-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apostolos Papayanakis wrote:
| Last month I started getting 10-20 random clamav-milter segfaults |each day. The load is a few tens of thousand scans daily. | | The very same clamav-milter segfaults can also be induced |persistently by "clmilter_watch". That was a surprize to me, because |clmilter_watch is only a health monitoring utility for the clamav-milter |daemon (see http://www.itg.uiuc.edu/itg_software/clmilter_watch). | | On a completely quiet system when tested with clmilter_watch, the |segfaults happen only when using nscd (name service cache daemon) which |comes as a part of glibc (v2.3.5). This means that if I just "pkill nscd" |then the problem vanishes, but if I have nscd running, restart clamav-milter, |then probe it with clmilter_watch, clamav-milter segfaults immediately. | |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_eoh |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_envbody: 4756 bytes |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_eom |Aug 8 22:07:30 alpha clamav-milter[13116]: j78RCJ7TXH930484: clean message from <> |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_close |Aug 8 22:07:30 alpha clamav-milter[13116]: Segmentation fault :-( Bye.. | | I have enabled debug code and modes and then tried to strace the |problem, with limited results. It seems that clamav-milter segfaults right |after reading from the nscd socket a hostname resolution result (for |localhost.localdomain), and before anything else. It maybe a glibc problem |as there was a glibc upgrade last month indeed. | | Here are the command lines used: | | /usr/sbin/clamav-milter --debug --max-children 150 --force-scan - --timeout=0 --quiet --local inet:33100 | /noc/scripts/nst/clmilter_watch -L /dev/null -s 43210 -t 5 # monitor of clamav-milter | | Here are the options from /etc/clamd.conf | |LogClean |LogSyslog |LogVerbose |PidFile /var/run/clamav/clamd.pid |TemporaryDirectory /var/tmp |LocalSocket /var/run/clamav/clamd.sock |FixStaleSocket |StreamMaxLength 20M |MaxThreads 150 |User clamav |Foreground |Debug |DetectBrokenExecutables |ScanRAR | | I am currently in the process of testing with a previous version of |glibc, just in case I have hit a new bug, but this will take time. Does any |body else have another hint? | I had a simular problem. That seemed to be fixed with the latest ZLib libraries: ~ http://www.zlib.net I would get errors from clamav-milter looking something like the following: ~ Aug 5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter (clmilter): local socket name /var/run/clamav/clamav-milter.sock unsafe ~ Aug 5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter (clmilter): to error state (1) What platform are you using? Debian, Redhat, Fedora, Gentoo? Good Luck, James Kosin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+KxAkNLDmnu1kSkRAnLNAJ0VFBCueEfieCuHzn7H6xRGN4avmACeNbAC o72K07OSDcrXwzzHv7X8EpU= =QVey -----END PGP SIGNATURE----- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
