[Clamav-users] FreshClam Segmentation Fault.
Hello All; I have installed ClamAv on both my RedHat 9 and RedHat 7 boxes. It runs fine on my RedHat 9 box but whenever I try to run freshclam from my RedHat 7 box I get a segmentation fault. I performed an strace on freshclam and I recieved the following output, did anyone recieve a similiar problem and do you perhaps know how to fix it? execve(/usr/local/bin/freshclam, [freshclam], [/* 33 vars */]) = 0 uname({sys=Linux, node=sean.hetzner.africa, ...}) = 0 brk(0) = 0x804fa30 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000 open(/etc/ld.so.preload, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/tls/i686/mmx/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/tls/i686/mmx, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/tls/i686/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/tls/i686, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/tls/mmx/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/tls/mmx, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/tls/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/tls, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/i686/mmx/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/i686/mmx, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/i686/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/i686, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/mmx/libclamav.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) stat64(/usr/local/lib/mmx, 0xbfffdb90) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libclamav.so.1, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320B\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=394630, ...}) = 0 old_mmap(NULL, 129264, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40017000 old_mmap(0x40031000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x19000) = 0x40031000 old_mmap(0x40032000, 18672, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40032000 close(3) = 0 open(/usr/local/lib/libz.so.1, O_RDONLY) = -1 ENOENT (No such file or directory) open(/etc/ld.so.cache, O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=80200, ...}) = 0 old_mmap(NULL, 80200, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40037000 close(3) = 0 open(/usr/lib/libz.so.1, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\31..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=52616, ...}) = 0 old_mmap(NULL, 55596, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4004b000 old_mmap(0x40057000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xb000) = 0x40057000 close(3) = 0 open(/usr/local/lib/libgmp.so.3, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libgmp.so.3, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0X\0\000..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=179304, ...}) = 0 old_mmap(NULL, 182304, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40059000 old_mmap(0x40085000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2b000) = 0x40085000 close(3) = 0 open(/usr/local/lib/libpthread.so.0, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/tls/libpthread.so.0, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=79744, ...}) = 0 old_mmap(NULL, 50040, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40086000 old_mmap(0x4009, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xa000) = 0x4009 old_mmap(0x40091000, 4984, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40091000 close(3) = 0 open(/usr/local/lib/libc.so.6, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/tls/libc.so.6, O_RDONLY) = 3 read(3, \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`V\1B4\0..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=1531064, ...}) = 0 old_mmap(0x4200, 1257224, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4200 old_mmap(0x4212e000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x12e000) = 0x4212e000 old_mmap(0x42131000, 7944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x42131000 close(3) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40093000 set_thread_area({entry_number:-1 - 6, base_addr:0x40093780, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 munmap(0x40037000, 80200) = 0 set_tid_address(0x400937c8) = 3449 rt_sigaction(SIGRTMIN, {0x40089e30, [], SA_RESTORER, 0x4008f618}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN], NULL,
Re: [Clamav-users] clamd dying: reasons
On Sun, 16 May 2004 19:51:57 -0700 K. Shantanu [EMAIL PROTECTED] wrote: Hi, Are there any particular reasons why clamd might die all of sudden? It happens to me atleast once a week. And then I have to many a times remove the clamd file and restart clamd. And the worst part is that my messages starts bouncing if clamd dies stating that it cannot connect to clamd. Which version of clamd ? -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon May 17 10:31:24 CEST 2004 pgptYlpVrlIph.pgp Description: PGP signature
[Clamav-users] real time doesn't work ?
