Re: [clamav-users] Squid + ClamAV

2020-04-06 Thread Reio Remma via clamav-users 

On 06/04/2020 15:53, Andrea Venturoli via clamav-users wrote:

On 2020-04-02 08:14, Andrea Venturoli wrote:


P.S.
I'm investigatint your other message about the reload patch.


Patch is working.
However almost nothing has changed: from the logs I see DB reloads 
twice/three times per day... hard to hit if you try :) and in the 
meanwhile I still see slowness (which comes from something else, then). 


From my experience sometimes database check and reload is triggered 
when a scan is initiated. I started noticing it when I reverted back 
from the threaded reload patch.


Good luck
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Heuristics.Limits.Exceeded FOUND

2020-04-03 Thread Reio Remma via clamav-users 

On 04.04.2020 00:17, Kris Deugau wrote:

Arjen de Korte via clamav-users wrote:

Citeren Paul Kosinski via clamav-users :



However, applying clamscan to this file (which was slightly renamed by
my download script to be more readable) results in the following 
output:


clamscan --alert-exceeds-max=yes --max-scantime=999 
--max-scansize=4090M --max-filesize=4090M --max-files=3 
--max-recursion=30 --pcre-match-limit=9 
--pcre-max-filesize=9    firefox-68.6.1-esr-64.tar.bz2




Before writing this whole rant, you have not considered checking 
which of the options might have triggered this? You've reduced the 
--max-scantime from the default 120 seconds to under 1 second and 
still wonder why this breaks? Really?


That option seems to be missing from the man page entirely:

$ dpkg -l clamav
ii  clamav 0.102.1+dfsg-0+deb10u2  amd64 [...]
$ zgrep scantime /usr/share/man/man1/clamscan.1.gz
$


and does not specify units in the --help text:

$ clamscan --help
[...]
    --max-scantime=#n    Scan time longer than this 
will be skipped and assumed clean

[...]

Absent any documentation, I would reasonably assume this to be in 
seconds, not milliseconds.


I have no idea if you're wrong about this being the cause, but without 
diving into the source, Paul's use of that option looks entirely 
reasonable to me.


-kgd


https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html

It is indeed a rather obscure option and missing from man pages.

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Cannot install Clam AV on Ubuntu 16.04

2020-03-26 Thread Reio Remma via clamav-users 
Hello!

Whilst I haven’t used Ubuntu myself, you might want to check (pun intended) if 
check-dev package exists.

IIRC -devel extension is specific to CentOS/RHEL.

Good luck,
Reio

> On 27. Mar 2020, at 00:50, Cheney, James via clamav-users 
>  wrote:
> 
> 
> Good afternoon,
>  
> We have been successfully installing Clam AV on Centos instances in our 
> environment.
>  
> We ran into a problem when we try to install on Ubuntu. We are using these 
> instructions and are able to get developer tools and library dependencies 
> installed. When I try to install the unit testing dependencies, I get the 
> following error
>  
> sudo: unable to resolve host : Connection timed out
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> E: Unable to locate package check-devel
>  
> When I run ./configure –enable-check or sudo ./configure –enable-check after 
> downloading and unzipping the Clam AV files I get this error
>  
> ERROR!  Check was configured, but not found.  Get it from http://check.sf.net/
>  
> Then we run sudo apt-get install check and get this error
>  
> sudo: unable to resolve host : Connection timed out
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> check is already the newest version (0.10.0-3).
> 0 upgraded, 0 newly installed, 0 to remove and 114 not upgraded.
>  
> When I run sudo apt-get install check-devel I get this error
>  
> sudo: unable to resolve host : Connection timed out
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> E: Unable to locate package check-devel
>  
> We were able to resolve the “sudo: unable to resolve host : 
> Connection timed out” error by adding the line 127.0.0.1  in the 
> /etc/hosts file
>  
> Do you have any suggestions for us for troubleshooting?
>  
> Thank you,
>  
> James Cheney
>  
> Solutions Analyst | Core Business Operations
> Deloitte Consulting LLP
> 310 E. Rivulon Blvd, Gilbert, AZ 85297
> Tel/Direct: +1 480 770 7404
> jache...@deloitte.com | www.deloitte.com
>  
>  
> 
> 
> 
> 
> 
> This message (including any attachments) contains confidential information 
> intended for a specific individual and purpose, and is protected by law. If 
> you are not the intended recipient, you should delete this message and any 
> disclosure, copying, or distribution of this message, or the taking of any 
> action based on it, by you is strictly prohibited.
> 
> Deloitte refers to a Deloitte member firm, one of its related entities, or 
> Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a 
> separate legal entity and a member of DTTL. DTTL does not provide services to 
> clients. Please see www.deloitte.com/about to learn more.
> 
> v.E.1
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

2020-02-18 Thread Reio Remma via clamav-users 

On 18.02.2020 19:28, Ralph Seichter via clamav-users wrote:

* Reio Remma via clamav-users:


RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded
from running the script.

I don't actually know if Python 3.6 would work, not having any machine
with this old version available.

Python version 3.7 was released in June 2018, and version 3.8 in October
2019. Are you certain the Linux distributions you mentioned have no way
of installing Python 3.7 ?


