We have some fairly busy mail servers that seem to run clamd fine for days, and sometimes weeks, but since we moved to ClamAV 0.83 twice now we've noticed that stream scanning, on rare occasions, starts to hold connections and timeout.
Here is a clip from our log. clamd itself seems responsive as we can just stop the daemon and restart it. In the below log you can see it scanning right along and then right at about 07:17am, nothing... followed by aa bunch of ScanStream timeouts. If we just stop clamd and restart, things are normal again. Mar 4 07:16:01 clamd[52719]: Accepted connection on port 1987, fd 43 Mar 4 07:16:10 clamd[52719]: Accepted connection on port 1530, fd 32 Mar 4 07:16:12 clamd[52719]: Accepted connection on port 1456, fd 41 Mar 4 07:16:14 clamd[52719]: Accepted connection on port 1541, fd 43 Mar 4 07:16:17 clamd[52719]: Accepted connection on port 1344, fd 44 Mar 4 07:16:22 clamd[52719]: Accepted connection on port 1177, fd 43 Mar 4 07:16:25 clamd[52719]: Accepted connection on port 1441, fd 44 Mar 4 07:16:27 clamd[52719]: Accepted connection on port 1496, fd 33 Mar 4 07:16:35 clamd[52719]: Accepted connection on port 1922, fd 43 Mar 4 07:16:37 clamd[52719]: Accepted connection on port 1581, fd 43 Mar 4 07:16:38 clamd[52719]: Accepted connection on port 1179, fd 43 Mar 4 07:16:40 clamd[52719]: Accepted connection on port 1799, fd 43 Mar 4 07:16:47 clamd[52719]: Accepted connection on port 1079, fd 43 Mar 4 07:16:48 clamd[52719]: Accepted connection on port 1844, fd 40 Mar 4 07:16:50 clamd[52719]: Accepted connection on port 1417, fd 39 Mar 4 07:16:51 clamd[52719]: Accepted connection on port 1156, fd 40 Mar 4 07:16:55 clamd[52719]: Accepted connection on port 1934, fd 41 Mar 4 07:16:56 clamd[52719]: Accepted connection on port 1778, fd 39 Mar 4 07:28:24 clamd[52719]: Reading databases from /usr/local/share/clamav Mar 4 07:28:24 clamd[52719]: Database correctly reloaded (31338 viruses) Mar 4 07:30:24 clamd[52719]: ScanStream: accept timeout. Mar 4 07:30:24 last message repeated 9 times Mar 4 07:32:24 last message repeated 10 times Mar 4 07:38:24 last message repeated 30 times Mar 4 07:40:14 clamd[52719]: SelfCheck: Database status OK. Mar 4 07:40:24 clamd[52719]: ScanStream: accept timeout. Mar 4 07:40:24 last message repeated 9 times Mar 4 07:42:24 last message repeated 10 times Mar 4 07:50:24 last message repeated 40 times Mar 4 07:51:41 clamd[52719]: Shutting down the main socket. Mar 4 07:51:41 clamd[52719]: Closing the main socket. Mar 4 07:51:41 clamd[52719]: Socket file removed. Mar 4 07:51:41 clamd[52719]: Pid file removed. Mar 4 07:51:41 clamd[52719]: Exiting (clean) Mar 4 07:51:41 clamd[52719]: --- Stopped at Fri Mar 4 07:51:41 2005 Mar 4 07:51:46 clamd[62880]: Daemon started. Mar 4 07:51:46 clamd[62880]: clamd daemon 0.83 (OS: freebsd4.10, ARCH: i386, CPU: i 386) -- Robert Blayzor, BOFH INOC, LLC rblayzor\@(inoc.net|gmail.com) PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 ICMP: The protocol that goes PING! _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
