On 06/07/2011 08:15 AM, [email protected] wrote:
in log file /var/log/clamav/unofficial-sigs.log I have:
INFO - Next SecuriteInfo check will be performed in approximately 2
hour(s), 4 minute(s)
Jun 07 09:33:51 INFO - Checking for MalwarePatrol updates...
Jun 07 09:33:52 INFO - Testing updated database file: mbl.ndb
Jun 07 09:33:52 INFO - Clamscan reports Sanesecurity mbl.ndb database
integrity tested good
Jun 07 09:33:52 INFO - Successfully updated MalwarePatrol production
database file: mbl.ndb
Jun 07 09:33:52 INFO - Update(s) detected, reloaded ClamAV databases
these times also correlate to the log file /var/log/qmail/clamd/current:
Waiting for all threads to finish
2011-06-07 09:33:53.164200500 Shutting down the main socket.
2011-06-07 09:33:53.164416500 --- Stopped at Tue Jun 7 09:33:53 2011
2011-06-07 09:33:53.164440500 Closing the main socket.
2011-06-07 09:33:53.164485500 Socket file removed.
2011-06-07 09:33:53.632970500 LibClamAV Warning: Detected duplicate
databases /usr/share/clamav/main.cvd and /usr/share/clamav/main.cld,
please manually remove one of them
2011-06-07 09:33:57.103557500 Limits: Global size limit set to 104857600
bytes.
2011-06-07 09:33:57.103559500 Limits: File size limit set to 26214400
bytes.
2011-06-07 09:33:57.103560500 Limits: Recursion level limit set to 16.
2011-06-07 09:33:57.103560500 Limits: Files limit set to 10000.
2011-06-07 09:33:57.103561500 Limits: Core-dump limit is 0.
2011-06-07 09:33:57.103561500 Archive support enabled.
2011-06-07 09:33:57.103562500 Algorithmic detection enabled.
2011-06-07 09:33:57.103562500 Portable Executable support enabled.
2011-06-07 09:33:57.103563500 ELF support enabled.
2011-06-07 09:33:57.103602500 Mail files support enabled.
2011-06-07 09:33:57.103603500 OLE2 support enabled.
2011-06-07 09:33:57.103612500 PDF support enabled.
2011-06-07 09:33:57.103612500 HTML support enabled.
2011-06-07 09:33:57.103613500 Self checking every 600 seconds.
2011-06-07 09:33:57.103613500 Listening daemon: PID: 19474
2011-06-07 09:33:57.103614500 MaxQueue set to: 100
I also have found /etc/cron.d/clamav-unofficial-sigs-cron
I believe this file is what is updateing some of the clam sigs and
causing clam to restart.
The problem is that clam takes 4 to 5 seconds to restart, which is not a
lot but I am unlucky enough to have customers sending email at those
times causing the soft reject errors.
is anyone else having these problems?
Thanks
My servers aren't that busy. I do see an occasional problem with
submissions though, so perhaps this is why. I wonder why Bill's script
restarts clamav. Freshclam seems to update w/out needing to restart
clamav. I expect that some sort of refresh would suffice, which would
perhaps not cause the soft rejects. There's gotta be a way for this to
happen w/out impacting end users in such a way.
Can you post this to the sanesecurity list?
(http://sanesecurity.com/mailinglist.htm and also availble at newsgroup
gmane.comp.security.virus.clamav.sanesecurity)
I'm sure Bill and Steve there would know off hand how best to handle
this. FWIW, I keep an eye on that list, so I'll see what comes of this.
Please report back here though what you find there.
Thanks AP.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