That's the trouble with RHEL/CentOS - they stick with the major software 
versions they initially come with for the lifetime of their distribution 
version.


Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Fangfrisch: Secure antivirus signature updates for ClamAV

2020-02-18 Thread Reio Remma via clamav-users 

On 18.02.2020 17:24, Ralph Seichter via clamav-users wrote:

After the recent discussion of various security risks posed by the
clamav-unofficial-sigs script, I have written "Fangfrisch" as a secure
and convenient replacement. It was meant for personal use at first, but
it works so well for me that I have taken the time to write a full
documentation, in the hope that others might also find Fangfrisch
useful. Documentation is available here:

   https://rseichter.github.io/fangfrisch/

The Python code has 100% test coverage and works reliably on my own
servers, so I am confident that it has reached the necessary maturity
for a public beta test.

If you wish to give Fangfrisch a spin, check out the link above for
detailed instructions on setup and usage. I'd be grateful for your
feedback.

-Ralph


Hello!

Is Python 3.7 a hard requirement?

RHEL/CentOS 8 are on version 3.6 of Python and they would be excluded 
from running the script.


Thanks!
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2020-02-11 Thread Reio Remma via clamav-users 

On 31/10/2019 12:04, Reio Remma wrote:

On 28/10/2019 12:55, Reio Remma via clamav-users wrote:

On 14/09/2019 17:34, G.W. Haywood via clamav-users wrote:

Hi Micah,

On Fri, 13 Sep 2019, Micah Snyder (micasnyd) wrote:


I'm sorry, Ged...


Apology accepted. :)

I'm now running the development (0.102) version of clamd, patched with
Mr. Wu's patch, alongside two version 101.4 clamd daemons (an unpatched
one, and one with the patch that I posted on Bugzilla).

The milter scans all mail with all three daemons.  On the arrival of a
message, if the database is not already being reloaded I start a fresh
reload before the scan so that, for all scans, a reload always executes
concurrently.  Nothing seems to have broken, and so far there's nothing
terribly interesting to report other than the strange failure to detect
which I sent to Joel early this week (and which I'm sure has nothing to
do with these patches). 


I've been running a patched 101.4 for a few weeks now and 
unfortunately I'm observing a memory leak from the multithreaded 
database reloads.


I'm observing clamd memory usage going up when the new database loads 
and then eventually dropping down to 1.3G again. For some reason 
"eventually" means the memory usage drops down only after clamd 
processes the next e-mail.


The problem however shows itself if clamd happens to reload its 
database 2 times if a row with no mail processed in between. 
Seemingly it will have 3 databases in memory then and the next mail 
being processed releases one of them, but the extra database will 
remain "somewhere".


All sorts of weird problems always keep popping up on due to low 
traffic on the server. :) 


Fortunately 0.102.0 with the patch from ClamAV team doesn't have that 
issue and seems to release the extra memory right away.


Happily running 0.102.0 now. 


Has anyone got the threaded reload patch working with 0.102.2?

When rebuilding my RPM with 0.102.2, I get the following error when the 
patch is being applied:


+ echo 'Patch #0 (clamd-threaded-reloading.patch):'
Patch #0 (clamd-threaded-reloading.patch):
+ /usr/bin/cat ~/rpmbuild/SOURCES/clamd-threaded-reloading.patch
+ /usr/bin/patch -p1 -b --suffix .threaded_reloading --fuzz=0
patching file clamd/clamd.c
Reversed (or previously applied) patch detected!  Assume -R? [n]

Thanks,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Download timeout/retry issue

2020-02-09 Thread Reio Remma via clamav-users 

On 10/02/2020 09:24, Jim Householder wrote:
Last month I had a problem with freshclam.  It would timeout 
downloading its files and retry.  Continuously.  It wiped out my 
monthly data quota.


I fixed the problem by changing the timeout from 30 to 0 in 
freshclam.conf.


Last night's update replaced freshclam.conf with a new copy, changing 
the timeout back to 30.


Between 8pm last night and 10am today my data quota was exhausted 
again.  I'm now limited to 12KBS til the end of the month.


My satellite Internet connection is good for 12Mbs, which limits my 
download speed to about 1.2MBS.  Thus the 60+MB file that freshclam 
wants can never be acquired in 30 seconds.


The default timeout needs to be at least 120 seconds to allow for slow 
speeds.


Not happy


I just read from the latest 0.102.2 update notes posted to the list last 
week that:


• Changed the default freshclam ReceiveTimeout setting to 0 (infinite). 
The ReceiveTimeout had caused needless database update failures for 
users with slower internet connections.


Good luck,
Reio


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-unofficial-sigs download script updated

2020-01-31 Thread Reio Remma via clamav-users 

On 31/01/2020 16:54, Vladislav Kurz via clamav-users wrote:

On 31/01/2020 15:06, Michael Orlitzky via clamav-users wrote:

On 1/31/20 2:47 AM, Steve Basford wrote:

Hi All,

eXtremeSHOK.com's clamav-unofficial-sigs download script has been
updated:

https://github.com/extremeshok/clamav-unofficial-sigs

Change Log

Version 7.0.1 (Updated 25 January 2020)


Beware, as of a few versions ago this script is filled with a million
unsafe uses of chown and chmod, running as root. The script should never
be using chown/chmod in the first place, so all of these are wrong,

   $ grep 'chown\|chmod' clamav-unofficial-sigs.sh | wc -l
   40

and many of them are exploitable if the clamav user swaps out one of the
targets for a symlink pointing to e.g. /etc/passwd. And since the script
runs on a predictable schedule, you have all the time in the world to do
that.

