Re: [clamav-users] Version 0.98.3 hard loops on clamdscan -V
On 05/09/2014 07:45 AM, Greg Folkert wrote: On Fri, 2014-05-09 at 10:33 -0400, Bowie Bailey wrote: On 5/8/2014 10:35 PM, Eric Shubert wrote: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ Inefficiency bugs me... You can do multiple patterns with a single grep using the -e flag. grep -v -e ^# -e ^$ clamd.conf You are sufficiently lazy! You beat me to it... you know, because I'm morerer lazy. Thanks for the pointer. At my age though, my typing is stronger than my memory (what was that flag again?), so the longer form sometimes suits me better (fewer things to remember!). :) Note, if I was scripting it, I hope I'd use the -e flag for efficiency. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 hard loops on clamdscan -V
On 05/09/2014 04:41 AM, Shawn Webb wrote: On Thu, May 8, 2014 at 10:35 PM, Eric Shubert e...@shubes.net wrote: Immediately after upgrading from 0.98 to 0.98.3, when clamdscan --stdout -V is run (via simscanmk -g), the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly). Here are non-default config settings: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ LogClean yes LogVerbose yes LocalSocket /tmp/clamd.socket FixStaleSocket yes Foreground yes ScanMail yes Any ideas? Thanks. Hey Eric, I'm having a bit of trouble reproducing the issue here. What OS and what version of the OS are you using? What architecture (x86, x64)? What happens if you run the clamdscan command manually? Can you paste to a pastebin service the output of clamconf and your config.log file? Thanks, Shawn ___ Hey Shawn. Sorry I didn't include more details. CentOS 5.10, i386. I get the same result (looping) when I run clamdscan --stdout -V manually. However, if I start clamd, wait for it to load everything, then run clamdscan, then clamdscan works. When I stop clamd, try clamdscan again, then it loops again. So it appears that when clamd is running, clamdscan works. When clamd isn't running, clamdscan appears to go into a hard loop (presumably waiting for something that never happens). clamconf is at http://pastebin.com/dJAJF8T1 I don't appear to have any config.log. How do I get that? Thanks. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 hard loops on clamdscan -V
Nice work guys. That indeed took care of it. As I'm packaging this for the qmail-toaster project, I'm wondering if I should release this version with the patch, or simply wait for 0.98.4 to be released. Any idea when 0.98.4 might roll out? Thanks. -- -Eric 'shubes' On 05/09/2014 12:28 PM, Steven Morgan wrote: Eric, I've confirmed this is fixed by the patch in https://bugzilla.clamav.net/show_buhttps://bugzilla.clamav.net/show_bug.cgi?id=10987 g.cgi?id=10987 https://bugzilla.clamav.net/show_bug.cgi?id=10987 Steve On Fri, May 9, 2014 at 3:21 PM, Steven Morgan smor...@sourcefire.comwrote: Confirmed in gdb, it is looping in the same place in proto.c lines 97 and 98. On Fri, May 9, 2014 at 3:17 PM, Shawn Webb sw...@sourcefire.com wrote: On Fri, May 9, 2014 at 3:02 PM, Philippe Ratté pra...@cybergeneration.comwrote: Hello, This may not be related; however I am also having some loop issues with 0.98.3 I'm using qmail-scanner, and everything works fine with 0.98.1 Now, using 0.98.3, I've got some clamdscan processes that are looping non-stop opening '/etc/services': # strace -p 13472 -s 5120 [...] open(/etc/services, O_RDONLY) = 3 fcntl64(3, F_GETFD) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=362031, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fde000 read(3, # /etc/services:\n# $Id: services,v 1.42 2006/02/23 13:09:23 pknirsch Exp $\n#\n# Network services, Internet style\n#\n# Note that it is presently the policy of IANA to assign a single well-known\n# port number for both TCP and UDP; hence, most entries here have two entries\n# even if the protocol doesn\'t support UDP operations.\n# Updated from RFC 1700, ``Assigned Numbers\'\' (October 1994). Not all ports\n# are included, only the more common ones.\n#\n# The latest IANA port assignments can be gotten from\n#\thttp://www.iana.org/assignments/port-numbers\n#http://www.iana.org/assignments/port-numbers%5Cn#The Well Known Ports are those from 0 through 1023.\n# The Registered Ports are those from 1024 through 49151\n# The Dynamic and/or Private Ports are those from 49152 through 65535\n#\n# Each line describes one service, and is of the form:\n# \n# service-name port/protocol [aliases ...] Any ideas? Thanks! -Message d'origine- De : clamav-users-boun...@lists.clamav.net [mailto:clamav-users- boun...