[clamav-users] Help with debugging clam that is crashing
merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22Swift\sCopy\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22Shipping\sdocuments\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22ORDER\#19[\d]{2}\.UUE\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22Re\sCv\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x226388649\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22NEW\sOFFER_16032017\-Korangi\sKarachi\.7z\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22shipping\sinfo\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22FAVR01\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22Doc\s8372\-Outsanding\sDue\sA\sMarine\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22SC\sDraft\.\sPS\-Quotation\s2017\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22Payment_Advise\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22TTUSD\-04192017\.rar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22payment\sadvice\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22Offer\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22New\sOrder\s23098\s&\sCatalogue\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22AWB\sRef[\d]{11}\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22TT\-EUR[0-9]{5},[0-9]{2}\.jar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22RFQ\-17[\d]{4}\.xz\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22Quotation8385303214\.rar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex /filename[\s\t]*=[\s\t]*\x22AcroRd32.exe\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22DHL[\d]{2,6}\-2017[A-Z]{1,2}\.rar\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22REQUISITIONS[0-9]{6}[\W_][0-9]{8}[\W_][0-9]{2,4}pdf\.arj\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22Payment[\W_]Invoice[\W_][\d]{6,8}\.ARJ\x22/
Jun 19 05:08:30 merzariotz clamd[6994]: LibClamAV debug: cli_pcre_scanbuf:
checking 0; running regex
/filename[\s\t]*=[\s\t]*\x22[A-Z]{2,4}\.[A-Z]{1,3}[0-9]{3,5}\-[0-9]{3,5}\-[0-9]{1,3}\.jar\x22/
These are just a part of them, there are actually more. I also have the tmp
directory which I have set to /clamptmp which is full of .tmp files.
Seeking assistance.
Thanks to all.
Fabrizio Mazzoni - ICT Consultant
+255 755 46 88 26 <tel:+255 755 46 88> mazzofab.tz
<skype:mazzofab.tz?call> www.fsm.co.tz <https://fsm.co.tz/>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav daemon quitting unexpectedly
Hi Added the debug option I have noticed that when the daemon stops these lines appear in the syslog: Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc54f0 of 448 bytes at 0x7f5279bff170 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc54f0_wrap of 15 bytes at 0x7f5279bff340 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc55f0 of 1088 bytes at 0x7f5279bff360 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc55f1 of 244 bytes at 0x7f5279bff7b0 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc55f0_wrap of 15 bytes at 0x7f5279bff8b0 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc56f0 of 331 bytes at 0x7f5279bff8d0 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc56f0_wrap of 15 bytes at 0x7f5279bffa30 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc57f0 of 180 bytes at 0x7f5279bffa50 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc57f0_wrap of 15 bytes at 0x7f5279bffb10 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc58f0 of 1441 bytes at 0x7f5279bffb30 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc58f0_wrap of 15 bytes at 0x7f5279c000e0 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc59f0 of 432 bytes at 0x7f5279c00100 Jun 15 10:51:39 merzariotz clamd[17048]: LibClamAV debug: [Bytecode JIT]: emitted function bc59f0_wrap of 15 bytes at 0x7f5279c002c0 Thanks Fabrizio Mazzoni - ICT Consultant +255 755 46 88 26 <tel:+255 755 46 88> mazzofab.tz <skype:mazzofab.tz?call> www.fsm.co.tz <https://fsm.co.tz/> > On 14 Jun 2017, at 18:43, Fabrizio Mazzoni <fabri...@fsm.co.tz> wrote: > > Thanks. I'll give it a go. > > I have added swap space today and this seems to have sorted the issue. Could > this be the cause? > > > > Fabrizio Mazzoni. IT/Database/Programmer Consultant. > +255 755 46 88 26 > www.fsm.co.tz > >> On 14 Jun 2017, at 18:36, Steven Morgan <smor...@sourcefire.com> wrote: >> >> Hi, >> >> Try adding "Debug true" to clamd.conf. It may provide some insight into >> what is going on. >> >> Steve >> >> >> On Wed, Jun 14, 2017 at 2:08 AM, Fabrizio Mazzoni <fabri...@fsm.co.tz> >> wrote: >> >>> Good Morning too all! >>> >>> I’m having an issue whereas clamp is quitting unexpectedly and I have no >>> clue what is causing this. There is not trace in the logs. >>> >>> I had thought it was due to space issues in /tmp as my tmp is only 500MB >>> and it was full of clam files. >>> >>> >>> >>> I changed the clams.conf to read: >>> >>> TemporaryDirectory /clamtmp >>> >>> And created the directory with permissions 1777 >>> >>> but that does not seem to solve the problem. >>> >>> Any help appreciated! >>> >>> >>> Fabrizio Mazzoni - ICT Consultant >>> +255 755 46 88 26 <tel:+255 755 46 88> mazzofab.tz >>> <skype:mazzofab.tz?call> www.fsm.co.tz < >>> https://fsm.co.tz/> >>> >>> ___ >>> clamav-users mailing list >>> clamav-users@lists.clamav.net >>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clamav daemon quitting unexpectedly
Thanks. I'll give it a go. I have added swap space today and this seems to have sorted the issue. Could this be the cause? Fabrizio Mazzoni. IT/Database/Programmer Consultant. +255 755 46 88 26 www.fsm.co.tz > On 14 Jun 2017, at 18:36, Steven Morgan <smor...@sourcefire.com> wrote: > > Hi, > > Try adding "Debug true" to clamd.conf. It may provide some insight into > what is going on. > > Steve > > > On Wed, Jun 14, 2017 at 2:08 AM, Fabrizio Mazzoni <fabri...@fsm.co.tz> > wrote: > >> Good Morning too all! >> >> I’m having an issue whereas clamp is quitting unexpectedly and I have no >> clue what is causing this. There is not trace in the logs. >> >> I had thought it was due to space issues in /tmp as my tmp is only 500MB >> and it was full of clam files. >> >> >> >> I changed the clams.conf to read: >> >> TemporaryDirectory /clamtmp >> >> And created the directory with permissions 1777 >> >> but that does not seem to solve the problem. >> >> Any help appreciated! >> >> >> Fabrizio Mazzoni - ICT Consultant >> +255 755 46 88 26 <tel:+255 755 46 88> mazzofab.tz >> <skype:mazzofab.tz?call> www.fsm.co.tz < >> https://fsm.co.tz/> >> >> ___ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clamav daemon quitting unexpectedly
Good Morning too all! I’m having an issue whereas clamp is quitting unexpectedly and I have no clue what is causing this. There is not trace in the logs. I had thought it was due to space issues in /tmp as my tmp is only 500MB and it was full of clam files. I changed the clams.conf to read: TemporaryDirectory /clamtmp And created the directory with permissions 1777 but that does not seem to solve the problem. Any help appreciated! Fabrizio Mazzoni - ICT Consultant +255 755 46 88 26 <tel:+255 755 46 88> mazzofab.tz <skype:mazzofab.tz?call> www.fsm.co.tz <https://fsm.co.tz/> ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
