subject:"\[clamav\-users\] temporary directories left in \/var\/lib\/clamav"

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-07-03 Thread David Pullman

Hi, as mentioned previously we have a number of servers where the freshclam
run is failing with result code 137. I just wanted to check if anyone has
seen this and was it a lack of memory causing the failure? We're
interpreting this as a kill -9 from the OS (there is no other facility on
these boxes to issue kill signals). Any suggestions on confirming the cause?

Thanks!

On Wed, Jun 28, 2017 at 9:22 AM, David Pullman 
wrote:

> We've updated the cron script to capture the result code and finding that
> where we are getting the failures, it's consistently 137. I would guess
> this is an OOM situation, but does anyone know if there are other reasons
> we might be getting a 137 from a freshclam run?
>
> Thanks!
>
> David
>
> On Wed, Jun 21, 2017 at 7:38 AM, David Pullman 
> wrote:
>
>> I've tried to duplicate this a few time since we started seeing it on a
>> test instance, but no luck. But we have lots of instances each day in
>> production that are having an error. I've just proposed changing the cron
>> script to capture the result code to log it, as it's not one of the
>> documented codes. Just so we have that info.
>>
>> David
>>
>> On Wed, Jun 21, 2017 at 7:35 AM, David Pullman 
>> wrote:
>>
>>> Yes, there were no new temp dirs left after the successful run. I'm
>>> wondering if it's a time of day network issue, or perhaps a mirror? I've
>>> seen some complaints about a mirror IP that is also in our logs. Don't know.
>>>
>>> David
>>>
>>> On Tue, Jun 20, 2017 at 6:25 PM, Steven Morgan 
>>> wrote:
>>>
 David,

 Thanks, so when you say freshclam "completed successfully" you mean
 there
 were no temp files left?

 Steve

 On Tue, Jun 20, 2017 at 11:21 AM, David Pullman <
 david.pull...@gmail.com>
 wrote:

 > Steve,
 >
 > Yes, we run freshclam and then clamscan once each day at 00:03 UTC.
 There
 > were many days of tmp directories. We ran the freshclam utility by
 hand
 > yesterday, on the instance the logs are from, at about 22:00 UTC, and
 it
 > completed the download. The subsequent update at 00:03 this morning
 > completed successfully as well.
 >
 > The version is the package install on Ubuntu of clamav and
 > clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.
 >
 > Thanks!
 >
 > David
 >
 > On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan <
 smor...@sourcefire.com>
 > wrote:
 >
 > > David,
 > >
 > > So freshclam runs every day at ~00:03:00, and to confirm, the temp
 > > directories/files are left for each of these runs?
 > >
 > > Which version of ClamAV are you using?
 > >
 > > Steve
 > >
 > > On Tue, Jun 20, 2017 at 7:51 AM, David Pullman <
 david.pull...@gmail.com>
 > > wrote:
 > >
 > > > Hi Steve,
 > > >
 > > > I've gathered some logs from one of the servers that had a bunch
 of the
 > > > clamor-nn.tmp directories over a number of days. I've
 > aggregated
 > > > seven days of them below (we rotate the log daily). We run
 freshclam
 > from
 > > > cron each day.
 > > >
 > > > Please let me know if there's any suggestion on how I can get a
 > > definitive
 > > > reason for this, or correcting this? We have two issues, one is of
 > course
 > > > that the sigs are not updated, but also on some of the smaller
 > instances
 > > > the disk space is affected by the tmp files left in
 /var/lib/clamav.
 > > >
 > > > Thanks very much for any suggestions or help!
 > > >
 > > > Tue Jun 13 00:03:01 2017 -> --
 
 > > > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue
 Jun 13
 > > > 00:03:01 2017
 > > > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58,
 sigs:
 > > > 4566249, f-level: 60, builder: sigmgr)
 > > > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
 > > > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
 > > > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
 > > > Wed Jun 14 00:03:02 2017 -> --
 
 > > > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed
 Jun 14
 > > > 00:03:02 2017
 > > > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58,
 sigs:
 > > > 4566249, f-level: 60, builder: sigmgr)
 > > > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out
 (30
 > > secs)
 > > >
 > > >
 > > ___
 > > clamav-users mailing list
 > > clamav-users@lists.clamav.net
 > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
 > >
 > >
 > > Help us build a comprehensive ClamAV guide:
 > > https://github.com/vrtadmin/clamav-faq
 > >
 > > http://www.clamav.net/conta

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-28 Thread David Pullman

We've updated the cron script to capture the result code and finding that
where we are getting the failures, it's consistently 137. I would guess
this is an OOM situation, but does anyone know if there are other reasons
we might be getting a 137 from a freshclam run?

