Optimism was short lived. Clamd.exe went unresponsive right after my last email. It lasted about 12 hours, but the next run only lasted barely over 4 hours before becoming unresponsive... so, no rhyme or reason that I see. Nothing telling in clamd.log file that I can see.
Thoughts/suggestions/etc. very appreciated! Tue Aug 13 23:14:11 2019 -> SelfCheck: Database status OK. Tue Aug 13 23:34:41 2019 -> SelfCheck: Database status OK. **Tue Aug 13 23:55:11 2019 -> SelfCheck: Database status OK. <<<< ----- This was the last entry before becoming unresponsive. Tue Aug 13 23:55:21 2019 -> +++ Started at Tue Aug 13 23:55:21 2019 <<< ---- Restarted once monitoring application detected unresponsiveness. Tue Aug 13 23:55:21 2019 -> Received 0 file descriptor(s) from systemd. Tue Aug 13 23:55:21 2019 -> clamd daemon 0.101.3 (OS: win32, ARCH: x86_64, CPU: x86_64) Tue Aug 13 23:55:21 2019 -> Log file size limited to 2097152 bytes. Tue Aug 13 23:55:21 2019 -> Reading databases from C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database Tue Aug 13 23:55:21 2019 -> Not loading PUA signatures. Tue Aug 13 23:55:21 2019 -> Bytecode: Security mode set to "TrustSigned". Tue Aug 13 23:55:54 2019 -> Loaded 6269854 signatures. Tue Aug 13 23:55:56 2019 -> TCP: Bound to [127.0.0.1]:3310 Tue Aug 13 23:55:56 2019 -> TCP: Setting connection queue length to 200 Tue Aug 13 23:55:56 2019 -> Limits: Global size limit set to 104857600 bytes. Tue Aug 13 23:55:56 2019 -> Limits: File size limit set to 26214400 bytes. Tue Aug 13 23:55:56 2019 -> Limits: Recursion level limit set to 16. Tue Aug 13 23:55:56 2019 -> Limits: Files limit set to 10000. Tue Aug 13 23:55:56 2019 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Tue Aug 13 23:55:56 2019 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Tue Aug 13 23:55:56 2019 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Tue Aug 13 23:55:56 2019 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Tue Aug 13 23:55:56 2019 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Tue Aug 13 23:55:56 2019 -> Limits: MaxPartitions limit set to 50. Tue Aug 13 23:55:56 2019 -> Limits: MaxIconsPE limit set to 100. Tue Aug 13 23:55:56 2019 -> Limits: MaxRecHWP3 limit set to 16. Tue Aug 13 23:55:56 2019 -> Limits: PCREMatchLimit limit set to 100000. Tue Aug 13 23:55:56 2019 -> Limits: PCRERecMatchLimit limit set to 2000. Tue Aug 13 23:55:56 2019 -> Limits: PCREMaxFileSize limit set to 26214400. Tue Aug 13 23:55:56 2019 -> Archive support enabled. Tue Aug 13 23:55:56 2019 -> AlertExceedsMax heuristic detection disabled. Tue Aug 13 23:55:56 2019 -> Heuristic alerts enabled. Tue Aug 13 23:55:56 2019 -> Portable Executable support enabled. Tue Aug 13 23:55:56 2019 -> ELF support enabled. Tue Aug 13 23:55:56 2019 -> Mail files support enabled. Tue Aug 13 23:55:56 2019 -> OLE2 support enabled. Tue Aug 13 23:55:56 2019 -> PDF support enabled. Tue Aug 13 23:55:56 2019 -> SWF support enabled. Tue Aug 13 23:55:56 2019 -> HTML support enabled. Tue Aug 13 23:55:56 2019 -> XMLDOCS support enabled. Tue Aug 13 23:55:56 2019 -> HWP3 support enabled. Tue Aug 13 23:55:56 2019 -> Self checking every 1200 seconds. Tue Aug 13 23:55:56 2019 -> Listening daemon: PID: 7132 Tue Aug 13 23:55:56 2019 -> MaxQueue set to: 100 Wed Aug 14 00:16:50 2019 -> SelfCheck: Database status OK. Wed Aug 14 00:37:20 2019 -> SelfCheck: Database status OK. Thanks, -Dave On Tue, Aug 13, 2019 at 10:37 PM David Miller <[email protected]> wrote: > > Hi, All: > > Good news update: Clamd.exe is running longer than ever so far... > nearly 12 hours. I had just switched the SelfCheck value from the > default 600 to 1200 to see if that made a difference. I also enabled > LogVerbose. Those are the only 2 updates to the clamd.config. One > other change I made is to call PING less often to see if clamd.exe is > still responsive. Right now, it checks once per minute... previously, > it checked every 