True. This script should never be run as root, but as clamav user. Thus
chown would not be needed at all. Just as freshclam is run as clamav
user too.


The way it's set up is that it needs to be ran as root once to have it 
set itself up. From cron it runs as clamav user.


Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Installation from source

2020-01-11 Thread Reio Remma via clamav-users 

> On 11. Jan 2020, at 02:00, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
>> On Fri, 10 Jan 2020, Sébastien Gaudemer via clamav-users wrote:
>> 
>> For beginning I wish you the best for that new year.
> 
> Likewise. :)
> 
>> The reason for this message is a difficulty to replace Clamav
>> Package installation on Debian 9.11 with dovecot.
> 
> Looking at your subject line, I wonder do you mean that you want to
> replace the Debian package version of ClamAV with a version of ClamAV
> compiled from source?  This is not perfectly straightforward, but the
> safest way to do it is first to use APT to remove _and_ purge all the
> Debian ClamAV packages.  There are several packages to be removed.
> 
> In any case you should probably consider moving to Debian 10 soon.
> 
>> The installation seems ok but every email subject is now complemented with 
>> ***UNCHECKED***
> 
> The word UNCHECKED does not appear to be present in the ClamAV sources:
> 
> laptop3:/opt/ged/src/net/mail/clamav-0.102.1$ >>> grep -r UNCHECKED
> laptop3:/opt/ged/src/net/mail/clamav-0.102.1$ >>>
> 
> Perhaps something else is adding this message?

It looks suspiciously like the message I recall amavisd adding when its AV 
check fails.

Good luck.,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem with clamav upgrade

2019-12-11 Thread Reio Remma via clamav-users 


> On 11. Dec 2019, at 21:16, G.W. Haywood via clamav-users 
>  wrote:
> 
> Hi there,
> 
>> On Wed, 11 Dec 2019, ratatouille via clamav-users wrote:
>> "G.W. Haywood via clamav-users"  schrieb am 
>> 11.12.19 um 15:23:43 Uhr:
>> 
>>> Did you not just tell me in another thread (failed to write to") that
>>> you compiled ClamAV from source?  In that case, why would you want to
>>> allow 'yum update' to install an older version of ClamAV?
>> 
>> That was on another server running an a bit outdated openSUSE-OS.
> 
> Ah, I see.  In that case...
> 
>> # Path to a local socket file the daemon will listen on.
>> LocalSocket /var/run/clamd.amavisd/clamd.sock
> 
> ...why not change this to listen instead on a TCP socket, and use the
> single (and up to date) clamd instance on your OpenSUSE server to scan
> for your other servers?  Of course depending on how many there are you
> might need more than one machine running a clamd process, but normally
> you won't need a clamd running on every machine.
> 
> Be aware that when clamd listens to a TCP socket, it provides no way
> to prevent connections to the socket from devices which you might not
> want to connect to it.  You have to do that stuff yourself.

Unfortunately amavisd only supports scanning via socket.



___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem with clamav upgrade

2019-12-11 Thread Reio Remma via clamav-users 

On 11.12.2019 17:45, ratatouille via clamav-users wrote:

My understanding is amavisd is looking for clamd.sock
  ['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"],
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ]

# systemctl list-unit-files | grep clam
clamd@.servicedisabled

# systemctl start clamd@.service
Failed to start clamd@.service: Unit name clamd@.service is missing the 
instance name.
See system logs and 'systemctl status clamd@.service' for details.



try 'clamd@amavisd' service

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem with clamav upgrade

2019-12-11 Thread Reio Remma via clamav-users 

On 11/12/2019 17:24, ratatouille via clamav-users wrote:

Matus UHLAR - fantomas  schrieb am 11.12.19 um 16:02:59 Uhr:


On a centos7 I did a yum update today and new version of clamav
was installed.

ps aux |grep clam
amavis6683  0.0 20.9 1016312 814072 ?  Ssl  15:14   0:00 
/usr/sbin/clamd -c /etc/clamd.d/amavisd.conf

# freshclam
Wed Dec 11 15:52:45 2019 -> ClamAV update process started at Wed Dec 11 
15:52:45 2019
Wed Dec 11 15:52:45 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Dec 11 15:52:45 2019 -> ^Local version: 0.101.5 Recommended version: 0.102.1
Wed Dec 11 15:52:45 2019 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Wed Dec 11 15:52:45 2019 -> main.cld is up to date (version: 59, sigs: 4564902, 
f-level: 60, builder: sigmgr)
Wed Dec 11 15:52:45 2019 -> daily.cld is up to date (version: 25660, sigs: 
2043646, f-level: 63, builder: raynman)
Wed Dec 11 15:52:45 2019 -> bytecode.cld is up to date (version: 331, sigs: 94, 
f-level: 63, builder: anvilleg)

This happens after a reboot after having tried to get it working without reboot,

What is going wrong here? Should clamd be running after amavis is started?

nothing it wrong here. Just CentOS 7 does not have the newest clamav version
installed. It's not always easy to install newest software on system that is
5 years old and supposed to be supported for another 5 years...