Thanks!

David

On Wed, Jun 21, 2017 at 7:38 AM, David Pullman 
wrote:

> I've tried to duplicate this a few time since we started seeing it on a
> test instance, but no luck. But we have lots of instances each day in
> production that are having an error. I've just proposed changing the cron
> script to capture the result code to log it, as it's not one of the
> documented codes. Just so we have that info.
>
> David
>
> On Wed, Jun 21, 2017 at 7:35 AM, David Pullman 
> wrote:
>
>> Yes, there were no new temp dirs left after the successful run. I'm
>> wondering if it's a time of day network issue, or perhaps a mirror? I've
>> seen some complaints about a mirror IP that is also in our logs. Don't know.
>>
>> David
>>
>> On Tue, Jun 20, 2017 at 6:25 PM, Steven Morgan 
>> wrote:
>>
>>> David,
>>>
>>> Thanks, so when you say freshclam "completed successfully" you mean there
>>> were no temp files left?
>>>
>>> Steve
>>>
>>> On Tue, Jun 20, 2017 at 11:21 AM, David Pullman >> >
>>> wrote:
>>>
>>> > Steve,
>>> >
>>> > Yes, we run freshclam and then clamscan once each day at 00:03 UTC.
>>> There
>>> > were many days of tmp directories. We ran the freshclam utility by hand
>>> > yesterday, on the instance the logs are from, at about 22:00 UTC, and
>>> it
>>> > completed the download. The subsequent update at 00:03 this morning
>>> > completed successfully as well.
>>> >
>>> > The version is the package install on Ubuntu of clamav and
>>> > clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.
>>> >
>>> > Thanks!
>>> >
>>> > David
>>> >
>>> > On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan <
>>> smor...@sourcefire.com>
>>> > wrote:
>>> >
>>> > > David,
>>> > >
>>> > > So freshclam runs every day at ~00:03:00, and to confirm, the temp
>>> > > directories/files are left for each of these runs?
>>> > >
>>> > > Which version of ClamAV are you using?
>>> > >
>>> > > Steve
>>> > >
>>> > > On Tue, Jun 20, 2017 at 7:51 AM, David Pullman <
>>> david.pull...@gmail.com>
>>> > > wrote:
>>> > >
>>> > > > Hi Steve,
>>> > > >
>>> > > > I've gathered some logs from one of the servers that had a bunch
>>> of the
>>> > > > clamor-nn.tmp directories over a number of days. I've
>>> > aggregated
>>> > > > seven days of them below (we rotate the log daily). We run
>>> freshclam
>>> > from
>>> > > > cron each day.
>>> > > >
>>> > > > Please let me know if there's any suggestion on how I can get a
>>> > > definitive
>>> > > > reason for this, or correcting this? We have two issues, one is of
>>> > course
>>> > > > that the sigs are not updated, but also on some of the smaller
>>> > instances
>>> > > > the disk space is affected by the tmp files left in
>>> /var/lib/clamav.
>>> > > >
>>> > > > Thanks very much for any suggestions or help!
>>> > > >
>>> > > > Tue Jun 13 00:03:01 2017 -> --
>>> > > > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue
>>> Jun 13
>>> > > > 00:03:01 2017
>>> > > > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58,
>>> sigs:
>>> > > > 4566249, f-level: 60, builder: sigmgr)
>>> > > > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
>>> > > > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
>>> > > > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
>>> > > > Wed Jun 14 00:03:02 2017 -> --
>>> > > > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed
>>> Jun 14
>>> > > > 00:03:02 2017
>>> > > > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58,
>>> sigs:
>>> > > > 4566249, f-level: 60, builder: sigmgr)
>>> > > > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out
>>> (30
>>> > > secs)
>>> > > >
>>> > > >
>>> > > ___
>>> > > clamav-users mailing list
>>> > > clamav-users@lists.clamav.net
>>> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> > >
>>> > >
>>> > > Help us build a comprehensive ClamAV guide:
>>> > > https://github.com/vrtadmin/clamav-faq
>>> > >
>>> > > http://www.clamav.net/contact.html#ml
>>> > >
>>> > ___
>>> > clamav-users mailing list
>>> > clamav-users@lists.clamav.net
>>> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> >
>>> >
>>> > Help us build a comprehensive ClamAV guide:
>>> > https://github.com/vrtadmin/clamav-faq
>>> >
>>> > http://www.clamav.net/contact.html#ml
>>> >
>>> ___
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-21 Thread David Pullman

I've tried to duplicate this a few time since we started seeing it on a
test instance, but no luck. But we have lots of instances each day in
production that are having an error. I've just proposed changing the cron
script to capture the result code to log it, as it's not one of the
documented codes. Just so we have that info.

David

On Wed, Jun 21, 2017 at 7:35 AM, David Pullman 
wrote:

> Yes, there were no new temp dirs left after the successful run. I'm
> wondering if it's a time of day network issue, or perhaps a mirror? I've
> seen some complaints about a mirror IP that is also in our logs. Don't know.
>
> David
>
> On Tue, Jun 20, 2017 at 6:25 PM, Steven Morgan 
> wrote:
>
>> David,
>>
>> Thanks, so when you say freshclam "completed successfully" you mean there
>> were no temp files left?
>>
>> Steve
>>
>> On Tue, Jun 20, 2017 at 11:21 AM, David Pullman 
>> wrote:
>>
>> > Steve,
>> >
>> > Yes, we run freshclam and then clamscan once each day at 00:03 UTC.
>> There
>> > were many days of tmp directories. We ran the freshclam utility by hand
>> > yesterday, on the instance the logs are from, at about 22:00 UTC, and it
>> > completed the download. The subsequent update at 00:03 this morning
>> > completed successfully as well.
>> >
>> > The version is the package install on Ubuntu of clamav and
>> > clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.
>> >
>> > Thanks!
>> >
>> > David
>> >
>> > On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan > >
>> > wrote:
>> >
>> > > David,
>> > >
>> > > So freshclam runs every day at ~00:03:00, and to confirm, the temp
>> > > directories/files are left for each of these runs?
>> > >
>> > > Which version of ClamAV are you using?
>> > >
>> > > Steve
>> > >
>> > > On Tue, Jun 20, 2017 at 7:51 AM, David Pullman <
>> david.pull...@gmail.com>
>> > > wrote:
>> > >
>> > > > Hi Steve,
>> > > >
>> > > > I've gathered some logs from one of the servers that had a bunch of
>> the
>> > > > clamor-nn.tmp directories over a number of days. I've
>> > aggregated
>> > > > seven days of them below (we rotate the log daily). We run freshclam
>> > from
>> > > > cron each day.
>> > > >
>> > > > Please let me know if there's any suggestion on how I can get a
>> > > definitive
>> > > > reason for this, or correcting this? We have two issues, one is of
>> > course
>> > > > that the sigs are not updated, but also on some of the smaller
>> > instances
>> > > > the disk space is affected by the tmp files left in /var/lib/clamav.
>> > > >
>> > > > Thanks very much for any suggestions or help!
>> > > >
>> > > > Tue Jun 13 00:03:01 2017 -> --
>> > > > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue
>> Jun 13
>> > > > 00:03:01 2017
>> > > > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58,
>> sigs:
>> > > > 4566249, f-level: 60, builder: sigmgr)
>> > > > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
>> > > > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
>> > > > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
>> > > > Wed Jun 14 00:03:02 2017 -> --
>> > > > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed
>> Jun 14
>> > > > 00:03:02 2017
>> > > > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58,
>> sigs:
>> > > > 4566249, f-level: 60, builder: sigmgr)
>> > > > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30
>> > > secs)
>> > > >
>> > > >
>> > > ___
>> > > clamav-users mailing list
>> > > clamav-users@lists.clamav.net
>> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> > >
>> > >
>> > > Help us build a comprehensive ClamAV guide:
>> > > https://github.com/vrtadmin/clamav-faq
>> > >
>> > > http://www.clamav.net/contact.html#ml
>> > >
>> > ___
>> > clamav-users mailing list
>> > clamav-users@lists.clamav.net
>> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>> >
>> >
>> > Help us build a comprehensive ClamAV guide:
>> > https://github.com/vrtadmin/clamav-faq
>> >
>> > http://www.clamav.net/contact.html#ml
>> >
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-21 Thread David Pullman

