Hi Steve
Note it would be nice if clamd said which db it did not like ..
I reckon the start of the problem is "Database reload failed, keeping
the previous instance" when there is no previous instance.
Mon May 22 13:04:40 2023 -> Reading databases from /var/lib/clamav/
Mon May 22 13:05:01 2023 -> ERROR: reload_th: Database load failed:
Malformed da
tabase
Mon May 22 13:05:02 2023 -> Database reload completed.
Mon May 22 13:05:02 2023 -> WARNING: Database reload failed, keeping the
previou
s instance
Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
Mon May 22 13:06:46 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:06:46 2023 -> ERROR: Command dispatch failed
Mon May 22 13:08:31 2023 -> ERROR: cl_engine_addref() failed
Mon May 22 13:08:31 2023 -> ERROR: Command dispatch failed
Lots more of the above snipped
Note a /tmp/clamav-*** is created for each connection containing
whatever was submitted till max files open limit is reached.
Then this starts
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
3.5 G later /var/ is full !!
On 24/05/2023 19:39, Steve Basford via clamav-users wrote:
On 24 May 2023 18:52:04 Paul Netpresto <p...@netpresto.co.uk> wrote:
Hi
I have found that 1.0.1 and 0.103.8 both behave badly if they find a
malformed db. Agreed freshclam checks out the clamav/cisco db's.
I have yet to determine what unofficial db caused the failure. They
should all have been verified before being placed in /var/lib/clamav/
How are you downloading the 3rd party sigs...
This script checks integrity... before copying to live folder...
https://github.com/extremeshok/clamav-unofficial-sigs
I check db integrity before uploading to mirrors.
Please email me off list with some logs....
Cheers,
Steve
Twitter: @sanesecurity
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat