Hello.
Clamav-milter is reported as crashing often to me.
But it is better with the last stable version then before.
To the syslog I got messages like :
clamav-milter dead but subsys locked
There is what is clamav-milter reports before the crash :
May 23 13:23:09 srv clamav-milter[29263]: j4NBN8Ip027792:
/tmp/clamav-9e4a8ae056dfb947/msg.dB1aSX: Worm.Mytob.BR Intercepted virus
from <> to <[EMAIL PROTECTED]>
May 23 13:30:04 srv clamav-milter[29263]: j4NBTwWx028471:
/tmp/clamav-9e4a8ae056dfb947/msg.THFCC1: Exploit.HTML.IFrame Intercepted
virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
May 23 13:31:27 srv clamav-milter[29263]: j4NBVOXh028671:
/tmp/clamav-9e4a8ae056dfb947/msg.8nzpnB: Worm.SomeFool.R Intercepted
virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
May 23 13:31:47 srv clamav-milter[29263]: j4NBVjp6028691:
/tmp/clamav-9e4a8ae056dfb947/msg.9joLmP: Worm.Bagle.Gen-zippwd
Intercepted virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
May 23 13:49:08 srv clamav-milter[29263]: j4NBmvov031420:
/tmp/clamav-9e4a8ae056dfb947/msg.2NTsa1: Worm.SomeFool.Gen-1 Intercepted
virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
May 23 13:52:37 srv clamav-milter[29263]: j4NBqZDd032055:
/tmp/clamav-9e4a8ae056dfb947/msg.eTVs7J: Worm.Bagz.D Intercepted virus
from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
May 23 14:06:22 srv clamav-milter[29263]: j4NC6L1M001691:
/tmp/clamav-9e4a8ae056dfb947/msg.1hitDJ: Worm.SomeFool.P Intercepted
virus from <[EMAIL PROTECTED]> to <[EMAIL PROTECTED]>
May 23 14:33:02 srv clamav-milter[29263]: ClamAv: thread_create()
failed: 12, try again
May 23 14:34:09 srv clamav-milter[29263]: ClamAv: thread_create()
failed: 12, try again
May 23 14:34:17 srv clamav-milter[29263]: ClamAv: thread_create()
failed: 12, try again
May 23 14:34:26 srv clamav-milter[29263]: ClamAv: thread_create()
failed: 12, try again
May 23 14:35:41 srv clamav-milter[29263]: ClamAv: thread_create()
failed: 12, abort
My user action, call /etc/init.d/clamav-milter restart
May 23 14:35:57 srv clamav-milter[29263]: Stopping ClamAV 0.85.1/889/Sun
May 22 12:18:49 2005
May 23 15:14:09 srv clamav-milter: clamav-milter shutdown failed
May 23 15:14:10 srv clamav-milter[9807]: ClamAV: Protecting against
34652 viruses
May 23 15:14:10 srv clamav-milter[9807]: Loaded ClamAV 0.85.1/890/Mon
May 23 13:34:44 2005
May 23 15:14:10 srv clamav-milter[9808]: Starting ClamAV version 0.85.1,
clamav-milter version 0.85
May 23 15:14:10 srv clamav-milter: clamav-milter startup succeeded
Reports from clamd to syslog in a last two days :
May 22 13:09:02 srv clamd[30078]: SelfCheck: Database modification detected.
Forcing reload.
May 22 13:09:02 srv clamd[30078]: Reading databases from /var/lib/clamav
May 22 13:09:03 srv clamd[30078]: Database correctly reloaded (34651
viruses)
May 23 14:09:13 srv clamd[30078]: SelfCheck: Database modification detected.
Forcing reload.
May 23 14:09:13 srv clamd[30078]: Reading databases from /var/lib/clamav
May 23 14:09:13 srv clamd[30078]: Database correctly reloaded (34652
viruses)
Clamd.conf :
LogFile /var/log/clamav/clamd.log
#LogFileUnlock
LogFileMaxSize 0
LogTime
#LogClean
LogSyslog
#LogFacility LOG_MAIL
#LogVerbose
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /tmp
DatabaseDirectory /var/lib/clamav
#LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket
TCPSocket 3310
#TCPAddr 127.0.0.1
MaxConnectionQueueLength 60
StreamMaxLength 50M
MaxThreads 50
ReadTimeout 300
#IdleTimeout 60
#MaxDirectoryRecursion 20
#FollowDirectorySymlinks
#FollowFileSymlinks
SelfCheck 1800
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
User clamav
AllowSupplementaryGroups
#Foreground
#Debug
#LeaveTemporaryFiles
#DisableDefaultScanOptions
#ScanPE
DetectBrokenExecutables
#ScanOLE2
#ScanMail
#MailFollowURLs
#ScanHTML
#ScanArchive
#ScanRAR
ArchiveMaxFileSize 50M
#ArchiveMaxRecursion 8
#ArchiveMaxFiles 1500
ArchiveMaxCompressionRatio 300
#ArchiveLimitMemoryUsage
ArchiveBlockEncrypted
#ArchiveBlockMax
#ClamukoScanOnAccess
#ClamukoScanOnOpen
#ClamukoScanOnClose
#ClamukoScanOnExec
#ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/guru
#ClamukoMaxFileSize 10M
/etc/sysconfig/clamav-milter :
CLAMAV_FLAGS=" --max-children=61 \
--quiet \
--external \
--force-scan \
--dont-log-clean \
--server=localhost \
--pidfile=/var/run/clamav/clamav-milter.pid \
local:/var/run/clamav/clamav-milter.sock \
"
Report from starting clamd:
Mon May 23 15:36:55 2005 -> +++ Started at Mon May 23 15:36:55 2005
Mon May 23 15:36:55 2005 -> clamd daemon 0.85.1 (OS: linux-gnu, ARCH:
i386, CPU: i386)
Mon May 23 15:36:55 2005 -> Log file size limit disabled.
Mon May 23 15:36:55 2005 -> Reading databases from /var/lib/clamav
Mon May 23 15:36:56 2005 -> Protecting against 34652 viruses.
Mon May 23 15:36:56 2005 -> Bound to port 3310
Mon May 23 15:36:56 2005 -> Setting connection queue length to 60
Mon May 23 15:36:56 2005 -> Archive: Archived file size limit set to
52428800 bytes.
Mon May 23 15:36:56 2005 -> Archive: Recursion level limit set to 8.
Mon May 23 15:36:56 2005 -> Archive: Files limit set to 1000.
Mon May 23 15:36:56 2005 -> Archive: Compression ratio limit set to 300.
Mon May 23 15:36:56 2005 -> Archive support enabled.
Mon May 23 15:36:56 2005 -> Archive: RAR support disabled.
Mon May 23 15:36:56 2005 -> Archive: Blocking encrypted archives.
Mon May 23 15:36:56 2005 -> Portable Executable support enabled.
Mon May 23 15:36:56 2005 -> Detection of broken executables enabled.
Mon May 23 15:36:56 2005 -> Mail files support enabled.
Mon May 23 15:36:56 2005 -> OLE2 support enabled.
Mon May 23 15:36:56 2005 -> HTML support enabled.
Mon May 23 15:36:56 2005 -> Self checking every 1800 seconds.
System is up to date Fedora core 2. I am using there
sendmail-8.12.11-4.6, clamav-0.85.1-1, clamav-milter-0.85.1-1
This is production server, I can`t set debugging on.
What can i do for finding the problem ?
Thanks very much, David Kredba
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
