On 2011-10-10 11:25, Alex wrote: > Hi, > >>> I have a fedora15 x86_64 box with clamav-0.97.2, postfix-2.8.4, and >>> amavisd-new-2.6.6 with spamassassin-3.3.2 that has been running fine >>> for quite a while. Recently, clamd has died with an error similar to
Was it clamd that died or both clamd and clamscan? >>> this: >>> >>> Oct 10 02:55:56 mail02 amavis[25696]: (25696-18) (!)run_av >>> (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV The error message refers to clamscan, but maybe because that is the "backup scanner"? >>> Error:cli_hex2str(): Malformed hexstring: 22|20 (length: 5)\nLibClamAV >>> Error: cli_parse_add(): Problem adding signature (3). >> >> scanners.c:1667 returns a string split using '|' as delimiter, so I don't >> see how >> hex2str at 1672 can report that it still has a '|'. >> >> Try running memtest86(+) to check that your RAM is fine. > > I ran it before putting the server into production about two weeks > ago, and it has been running fine ever since. > >> Also what does the clamav-unofficial-sigs log say about the InetMsg database? >> Does it report that the integrity test worked when it tested the database >> with clamscan? > > There hasn't bee any reports of a failed integrity test in recent > past. Only messages like these: > > Oct 10 03:52:33 INFO - Successfully updated Sanesecurity production > database file: INetMsg-SpamDomains-2w.ndb Was there an "integrity tested good" message before that? > >>> The content of INetMsg-SpamDomains-2w.ndb at line 40734 is: >>> >>> INetMsg.SpamDomain-2w.lakecharmvila_com:4:*:(2e|2f|40|20|3c|5f)6c616b65636861726d76696c612e636f6d(27|22|20|2f|3d|5f|3e|0a|0d) >> >> This is a valid database entry, are you sure this is the one causing >> clamscan to fail with the above message? >> Maybe the database got updated in the meantime with a corrected entry. > > The database was last updated around 02:51:52 and the error was > reported at 02:55:56, so that is the correct database, to the best of > my knowledge. It does look like it was updated one time after that: > > Oct 10 03:52:32 INFO - Clamscan reports Sanesecurity > INetMsg-SpamDomains-2w.ndb database integrity tested good > > However the timestamp on the file doesn't reflect that: > # ls -la INetMsg-SpamDomains-2w.ndb > -rw-r--r-- 1 amavis amavis 10688391 Oct 10 02:46 INetMsg-SpamDomains-2w.ndb > > Is there a way to have it automatically restarted when something like > this happens or be more tolerant of database problems, with > notifications of those problems, in the future? Restarting won't help if the database is corrupted, or is there is some problem parsing the database. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