@lists.clamav.net] De la part de Eric Shubert Envoyé : Friday, May 09, 2014 2:49 PM À : clamav-users@lists.clamav.net Objet : Re: [clamav-users] Version 0.98.3 hard loops on clamdscan -V On 05/09/2014 04:41 AM, Shawn Webb wrote: On Thu, May 8, 2014 at 10:35 PM, Eric Shubert e...@shubes.net wrote: Immediately after upgrading from 0.98 to 0.98.3, when clamdscan --stdout -V is run (via simscanmk -g), the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly). Here are non-default config settings: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ LogClean yes LogVerbose yes LocalSocket /tmp/clamd.socket FixStaleSocket yes Foreground yes ScanMail yes Any ideas? Thanks. Hey Eric, I'm having a bit of trouble reproducing the issue here. What OS and what version of the OS are you using? What architecture (x86, x64)? What happens if you run the clamdscan command manually? Can you paste to a pastebin service the output of clamconf and your config.log file? Thanks, Shawn ___ Hey Shawn. Sorry I didn't include more details. CentOS 5.10, i386. I get the same result (looping) when I run clamdscan --stdout -V manually. However, if I start clamd, wait for it to load everything, then run clamdscan, then clamdscan works. When I stop clamd, try clamdscan again, then it loops again. So it appears that when clamd is running, clamdscan works. When clamd isn't running, clamdscan appears to go into a hard loop (presumably waiting for something that never happens). clamconf is at http://pastebin.com/dJAJF8T1 I don't appear to have any config.log. How do I get that? Hey Eric and Philippe, Can you both apply the patch from this bug ticket? https://bugzilla.clamav.net/show_bug.cgi?id=10987 I'm wondering if it's related. Thanks, Shawn ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Version 0.98.3 hard loops on clamdscan -V
On 05/09/2014 04:41 PM, Dennis Peterson wrote: On 5/9/14, 7:33 AM, Bowie Bailey wrote: On 5/8/2014 10:35 PM, Eric Shubert wrote: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ Inefficiency bugs me... You can do multiple patterns with a single grep using the -e flag. grep -v -e ^# -e ^$ clamd.conf Try (and there are surely others even shorter) egrep -v '^(#|$)' clamd.*f dp ___ Nice, Dennis. A little regex savvy eliminates the -e flags entirely. :) Will grep do this, or is egrep required? -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] configure flags -- and --disable-clamav
The clamav-toaster package has traditionally configured clamav with ./configure --. The new clamav package for QMT (qmail-toaster) that I created (many months ago) uses ./configure --disable-clamav. I noticed that the resulting binary packages were considerably different in size (15M vs 41M) on CentOS5 with either arch, and I decided today was a good day to investigate. The -- configuration builds with no llvm/jit, while the --disable-clamav flag includes llvm/jit. That's some kind of overhead, including 2 to 3 times as long to build. So my questions are: What does the -- flag actually do, such that llvm/jit is disabled? What does the --disable-clamav flag do? I can't seem to find answers documented anywhere, including ./configure --help. What is the impact of having jit disabled? (QMT users have had it disabled until recently) Is jit really worth the overhead? (I suppose the answer to this is subjective) Thanks for any assistance. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] Version 0.98.3 hard loops on clamdscan -V
Immediately after upgrading from 0.98 to 0.98.3, when clamdscan --stdout -V is run (via simscanmk -g), the clamdscan appears to go into a hard loop (eats a lot of cpu endlessly). Here are non-default config settings: [root@qmt-cos5 etc]# grep -v ^# clamd.conf | grep -v ^$ LogClean yes LogVerbose yes LocalSocket /tmp/clamd.socket FixStaleSocket yes Foreground yes ScanMail yes Any ideas? Thanks. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] make install with no data files
On 10/04/2013 05:30 PM, Al Varnell wrote: On Oct 3, 2013, at 12:49 PM, Eric Shubert e...@shubes.net wrote: On 09/30/2013 11:43 AM, Eric Shubert wrote: The data files were omitted from the source tarball beginning with version 0.97.5. I thought that made sense. Now with 0.98 they appear to be back. Is there any easy/preferred way to make install (or configure) without having the data files included? I'm packaging clamav-toaster, and am obtaining the data files in the %post processing, and I don't want them encumbering the rpm. I poked around the makefiles a bit, but I'm not very familiar with them. I'm thinking that a make install-nodata or some such would be nice. Thanks. Thanks to both David and Bryan for their excellent suggestions. Unfortunately, I made some bad presumptions (once again - DOH!) which led me to believe that the data files were the cause