Hi, I have a clamav-0.99-2 installation on fedora23 and periodically I receive a message when running clamav-notify-servers after having run freshclam that reports:
# clamav-notify-servers clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response I have a script that periodically rsyncs the malwarepatrol db to the /var/lib/clamav directory then runs the clamav-notify-servers. I believe the problem is related to this occurring at the same time as the regular freshclam-sleep script running clamav-notify-servers. Is this the intended behavior for clamd? I have about 9M signatures now, so it appears to take a long time to reload the database every time the clamav-notify-servers signal is sent. Can someone provide some advice on the best way to do this? I don't think I can control the timing of the clamav-notify-servers to make sure it doesn't happen while another instance occurs. Should I just redirect the output to /dev/null? Is it common to have 9M entries? It looks to take about 30s to reload the database: Feb 21 03:22:15 mail03 clamd[1006]: Reading databases from /var/lib/clamav Feb 21 03:22:46 mail03 clamd[1006]: Database correctly reloaded (8888331 signatures) Feb 21 03:22:46 mail03 clamd[1006]: Client disconnected (FD 23) This is on a six-core 3Ghz system on SSD disks. [root@mail03 clamav]# ls badmacro.ndb foxhole_filename.cdb phishtank.ndb spamattach.hdb blurl.ndb foxhole_generic.cdb porcupine.hsb spamimg.hdb bofhland_cracked_URL.ndb hackingteam.hsb porcupine.ndb spam.ldb bofhland_malware_attach.hdb javascript.ndb rogue.hdb spearl.ndb bofhland_malware_URL.ndb junk.ndb safebrowsing.cvd spear.ndb bofhland_phishing_URL.ndb jurlbla.ndb sanesecurity.ftm winnow.attachments.hdb my_sigwhitelist.gdb jurlbl.ndb scamnailer.ndb winnow_bad_cw.hdb my_sigwhitelist.ign2 lott.ndb scam.ndb winnow.complex.patterns.ldb my_sigwhitelist.wdb main.cvd securiteinfoascii.hdb winnow_extended_malware.hdb bytecode.cld malwarehash.hsb securiteinfo.hdb winnow_malware.hdb crdfam.clamav.hdb malwarepatrol.ndb securiteinfohtml.hdb winnow_malware_links.ndb create_sig.txt mirrors.dat securiteinfo.ign2 winnow_phish_complete_url.ndb daily.cld phish.ndb sigwhitelist.ign2 winnow_spam_complete.ndb I think the commercial securiteinfo databases are entirely too large and don't perform very well. Of course I could cut down on the databases, but I'm more interested in finding out why clamd produces the error message when multiple signals are sent. Thanks, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