Hello, clamd is up, and I sent a message with eicar.com to my postfix, but Clamav didn't see it :( But when I run clamscan the file is matched with the database Signature... Anyone could give me a reason of this failure ? thx :) --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re[2]: [Clamav-users] clamd dying: reasons
Monday, May 17, 2004, 2:01:49 PM, Tomasz Kojm wrote: Which version of clamd ? # clamd --version clamd / ClamAV version 0.65 What I am worried about is that it looks at clamd socket file and if it is stale it does not start. Even running clamd under daemontools does not gurantee a clean start and a fresh clamd file. Sometimes when I have a local machine I might start clamd from rc.local. If that time when the machine is starting, a clamd file is present clamd won't start. What is the solution for this? Regards, Shantanu --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Re[2]: clamd dying: reasons
shantanu wrote: Monday, May 17, 2004, 2:01:49 PM, Tomasz Kojm wrote: Which version of clamd ? # clamd --version clamd / ClamAV version 0.65 What I am worried about is that it looks at clamd socket file and if it is stale it does not start. Even running clamd under daemontools does not gurantee a clean start and a fresh clamd file. It does if you delete the socket file from your run script. But you need to upgrade to 0.70 anyway, and I imagine that you'll start having problems with clamd hanging as well as dying once you do. Perhaps you should take a look at monit. -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Re: Re[2]: clamd dying: reasons
On Mon, May 17, 2004 at 08:45:26AM -0400, Jesse Guardiani wrote: It does if you delete the socket file from your run script. But you need to upgrade to 0.70 anyway, and I imagine that you'll start having problems with clamd hanging as well as dying once you do. Then why in the world should I upgrade if I will be having same problems? I had trouble with monit when I tried with it. I got mails (alert) every other minute even when clamd was running properly. I had something like, set daemon 120 set alert shantanu [...] check process clamd with pidfile /var/run/clamd.pid start program /usr/local/sbin/clamd Thanks for the help. -Shantanu --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] amavis-new + clamav
N. Et. wrote: Hi, I have in my syslog the message : May 17 19:33:30 debian amavis[799]: (00799-01) Clam Antivirus-clamd: Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory, retrying (2) May 17 19:33:36 debian amavis[799]: (00799-01) Clam Antivirus-clamd: Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory, retrying (3) May 17 19:33:47 debian amavis[799]: (00799-01) Clam Antivirus-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamd.ctl (Can't connect to UNIX socket /var/run/clamd.ctl: No such file or directory) at (eval 34) line 179. If someone can help me ?Thx++ N. Et. Check your configs. revelation:/etc # grep LocalSocket clamav.conf LocalSocket /var/amavis/clamd revelation:/etc # grep -A 4 Clam Antivirus-clamd amavisd.conf ['Clam Antivirus-clamd', \ask_daemon, [CONTSCAN {}\n, '/var/amavis/clamd'], qr/\bOK$/, qr/\bFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], # # NOTE: run clamd under the same user as amavisd, Those must be the same. --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Re: SomeFool.Q passed the clamscan clamav-milter
On Sat, 15 May 2004, Tomasz Kojm wrote: On Fri, 14 May 2004 18:24:33 -0400 (EDT) James Chamberlain [EMAIL PROTECTED] wrote: Martin Chan wrote: Today I found a virus passed through the clamav-milter, and I tried to manual scan it with clamscan --mbox, but it passed too. I'm sure my virus definition is updated and I'm using clamscan / ClamAV version 0.70 Scan in Online scanner does detect it: /tmp/phpv4Ottk: Worm.SomeFool.Q FOUND And found something: * Worm.SomeFool.Q I've had this same problem now a couple times. My virus definitions are up to date and I'm using clamscan / ClamAV 0.70. In my case, the worms in question were listed by the online scanner as Worm.Sober.G and Worm.Bagle.Gen-vbs. Would you like these forwarded to you as well, Nigel? Better fix your installation. My installation now works; however, I'm still curious what was broken about it to begin with. I tried installing in place from a fresh build. That didn't help. I tried uninstalling and reinstalling from a fresh build. That didn't help. What finally did the trick was replacing the clamav.conf file. I don't see what was wrong with my original config file, though. The only non-comment differences between the two are as follows (diff good bad, essentially): Example LogFile /var/log/clamd.log LogTime LogClean PidFile /var/run/clamd.pid User clamav ScanMail ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec ClamukoIncludePath /home ClamukoMaxFileSize 1M ClamukoScanArchive I'm calling clamscan from amavisd and am not running clamd at the moment, so most of those options seem like they shouldn't matter to me. What am I missing? What about this allowed some known viruses through while blocking other known viruses? For reference, I started with 0.70-rc and upgraded to 0.70 shortly after it was released. James --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] New Address for Virus Alias Database
For those that found my virus alias database useful I have now moved it to http://www.rainingfrogs.co.uk to get0 rid of the annoying UK2 popup add and banner. This also means that it will now accept direct links to URL's of specific entries, for those that requested that facility. Kevin signature.asc Description: This is a digitally signed message part
[Clamav-users] Exim + ClamAV + what?