15 seconds. I don't believe this change had anything > to do with tonight's improved result because initially, I wasn't > calling PING at all - the PINGs were added as a result of the > unresponsiveness. I'm optimistic, but still stumped. I suspect the > change relates to the less frequent SelfCheck calls. > Thoughts/suggestions/etc. very appreciated! > > Thanks, > -Dave > > On Tue, Aug 13, 2019 at 1:15 PM David Miller <[email protected]> > wrote: > > > > Hello, All: > > > > clamav-0.101.2-win-x64-portable > > clamav-0.101.3-win-x64-portable > > > > After clamd.exe runs successfully for several hours, it becomes > > unresponsive. > > Hosted on 2 Windows 2016 Servers and a Windows 10 - all respond the same. > > Last log entry for clamd shows: "SelfCheck: Database status OK." An example > > of the unresponsive timelines from one of the deployments is pasted below. > > > > Restarted Unresponsive: Timespan: > > 8/10/19 01:30:30 a.m. 8/10/19 06:06:29 a.m. 4:35:59 > > 8/10/19 06:06:30 a.m. 8/10/19 12:34:12 p.m. 6:27:42 > > 8/10/19 12:34:13 p.m. 8/10/19 07:01:55 p.m. 5:32:18 > > 8/10/19 07:01:56 p.m. 8/11/19 01:29:37 a.m. 5:32:19 > > 8/11/19 01:29:38 a.m. 8/11/19 06:05:35 a.m. 4:35:57 > > 8/11/19 06:05:37 a.m. 8/11/19 12:33:17 p.m. 6:27:40 > > 8/11/19 12:33:19 p.m. 8/11/19 07:01:00 p.m. 5:32:19 > > 8/11/19 07:01:01 p.m. 8/12/19 01:28:42 a.m. 6:27:41 > > > > Clamd.exe remains responsive for the timespans listed above, but then > > becomes unresponsive and I have to kill the process and start a new > > instance of clamd.exe. (The outage time consistency is telling, but > > what it's telling I still don't know.) FWIW: I run freshclam once an hour, > > but it seems to have no impact on the unresponsiveness of clamd. Also, the > > clamd.exe becomes unresponsive whether or not there are files being > > scanned. I've tried a few .conf changes with no noticeable impact on the > > unresponsiveness. Any pointers/tools/suggestions are greatly appreciated. > > > > I've appended my current .conf results to this email. > > > > Thanks for your time & have a great day! > > -Dave, > > > > > > clamconf -n > > > > Checking configuration files in > > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable > > > > Config file: clamd.conf > > ----------------------- > > LogFile = > > "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\clamd.log" > > LogFileMaxSize = "2097152" > > LogTime = "yes" > > LogVerbose = "yes" > > TCPSocket = "3310" > > TCPAddr = "127.0.0.1" > > SendBufTimeout = "200" > > IdleTimeout = "60" > > SelfCheck = "1200" > > > > Config file: freshclam.conf > > --------------------------- > > LogFileMaxSize = "2097152" > > LogTime = "yes" > > UpdateLogFile = > > "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\freshclam.log" > > DatabaseMirror = "database.clamav.net" > > > > clamav-milter.conf not found > > > > Software settings > > ----------------- > > Version: 0.101.3 > > Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 RAR JIT > > > > Database information > > -------------------- > > Database directory: > > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database > > bytecode.cvd: version 330, sigs: 94, built on Wed Jul 17 08:11:08 2019 > > daily.cld: version 25540, sigs: 1713558, built on Tue Aug 13 03:16:47 2019 > > main.cvd: version 58, sigs: 4566249, built on Wed Jun 7 16:38:10 2017 > > Total number of signatures: 6279901 > > > > Platform information > > -------------------- > > uname: Microsoft Windows 6.2 SP0.0 Build 9200 > > OS: win32, ARCH: x86_64, CPU: x86_64 > > zlib version: 1.2.11 (1.2.11), compile flags: 65 > > Triple: x86_64-pc-win32 > > CPU: i686, Little-endian > > platform id: 0x102566660800077c0100077c > > > > Build information > > ----------------- > > Microsoft Visual C++: (0.7.124) > > Microsoft Visual C++ 1916 > > sizeof(void*) = 8 > > Engine flevel: 102, dconf: 102 _______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