Yes, there were no new temp dirs left after the successful run. I'm
wondering if it's a time of day network issue, or perhaps a mirror? I've
seen some complaints about a mirror IP that is also in our logs. Don't know.

David

On Tue, Jun 20, 2017 at 6:25 PM, Steven Morgan 
wrote:

> David,
>
> Thanks, so when you say freshclam "completed successfully" you mean there
> were no temp files left?
>
> Steve
>
> On Tue, Jun 20, 2017 at 11:21 AM, David Pullman 
> wrote:
>
> > Steve,
> >
> > Yes, we run freshclam and then clamscan once each day at 00:03 UTC. There
> > were many days of tmp directories. We ran the freshclam utility by hand
> > yesterday, on the instance the logs are from, at about 22:00 UTC, and it
> > completed the download. The subsequent update at 00:03 this morning
> > completed successfully as well.
> >
> > The version is the package install on Ubuntu of clamav and
> > clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.
> >
> > Thanks!
> >
> > David
> >
> > On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan 
> > wrote:
> >
> > > David,
> > >
> > > So freshclam runs every day at ~00:03:00, and to confirm, the temp
> > > directories/files are left for each of these runs?
> > >
> > > Which version of ClamAV are you using?
> > >
> > > Steve
> > >
> > > On Tue, Jun 20, 2017 at 7:51 AM, David Pullman <
> david.pull...@gmail.com>
> > > wrote:
> > >
> > > > Hi Steve,
> > > >
> > > > I've gathered some logs from one of the servers that had a bunch of
> the
> > > > clamor-nn.tmp directories over a number of days. I've
> > aggregated
> > > > seven days of them below (we rotate the log daily). We run freshclam
> > from
> > > > cron each day.
> > > >
> > > > Please let me know if there's any suggestion on how I can get a
> > > definitive
> > > > reason for this, or correcting this? We have two issues, one is of
> > course
> > > > that the sigs are not updated, but also on some of the smaller
> > instances
> > > > the disk space is affected by the tmp files left in /var/lib/clamav.
> > > >
> > > > Thanks very much for any suggestions or help!
> > > >
> > > > Tue Jun 13 00:03:01 2017 -> --
> > > > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun
> 13
> > > > 00:03:01 2017
> > > > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58,
> sigs:
> > > > 4566249, f-level: 60, builder: sigmgr)
> > > > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
> > > > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
> > > > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
> > > > Wed Jun 14 00:03:02 2017 -> --
> > > > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun
> 14
> > > > 00:03:02 2017
> > > > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58,
> sigs:
> > > > 4566249, f-level: 60, builder: sigmgr)
> > > > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30
> > > secs)
> > > >
> > > >
> > > ___
> > > clamav-users mailing list
> > > clamav-users@lists.clamav.net
> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > >
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-20 Thread Steven Morgan

David,

Thanks, so when you say freshclam "completed successfully" you mean there
were no temp files left?

Steve

On Tue, Jun 20, 2017 at 11:21 AM, David Pullman 
wrote:

