Hi, I've had ClamAV running for just under a week, and have just had it fall over on me this morning. This may be as the result of a known bug - if not, hopefully this will help out in tracking it down.
Setup:- Sendmail 8.12.10, clamav-milter and spamassassin milter filters, running on Debian Linux. Clamav compiled from the 20030925 CVS snapshot, clamav-milter 0.60f. It was all working fine this morning, until the clamd daemon did a selfcheck:- Sep 30 06:28:48 castor clamd[21257]: Session 0 stopped due to timeout. Sep 30 06:49:53 castor clamd[24682]: stream: Exploit.IFrame.Gen FOUND Sep 30 07:10:23 castor clamd[28274]: stream: Exploit.IFrame.Gen FOUND Sep 30 07:17:53 castor clamd[21257]: SelfCheck: Database status OK. Sep 30 07:40:27 castor clamd[31790]: stream: Worm.Gibe.F FOUND Sep 30 07:46:00 castor clamd[508]: stream: Worm.Gibe.F FOUND Sep 30 07:59:17 castor clamd[1956]: stream: Exploit.IFrame.Gen FOUND Sep 30 08:08:05 castor clamd[3689]: stream: Worm.Gibe.F FOUND Sep 30 08:10:32 castor clamd[4340]: stream: Exploit.IFrame.Gen FOUND Sep 30 08:18:29 castor clamd[21257]: SelfCheck: Database status OK. Sep 30 08:39:23 castor clamd[21257]: Session 2 stopped due to timeout. Sep 30 08:39:26 castor clamd[21257]: Session 0 stopped due to timeout. Sep 30 08:41:44 castor clamd[21257]: Session 1 stopped due to timeout. Sep 30 08:42:31 castor clamd[21257]: Session 3 stopped due to timeout. After this point, all clamd log messages were "stopped due to timeout" type messages, and no more viruses were picked up. Shortly after this, clamav-milter went belly up:- Sep 30 08:37:40 castor clamav-milter[7911]: clamfi_connect: connection from beach1.expertmonitor.com [66.139.76. 90] Sep 30 08:37:40 castor clamav-milter[7911]: hit max-children limit (5 >= 5): waiting for some to exit Sep 30 08:37:50 castor sendmail[7909]: h8U7bePG007909: Milter (ClamAVFilter): timeout before data read Sep 30 08:37:50 castor sendmail[7909]: h8U7bePG007909: Milter (ClamAVFilter): to error state There were more messages like these, and then:- Sep 30 08:38:40 castor clamav-milter[7911]: pthread_cond_timedwait: ^HY^F^H Sep 30 08:38:40 castor clamav-milter[7911]: ClamAv: private data not NULL This continued until I restarted the system later this morning. Other things of note - at some point during the morning, a clamd process started chewing up 99% CPU. Of of my colleagues killed this process of, but this didn't occur until nearly 9:30, so I don't think killing the process affected anything. When I restarted clamd & sendmail, it went straight back into an error state. It didn't start working again until I stopped sendmail & clamd, manually removed the clamd socket (/var/run/clamd.ctl), and restarted it. Startup was producing this in syslog:- Sep 30 10:14:46 castor clamav-milter[27516]: clamdscan / ClamAV version 20030829 Sep 30 10:15:29 castor clamd[28181]: Daemon started. Sep 30 10:15:29 castor clamd[28181]: Log file size limited to 1048576 bytes. Sep 30 10:15:29 castor clamd[28181]: Reading databases from /var/lib/clamav/ Sep 30 10:15:29 castor clamd[28181]: Protecting against 9741 viruses. Sep 30 10:15:29 castor clamd[28182]: Socket file /var/run/clamd.ctl exists. Either remove it, or configure a different one. When this was happening, clamav-milter was producing:- Sep 30 10:15:06 castor sendmail[27552]: h8U9Eu3u027552: Milter (ClamAVFilter): timeout before data read Sep 30 10:15:06 castor sendmail[27552]: h8U9Eu3u027552: Milter (ClamAVFilter): to error state Hopefully this is enough info to provide some pointers to the problem. Maybe it's already fixed in CVS? Mike. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
