clamav from 0.887 to 0.90 version Following is my setup 1, Solaris Sparc server Enterprise Edition, 2. O/S Solaris 8 with complete patches, 3. Amavisd, spamassin, Clamav and postfix, As per the instrustion from the http://www.clamav.net.faq when ever i was trying to do so with following script but it come out with following error, please if any one you guys can help me in this then iam very very thankfull to u, awk: syntax error near line 1 awk: bailing out near line 1 Thanks in advance ##!/bin/ksh # updateclamconf # Merge two clamd.conf or freshclam.conf files and write the result to # the standard output. The result file contains all comments from the # second file with the active (i.e. not commented-out) settings from # the first file merged into it. Settings which were only in the first # file file and not mentioned in the second file any more, are appended # at the end, but commented out. # # Any comment must start with a hash and a space: ## comment # while any commented out setting must start with a hash and no space: ##settingname settingvalue # # The first file may optionally have the format that was used up to # version 0.88.7. In that case the settings will be converted to the # format that is used in version 0.90 and newer. # # Known issues: # # If an option exists more than once in eiter file, all occurrences are # moved to the position of the first occurrence. AFAIK this # currently only applies to the DatabaseMirror option in # freshclam.conf. # Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. # # Authors: Reinhard Max <[EMAIL PROTECTED]> # Kurt Keller <[EMAIL PROTECTED]> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. BEGIN { if (ARGC != 3) { print "usage: updateclamconf /usr/local/etc/freshclam.conf etc/freshclam.conf" > "/dev/stderr" exit 1 } # some options may be overridden from the command line $0 = override for (i=1; i<=NF; i+=2) { options[$i] = $(i+1) } pass = 0 } lastname != FILENAME { lastname = FILENAME pass++ } pass == 1 && $0 ~ /^[[:space:]]*[^#]/ { if (NF == 1) { $2 = "yes" } if (!($1 in options)) { options[$1]=$0 } else { options[$1] = options[$1] "\n" $0 } } # merge options into the content of the second file pass == 2 { # copy $1, so that sub() doesn't modify $0 o = $1 sub("^#", "", o) if (o in options) { if (o == "NotifyClamd" && options[o] ~ / yes$/) { sub("^#", "") options[o] = $0 } print options[o] delete options[o] } else { print } } # print out any options that were only found in the first file END { for (o in options) { print "\n# These options weren't found in the new config file" for (o in options) { print "# " o, options[o] } break } } :q! bash-2.03# awk stest1 awk: syntax error near line 1 awk: bailing out near line 1 Regards, __ Mohammed Ejaz Systems Administrator Middle East Internet Company (CYBERIA) Riyadh, Saudi Arabia Phone: +966-1-4647114 Ext: 140 Fax: +966-1-4654735 - Original Message ----- From: "jacusy" <[EMAIL PROTECTED]> To: "ClamAV users ML" <[EMAIL PROTECTED]> Sent: Wednesday, April 11, 2007 3:22 PM Subject: Re: [Clamav-users] error stops clamd Alexander Grüner schrieb: > Hello :-) > > Same here since 12:45h MESZ. > > After some tests this helped me to get all working again: > > sudo killall freshclam > sudo rcclamd restart > sudo rc restart > > And do NOT forget to comment you freshclam Updtes in cron out. > > Hope this quick hack helps... > The problem is not to restart my applications, the problem is the time between clamd going down and restarting my application. As my clamd was killed about 2.15 MEZ and the service was restarted at 9.30 MEZ, this is a serious problem! 7 hours we were not able to send / receive mail cause of a terribly made update of 9 megabytes.. > > > ISC Handler Marteen told me just a few minutes ago: > > "Last night the ClamAV project released a > new main.cvd, which was about 9 megabytes in size. As many users are still > using Clamav 0.8, which downloads this file in f
Re: [Clamav-users] error stops clamd
Dennis Peterson wrote: > John Rudd wrote: >> Dennis Peterson wrote: >> >>> You need to have better monitoring and notification, and a mail system >>> that delivers mail even if there is a fatal error in the AV tool. This >>> is hardly a ClamAV problem. >> Depends on what your goals are. >> >> For me, a reliable email system does not just mean "mail gets >> delivered". It also means that "we reliably reject detectable viruses". >> If we're letting viruses through because our pants are down (because >> our AV tool has failed), then that's not a reliable email system. >> That's a dysfunctional email system. >> >> better monitoring and notification: yes, good. >> >> letting potentially virus laden email through because your AV tool is >> down: very bad. > > Send it to your next AV tool. You don't rely on a single tool for this, > do you? A single virus detecting program? No. A single decision point about "deliver vs reject vs tempfail"? Yes. (and, "AV tool" to me means all of these programs collectively (sophos, clamav, and/or mcaffee as the detection programs, and mailscanner or mimedefang or some other milter as the decision maker) If, at the point of making the decision of "should I deliver?" I have not gotten a definitive answer to "is this message clean?" then it would be very bad to go with "deliver". There is no "next" tool to pass the decision on to, because at that point all of the available detection programs have answered. So, when you say "You need to have a mail system that delivers even if there is a fatal error in the AV tool", I say: no. A fatal error means that the collective tool hasn't been able to determine whether or not the message contains a known infection (no matter how many detection programs I'm running). Therefore, we tempfail it. I do not see any other available and acceptable outcome. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Last for today: I guess the german update server is down / overloaded. I changed to austrian, and freshclam worked in seconds. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Ok same thing occured now again. What to do now to solve this problem?? The main.inc seems to be up to date, but the daily.inc should be updated And this update busts my clamd-process. And if I start it now, i guess it will be busted one hour later again. (The problem here is not a corrupted database, but a freshclam updating to long i think.) freshclam output: ClamAV update process started at Wed Apr 11 22:32:40 2007 main.inc is up to date (version: 43, sigs: 104500, f-level: 14, builder: sven) nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) Trying host db.de.clamav.net (85.25.252.58)... nonblock_connect: connect timing out (30 secs) Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) Trying host db.de.clamav.net (85.199.169.78)... nonblock_connect: connect timing out (30 secs) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Apr 11, 2007 at 02:24:52PM -0400, Jim Maul wrote: >However, it is illogical that clamd would die completely due to issues >with a recently downloaded definition file. Why can it not just roll >back to the old, previously working, definitions? Can someone please >explain this? Im having trouble trying to comprehend the current behavior. Neutral question: What's worse? a) AV that dies because of problems with virus definitions b) AV that reverts back to previously working definitions but then leaves you with a system that lets the latest things through and the whole time you think you're protected a is not great, but then neither is b. In the case of a, cron scripts watching the daemon process fixes things if it can and notifies you via pager (and 10 pages coming in simultaneously definitely indicates that something is wrong). In the case of b, you see no interruption so you assume all is well (and in this case, all IS well, but suppose some corporation changes their firewall blocking traffic outbound from your clamav box and you never know that it's not getting the latest updates). Notification is a part of the solution IMHO. If clamd recognizes that it's not able to load the new ones because the update process is still occurring, then it should continue running *AND* notify the sysadmin that it's running in what should be considered a degraded mode. The ease with which this is attained will vary by system. - -- Regards... Todd There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. --Ed Howdershelt Linux kernel 2.6.17-6mdv 4 users, load average: 0.24, 0.05, 0.02 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGHS5iY2VBGxIDMLwRAnjPAJ9towGydLsfkSuqnfQdzNKKqCroogCffUx3 HiUQ+beTO8mdlrNI1iSljf0= =I8dY -END PGP SIGNATURE- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
McDonald, Dan wrote: >> From: [EMAIL PROTECTED] on behalf of Luca Gibelli >> Hello jacusy, > >>> this night my clamd-process terminated with an error. The reason was >>> that freshclam took too long to do its update, so that clamd could not >>> lock the database. So clamd exited. But this behaviour is very fatal >>> because the mail system (postfix with amavis) relys on clamd, so if it >>> is down, the whole mail traffic is blocked!! Caused of an error while >>> updating.. >> amavisd-new falls back to clamscan by default, if clamd is not available. > > Right, but my system is sized for operation with clamd. When clamd stops, > the memory utilization goes through the roof and the machine basically stops > because it is spending 80-90% of the cpu time in IOWAIT, trying to swap out > enough ram to load the whole clamav database for every message... > And mail backs up... At least it doesn't drop any mail. > And none of this discusses the real issue that clamd should not have been unavailable in the first place. I understand that daemons fail and critical ones should have monitoring in place. This is a no brainer. However, it is illogical that clamd would die completely due to issues with a recently downloaded definition file. Why can it not just roll back to the old, previously working, definitions? Can someone please explain this? Im having trouble trying to comprehend the current behavior. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
>From: [EMAIL PROTECTED] on behalf of Luca Gibelli >Hello jacusy, >> this night my clamd-process terminated with an error. The reason was >> that freshclam took too long to do its update, so that clamd could not >> lock the database. So clamd exited. But this behaviour is very fatal >> because the mail system (postfix with amavis) relys on clamd, so if it >> is down, the whole mail traffic is blocked!! Caused of an error while >> updating.. > >amavisd-new falls back to clamscan by default, if clamd is not available. Right, but my system is sized for operation with clamd. When clamd stops, the memory utilization goes through the roof and the machine basically stops because it is spending 80-90% of the cpu time in IOWAIT, trying to swap out enough ram to load the whole clamav database for every message... And mail backs up... At least it doesn't drop any mail. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Hello jacusy, > this night my clamd-process terminated with an error. The reason was > that freshclam took too long to do its update, so that clamd could not > lock the database. So clamd exited. But this behaviour is very fatal > because the mail system (postfix with amavis) relys on clamd, so if it > is down, the whole mail traffic is blocked!! Caused of an error while > updating.. amavisd-new falls back to clamscan by default, if clamd is not available. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg signature.asc Description: Digital signature ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
At 10:42 AM 4/11/2007, jacusy wrote: > > Yes, clamd and the whole clamav structure should be more resistant to > > failure. Your choices are to either work with it as is, or wait > > until clamav is more mature. > > >It should not be too hard to rewrite freshclam so it downloads the >update to a temporary file first, and then processes the database. I'm quite sure that freshclam does that already, but I don't think that any testing is done on the database other than verifying the digital signature is good. I don't know if it's practical to do more extensive testing on the downloaded database before using it, but that might help. It would also help if all of clamav was more robust when presented with unexpected database results. I'm not sure why there were so many failures last night, but I suspect it has something to do with failing or maybe taking too long while trying to convert the main.cvd file to the main.inc directory structure for incremental updates, but that's just a guess. Freshclam download failures are not terribly uncommon and don't usually cause clamd to croak, so this problem was more complicated than a simple freshclam failure. Hopefully the developers will be able to solve this. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Noel Jones schrieb: > Make sure your amavisd.conf defines clamscan as a secondary > scanner. If clamd is unavailable then amavsid-new will continue to > process mail using clamscan to check for viruses. When using > clamscan, system load will increase and throughput will decrease, but > mail will still be processed. If clamscan fails too, no mail will > pass through, which is good. It is possible to configure > amavisd-new to pass mail unscanned if that's what you want, but that > is not recommended. > This is a good idea, did not think of this possibility yet.. > Use some sort of monitor to check if clamd (and other critical > processes) are running, and restart them if necessary. I like monit > because it's simple and flexible, but there are lots of other choices. > Here, monit restarted clamd a couple times on several servers last > night because of the update problems. Everything was running > smoothly when I arrived this morning. > I had something like this in mind, but did not find the time yet. > Yes, clamd and the whole clamav structure should be more resistant to > failure. Your choices are to either work with it as is, or wait > until clamav is more mature. > It should not be too hard to rewrite freshclam so it downloads the update to a temporary file first, and then processes the database. Then there would be no problem about network speed and 0.8-clients wasting bandwith. If freshclam works already like this, then I cannot understand why clamd died cause of a lock-failure. And another point is: I got an email about problems updating with freshclam. Ok so far. But why on hell is there no mail indicating that clamd cannot open its database?? (Perhaps because my mailsystem was down at this point^^) I do not like email passing my system unscanned, but scanned with a database not up to date is better than no mail passing the system. (By the way: this would be the same thing as restarting clamd after the crash, because clamd rereads the database every hour, doesnt it.) I do not blame clamav for mail not passing, but I would like to inform the developers that there is a problem. Ok, I could have solved it by monitoring clamd, but this crash was an unnecessary one. In addition, it is not acceptable to say: "Ok, almost every clamd out there died cause of this update, but the problem are the users with clamav 0.8" I have 0.9, and I dislike to see my clamd fucked up with every update.. But to this point, great antivirus software :-) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