> Steve,
>
> Yes, we run freshclam and then clamscan once each day at 00:03 UTC. There
> were many days of tmp directories. We ran the freshclam utility by hand
> yesterday, on the instance the logs are from, at about 22:00 UTC, and it
> completed the download. The subsequent update at 00:03 this morning
> completed successfully as well.
>
> The version is the package install on Ubuntu of clamav and
> clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.
>
> Thanks!
>
> David
>
> On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan 
> wrote:
>
> > David,
> >
> > So freshclam runs every day at ~00:03:00, and to confirm, the temp
> > directories/files are left for each of these runs?
> >
> > Which version of ClamAV are you using?
> >
> > Steve
> >
> > On Tue, Jun 20, 2017 at 7:51 AM, David Pullman 
> > wrote:
> >
> > > Hi Steve,
> > >
> > > I've gathered some logs from one of the servers that had a bunch of the
> > > clamor-nn.tmp directories over a number of days. I've
> aggregated
> > > seven days of them below (we rotate the log daily). We run freshclam
> from
> > > cron each day.
> > >
> > > Please let me know if there's any suggestion on how I can get a
> > definitive
> > > reason for this, or correcting this? We have two issues, one is of
> course
> > > that the sigs are not updated, but also on some of the smaller
> instances
> > > the disk space is affected by the tmp files left in /var/lib/clamav.
> > >
> > > Thanks very much for any suggestions or help!
> > >
> > > Tue Jun 13 00:03:01 2017 -> --
> > > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun 13
> > > 00:03:01 2017
> > > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
> > > 4566249, f-level: 60, builder: sigmgr)
> > > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
> > > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
> > > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
> > > Wed Jun 14 00:03:02 2017 -> --
> > > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun 14
> > > 00:03:02 2017
> > > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
> > > 4566249, f-level: 60, builder: sigmgr)
> > > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30
> > secs)
> > >
> > >
> > ___
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-20 Thread David Pullman

Steve,

Yes, we run freshclam and then clamscan once each day at 00:03 UTC. There
were many days of tmp directories. We ran the freshclam utility by hand
yesterday, on the instance the logs are from, at about 22:00 UTC, and it
completed the download. The subsequent update at 00:03 this morning
completed successfully as well.

The version is the package install on Ubuntu of clamav and
clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.

Thanks!

David

On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan 
wrote:

> David,
>
> So freshclam runs every day at ~00:03:00, and to confirm, the temp
> directories/files are left for each of these runs?
>
> Which version of ClamAV are you using?
>
> Steve
>
> On Tue, Jun 20, 2017 at 7:51 AM, David Pullman 
> wrote:
>
> > Hi Steve,
> >
> > I've gathered some logs from one of the servers that had a bunch of the
> > clamor-nn.tmp directories over a number of days. I've aggregated
> > seven days of them below (we rotate the log daily). We run freshclam from
> > cron each day.
> >
> > Please let me know if there's any suggestion on how I can get a
> definitive
> > reason for this, or correcting this? We have two issues, one is of course
> > that the sigs are not updated, but also on some of the smaller instances
> > the disk space is affected by the tmp files left in /var/lib/clamav.
> >
> > Thanks very much for any suggestions or help!
> >
> > Tue Jun 13 00:03:01 2017 -> --
> > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun 13
> > 00:03:01 2017
> > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
> > 4566249, f-level: 60, builder: sigmgr)
> > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
> > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
> > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
> > Wed Jun 14 00:03:02 2017 -> --
> > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun 14
> > 00:03:02 2017
> > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
> > 4566249, f-level: 60, builder: sigmgr)
> > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30
> secs)
> >
> >
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-20 Thread Steven Morgan

David,

So freshclam runs every day at ~00:03:00, and to confirm, the temp
directories/files are left for each of these runs?

Which version of ClamAV are you using?

Steve

On Tue, Jun 20, 2017 at 7:51 AM, David Pullman 
wrote:

> Hi Steve,
>
> I've gathered some logs from one of the servers that had a bunch of the
> clamor-nn.tmp directories over a number of days. I've aggregated
> seven days of them below (we rotate the log daily). We run freshclam from
> cron each day.
>
> Please let me know if there's any suggestion on how I can get a definitive
> reason for this, or correcting this? We have two issues, one is of course
> that the sigs are not updated, but also on some of the smaller instances
> the disk space is affected by the tmp files left in /var/lib/clamav.
>
> Thanks very much for any suggestions or help!
>
> Tue Jun 13 00:03:01 2017 -> --
> Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun 13
> 00:03:01 2017
> Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
> 4566249, f-level: 60, builder: sigmgr)
> Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
> Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
> Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
> Wed Jun 14 00:03:02 2017 -> --
> Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun 14
> 00:03:02 2017
> Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
> 4566249, f-level: 60, builder: sigmgr)
> Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30 secs)
>
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-20 Thread David Pullman

Hi Steve,

I've gathered some logs from one of the servers that had a bunch of the
clamor-nn.tmp directories over a number of days. I've aggregated
seven days of them below (we rotate the log daily). We run freshclam from
cron each day.