of my source RPM ballooning. After successfully omitting the database/ from the build, I still ended up with a 36M srpm file, while the binary rpm was 13M. Upon closer inspection, it appears that the clamav-devel/win32/ directory is the source of excess. Is the win32/ directory now a part of the tarball, or is this unintentional? I thought you would have heard back by now, so I didn't respond, but in comparing it with the 0.97.8 tarball I see 0.98 also has a win32/ directory, but it did not contain the win32/clamav-for-windows/ directory which runs over 70M. -Al- Thanks Al. I wouldn't expect this to be in the tarball, but maybe so. Can anyone say whether or not the win32 stuff should be in there? Seems like a waste to me distributing everything to everybody. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] make install with no data files
On 09/30/2013 11:43 AM, Eric Shubert wrote: The data files were omitted from the source tarball beginning with version 0.97.5. I thought that made sense. Now with 0.98 they appear to be back. Is there any easy/preferred way to make install (or configure) without having the data files included? I'm packaging clamav-toaster, and am obtaining the data files in the %post processing, and I don't want them encumbering the rpm. I poked around the makefiles a bit, but I'm not very familiar with them. I'm thinking that a make install-nodata or some such would be nice. Thanks. Thanks to both David and Bryan for their excellent suggestions. Unfortunately, I made some bad presumptions (once again - DOH!) which led me to believe that the data files were the cause of my source RPM ballooning. After successfully omitting the database/ from the build, I still ended up with a 36M srpm file, while the binary rpm was 13M. Upon closer inspection, it appears that the clamav-devel/win32/ directory is the source of excess. Is the win32/ directory now a part of the tarball, or is this unintentional? Thanks. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
[clamav-users] make install with no data files
The data files were omitted from the source tarball beginning with version 0.97.5. I thought that made sense. Now with 0.98 they appear to be back. Is there any easy/preferred way to make install (or configure) without having the data files included? I'm packaging clamav-toaster, and am obtaining the data files in the %post processing, and I don't want them encumbering the rpm. I poked around the makefiles a bit, but I'm not very familiar with them. I'm thinking that a make install-nodata or some such would be nice. Thanks. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
Re: [clamav-users] Can't update Clamav on RHEL 5
On 06/23/2012 09:54 AM, Frank Chan wrote: On 22-06-2012 19:31, Al Varnell wrote: On 6/22/12 7:00 PM, Frank Chan fc...@molsci.org wrote: On 22-06-2012 09:21, Kris Deugau wrote: Bruno Barosa wrote: Hi, can anyone help? Running on Centos 5.x (various versions from 5.4 to 5.8) 64bit. Epel installed, RPMForge unninstalled, and prefer to keep it this way. [root@myserver ~]# yum update clamav ... No Packages marked for Update Your choices are: 1) Wait for EPEL to update their ClamAV package 2) Install directly from source 3) Rebuild the package with the update yourself. I use RPMForge myself, and they haven't updated to .5 either. I'm not aware of any earthshaking bugs in .4, so I'm content to let it sit until an updated package comes out. -kgd ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml I tried to upgrade from clamav 0.97.4 to 0.97.5 from source and I still see that it 0.97.4 for some strange reason. I tried to remove the clamav 0.97.4 by using make uninstall in the clamav-0.97.4 directory then did a make install in clamav-0.97.5 and it still shows clamav 0.97.4. Here are the results from freshclam -v: Current working dir is /var/lib/clamav Max retries == 5 ClamAV update process started at Fri Jun 22 18:52:06 2012 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 900 Software version from DNS: 0.97.5 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.97.4 Recommended version: 0.97.5 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd version from DNS: 54 main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) daily.cvd version from DNS: 15071 daily.cld is up to date (version: 15071, sigs: 219224, f-level: 63, builder: ccordes) bytecode.cvd version from DNS: 185 bytecode.cld is up to date (version: 185, sigs: 39, f-level: 63, builder: neo) SubmitDetectionStats: Not enough recent data for submission Here is the clamscan -h: Clam AntiVirus Scanner 0.97.4 By The ClamAV Team: http://www.clamav.net/team (C) 2007-2009 Sourcefire, Inc. I'm running RHEL 5.1 