Ok, thank you!

One more question. If amavis starts clamd (does it?), shouldn't I see a 
clamd-process
when I grep for it beside of amavis ?


From your post:

amavis6683  0.0 20.9 1016312 814072 ?  Ssl  15:14   0:00 
/usr/sbin/clamd -c /etc/clamd.d/amavisd.conf

That is the very clamd started on your system.

See 'systemctl status clamd@amavisd' (iirc). Or clamd@amavis. I stopped using 
amavisd a while ago so not 100% sure any more. :)

If you're using Amavisd, then amavisd supplies its own config file to clamd - 
what you can see in the ps output you posted.

Good luck,
Reio


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] problem with clamav upgrade

2019-12-11 Thread Reio Remma via clamav-users 

On 11/12/2019 16:57, ratatouille via clamav-users wrote:

Hello!

On a centos7 I did a yum update today and new version of clamav
was installed.

ps aux |grep clam
amavis6683  0.0 20.9 1016312 814072 ?  Ssl  15:14   0:00 
/usr/sbin/clamd -c /etc/clamd.d/amavisd.conf

# freshclam
Wed Dec 11 15:52:45 2019 -> ClamAV update process started at Wed Dec 11 
15:52:45 2019
Wed Dec 11 15:52:45 2019 -> ^Your ClamAV installation is OUTDATED!
Wed Dec 11 15:52:45 2019 -> ^Local version: 0.101.5 Recommended version: 0.102.1
Wed Dec 11 15:52:45 2019 -> DON'T PANIC! Read 
https://www.clamav.net/documents/upgrading-clamav
Wed Dec 11 15:52:45 2019 -> main.cld is up to date (version: 59, sigs: 4564902, 
f-level: 60, builder: sigmgr)
Wed Dec 11 15:52:45 2019 -> daily.cld is up to date (version: 25660, sigs: 
2043646, f-level: 63, builder: raynman)
Wed Dec 11 15:52:45 2019 -> bytecode.cld is up to date (version: 331, sigs: 94, 
f-level: 63, builder: anvilleg)

This happens after a reboot after having tried to get it working without reboot,

What is going wrong here? Should clamd be running after amavis is started?




If you mean "Your ClamAV installation is OUTDATED!", then 0.101 is the 
max version CentOS 7 supports out of the box.


They don't do major version upgrades during their product lifetimes.

Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Continuous increase of startup time (is daily.cld broken?)

2019-11-26 Thread Reio Remma via clamav-users 

On 26.11.2019 20:12, Micah Snyder (micasnyd) via clamav-users wrote:

In addition to the improvements in 0.101.5, 0.102.1, we shipped an update to main 
& daily yesterday and this morning that reduced load time by removing ignored 
signatures (signatures in main that we wished to drop, and thus ignored in 
daily.ign2/daily.ign).

On my laptop, I observed

0.102.0, databases about 1 week old:
Time: 72.238 sec

0.102.1, databases about 1 day old:
Time: 35.780 sec

0.102.1, databases up to date:
Time: 18.174 sec

Happy scanning!
-Micah


Very nice indeed! We're down to 17-18 seconds as well now with fully 
updated  1.3M signatures.


Thanks and good luck!
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-0.102.1 error

2019-11-21 Thread Reio Remma via clamav-users 


> On 21. Nov 2019, at 22:00, Micah Snyder (micasnyd) via clamav-users 
>  We do see occasional check timeout failures in our build system but haven't 
> seen any real failures with make check otherwise.

I’m getting intermittent test failures on CentOS 7 as well. Very annoying 
having to chance the tests when rebuilding an RPM.

Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Problem running virus scanner: code=999, category=cannot-execute, action=tempfail

2019-11-13 Thread Reio Remma via clamav-users 

On 13/11/2019 12:19, Andrew Watkins via clamav-users wrote:

Hello,

I get the following error a few times a day for a while, so I thought 
I would look into it.


I am using mimedefang to send mail to clamd and it works fine, but at 
random point of the day I get the error:


mimedefang.pl[26234]:  xAD8PbeZ009878: Timeout reading from clamd 
daemon at /var/spool/MIMEDefang/clamd.sock
mimedefang.pl[26234]:  xAD8PbeZ009878: Problem running virus scanner: 
code=999, category=cannot-execute,


The problem is clamd has not being sent any other mails so don't see 
it is a queuing problem.


For example I added a debug in mimedefang when it sends data to clamd:

mail 1) Nov 13 08:19:10 mimedefang send data to clamd
mail 1) Nov 13 08:19:11 mimedefang receives an answer
mail 2) Nov 13 08:25:38 mimedefang send data to clamd
mail 2) Nov 13 08:26:38 Timeout reading from clamd daemon at 
/var/spool/MIMEDefang/clamd.sock YES! 60 seconds

mail 2) Nov 13 08:26:38 mimedefang tries again
mail 2) Nov 13 08:26:38 mimedefang gets error: Problem running virus 
scanner: code=999, category=cannot-execute, action=tempfail

mail 3) Nov 13 08:28:21 works again

So, my question is there any tracing I can put in place so that I can 
see what clamd is doing at this time. I looked at clamdtop but that 
show live information so no good. At this time the email it breaks on 
is randon and small. 


