Package: clamav Version: 0.94.dfsg.2-1 Severity: normal
Very often clamdscan fails to connect to clamd giving false sense of security, as nothing is reported, even when the scanned data is infected. This also causes other problems for example with exim4, because when it encounters this problem it temporarily rejects the message. I could not find any relevant data neither in the logs nor in the verbose output of clamdscan. The only interesting thing is in exim4's log: 2009-02-17 18:37:49 1LZTtF-0007M6-1a malware acl condition: clamd: \ unable to write to socket (Broken pipe) -- Package-specific info: --- configuration --- /etc/clamav/clamd.conf: clamd directives ------------------------------ LogFile = "/var/log/clamav/daemon/clamav-daemon.log" LogFileUnlock = no LogFileMaxSize = 0 LogTime = yes LogClean = no LogVerbose = no LogSyslog = no LogFacility = "LOG_LOCAL6" PidFile = "/var/run/clamav/clamd.pid" TemporaryDirectory = "/tmp" ScanPE = yes ScanELF = yes DetectBrokenExecutables = no ScanMail = yes MailFollowURLs = no ScanPartialMessages = no PhishingSignatures = yes PhishingScanURLs = yes PhishingAlwaysBlockCloak = no PhishingAlwaysBlockSSLMismatch = no HeuristicScanPrecedence = no DetectPUA = no ExcludePUA not set IncludePUA not set StructuredDataDetection = no StructuredMinCreditCardCount = 3 StructuredMinSSNCount = 3 StructuredSSNFormatNormal = yes StructuredSSNFormatStripped = no AlgorithmicDetection = yes ScanHTML = yes ScanOLE2 = yes ScanPDF = yes ScanArchive = yes MaxScanSize = 104857600 MaxFileSize = 26214400 MaxRecursion = 16 MaxFiles = 10000 ArchiveLimitMemoryUsage = no ArchiveBlockEncrypted = no DatabaseDirectory = "/var/lib/clamav/" TCPAddr not set TCPSocket not set LocalSocket = "/var/run/clamav/socket" MaxConnectionQueueLength = 15 StreamMaxLength = 52428800 StreamMinPort = 1024 StreamMaxPort = 2048 MaxThreads = 10 ReadTimeout = 0 IdleTimeout = 30 MaxDirectoryRecursion = 100 ExcludePath not set FollowDirectorySymlinks = no FollowFileSymlinks = no ExitOnOOM = no Foreground = no Debug = yes LeaveTemporaryFiles = no FixStaleSocket = yes User = "clamav" AllowSupplementaryGroups = no SelfCheck = 3600 VirusEvent = "/bin/echo "Found %v in %f"" ClamukoScanOnAccess not set ClamukoScanOnOpen not set ClamukoScanOnClose not set ClamukoScanOnExec not set ClamukoIncludePath not set ClamukoExcludePath not set ClamukoMaxFileSize = 5242880 DevACOnly not set DevACDepth not set *** MailMaxRecursion is DEPRECATED *** *** ArchiveMaxFileSize is DEPRECATED *** *** ArchiveMaxRecursion is DEPRECATED *** *** ArchiveMaxFiles is DEPRECATED *** *** ArchiveMaxCompressionRatio is DEPRECATED *** *** ArchiveBlockMax is DEPRECATED *** /etc/clamav/freshclam.conf: freshclam directives ------------------------------ LogFileMaxSize = 0 LogTime = no LogVerbose = no LogSyslog = no LogFacility = "LOG_LOCAL6" PidFile = "/var/run/clamav/freshclam.pid" DatabaseDirectory = "/var/lib/clamav/" Foreground = no Debug = no AllowSupplementaryGroups = no DatabaseOwner = "clamav" Checks = 12 UpdateLogFile = "/var/log/clamav/freshclam/freshclam.log" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net" DatabaseMirror = "database.clamav.net" MaxAttempts = 5 ScriptedUpdates = yes CompressLocalDatabase = no HTTPProxyServer not set HTTPProxyPort not set HTTPProxyUsername not set HTTPProxyPassword not set HTTPUserAgent not set NotifyClamd not set OnUpdateExecute not set OnErrorExecute not set OnOutdatedExecute not set LocalIPAddress not set ConnectTimeout = 30 ReceiveTimeout = 30 SubmitDetectionStats not set DetectionStatsCountry not set Engine and signature databases ------------------------------ Engine version: 0.94.2 Database directory: /var/lib/clamav/ main db: Format: .cld, Version: 50, Build time: Sun Feb 15 22:47:25 2009 daily db: Format: .cld, Version: 8998, Build time: Tue Feb 17 04:40:00 2009 --- data dir --- razem 50380 -rw-r--r-- 1 clamav clamav 1545016 sie 18 2006 clamav-032d973b5f0f205d -rw-r--r-- 1 clamav clamav 688805 lip 27 2006 clamav-7a3a9f7d81964488 -rw-r--r-- 1 clamav clamav 3678884 sie 18 2006 clamav-99cd7fbe18752e40 -rw-r--r-- 1 clamav clamav 285256 sie 18 2006 clamav-c361b56158094865 -rw-r--r-- 1 clamav clamav 911872 lut 17 14:27 daily.cld -rw-r--r-- 1 clamav clamav 44391424 lut 16 00:26 main.cld -rw------- 1 clamav clamav 624 lut 17 18:24 mirrors.dat -- System Information: Debian Release: 5.0 APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18 Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2) Shell: /bin/sh linked to /bin/bash Versions of packages clamav depends on: ii clamav-freshclam [clam 0.94.dfsg.2-1 anti-virus utility for Unix - viru ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co ii libc6 2.7-18 GNU C Library: Shared libraries ii libclamav5 0.94.dfsg.2-1 anti-virus utility for Unix - libr ii libgmp3c2 2:4.2.2+dfsg-3 Multiprecision arithmetic library ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages clamav recommends: ii clamav-base 0.94.dfsg.2-1 anti-virus utility for Unix - base Versions of packages clamav suggests: pn clamav-docs <none> (no description available) ii lha 1.14i-10.3 lzh archiver ii unrar 1:3.8.2-1 Unarchiver for .rar files (non-fre -- no debconf information _______________________________________________ Pkg-clamav-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel
