[Clamav-users] My trouble with freshclam

Wed, 13 Sep 2006 02:49:32 -0700 

Hi everyone,
To chime in with last month's threads about freshclam, there really is something fishy. I've just started noticing that freshclam has died silently on all the mailservers we admin, which frankly worries me. This all happened around august 16th, as other posters have also mentioned. This is the day that main.cvd went from 39 to 40, which might be related. 

Symptoms:

There's one or more files with names like 'clamav-1433a2ec268d3c10' in 
the clamav log-directory. The freshclam binary might still be listed in 
ps, but is not doing anything.

From a freshclam log file:

Received signal: wake up
ClamAV update process started at Wed Aug 16 20:15:15 2006

main.cvd is up to date (version: 39, sigs: 58116, f-level: 8, builder: 
tkojm)
daily.cvd is up to date (version: 1671, sigs: 7502, f-level: 8, builder: 
ccordes)

--------------------------------------
Received signal: wake up
ClamAV update process started at Wed Aug 16 21:15:16 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:15:30 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:15:37 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Giving up on db.nl.clamav.net...
ClamAV update process started at Wed Aug 16 21:15:38 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:23:13 2006


And here it ends, freshclam simply never adds anything to the logs 
anymore. And my versions aren't current anymore:



Restarting freshclam results in a warning about the database being older 
than 7 days, and finally main.cvd gets updated from 39 to 40, and 
daily.cvd gets updated too.



This has happened both on 0.88.4 and one 0.88.3 that turned out to be 
still running on a dev box. It happened on both Solaris 9 and 10, both 
Sparc and AMD cpus.


From another machine:

Received signal: wake up
ClamAV update process started at Wed Aug 16 20:17:12 2006

main.cvd is up to date (version: 39, sigs: 58116, f-level: 8, builder: 
tkojm)
daily.cvd is up to date (version: 1671, sigs: 7502, f-level: 8, builder: 
ccordes)

--------------------------------------
Received signal: wake up
ClamAV update process started at Wed Aug 16 21:17:12 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:17:26 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:17:34 2006
ERROR: Mirrors are not fully synchronized. Please try again later.
Giving up on db.nl.clamav.net...
ClamAV update process started at Wed Aug 16 21:17:36 2006
ERROR: Verification: MD5 verification error
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:25:32 2006
ERROR: Verification: MD5 verification error
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 21:31:15 2006


And this freshclam then simply died and went away, though clamd still 
runs fine.

There's also three temporary or lock files left over:


-rw-r--r--   1 clamav   clamav         0 May 26 18:39 
clamav-93d64283f5119737
-rw-r--r--   1 clamav   clamav         0 May 31 16:22 
clamav-eef9af98a9958181
-rw-r--r--   1 clamav   clamav         0 Aug 16 21:35 
clamav-45135d58c82f4dcd



These timestamps correspond to similar events in the freshclam.log, so I 
have to conclude that freshclam has been dying repeatedly, apparently 
caused by the 'not fully synchronized' situation.


Yet another server:

Received signal: wake up
ClamAV update process started at Tue Aug  8 15:06:48 2006

main.cvd is up to date (version: 39, sigs: 58116, f-level: 8, builder: 
tkojm)
daily.cvd is up to date (version: 1640, sigs: 6574, f-level: 8, builder: 
ccordes)

--------------------------------------
Received signal: wake up
ERROR: Mirrors are not fully synchronized. Please try again later.
Giving up on database.clamav.net...

ERROR: Update failed. Your network may be down or none of the mirrors 
listed in

freshclam.conf is working.

ERROR: Update failed. Your network may be down or none of the mirrors 
listed in

freshclam.conf is working.
--------------------------------------
Received signal: wake up
ClamAV update process started at Wed Aug 16 22:22:07 2006

main.cvd is up to date (version: 39, sigs: 58116, f-level: 8, builder: 
tkojm)
daily.cvd is up to date (version: 1671, sigs: 7502, f-level: 8, builder: 
ccordes)

--------------------------------------
Received signal: wake up
ClamAV update process started at Wed Aug 16 23:22:07 2006
ERROR: Error while reading database from db.nl.clamav.net
ERROR: Can't download main.cvd from db.nl.clamav.net (IP: 62.133.206.90)
Trying again in 5 secs...
ClamAV update process started at Wed Aug 16 23:25:57 2006

Here too, updates stopped on august 16th.


On 6 out of 6 mailservers running clamav, something went very wrong on 
august 16th.


Regards, Paul Boven.



_______________________________________________
http://lurker.clamav.net/list/clamav-users.html






















					Reply via email to