with the current kernel update and here is the uname -a: Linux s1.molsci.org 2.6.18-308.8.2.el5xen #1 SMP Tue May 29 12:36:24 EDT 2012 i686 i686 i386 GNU/Linux I never had a problem compile and installing or updating clamav to the new version. I had no problems compile and upgrading from source to older Linux and Apple Mac OS X systems. Also I noticed wiki.clamav.net is down or I can't connect to it so I can read any upgrade instructions. Any ideas why clamav 0.97.5 doesn't upgrade on RHEL 5.1? For a couple of days after 0.97.5 was known to exist, it was not actually posted to the web page. Even after the hyperlink title was changed, the older version was still what downloaded. Double check to make certain what you downloaded was clamav-0.97.5.tar.gz. -Al- I've double checked that it is clamav-0.97.5.tar.gz with the new VRT signature and not the Tomaz signature. I also checked it I was compiling from the clamav-0.97.5 directory and check it was compiling correctly. I've been using clamav since 2004 so I've been doing the same thing for awhile several systems including this RHEL 5.1 that I have been running since 2008 and updated by Red Hat weekly. Again I used the same clamav-0.97.5.tar.gz file for my MacBookPro and other older Linux systems no problem. This first time I ever seen this on RHEL 5.1. Frank ___ I can't say for sure what the story is with RHEL5.1. I do know though that 0.97.5 has no (or empty) database files, which broke the rpmbuild for the clamav-toaster build (which I maintain). I'm waiting for the developers to sort that out. Apparently they're using a new build process, and might be considering packaging the database separately (which makes a lot of sense if you ask me). -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Help to download ClamAV 0.97.5
On 06/15/2012 07:39 AM, Matt Olney wrote: On Fri, Jun 15, 2012 at 9:46 AM, Brian Morrisonb...@fenrir.org.uk wrote: On Fri, 15 Jun 2012 09:13:30 -0400 Matt Olneymol...@sourcefire.com wrote: We're having some trouble with our freshmeat account. You can download the latest here, until we get it fixed up: https://sourceforge.net/projects/clamav/files/ The download is 14MB odd, previous version have been 48MB and when I run my rpm build script it tells me that the main and daily cvd files are missing. -- Brian Morrison ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml Brian, It looks like our new build system doesn't bundle the .cvds. More accurately it ships 0-length main and daily cvds. For now you can, of course, run freshclam to pickup the signature files. We'll revisit the desired behavior (with or without cvds) and adjust our build process accordingly. Since you brought it up, do you have a preference or use-case that supports one behavior or the other? Matt ___ I too am not the OP, but would like to chime in. I maintain the qmail-toaster family of packages, of which clamav-toaster is one. I think Brian hit the nail on the head, that it's only a problem from a packaging point of view. I also like that he splits the database out into a separate package. This makes a lot of sense, and I'm going to look into changing the way that the clamav-toaster package (rpm) handles this. Thanks for the idea, Brian. Redistributing the database (2/3 of the size of the download) makes no sense when doing an upgrade, which is by far the majority of the cases. Doing so is a total waste of bandwidth. At the same time, new installs need to have these files one way or another, and can be obtained efficiently either as a separate clamav-db package as Brian does, or perhaps by running freshclam as a post-install process. In any case, I think this is a decision best left to the packager. The crux of the matter in my mind is that when the upstream packaging changes, it tends to break things downstream. I honestly don't care if the database comes in a separate tarball or not, as I'll write a spec file accordingly. The bottom line to me is that things such as this shouldn't change w/out letting people downstream know about it. Of course accidents do happen, but the size of the file alone would seem to be an indicator that something's not quite right. I also understand that when build processes change, things like this may happen. I just hope 0.97.5 wasn't released with someone knowing that the database files were empty. That to me is negligent. I agree with Jim as well that I don't see a reason to change. If there's a reason to change that we're not aware of, simply let us know *ahead of time* so that we can make changes accordingly. Thanks for your consideration, and your work on clamav. -- -Eric 'shubes' ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml