Re: [clamav-users] clamav-milter crash
Hi there, On Tue, 26 Jan 2016, Benny Pedersen wrote: i have seen it [crash] so many times now that i like to know if its just me that use it or its known problem It might just be you. I've been using clamav-milter on various mail servers for more than a decade and I can't remember ever seeing it crash - although it's not beyond the realms of possibility that it did it once or twice without my noticing, nor even that I forgot the odd occasion. But recurrent problems are out of the question, I would have noticed and I would either have fixed them or ditched the software. The systems were originally Slackware and Red Hat but now (for better, or for worse:) exclusively Debian although still compiled from sources taken from the relevant upstream stable releases only. Sorry, I'm afraid I have very little experience with Gentoo. You might need to do a bit more work to provide enough information for anyone to help you. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter crash
On 2016-01-26 16:46, Steven Morgan wrote: If this is still a problem with the most current software on github, please create a bug report at http://bugzilla.clamav.net. Please attach samples that result in the crash. this is the hard part if not recieved i have added clamav- now to fidonet overlay on gentoo layman -a fidonet emerge --autounmask-write =clamav- etc-update emerge -av clamav would be good if other gentoo fellows help debug clamav-milter ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter crash
If this is still a problem with the most current software on github, please create a bug report at http://bugzilla.clamav.net. Please attach samples that result in the crash. Steve On Tue, Jan 26, 2016 at 9:26 AM, Benny Pedersen wrote: > i have seen it do this so many times now that i like to know if its just > me that use it or its known problem > > upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7 > > is there a github version of clamav ? > ___ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav-milter crash
On Tue, January 26, 2016 2:26 pm, Benny Pedersen wrote: > is there a github version of clamav ? > ___ https://github.com/vrtadmin/clamav-devel Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com Twitter: @sanesecurity ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav-milter crash
i have seen it do this so many times now that i like to know if its just me that use it or its known problem upgrade to 0.99 does not help, currently on the stable gentoo 0.98.7 is there a github version of clamav ? ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[Clamav-users] clamav-milter crash
I tried to implement the 0.95 release on my platforms (Solaris 9, sendmail). Everything seems to work but the new clamav-milter, which crashes every time I test it by sending a virus attached to a mail (no message into the log file). The error sendmail is reporting is: milter_read(clmilter): cmd read returned 0, expecting 5 Milter (clmilter): to error state It appears as a clamav-milter problem, since the clamav-milter 0.94.2 with the -e switch (external scanner) using clamd version 0.95 is currently working as usual. Also, when clamav-milter 0.95 is running, the clmilter_watch is unable to speak through the unix socket (timeout), nor the clamdwatch is able to contact it, giving the error: Clamd is in an unknown state. It returned: My clamav-milter.conf file is: ## ## Example config file for clamav-milter ## # Comment or remove the line below. # Example ## ## Main options ## # Define the interface through which we communicate with sendmail # This option is mandatory! Possible formats are: # [[unix|local]:]/path/to/file - to specify a unix domain socket # inet:p...@[hostname|ip-address] - to specify an ipv4 socket # inet6:p...