On 6/23/13 6:28:23PM, Denis McMahon wrote:
On 23/06/13 23:10, Dennis Peterson wrote:
One 'stupid' question and another test. Do you have any host table
entries that can be confusing your resolver?
Try running (via sudo or as root)
strace -f freshclam >/tmp/freshclam.txt 2>&1
then post the result on your web page - it will be quite long and will
clutter the mail list.
http://www.sined.co.uk/tmp/freshclam.txt
You're not running any proxies so there should be no passwords in the
output, but check anyway before posting it on the web. What to look for
here are successful socket operations to external DNS servers. All
indications are there will be none, but it will help to see what is
going on in your stack.
As I said before, I have two machines on the LAN, one (with dhcp)
appears to update fine, the other with static ip doesn't. All the manual
tests I try from the system that doesn't update seem to suggest it
should be fine. DNS appears to resolve. I've just enabled apache reverse
dns lookups for logging on the problem system, and a quick test suggests
they're working. Here are the last few lines of the freshclam log from
the good machine:
We're pretty well into the "Something we're sure of is wrong" territory,
so nothing can be overlooked. I see no attempt in your strace dump to
create a TCPIP socket, nor any attempt to resolve
current.cvd.clamav.net. What was the result of examining your host
table? How many instances of freshclam are running at the present time?
What do you suppose is responsible for this:
write(1, "ERROR: /var/log/clamav/freshclam"..., 66ERROR:
/var/log/clamav/freshclam.log is locked by another process) = 66
What do you see if you run this command?
lsof |grep clam
I'm still wondering what would have prevented your seeing something like
this DNS query in your strace dump.
uname({sys="Linux", node="example.com", ...}) = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("xx.xxx.xxx.xx")}, 16) = 0
poll([{fd=4, events=POLLOUT}], 1, 0) = 1 ([{fd=4, revents=POLLOUT}])
sendto(4, "\1\335\1\0\0\1\0\0\0\0\0\0\7current\3cvd\6clamav\3"..., 40,
MSG_NOSIGNAL, NULL, 0) = 40
poll([{fd=4, events=POLLIN}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "\1\335\201\200\0\1\0\1\0\5\0\7\7current\3cvd\6clamav\3"...,
512, 0, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("xx.xxx.xxx.xx")}, [16]) = 320
close(4) = 0
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
