Dennis Peterson wrote: > Bill Landry wrote: > >> I'm thinking that the times that clamd crashed on my systems most likely >> correspond to the times that SelfCheck ran during a script update or a >> freshclam update, which is why the crashes happened so randomly (I can't >> prove this now because I didn't maintain a record of my clamd crash >> date/times). > > In my clamd log I see this when clamd starts: > clamd daemon 0.95rc1 (OS: solaris2.9, ARCH: sparc, CPU: sparc) > > That may be useful to locate the start times as an indirect method of finding > crash times.
I did find several corresponding log entries, however, the system that I was experience the crashes on was a test system that I also used for testing my scripts, where I might execute a "kill 9" against clamd's pid to confirm that my script could restart clamd with the orphaned lock/pid/socket files left, like a real clamd crash might do. However, for others, this might help: grep -B1 "Started at" /your/path/to/clamd.log Typically if you manually restart clamd, you should see a stop line and then a start line. But when clamd crashes, you will typically see something like: Wed Jan 7 15:53:21 2009 -> Reading databases from /var/lib/clamav Wed Jan 7 16:37:15 2009 -> +++ Started at Wed Jan 7 16:37:15 2009 There will usually be a time gap between the "Reading database" line and the next line "+++ Started at", which is the time difference between when clamd crashed and the user or script restarted clamd. Hope this helps... Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