John Rudd wrote: > Dennis Peterson wrote: > >> You need to have better monitoring and notification, and a mail system >> that delivers mail even if there is a fatal error in the AV tool. This >> is hardly a ClamAV problem. > > Depends on what your goals are. > > For me, a reliable email system does not just mean "mail gets > delivered". It also means that "we reliably reject detectable viruses". > If we're letting viruses through because our pants are down (because > our AV tool has failed), then that's not a reliable email system. > That's a dysfunctional email system. > > better monitoring and notification: yes, good. > > letting potentially virus laden email through because your AV tool is > down: very bad. Send it to your next AV tool. You don't rely on a single tool for this, do you? > > > It's like using condoms. Just because you run out of condoms doesn't > make unprotected sex suddenly "safe". Accepting email from the world > without your AV tool processing it is as irresponsible as having > unprotected sex with the entire world. Or maybe get second condom source, not to mention do better condom monitoring. Bad choices have bad consequences. Seriously - if you know you're going to use five or six condoms each day and you see you have only two left (because your monitoring works), you have plenty of time to get more condoms. Owing to defects in manufacture it is never a good thing to find yourself looking over your breakfast at a box with only one condom left in it - very risky, as this increases the urgency to replenish sooner than later. Fortunately there is a good chance the system has built-in redundancy in that any or all of your partners that day may have their own condoms in which case problem solved and the expense is shared. It would be a good idea though to inspect the product to ensure it satisfies your quality requirements. Good planning pays off. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Jason Frisvold wrote: > On 4/11/07, John Rudd <[EMAIL PROTECTED]> wrote: >> Depends on what your goals are. >> >> For me, a reliable email system does not just mean "mail gets >> delivered". It also means that "we reliably reject detectable viruses". >> If we're letting viruses through because our pants are down (because >> our AV tool has failed), then that's not a reliable email system. >> That's a dysfunctional email system. > > Agreed... > >> better monitoring and notification: yes, good. > > Check out argus (http://argus.tcp4me.com) .. Works wonderfully for me. > >> It's like using condoms. Just because you run out of condoms doesn't >> make unprotected sex suddenly "safe". Accepting email from the world >> without your AV tool processing it is as irresponsible as having >> unprotected sex with the entire world. > > Ugh.. Thanks.. I'm gonna have nightmares for weeks now.. > nightmares? hah to some that is their dream! ;) -Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On 4/11/07, John Rudd <[EMAIL PROTECTED]> wrote: > Depends on what your goals are. > > For me, a reliable email system does not just mean "mail gets > delivered". It also means that "we reliably reject detectable viruses". > If we're letting viruses through because our pants are down (because > our AV tool has failed), then that's not a reliable email system. > That's a dysfunctional email system. Agreed... > better monitoring and notification: yes, good. Check out argus (http://argus.tcp4me.com) .. Works wonderfully for me. > It's like using condoms. Just because you run out of condoms doesn't > make unprotected sex suddenly "safe". Accepting email from the world > without your AV tool processing it is as irresponsible as having > unprotected sex with the entire world. Ugh.. Thanks.. I'm gonna have nightmares for weeks now.. -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Dennis Peterson wrote: > > You need to have better monitoring and notification, and a mail system > that delivers mail even if there is a fatal error in the AV tool. This > is hardly a ClamAV problem. Depends on what your goals are. For me, a reliable email system does not just mean "mail gets delivered". It also means that "we reliably reject detectable viruses". If we're letting viruses through because our pants are down (because our AV tool has failed), then that's not a reliable email system. That's a dysfunctional email system. better monitoring and notification: yes, good. letting potentially virus laden email through because your AV tool is down: very bad. It's like using condoms. Just because you run out of condoms doesn't make unprotected sex suddenly "safe". Accepting email from the world without your AV tool processing it is as irresponsible as having unprotected sex with the entire world. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On Wed, 11 Apr 2007, Brian Morrison wrote: > I'd say that it is more dangerous to stop mail delivery due to failed > virus scanning than it is not to scan mail while clamd is unresponsive. This all depends how much a cleanup of your entire network is going to cost. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/ ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
jacusy wrote: > Alexander Grüner schrieb: >> Hello :-) >> >> Same here since 12:45h MESZ. >> >> After some tests this helped me to get all working again: >> >> sudo killall freshclam >> sudo rcclamd restart >> sudo rc restart >> >> And do NOT forget to comment you freshclam Updtes in cron out. >> >> Hope this quick hack helps... >> > The problem is not to restart my applications, the problem is the time > between clamd going down and restarting my application. As my clamd was > killed about 2.15 MEZ and the service was restarted at 9.30 MEZ, this is > a serious problem! 7 hours we were not able to send / receive mail cause > of a terribly made update of 9 megabytes.. You need to have better monitoring and notification, and a mail system that delivers mail even if there is a fatal error in the AV tool. This is hardly a ClamAV problem. dp ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
At 05:46 AM 4/11/2007, jacusy wrote: >Hello, > >this night my clamd-process terminated with an error. The reason was >that freshclam took too long to do its update, so that clamd could not >lock the database. So clamd exited. But this behaviour is very fatal >because the mail system (postfix with amavis) relys on clamd, so if it >is down, the whole mail traffic is blocked!! Caused of an error while >updating.. > >What to do against? Make sure your amavisd.conf defines clamscan as a secondary scanner. If clamd is unavailable then amavsid-new will continue to process mail using clamscan to check for viruses. When using clamscan, system load will increase and throughput will decrease, but mail will still be processed. If clamscan fails too, no mail will pass through, which is good. It is possible to configure amavisd-new to pass mail unscanned if that's what you want, but that is not recommended. Use some sort of monitor to check if clamd (and other critical processes) are running, and restart them if necessary. I like monit because it's simple and flexible, but there are lots of other choices. Here, monit restarted clamd a couple times on several servers last night because of the update problems. Everything was running smoothly when I arrived this morning. Yes, clamd and the whole clamav structure should be more resistant to failure. Your choices are to either work with it as is, or wait until clamav is more mature. -- Noel Jones ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Hi, We had similar problems: Apr 10 18:50:07 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] SelfCheck: Database status OK. Apr 10 19:20:13 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] SelfCheck: Database status OK. Apr 10 19:50:41 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] SelfCheck: Database modification detected. Forcing reload. Apr 10 19:50:42 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] Reading databases from /var/sendmail/clamav-db Apr 10 19:52:52 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 1) Apr 10 19:55:02 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 2) Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] Terminating because of a fatal error. Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] Socket file removed. Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 19:57:12 jaguar.misty.com clamd[10009]: [ID 702911 local6.info] --- Stopped at Tue Apr 10 19:57:12 2007 Apr 10 20:47:41 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] No stats for Database check - forcing reload Apr 10 20:47:41 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] Reading databases from /var/sendmail/clamav-db Apr 10 20:49:51 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 1) Apr 10 20:52:01 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 2) Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory (try 3) Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] Terminating because of a fatal error. Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] reload db failed: Unable to lock database directory Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] Socket file removed. Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.error] Can't unlink the pid file /var/run/clamd.pid Apr 10 20:54:11 jaguar.misty.com clamd[7043]: [ID 702911 local6.info] --- Stopped at Tue Apr 10 20:54:11 2007 On Wed, Apr 11, 2007 at 12:46:44PM +0200, jacusy wrote: > Hello, > > this night my clamd-process terminated with an error. The reason was > that freshclam took too long to do its update, so that clamd could not > lock the database. So clamd exited. But this behaviour is very fatal > because the mail system (postfix with amavis) relys on clamd, so if it > is down, the whole mail traffic is blocked!! Caused of an error while > updating.. > > What to do against? > > > The logs: > clamd.log > > Wed Apr 11 01:53:40 2007 -> SelfCheck: Database status OK. > > Wed Apr 11 02:27:53 2007 -> SelfCheck: Database modification detected. > > Forcing reload. > > Wed Apr 11 02:28:07 2007 -> Reading databases from > > /usr/local/clamav/share/clamav > > Wed Apr 11 02:30:17 2007 -> ERROR: reload db failed: Unable to lock > > database directory (try 1) > > Wed Apr 11 02:32:27 2007 -> ERROR: reload db failed: Unable to lock > > database directory (try 2) > > Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock > > database directory (try 3) > > Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock > > database directory > > Wed Apr 11 02:34:37 2007 -> Terminating because of a fatal error.Wed > > Apr 11 02:34:37 2007 -> Socket file removed. > > Wed Apr 11 02:34:37 2007 -> Pid file removed. > > Wed Apr 11 02:34:37 2007 -> --- Stopped at Wed Apr 11 02:34:37 2007 > > > freshclam.log > > ClamAV update process started at Wed Apr 11 02:23:01 2007 > > nonblock_connect: connect timing out (30 secs) > > Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) > > Trying host
Re: [Clamav-users] error stops clamd
> > As more users upgrade from 0.8 to 0.9, this problem will disappear with > future updates. Version 0.9 only transfers the difference between CVDs > instead of the files in full." > Which isn't going to happen, at least for me, until 0.9 runs on mac os x 10.3.9. Right now, it wont compile. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
On 4/11/07, Brian Morrison <[EMAIL PROTECTED]> wrote: > I'd say that it is more dangerous to stop mail delivery due to failed > virus scanning than it is not to scan mail while clamd is unresponsive. But then the potential for virus infected email to get through is raised. While I realize that end-users *should* have virus scanners on their machines, the "comfort" factor knowing that the email server is scanning for virii makes them a tad complacent. Thus it's more likely that a user can be infected if they believe that no virus laden mail can reach them. So, instead, blocking mail until the virus scanner is back online is, imho, a better option. Of course, at that point you're relying on the SMTP capabilities of the senders... But on the upside, it stops spam from coming in for a while! :) > Brian Morrison > [EMAIL PROTECTED] -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Experienced it a few times after 0.90 was released (end february / first half march)... Nothing changed in 0.90.1. The "nice" thing is, freshclam still kept reporting that updates were fine, after clamd went dead... Luckily, clam was configured as secondary scanner in amavis, so mail delivery wasn't also down. While before 0.90, these problems weren't exhibited, I doubt that they'll just vanish, after most users will update... from time to time they'll show their ugly head again, when a mirror experiences difficulties or the ISP connection is down. Best solution would be to fix freshclam to bail out gracefully in case of problems - better a somewhat older database than no one at all. > > ISC Handler Marteen told me just a few minutes ago: > > "Last night the ClamAV project released a > new main.cvd, which was about 9 megabytes in size. As many users are still > using Clamav 0.8, which downloads this file in full, this causes high > stress for a number of mirrors. > > As more users upgrade from 0.8 to 0.9, this problem will disappear with > future updates. Version 0.9 only transfers the difference between CVDs > instead of the files in full." > > Regards, > Alexander > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html > ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
jacusy wrote: >> As more users upgrade from 0.8 to 0.9, this problem will disappear with >> future updates. Version 0.9 only transfers the difference between CVDs >> instead of the files in full." >> > Does this mean that every time they have a new main.cvd, my clamd will > stop working??? I cannot believe that they just hope that people update > to clamav 0.9 The only other possibilities are: split mirrors so that 0.9x updates come from different machines (this will make 0.8x users see more problems) increase capacity of mirror network (probably not easily feasible) Do you have any better ideas? -- Brian Morrison [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
jacusy wrote: > Hello, > > this night my clamd-process terminated with an error. The reason was > that freshclam took too long to do its update, so that clamd could not > lock the database. So clamd exited. But this behaviour is very fatal > because the mail system (postfix with amavis) relys on clamd, so if it > is down, the whole mail traffic is blocked!! I'd say that it is more dangerous to stop mail delivery due to failed virus scanning than it is not to scan mail while clamd is unresponsive. -- Brian Morrison [EMAIL PROTECTED] ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Alexander Grüner schrieb: > Hello :-) > > Same here since 12:45h MESZ. > > After some tests this helped me to get all working again: > > sudo killall freshclam > sudo rcclamd restart > sudo rc restart > > And do NOT forget to comment you freshclam Updtes in cron out. > > Hope this quick hack helps... > The problem is not to restart my applications, the problem is the time between clamd going down and restarting my application. As my clamd was killed about 2.15 MEZ and the service was restarted at 9.30 MEZ, this is a serious problem! 7 hours we were not able to send / receive mail cause of a terribly made update of 9 megabytes.. > > > ISC Handler Marteen told me just a few minutes ago: > > "Last night the ClamAV project released a > new main.cvd, which was about 9 megabytes in size. As many users are still > using Clamav 0.8, which downloads this file in full, this causes high > stress for a number of mirrors. > > As more users upgrade from 0.8 to 0.9, this problem will disappear with > future updates. Version 0.9 only transfers the difference between CVDs > instead of the files in full." > Does this mean that every time they have a new main.cvd, my clamd will stop working??? I cannot believe that they just hope that people update to clamav 0.9 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] error stops clamd
Hello :-) Same here since 12:45h MESZ. After some tests this helped me to get all working again: sudo killall freshclam sudo rcclamd restart sudo rc restart And do NOT forget to comment you freshclam Updtes in cron out. Hope this quick hack helps... ISC Handler Marteen told me just a few minutes ago: "Last night the ClamAV project released a new main.cvd, which was about 9 megabytes in size. As many users are still using Clamav 0.8, which downloads this file in full, this causes high stress for a number of mirrors. As more users upgrade from 0.8 to 0.9, this problem will disappear with future updates. Version 0.9 only transfers the difference between CVDs instead of the files in full." Regards, Alexander ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] error stops clamd
Same here. :-(( This behavior is terrible! jacusy wrote: > Hello, > > this night my clamd-process terminated with an error. The reason was > that freshclam took too long to do its update, so that clamd could not > lock the database. So clamd exited. But this behaviour is very fatal > because the mail system (postfix with amavis) relys on clamd, so if it > is down, the whole mail traffic is blocked!! Caused of an error while > updating.. > > What to do against? > > > The logs: > clamd.log >> Wed Apr 11 01:53:40 2007 -> SelfCheck: Database status OK. >> Wed Apr 11 02:27:53 2007 -> SelfCheck: Database modification detected. >> Forcing reload. >> Wed Apr 11 02:28:07 2007 -> Reading databases from >> /usr/local/clamav/share/clamav >> Wed Apr 11 02:30:17 2007 -> ERROR: reload db failed: Unable to lock >> database directory (try 1) >> Wed Apr 11 02:32:27 2007 -> ERROR: reload db failed: Unable to lock >> database directory (try 2) >> Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock >> database directory (try 3) >> Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock >> database directory >> Wed Apr 11 02:34:37 2007 -> Terminating because of a fatal error.Wed >> Apr 11 02:34:37 2007 -> Socket file removed. >> Wed Apr 11 02:34:37 2007 -> Pid file removed. >> Wed Apr 11 02:34:37 2007 -> --- Stopped at Wed Apr 11 02:34:37 2007 > > > freshclam.log >> ClamAV update process started at Wed Apr 11 02:23:01 2007 >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) >> Trying host db.de.clamav.net (85.25.252.58)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) >> Trying host db.de.clamav.net (85.199.169.78)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78) >> Trying host db.de.clamav.net (85.214.44.186)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 85.214.44.186) >> Trying host db.de.clamav.net (88.198.17.100)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.17.100) >> Trying host db.de.clamav.net (88.198.104.251)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.104.251) >> Trying host db.de.clamav.net (89.149.194.18)... >> connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out >> Can't connect to port 80 of host db.de.clamav.net (IP: 89.149.194.18) >> Trying host db.de.clamav.net (194.77.146.139)... >> nonblock_connect: connect(): fd=5 errno=103: Software caused >> connection abort >> Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139) >> Trying host db.de.clamav.net (195.246.234.199)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 195.246.234.199) >> Trying host db.de.clamav.net (213.174.32.130)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130) >> Trying host db.de.clamav.net (217.115.136.166)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166) >> Trying host db.de.clamav.net (217.160.141.39)... >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 217.160.141.39) >> ERROR: getpatch: Can't download main-43.cdiff from db.de.clamav.net >> nonblock_connect: connect timing out (30 secs) >> Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) >> > (this goes on for some pages) >> Trying host database.clamav.net (194.77.146.139)... >> nonblock_connect: connect(): fd=9 errno=103: Software caused >> connection abort >> Can't connect to port 80 of host database.clamav.net (IP: 194.77.146.139) >> Ignoring mirror 195.246.234.199 (due to previous errors) >> Trying host database.clamav.net (213.174.32.130)... >> Downloading daily-3065.cdiff [0%] >> daily.inc updated (version: 3065, sigs: 3293, f-level: 14, builder: sven) >> Database updated (107793 signatures) from database.clamav.net (IP: >> 213.174.32.130) >> WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd >> -- >> ClamAV update process started at Wed Apr 11 05:23:01 2007 >> main.inc is up to date (version: 43, sigs: 104500, f-level: 14, >> builder: sven) >> daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, >> builder: sven) > > > ___ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://lurker.clamav.net/list/clamav-users.html -- Christian Kühn (Technical Consultant / Hostmaster) == MCS MOOR
[Clamav-users] error stops clamd
Hello, this night my clamd-process terminated with an error. The reason was that freshclam took too long to do its update, so that clamd could not lock the database. So clamd exited. But this behaviour is very fatal because the mail system (postfix with amavis) relys on clamd, so if it is down, the whole mail traffic is blocked!! Caused of an error while updating.. What to do against? The logs: clamd.log > Wed Apr 11 01:53:40 2007 -> SelfCheck: Database status OK. > Wed Apr 11 02:27:53 2007 -> SelfCheck: Database modification detected. > Forcing reload. > Wed Apr 11 02:28:07 2007 -> Reading databases from > /usr/local/clamav/share/clamav > Wed Apr 11 02:30:17 2007 -> ERROR: reload db failed: Unable to lock > database directory (try 1) > Wed Apr 11 02:32:27 2007 -> ERROR: reload db failed: Unable to lock > database directory (try 2) > Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock > database directory (try 3) > Wed Apr 11 02:34:37 2007 -> ERROR: reload db failed: Unable to lock > database directory > Wed Apr 11 02:34:37 2007 -> Terminating because of a fatal error.Wed > Apr 11 02:34:37 2007 -> Socket file removed. > Wed Apr 11 02:34:37 2007 -> Pid file removed. > Wed Apr 11 02:34:37 2007 -> --- Stopped at Wed Apr 11 02:34:37 2007 freshclam.log > ClamAV update process started at Wed Apr 11 02:23:01 2007 > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) > Trying host db.de.clamav.net (85.25.252.58)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 85.25.252.58) > Trying host db.de.clamav.net (85.199.169.78)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 85.199.169.78) > Trying host db.de.clamav.net (85.214.44.186)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 85.214.44.186) > Trying host db.de.clamav.net (88.198.17.100)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.17.100) > Trying host db.de.clamav.net (88.198.104.251)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 88.198.104.251) > Trying host db.de.clamav.net (89.149.194.18)... > connect_error: getsockopt(SO_ERROR): fd=5 error=110: Connection timed out > Can't connect to port 80 of host db.de.clamav.net (IP: 89.149.194.18) > Trying host db.de.clamav.net (194.77.146.139)... > nonblock_connect: connect(): fd=5 errno=103: Software caused > connection abort > Can't connect to port 80 of host db.de.clamav.net (IP: 194.77.146.139) > Trying host db.de.clamav.net (195.246.234.199)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 195.246.234.199) > Trying host db.de.clamav.net (213.174.32.130)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 213.174.32.130) > Trying host db.de.clamav.net (217.115.136.166)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 217.115.136.166) > Trying host db.de.clamav.net (217.160.141.39)... > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 217.160.141.39) > ERROR: getpatch: Can't download main-43.cdiff from db.de.clamav.net > nonblock_connect: connect timing out (30 secs) > Can't connect to port 80 of host db.de.clamav.net (IP: 62.26.160.3) > (this goes on for some pages) > Trying host database.clamav.net (194.77.146.139)... > nonblock_connect: connect(): fd=9 errno=103: Software caused > connection abort > Can't connect to port 80 of host database.clamav.net (IP: 194.77.146.139) > Ignoring mirror 195.246.234.199 (due to previous errors) > Trying host database.clamav.net (213.174.32.130)... > Downloading daily-3065.cdiff [0%] > daily.inc updated (version: 3065, sigs: 3293, f-level: 14, builder: sven) > Database updated (107793 signatures) from database.clamav.net (IP: > 213.174.32.130) > WARNING: Clamd was NOT notified: Can't connect to clamd through /tmp/clamd > -- > ClamAV update process started at Wed Apr 11 05:23:01 2007 > main.inc is up to date (version: 43, sigs: 104500, f-level: 14, > builder: sven) > daily.inc is up to date (version: 3065, sigs: 3293, f-level: 14, > builder: sven) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html