Please let me know if there's any suggestion on how I can get a definitive
reason for this, or correcting this? We have two issues, one is of course
that the sigs are not updated, but also on some of the smaller instances
the disk space is affected by the tmp files left in /var/lib/clamav.

Thanks very much for any suggestions or help!

Tue Jun 13 00:03:01 2017 -> --
Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun 13
00:03:01 2017
Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
Wed Jun 14 00:03:02 2017 -> --
Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun 14
00:03:02 2017
Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30 secs)
Wed Jun 14 00:03:38 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 207.57.106.31)
Wed Jun 14 00:04:08 2017 -> nonblock_connect: connect timing out (30 secs)
Wed Jun 14 00:04:08 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 208.72.56.53)
Wed Jun 14 00:04:08 2017 -> Trying host db.us.clamav.net (69.163.100.14)...
Wed Jun 14 00:04:08 2017 -> Downloading daily-23452.cdiff [100%]
Wed Jun 14 00:04:08 2017 -> Downloading daily-23453.cdiff [100%]
Wed Jun 14 00:04:17 2017 -> Downloading daily-23454.cdiff [100%]
Thu Jun 15 00:03:01 2017 -> --
Thu Jun 15 00:03:01 2017 -> ClamAV update process started at Thu Jun 15
00:03:01 2017
Thu Jun 15 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Thu Jun 15 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
Thu Jun 15 00:03:09 2017 -> Downloading daily-23453.cdiff [100%]
Thu Jun 15 00:03:11 2017 -> Downloading daily-23454.cdiff [100%]
Fri Jun 16 00:03:01 2017 -> --
Fri Jun 16 00:03:01 2017 -> ClamAV update process started at Fri Jun 16
00:03:01 2017
Fri Jun 16 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Fri Jun 16 00:03:37 2017 -> nonblock_connect: connect timing out (30 secs)
Fri Jun 16 00:03:38 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 128.199.133.36)
Fri Jun 16 00:03:38 2017 -> Trying host db.us.clamav.net (194.8.197.22)...
Fri Jun 16 00:03:38 2017 -> Downloading daily-23452.cdiff [100%]
Fri Jun 16 00:03:38 2017 -> Downloading daily-23453.cdiff [100%]
Fri Jun 16 00:03:55 2017 -> Downloading daily-23454.cdiff [100%]
Sat Jun 17 00:03:02 2017 -> --
Sat Jun 17 00:03:02 2017 -> ClamAV update process started at Sat Jun 17
00:03:02 2017
Sat Jun 17 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Sat Jun 17 00:03:37 2017 -> nonblock_connect: connect timing out (30 secs)
Sat Jun 17 00:03:37 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 168.143.19.95)
Sat Jun 17 00:03:37 2017 -> Trying host db.us.clamav.net (69.12.162.28)...
Sat Jun 17 00:03:37 2017 -> Downloading daily-23452.cdiff [100%]
Sat Jun 17 00:03:38 2017 -> Downloading daily-23453.cdiff [100%]
Sat Jun 17 00:03:39 2017 -> Downloading daily-23454.cdiff [100%]
Sun Jun 18 00:03:02 2017 -> --
Sun Jun 18 00:03:02 2017 -> ClamAV update process started at Sun Jun 18
00:03:02 2017
Sun Jun 18 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Sun Jun 18 00:03:44 2017 -> nonblock_recv: recv timing out (30 secs)
Sun Jun 18 00:03:44 2017 -> WARNING: getfile: Error while reading database
from db.us.clamav.net (IP: 104.131.196.175): Operation now in progress
Sun Jun 18 00:03:44 2017 -> WARNING: getpatch: Can't download
daily-23452.cdiff from db.us.clamav.net
Mon Jun 19 00:03:01 2017 -> --
Mon Jun 19 00:03:01 2017 -> ClamAV update process started at Mon Jun 19
00:03:01 2017
Mon Jun 19 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Mon Jun 19 00:03:08 2017 -> Downloading daily-23452.cdiff [100%]
Mon Jun 19 00:03:09 2017 -> Downloading daily-23453.cdiff [100%]
Mon Jun 19 00:03:11 2017 -> Downloading daily-23454.cdiff [100%]

Cheers!

