Hi Steve, On 26 mrt. 2013, at 17:54, Steven Morgan <[email protected]> wrote:
> Ben, > > I am looking into this issue. In the meantime, can you get any effect from > increasing the clamd.conf parameters ReadTimeout, CommandReadTimeout, > SendBufTimeout, and SelfCheck? I have doubled them and will let clamdscan run tonight. I'll report the results tomorrow. Thanks, Ben > > Steve > > On Mon, Mar 25, 2013 at 12:26 PM, Ben Stuyts <[email protected]> wrote: > >> Well, still no luck, same errors over the weekend. Anybody have any other >> ideas? >> >> Thanks, >> Ben >> >> On 22 mrt. 2013, at 18:43, Ben Stuyts <[email protected]> wrote: >> >>> >>> On 22 mrt. 2013, at 18:29, David Raynor <[email protected]> wrote: >>> >>>> On Fri, Mar 22, 2013 at 1:11 PM, Ben Stuyts <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> I was using clamscan for daily scanning of our user's home directories, >>>>> but it was getting too slow with scan times of up to 6 hours. Therefor >> I'm >>>>> testing clamdscan and using multiple threads to scan. (cmd line is >>>>> /usr/local/bin/clamdscan -m --fdpass /home) >>>>> >>>>> I am getting the following error messages from clamd while scanning, >> and >>>>> it's missing a lot of files. If put the Eicar test file at various >> spots >>>>> and it's being missed by the scan. >>>>> >>>>> Thu Mar 21 22:00:01 2013 -> SelfCheck: Database status OK. >>>>> Thu Mar 21 22:10:01 2013 -> SelfCheck: Database status OK. >>>>> Thu Mar 21 22:13:48 2013 -> Client disconnected while scanjob was >> active >>>>> Thu Mar 21 22:13:48 2013 -> Client disconnected while scanjob was >> active >>>>> (repeat...) >>>>> Thu Mar 21 22:14:06 2013 -> Client disconnected while scanjob was >> active >>>>> Thu Mar 21 22:17:29 2013 -> Reading databases from /var/db/clamav >>>>> Thu Mar 21 22:17:36 2013 -> Database correctly reloaded (2019434 >>>>> signatures) >>>>> >>>>> Output from clamdscan, no errors: >>>>> >>>>> ----------- SCAN SUMMARY ----------- >>>>> Infected files: 0 >>>>> Time: 3846.032 sec (64 m 6 s) >>>>> >>>>> This is on FreeBSD 7.4-stable, clamav-0.97.7 (clamav-0.97.6 had the >> same >>>>> problem). The home directories are all zfs based. clamd runs as user >>>>> clamav, clamdscan as user root. >>>>> >>>>> What could be causing this? >>>>> >>>>> Kind regards, >>>>> Ben >>>>> >>>>> _______________________________________________ >>>>> Help us build a comprehensive ClamAV guide: visit >> http://wiki.clamav.net >>>>> http://www.clamav.net/support/ml >>>>> >>>> >>>> Ben, >>>> >>>> The "Client disconnected while scanjob was active" lines can also show >> up >>>> when the scanning threads are being told to shutdown. Did freshclam run >> and >>>> update your signatures during this scan? >>>> >>>> Dave R. >>>> >>>> -- >>>> --- >>>> Dave Raynor >>>> Sourcefire Vulnerability Research Team >>>> [email protected] >>>> _______________________________________________ >>>> Help us build a comprehensive ClamAV guide: visit >> http://wiki.clamav.net >>>> http://www.clamav.net/support/ml >>>> >>> >>> Yes it ran, but at the end at 22:17, not at 22:13 when the first errors >> appeared. From freshclam.log: >>> >>> -------------------------------------- >>> Received signal: wake up >>> ClamAV update process started at Thu Mar 21 20:17:17 2013 >>> >>> ... and then the next entry: >>> -------------------------------------- >>> Received signal: wake up >>> ClamAV update process started at Thu Mar 21 22:17:23 2013 >>> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, >> builder: sven) >>> WARNING: getfile: daily-16881.cdiff not found on remote server (IP: >> 217.19.16.188) >>> WARNING: getpatch: Can't download daily-16881.cdiff from >> database.clamav.net >>> Downloading daily-16881.cdiff [100%] >>> daily.cld updated (version: 16881, sigs: 980411, f-level: 63, builder: >> guitar) >>> bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, >> builder: neo) >>> Database updated (2024839 signatures) from database.clamav.net (IP: >> 145.58.29.83) >>> Clamd successfully notified about the update. >>> >>> ... and the next: >>> -------------------------------------- >>> Received signal: wake up >>> ClamAV update process started at Fri Mar 22 00:17:29 2013 >>> >>> There were also a few incoming e-mails during that time which were >> scanned via clamav-milter and clamd. Could that have an effect? >>> >>> Ben >>> >>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >>> http://www.clamav.net/support/ml >>> >> >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml >> > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