@[hostname|ip-address] - to specify an ipv6 socket # # Default: no default #MilterSocket /tmp/clamav-milter.socket MilterSocket /var/run/clamav/clmilter.sock #MilterSocket inet:7357 # Remove stale socket after unclean shutdown. # # Default: yes #FixStaleSocket yes # Run as another user (clamav-milter must be started by root for this option to work) # # Default: unset (don't drop privileges) User clamav # Initialize supplementary group access (clamav-milter must be started by root). # # Default: no #AllowSupplementaryGroups no # Waiting for data from clamd will timeout after this time (seconds). # Value of 0 disables the timeout. # # Default: 120 #ReadTimeout 300 # Don't fork into background. # # Default: no #Foreground yes # Chroot to the specified directory. # Chrooting is performed just after reading the config file and before dropping privileges. # # Default: unset (don't chroot) #Chroot /newroot # This option allows you to save a process identifier of the listening # daemon (main thread). # # Default: disabled #PidFile /var/run/clamav-milter.pid # Optional path to the global temporary directory. # Default: system specific (usually /tmp or /var/tmp). # #TemporaryDirectory /var/tmp ## ## Clamd options ## # Define the clamd socket to connect to for scanning. # This option is mandatory! Syntax: # ClamdSocket unix:path # ClamdSocket tcp:host:port # The first syntax specifies a local unix socket (needs an absolute path) e.g.: # ClamdSocket unix:/var/run/clamd/clamd.socket # The second syntax specifies a tcp local or remote tcp socket: the # host can be a hostname or an ip address; the ":port" field is only required # for IPv6 addresses, otherwise it defaults to 3310 # ClamdSocket tcp:192.168.0.1 # # This option can be repeated several times with different sockets or even # with the same socket: clamd servers will be selected in a round-robin fashion. # # Default: no default #ClamdSocket tcp:scanner.mydomain:7357 ClamdSocket unix:/var/run/clamav/clamd.sock ## ## Exclusions ## # Messages originating from these hosts/networks will not be scanned # This option takes a host(name)/mask pair in CIRD notation and can be # repeated several times. If "/mask" is omitted, a host is assumed. # To specify a locally orignated, non-smtp, email use the keyword "local" # # Default: unset (scan everything regardless of the origin) #LocalNet local #LocalNet 192.168.0.0/24 #LocalNet ::::/48 # This option specifies a file which contains a list of POSIX regular # expressions. Addresses (sent to or from - see below) matching these regexes # will not be scanned. Optionally each line can start with the string "From:" # or "To:" (note: no whitespace after the colon) indicating if it is, # respectively, the sender or recipient that is to be whitelisted. # If the field is missing, "To:" is assumed. # Lines starting with #, : or ! are ignored. # # Default unset (no exclusion applied) #Whitelist /etc/whitelisted_addresses Whitelist /usr/local/etc/clamd_white ## ## Actions ## # The following group of options controls the delievery process under # different circumstances. # The following actions are available: # - Accept # The message is accepted for delievery # - Reject # Immediately refuse delievery (a 5xx error is returned to the peer) # - Defer # Return a temporary failure message (4xx) to the peer # - Blackhole (not available for OnFail) # Like accept but the
Re: [Clamav-users] Clamav-milter crash
On Mon, May 23, 2005 at 03:48:56PM +0200, David Kredba said: > Hello. > > Clamav-milter is reported as crashing often to me. > But it is better with the last stable version then before. > > To the syslog I got messages like : > > clamav-milter dead but subsys locked not a clamav-milter error. > There is what is clamav-milter reports before the crash : > > May 23 14:33:02 srv clamav-milter[29263]: ClamAv: thread_create() > failed: 12, try again > May 23 14:09:13 srv clamd[30078]: Reading databases from /var/lib/clamav > May 23 14:09:13 srv clamd[30078]: Database correctly reloaded (34652 > viruses) These timestamps are 14 minutes apart, and unlikely to be helpful. Try searching the archives for issues like yours - you will find an amazing number of people have already said 'try using --external'. If you are unwilling to try debugging, I am not sure what else to tell you. -- -- | Stephen Gran | How do you explain school to a higher | | [EMAIL PROTECTED] | intelligence? -- Elliot, "E.T." | | http://www.lobefin.net/~steve | | -- pgpebNHUhZIcq.pgp Description: PGP signature ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Clamav-milter crash
Hello. Clamav-milter is reported as crashing often to me. But it is better with the last stable version then before. To the syslog I got messages like : clamav-milter dead but subsys locked There is what is clamav-milter reports before the crash : May 23 13:23:09 srv clamav-milter[29263]: j4NBN8Ip027792: /tmp/clamav-9e4a8ae056dfb947/msg.dB1aSX: Worm.Mytob.BR Intercepted virus from <> to <[EMAIL PROTECTED]> May 23 13:30:04 srv clamav-milter[29263]: j4NBTwWx028471: /tmp/clamav-9e4a8ae056dfb947/msg.THFCC1: Exploit.HTML.IFrame Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> May 23 13:31:27 srv clamav-milter[29263]: j4NBVOXh028671: /tmp/clamav-9e4a8ae056dfb947/msg.8nzpnB: Worm.SomeFool.R Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> May 23 13:31:47 srv clamav-milter[29263]: j4NBVjp6028691: /tmp/clamav-9e4a8ae056dfb947/msg.9joLmP: Worm.Bagle.Gen-zippwd Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> May 23 13:49:08 srv clamav-milter[29263]: j4NBmvov031420: /tmp/clamav-9e4a8ae056dfb947/msg.2NTsa1: Worm.SomeFool.Gen-1 Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> May 23 13:52:37 srv clamav-milter[29263]: j4NBqZDd032055: /tmp/clamav-9e4a8ae056dfb947/msg.eTVs7J: Worm.Bagz.D Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> May 23 14:06:22 srv clamav-milter[29263]: j4NC6L1M001691: /tmp/clamav-9e4a8ae056dfb947/msg.1hitDJ: Worm.SomeFool.P Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]> May 23 14:33:02 srv clamav-milter[29263]: ClamAv: thread_create() failed: 12, try again May 23 14:34:09 srv clamav-milter[29263]: ClamAv: thread_create() failed: 12, try again May 23 14:34:17 srv clamav-milter[29263]: ClamAv: thread_create() failed: 12, try again May 23 14:34:26 srv clamav-milter[29263]: ClamAv: thread_create() failed: 12, try again May 23 14:35:41 srv clamav-milter[29263]: ClamAv: thread_create() failed: 12, abort My user action, call /etc/init.d/clamav-milter restart May 23 14:35:57 srv clamav-milter[29263]: Stopping ClamAV 0.85.1/889/Sun May 22 12:18:49 2005 May 23 15:14:09 srv clamav-milter: clamav-milter shutdown failed May 23 15:14:10 srv clamav-milter[9807]: ClamAV: Protecting against 34652 viruses May 23 15:14:10 srv clamav-milter[9807]: Loaded ClamAV 0.85.1/890/Mon May 23 13:34:44 2005 May 23 15:14:10 srv clamav-milter[9808]: Starting ClamAV version 0.85.1, clamav-milter version 0.85 May 23 15:14:10 srv clamav-milter: clamav-milter startup succeeded Reports from clamd to syslog in a last two days : May 22 13:09:02 srv clamd[30078]: SelfCheck: Database modification detected. Forcing reload. May 22 13:09:02 srv clamd[30078]: Reading databases from /var/lib/clamav May 22 13:09:03 srv clamd[30078]: Database correctly reloaded (34651 viruses) May 23 14:09:13 srv clamd[30078]: SelfCheck: Database modification detected. Forcing reload. May 23 14:09:13 srv clamd[30078]: Reading databases from /var/lib/clamav May 23 14:09:13 srv clamd[30078]: Database correctly reloaded (34652 viruses) Clamd.conf : LogFile /var/log/clamav/clamd.log #LogFileUnlock LogFileMaxSize 0 LogTime #LogClean LogSyslog #LogFacility LOG_MAIL #LogVerbose PidFile /var/run/clamav/clamd.pid TemporaryDirectory /tmp DatabaseDirectory /var/lib/clamav #LocalSocket /var/run/clamav/clamd.sock FixStaleSocket TCPSocket 3310 #TCPAddr 127.0.0.1 MaxConnectionQueueLength 60 StreamMaxLength 50M MaxThreads 50 ReadTimeout 300 #IdleTimeout 60 #MaxDirectoryRecursion 20 #FollowDirectorySymlinks #FollowFileSymlinks SelfCheck 1800 #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" User clamav AllowSupplementaryGroups #Foreground #Debug #LeaveTemporaryFiles #DisableDefaultScanOptions #ScanPE DetectBrokenExecutables #ScanOLE2 #ScanMail #MailFollowURLs #ScanHTML #ScanArchive #ScanRAR ArchiveMaxFileSize 50M #ArchiveMaxRecursion 8 #ArchiveMaxFiles 1500 ArchiveMaxCompressionRatio 300 #ArchiveLimitMemoryUsage ArchiveBlockEncrypted #ArchiveBlockMax #ClamukoScanOnAccess #ClamukoScanOnOpen #ClamukoScanOnClose #ClamukoScanOnExec #ClamukoIncludePath /home #ClamukoIncludePath /students #ClamukoExcludePath /home/guru #ClamukoMaxFileSize 10M /etc/sysconfig/clamav-milter : CLAMAV_FLAGS=" --max-children=61 \ --quiet \ --external \ --force-scan \ --dont-log-clean \ --server=localhost \ --pidfile=/var/run/clamav/clamav-milter.pid \ local:/var/run/clamav/clamav-milter.sock \ " Report from starting clamd: Mon May 23 15:36:55 2005 -> +++ Started at Mon May 23 15:36:55 2005 Mon May 23 15:36:55 2005 -> clamd daemon 0.85.1 (OS: linux-gnu, ARCH: i386, CPU: i386) Mon May 23 15:36:55 2005 -> Log file size limit disabled. Mon May 23 15:36:55 2005 -> Reading databases from /var/lib/clamav Mon May 23 15:36:56 2005 -> Protecting against 34652 viruses. Mon May 23 15:36:56 2005 -> Bound to port 3310 Mon