Check if it's coinciding with clamd reloading its databases. Clamd 
currently doesn't scan when reloading databases.


Look for:

Nov 13 11:37:04 clamd clamd[15795]: SelfCheck: Database modification 
detected. Forcing reload.

Nov 13 11:37:04 clamd clamd[15795]: Reading databases from /var/lib/clamav
Nov 13 11:37:56 clamd clamd[15795]: Database correctly reloaded 
(13057843 signatures)


Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamav-start problem under CentOS-7.7

2019-11-09 Thread Reio Remma via clamav-users 
It’s loading databases. Check the list archives from the last few months for 
several threads with solutions.

Good luck,
Reio

> On 9. Nov 2019, at 09:50, Klaus Tachtler via clamav-users 
>  wrote:
> 
> Hi,
> 
> I have a problem while starting clamav.
> 
> The start time is **2 Min. 34 sec.** and it seems that the time was waste on 
> or after the step
> --> Bytecode: Security mode set to "TrustSigned".
> 
> Please can someone tell me what I'm doing wrong.
> 
> Which information are required to help me?
> 
> - %< -
> 
> # time systemctl restart clamd.e2guardian.service
> 
> real2m34.902s
> user0m0.030s
> sys0m0.026s
> 
> /var/log/clamav.log
> 
> Nov  9 08:37:21 vml70050 clamd[10761]: clamd daemon 0.101.4 (OS: linux-gnu, 
> ARCH: x86_64, CPU: x86_64)
> Nov  9 08:37:21 vml70050 clamd[10761]: Running as user e2guardian (UID 399, 
> GID 399)
> Nov  9 08:37:21 vml70050 clamd[10761]: Log file size limited to 1048576 bytes.
> Nov  9 08:37:21 vml70050 clamd[10761]: Reading databases from /var/lib/clamav
> Nov  9 08:37:21 vml70050 clamd[10761]: Not loading PUA signatures.
> Nov  9 08:37:21 vml70050 clamd[10761]: Bytecode: Security mode set to 
> "TrustSigned".
> Nov  9 08:39:50 vml70050 clamd[10761]: Loaded 6533172 signatures.
> Nov  9 08:39:52 vml70050 clamd[10761]: LOCAL: Unix socket file 
> /var/run/e2guardian/clamd.sock
> Nov  9 08:39:52 vml70050 clamd[10761]: LOCAL: Setting connection queue length 
> to 200
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: Global time limit set to 
> 12 milliseconds.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: Global size limit set to 
> 104857600 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: File size limit set to 
> 26214400 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: Recursion level limit set to 
> 16.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: Files limit set to 1.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxEmbeddedPE limit set to 
> 10485760 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxHTMLNormalize limit set to 
> 10485760 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxHTMLNoTags limit set to 
> 2097152 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxScriptNormalize limit set 
> to 5242880 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxZipTypeRcg limit set to 
> 1048576 bytes.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxPartitions limit set to 50.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxIconsPE limit set to 100.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: MaxRecHWP3 limit set to 16.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: PCREMatchLimit limit set to 
> 10.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: PCRERecMatchLimit limit set to 
> 2000.
> Nov  9 08:39:52 vml70050 clamd[11492]: Limits: PCREMaxFileSize limit set to 
> 26214400.
> Nov  9 08:39:52 vml70050 clamd[11492]: Archive support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: AlertExceedsMax heuristic detection 
> disabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: Heuristic alerts enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: Portable Executable support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: ELF support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: Mail files support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: OLE2 support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: PDF support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: SWF support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: HTML support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: XMLDOCS support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: HWP3 support enabled.
> Nov  9 08:39:52 vml70050 clamd[11492]: Self checking every 600 seconds.
> 
> - >% -
> 
> Thank you!
> Klaus.
> 
> -- 
> 
> 
> e-Mail  : kl...@tachtler.net
> Homepage: https://www.tachtler.net
> DokuWiki: https://dokuwiki.tachtler.net
> 
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2019-10-31 Thread Reio Remma via clamav-users 

On 28/10/2019 12:55, Reio Remma via clamav-users wrote:

On 14/09/2019 17:34, G.W. Haywood via clamav-users wrote:

Hi Micah,

On Fri, 13 Sep 2019, Micah Snyder (micasnyd) wrote:


I'm sorry, Ged...


Apology accepted. :)

I'm now running the development (0.102) version of clamd, patched with
Mr. Wu's patch, alongside two version 101.4 clamd daemons (an unpatched
one, and one with the patch that I posted on Bugzilla).

The milter scans all mail with all three daemons.  On the arrival of a
message, if the database is not already being reloaded I start a fresh
reload before the scan so that, for all scans, a reload always executes
concurrently.  Nothing seems to have broken, and so far there's nothing
terribly interesting to report other than the strange failure to detect
which I sent to Joel early this week (and which I'm sure has nothing to
do with these patches). 