Hi all, We are building a new mail platform and are looking at using ClamAV for our AV platform. Firstly, (and I know this is probably a silly question to ask here), does the list believe that ClamAV is ready for the mainstream? We currently use Sophos AV and we have a large number of corporate customers who need some assurance that the level of AV protection we are providing is more than respectable. Can anybody point me at any good documents or pages that I can put in front of our marketing people to reassure them that ClamAV is up to the job? Secondly, we run the excellent Exim MTA here and are looking at the best way to interface with ClamAV. Currently, I have setup a test box using amavis-new (amavisd) which in turn talks to clamd. Is this the best way of doing things in terms of performance?? We don't require Amavis to do anti-spam and since our users are opt-in we can't use exiscan or something that blocks viruses at the initial delivery stage. I would prefer not to use a Perl-based package like Amavis as we process over 250,000 email per day and performance is very important! Any feedback/thoughts would be appreciated! Cheers, Ray --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] ClamAV with Exim4 on Debian Sarge
Hi All I'm implementing a Spam and a Virus wall using Exim4, SA-Exim, SpamAssassin, Exiscan-ACL clamav-daemon and clamav on Debian Sarge. This is stand before my mail server and scan my mails for spam and viruses. Spam blocking is fine, but problem is in virus thing. My /etc/clamav/clamav.conf is like this, TCPSocket 3310 User clamav AllowSupplementaryGroups ScanMail ScanArchive ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M MaxDirectoryRecursion 15 FollowFileSymlinks ReadTimeout 500 MaxThreads 10 MaxConnectionQueueLength 15 StreamSaveToDisk StreamMaxLength 10 LogFile /var/log/clamav/clamd.log LogTime LogFileUnlock LogFileMaxSize 0 LogVerbose LogClean PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav/ SelfCheck 3600 Debug In Exim4 config main area (I'm using monolithic config), av_scanner = clamd:127.0.0.1 3310 And ACL section has, deny message = This message contain malware ($malware_name) log_message = $sender_host_address tried sending $malware_name demime = * malware = * Does order a matter in Exim ACLs? Everything seems fine, but it's not cleaning my mails? When I see the logs.., /var/log/clamav/clamd.log Tue May 18 14:26:58 2004 - +++ Started at Tue May 18 14:26:58 2004 Tue May 18 14:26:58 2004 - Log file size limited to 2097152 bytes. Tue May 18 14:26:58 2004 - Verbose logging activated. Tue May 18 14:26:58 2004 - Running as user clamav (UID 104, GID 104) Tue May 18 14:26:58 2004 - Reading databases from /var/lib/clamav/ Tue May 18 14:27:00 2004 - Protecting against 21588 viruses. Tue May 18 14:27:00 2004 - Bound to port 3310 Tue May 18 14:27:00 2004 - Setting connection queue length to 15 Tue May 18 14:27:00 2004 - ERROR: Can't save PID in file /var/run/clamd.pid Tue May 18 14:27:00 2004 - Listening daemon: PID: 261 Tue May 18 14:27:00 2004 - Archive: Archived file size limit set to 10485760 bytes. Tue May 18 14:27:00 2004 - Archive: Recursion level limit set to 5. Tue May 18 14:27:00 2004 - Archive: Files limit set to 1000. Tue May 18 14:27:00 2004 - WARNING: USING HARDCODED LIMIT: Archive: Compression ratio limit set to 200. Tue May 18 14:27:00 2004 - Archive support enabled. Tue May 18 14:27:00 2004 - RAR support disabled. Tue May 18 14:27:00 2004 - Mail files support enabled. Tue May 18 14:27:00 2004 - OLE2 support disabled. Tue May 18 14:27:00 2004 - Self checking every 3600 seconds. I see only those, no hint about scanning mails :-( Where can it be the problem? Any idea? Thanks! Pradeeper -- Debian GNU/Linux Sarge (kernel 2.2.20-compact) Marriage Ceremony: An incredible metaphysical sham of watching God and the law being dragged into the affairs of your family. -- O. C. Ogilvie --- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id=2562alloc_id=6184op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users