David


On Mon, Jun 19, 2017 at 1:15 PM, Steven Morgan 
wrote:

> Hi,
>
> Any temporary files left by "normal" ClamAV processing is considered to be
> a bug.

Re: [clamav-users] temporary directories left in /var/lib/clamav

2017-06-19 Thread Steven Morgan

Hi,

Any temporary files left by "normal" ClamAV processing is considered to be
a bug. Temporary files may be left if a ClamAV component terminates
ungracefully. Do you have any other logs or know of any other events from
June 3 that may provide additional info about these files left in the temp
directory?

Steve

On Mon, Jun 19, 2017 at 8:01 AM, David Pullman 
wrote:

> Hi,
>
> We're seeing cases on some servers where tmp directories are possibly being
> left behind in /var/lib/clamav. The following is one example, there are
> some where more than one tmp dir is occurring.
>
> Is this a sign of a failure to clean up after a download? Is there
> something I can check in logs or in configuration regarding this? Or is it
> simply a need to run a clean up process?
>
> Thanks very much!
>
> David
>
> $ ls -alR /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/
> /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/:
> total 12
> drwxr-xr-x 3 clamav clamav 4096 Jun 19 11:16 .
> drwxr-xr-x 3 clamav clamav 4096 Jun 19 00:05 ..
> drwxr-xr-x 2 clamav clamav 4096 Jun  3 00:03
> clamav-6ef20391b3924221fc3fce4a535e157e.tmp
>
> /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/clamav-
> 6ef20391b3924221fc3fce4a535e157e.tmp:
> total 145216
> drwxr-xr-x 2 clamav clamav  4096 Jun  3 00:03 .
> drwxr-xr-x 3 clamav clamav  4096 Jun 19 11:16 ..
> -rw-r--r-- 1 clamav clamav 17992 Jun  3 00:03 COPYING
> -rw-r--r-- 1 clamav clamav   557 Jun  3 00:03 daily.cdb
> -rw-r--r-- 1 clamav clamav   424 Jun  3 00:03 daily.cfg
> -rw-r--r-- 1 clamav clamav  6040 Jun  3 00:03 daily.crb
> -rw-r--r-- 1 clamav clamav 26043 Jun  3 00:03 daily.fp
> -rw-r--r-- 1 clamav clamav  9965 Jun  3 00:03 daily.ftm
> -rw-r--r-- 1 clamav clamav  29125847 Jun  3 00:03 daily.hdb
> -rw-r--r-- 1 clamav clamav  3530 Jun  3 00:03 daily.hdu
> -rw-r--r-- 1 clamav clamav 112488731 Jun  3 00:03 daily.hsb
> -rw-r--r-- 1 clamav clamav89 Jun  3 00:03 daily.hsu
> -rw-r--r-- 1 clamav clamav 36126 Jun  3 00:03 daily.idb
> -rw-r--r-- 1 clamav clamav  5709 Jun  3 00:03 daily.ign
> -rw-r--r-- 1 clamav clamav  4235 Jun  3 00:03 daily.ign2
> -rw-r--r-- 1 clamav clamav  2271 Jun  3 00:03 daily.info
> -rw-r--r-- 1 clamav clamav849664 Jun  3 00:03 daily.ldb
> -rw-r--r-- 1 clamav clamav199116 Jun  3 00:03 daily.ldu
> -rw-r--r-- 1 clamav clamav   4847600 Jun  3 00:03 daily.mdb
> -rw-r--r-- 1 clamav clamav 69427 Jun  3 00:03 daily.mdu
> -rw-r--r-- 1 clamav clamav92 Jun  3 00:03 daily.msb
> -rw-r--r-- 1 clamav clamav92 Jun  3 00:03 daily.msu
> -rw-r--r-- 1 clamav clamav 97624 Jun  3 00:03 daily.ndb
> -rw-r--r-- 1 clamav clamav823647 Jun  3 00:03 daily.ndu
> -rw-r--r-- 1 clamav clamav  4094 Jun  3 00:03 daily.pdb
> -rw-r--r-- 1 clamav clamav87 Jun  3 00:03 daily.sfp
> -rw-r--r-- 1 clamav clamav 10095 Jun  3 00:03 daily.wdb
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] temporary directories left in /var/lib/clamav

2017-06-19 Thread David Pullman

Hi,

We're seeing cases on some servers where tmp directories are possibly being
left behind in /var/lib/clamav. The following is one example, there are
some where more than one tmp dir is occurring.

Is this a sign of a failure to clean up after a download? Is there
something I can check in logs or in configuration regarding this? Or is it
simply a need to run a clean up process?

Thanks very much!

David

$ ls -alR /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/
/var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/:
total 12
drwxr-xr-x 3 clamav clamav 4096 Jun 19 11:16 .
drwxr-xr-x 3 clamav clamav 4096 Jun 19 00:05 ..
drwxr-xr-x 2 clamav clamav 4096 Jun  3 00:03
clamav-6ef20391b3924221fc3fce4a535e157e.tmp

/var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/clamav-6ef20391b3924221fc3fce4a535e157e.tmp:
total 145216
drwxr-xr-x 2 clamav clamav  4096 Jun  3 00:03 .
drwxr-xr-x 3 clamav clamav  4096 Jun 19 11:16 ..
-rw-r--r-- 1 clamav clamav 17992 Jun  3 00:03 COPYING
-rw-r--r-- 1 clamav clamav   557 Jun  3 00:03 daily.cdb
-rw-r--r-- 1 clamav clamav   424 Jun  3 00:03 daily.cfg
-rw-r--r-- 1 clamav clamav  6040 Jun  3 00:03 daily.crb
-rw-r--r-- 1 clamav clamav 26043 Jun  3 00:03 daily.fp
-rw-r--r-- 1 clamav clamav  9965 Jun  3 00:03 daily.ftm
-rw-r--r-- 1 clamav clamav  29125847 Jun  3 00:03 daily.hdb
-rw-r--r-- 1 clamav clamav  3530 Jun  3 00:03 daily.hdu
-rw-r--r-- 1 clamav clamav 112488731 Jun  3 00:03 daily.hsb
-rw-r--r-- 1 clamav clamav89 Jun  3 00:03 daily.hsu
-rw-r--r-- 1 clamav clamav 36126 Jun  3 00:03 daily.idb
-rw-r--r-- 1 clamav clamav  5709 Jun  3 00:03 daily.ign
-rw-r--r-- 1 clamav clamav  4235 Jun  3 00:03 daily.ign2
-rw-r--r-- 1 clamav clamav  2271 Jun  3 00:03 daily.info
-rw-r--r-- 1 clamav clamav849664 Jun  3 00:03 daily.ldb
-rw-r--r-- 1 clamav clamav199116 Jun  3 00:03 daily.ldu
-rw-r--r-- 1 clamav clamav   4847600 Jun  3 00:03 daily.mdb
-rw-r--r-- 1 clamav clamav 69427 Jun  3 00:03 daily.mdu
-rw-r--r-- 1 clamav clamav92 Jun  3 00:03 daily.msb
-rw-r--r-- 1 clamav clamav92 Jun  3 00:03 daily.msu
-rw-r--r-- 1 clamav clamav 97624 Jun  3 00:03 daily.ndb
-rw-r--r-- 1 clamav clamav823647 Jun  3 00:03 daily.ndu
-rw-r--r-- 1 clamav clamav  4094 Jun  3 00:03 daily.pdb
-rw-r--r-- 1 clamav clamav87 Jun  3 00:03 daily.sfp
-rw-r--r-- 1 clamav clamav 10095 Jun  3 00:03 daily.wdb
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

Re: [clamav-users] temporary directories left in /var/lib/clamav

[clamav-users] temporary directories left in /var/lib/clamav

10 matches

Site Navigation

Mail list logo

Footer information