I've been running a patched 101.4 for a few weeks now and 
unfortunately I'm observing a memory leak from the multithreaded 
database reloads.


I'm observing clamd memory usage going up when the new database loads 
and then eventually dropping down to 1.3G again. For some reason 
"eventually" means the memory usage drops down only after clamd 
processes the next e-mail.


The problem however shows itself if clamd happens to reload its 
database 2 times if a row with no mail processed in between. Seemingly 
it will have 3 databases in memory then and the next mail being 
processed releases one of them, but the extra database will remain 
"somewhere".


All sorts of weird problems always keep popping up on due to low 
traffic on the server. :) 


Fortunately 0.102.0 with the patch from ClamAV team doesn't have that 
issue and seems to release the extra memory right away.


Happily running 0.102.0 now.

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ClamAV 0.102.0 freshclam errors.

2019-10-31 Thread Reio Remma via clamav-users 

On 31/10/2019 01:08, Reio Remma via clamav-users wrote:

Hello!

I started testing 0.102.0 today, but I'm running into problems with 
freshclam.


Compiled from source on CentOS 8:

$ sudo /usr/local/bin/freshclam
ClamAV update process started at Thu Oct 31 01:04:40 2019
ERROR: Failed to change back to original directory /my/current/dir
double free or corruption (top)
Aborted 


Well, I solved it!

If I cd to /var/lib/clamav where the databases are, it doesn't need to 
chdir back to wherever the working dir was when the script was started.


The bit of code that is failing:

libreshclam.c

    if (currDir[0] != '\0') {
    /* Restore CWD */
    if (chdir(currDir)) {
    logg("!Failed to change back to original directory %s\n", 
currDir);

    status = FC_EDIRECTORY;
    goto done;
    }
    logg("*Current working dir restored to %s\n", currDir);
    }

I suspect it's simply a permissions issue.

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ClamAV 0.102.0 freshclam errors.

2019-10-30 Thread Reio Remma via clamav-users 

Hello!

I started testing 0.102.0 today, but I'm running into problems with 
freshclam.


Compiled from source on CentOS 8:

$ sudo /usr/local/bin/freshclam
ClamAV update process started at Thu Oct 31 01:04:40 2019
ERROR: Failed to change back to original directory /my/current/dir
double free or corruption (top)
Aborted

Compiled from source on CentOS 7:

ERROR: Failed to change back to original directory /my/current/dir
*** Error in `/usr/bin/freshclam': double free or corruption (!prev): 
0x5594c2878d00 ***
=== Backtrace: =
/usr/lib64/libc.so.6(+0x81679)[0x7f5e339e2679]
/usr/lib64/libc.so.6(closedir+0xd)[0x7f5e33a21d8d]
/usr/lib64/libfreshclam.so.2(fc_prune_database_directory+0x1a5)[0x7f5e3463ccb5]
/usr/bin/freshclam(+0x10173)[0x5594c1961173]
/usr/bin/freshclam(+0xb104)[0x5594c195c104]
/usr/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f5e33983505]
/usr/bin/freshclam(+0xba1d)[0x5594c195ca1d]
=== Memory map: 
5594c1951000-5594c196e000 r-xp  00:32 43874  
/usr/bin/freshclam
5594c1b6d000-5594c1b74000 r--p 0001c000 00:32 43874  
/usr/bin/freshclam
5594c1b74000-5594c1b75000 rw-p 00023000 00:32 43874  
/usr/bin/freshclam
5594c1b75000-5594c1b76000 rw-p  00:00 0
5594c2872000-5594c2893000 rw-p  00:00 0  [heap]
7f5e2800-7f5e28021000 rw-p  00:00 0
7f5e28021000-7f5e2c00 ---p  00:00 0
7f5e2e076000-7f5e2e0b1000 r-xp  00:32 43865  
/usr/lib64/libclamunrar.so.9.0.4
7f5e2e0b1000-7f5e2e2b1000 ---p 0003b000 00:32 43865  
/usr/lib64/libclamunrar.so.9.0.4
7f5e2e2b1000-7f5e2e2b2000 r--p 0003b000 00:32 43865  
/usr/lib64/libclamunrar.so.9.0.4
7f5e2e2b2000-7f5e2e2b3000 rw-p 0003c000 00:32 43865  
/usr/lib64/libclamunrar.so.9.0.4
7f5e2e2b3000-7f5e2e2c2000 rw-p  00:00 0
7f5e2e2c2000-7f5e2e2c5000 r-xp  00:32 43867  
/usr/lib64/libclamunrar_iface.so.9.0.4
7f5e2e2c5000-7f5e2e4c4000 ---p 3000 00:32 43867  
/usr/lib64/libclamunrar_iface.so.9.0.4
7f5e2e4c4000-7f5e2e4c5000 r--p 2000 00:32 43867  
/usr/lib64/libclamunrar_iface.so.9.0.4
7f5e2e4c5000-7f5e2e4c6000 rw-p  00:00 0
7f5e2e4c6000-7f5e2e4d2000 r-xp  00:32 10929  
/usr/lib64/libnss_files-2.17.so
7f5e2e4d2000-7f5e2e6d1000 ---p c000 00:32 10929  
/usr/lib64/libnss_files-2.17.so
7f5e2e6d1000-7f5e2e6d2000 r--p b000 00:32 10929  
/usr/lib64/libnss_files-2.17.so
7f5e2e6d2000-7f5e2e6d3000 rw-p c000 00:32 10929  
/usr/lib64/libnss_files-2.17.so
7f5e2e6d3000-7f5e2e6d9000 rw-p  00:00 0
7f5e2e6d9000-7f5e2e6db000 r-xp  00:32 10970  
/usr/lib64/libfreebl3.so
7f5e2e6db000-7f5e2e8da000 ---p 2000 00:32 10970  
/usr/lib64/libfreebl3.so
7f5e2e8da000-7f5e2e8db000 r--p 1000 00:32 10970  
/usr/lib64/libfreebl3.so
7f5e2e8db000-7f5e2e8dc000 rw-p 2000 00:32 10970  
/usr/lib64/libfreebl3.so
7f5e2e8dc000-7f5e2e93c000 r-xp  00:32 10916  
/usr/lib64/libpcre.so.1.2.0
7f5e2e93c000-7f5e2eb3c000 ---p 0006 00:32 10916  
/usr/lib64/libpcre.so.1.2.0
7f5e2eb3c000-7f5e2eb3d000 r--p 0006 00:32 10916  
/usr/lib64/libpcre.so.1.2.0
7f5e2eb3d000-7f5e2eb3e000 rw-p 00061000 00:32 10916  
/usr/lib64/libpcre.so.1.2.0
7f5e2eb3e000-7f5e2eb46000 r-xp  00:32 10981  
/usr/lib64/libcrypt-2.17.so
7f5e2eb46000-7f5e2ed45000 ---p 8000 00:32 10981  
/usr/lib64/libcrypt-2.17.so
7f5e2ed45000-7f5e2ed46000 r--p 7000 00:32 10981  
/usr/lib64/libcrypt-2.17.so
7f5e2ed46000-7f5e2ed47000 rw-p 8000 00:32 10981  
/usr/lib64/libcrypt-2.17.so
7f5e2ed47000-7f5e2ed75000 rw-p  00:00 0
7f5e2ed75000-7f5e2ed99000 r-xp  00:32 10897  
/usr/lib64/libselinux.so.1
7f5e2ed99000-7f5e2ef98000 ---p 00024000 00:32 10897  
/usr/lib64/libselinux.so.1
7f5e2ef98000-7f5e2ef99000 r--p 00023000 00:32 10897  
/usr/lib64/libselinux.so.1
7f5e2ef99000-7f5e2ef9a000 rw-p 00024000 00:32 10897  
/usr/lib64/libselinux.so.1
7f5e2ef9a000-7f5e2ef9c000 rw-p  00:00 0
7f5e2ef9c000-7f5e2efb8000 r-xp  00:32 10898  
/usr/lib64/libsasl2.so.3.0.0
7f5e2efb8000-7f5e2f1b7000 ---p 0001c000 00:32 10898  
/usr/lib64/libsasl2.so.3.0.0
7f5e2f1b7000-7f5e2f1b8000 r--p 0001b000 00:32 10898  
/usr/lib64/libsasl2.so.3.0.0
7f5e2f1b8000-7f5e2f1b9000 rw-p 0001c000 00:32 10898  
/usr/lib64/libsasl2.so.3.0.0
7f5e2f1b9000-7f5e2f1bc000 r-xp  00:32 10951  
/usr/lib64/li

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2019-10-28 Thread Reio Remma via clamav-users 

On 14/09/2019 17:34, G.W. Haywood via clamav-users wrote:

Hi Micah,

On Fri, 13 Sep 2019, Micah Snyder (micasnyd) wrote:


I'm sorry, Ged...


Apology accepted. :)

I'm now running the development (0.102) version of clamd, patched with
Mr. Wu's patch, alongside two version 101.4 clamd daemons (an unpatched
one, and one with the patch that I posted on Bugzilla).

The milter scans all mail with all three daemons.  On the arrival of a
message, if the database is not already being reloaded I start a fresh
reload before the scan so that, for all scans, a reload always executes
concurrently.  Nothing seems to have broken, and so far there's nothing
terribly interesting to report other than the strange failure to detect
which I sent to Joel early this week (and which I'm sure has nothing to
do with these patches). 


I've been running a patched 101.4 for a few weeks now and unfortunately 
I'm observing a memory leak from the multithreaded database reloads.


I'm observing clamd memory usage going up when the new database loads 
and then eventually dropping down to 1.3G again. For some reason 
"eventually" means the memory usage drops down only after clamd 
processes the next e-mail.


The problem however shows itself if clamd happens to reload its database 
2 times if a row with no mail processed in between. Seemingly it will 
have 3 databases in memory then and the next mail being processed 
releases one of them, but the extra database will remain "somewhere".


All sorts of weird problems always keep popping up on due to low traffic 
on the server. :)


Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Continuous increase of startup time (is daily.cld broken?)

2019-10-17 Thread Reio Remma via clamav-users 

On 17.10.2019 19:04, Micah Snyder (micasnyd) via clamav-users wrote:

Vladislav, Ged:

Reloading select databases is not feasible at this time, because signatures are 
loaded into the same structures in memory and that entire thing is recreated on 
reload.

Regarding the threaded reload feature ( ticket: 
https://bugzilla.clamav.net/show_bug.cgi?id=10979 )...

The main reason the "threaded reload" patch is held back at present is 
primarily because the recent work and interest in the patch came at the same time that 
0.102 development was in code freeze while we tested and applied bug fixes for release.  
Reloading in a separate thread means that the memory usage will double (going from 
roughly ~750MB to ~1500MB) during the reload before it frees the original signatures and 
drops back to ~750MB.

We already have many complaints about freshclam and clamd memory usage, and 
this change in behavior could cause trouble for some users, so we want to 
provide an option to reload the traditional way.  That's the second reason why 
the patch isn't been merged for 0.103 yet.  We have to dedicate some time to 
code the ability to reload either way.  It is absolutely on our to-do list.


Great to hear work is ongoing.

I've switched to patched 0.104 just this hour.

I can easily deal with higher memory usage, but loss of service for 1-3 
minutes is much harder to deal with.


Thanks!
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Which .conf entry controls freshclam frequency?

2019-10-15 Thread Reio Remma via clamav-users 

On 15.10.2019 19:00, Brian Fluet via clamav-users wrote:

I'm still hoping for an explanation of what these .conf settings do,
specifically whether associated with updating databases or more along
the lines of integrity checks.

"Perform a database check" in clamd.conf


This one sets the interval at which clamd checks if the actual database 
files have changed on disk and reloads them accordingly.



"Number of database checks per day" in freshclam.conf


This should be the interval at which freshclam tries to download updates.

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] The behavior of clamdscan while running freshclam

2019-10-14 Thread Reio Remma via clamav-users 

On 14/10/2019 11:32, yasuhiro masuda via clamav-users wrote:

Hi,

Thanks for reply
I looked at the mailing list for the last year, but I couldn't confirm 
the same contents.


Have a look at last month. Starting here:

https://lists.clamav.net/pipermail/clamav-users/2019-September/008456.html

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] clamd@scan.service starting but not running

2019-10-13 Thread Reio Remma via clamav-users 

On 13.10.2019 12:55, Ralf Hartings wrote:

Hi,


I had to fire-up a CENTOS 7 backup server as the main CENTOS 7 server 
crashed and I updated the backup server to the latest CENTOS version 
7, incl Clamav 0.101.4.


The log says, the clam service is starting, but never gets to run 
properly. Every systemctl status check I do says, it has restarted...


Any clue, as to what could be wrong? See logs below.


[root@server1 ~]# systemctl start clamd@scan.service

Job for clamd@scan.service failed because a timeout was exceeded. See 
"systemctl status clamd@scan.service" and "journalctl -xe" for details.

[root@server1 ~]# journalctl -xe
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel


Add to /usr/lib/systemd/system/clamd@.service

[Service]
TimeoutSec=600

sudo systemctl daemon-reload
sudo systemctl restart clamd@scan

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2019-09-07 Thread Reio Remma via clamav-users 

On 07.09.2019 22:03, Robert M. Stockmann via clamav-users wrote:

On Fri, 6 Sep 2019, Reio Remma via clamav-users wrote:

I guess many of us are just running too old hardware. :)

Here's a comparison between my mail server and identical config
running in a VM.

Sep  6 09:41:06 mail clamd[31441]: Reading databases from
/var/lib/clamav
Sep  6 09:44:05 mail clamd[31441]: Database correctly reloaded
(10741767 ...

Sep  6 09:56:43 vm clamd[2108]: Reading databases from /var/lib/clamav
Sep  6 09:57:17 vm clamd[2108]: Database correctly reloaded (10742128 ...



Why everyone needs two minutes for this task, independent from which
hardware is used, is a puzzle to me. Anyone who has the clamd .cvd
files loaded on a fast SSD storage ?


My original point was that its heavily CPU bound.

As you can see from the logs I initally posted the speed difference 
between a CPU from 2005 and 2019 is 6 times (3 minutes vs 30 seconds).


Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2019-09-06 Thread Reio Remma via clamav-users 

On 06/09/2019 12:00, Matus UHLAR - fantomas wrote:

On Fri, 6 Sep 2019, Reio Remma via clamav-users wrote:

I guess many of us are just running too old hardware. :)

Here's a comparison between my mail server and identical config
running in a VM.

Sep  6 09:41:06 mail clamd[31441]: Reading databases from 
/var/lib/clamav
Sep  6 09:44:05 mail clamd[31441]: Database correctly reloaded 
(10741767 ...


Sep  6 09:56:43 vm clamd[2108]: Reading databases from /var/lib/clamav
Sep  6 09:57:17 vm clamd[2108]: Database correctly reloaded 
(10742128 ...


Fri Sep  6 08:49:08 2019 -> Reading databases from /var/lib/clamav
Fri Sep  6 08:50:18 2019 -> Database correctly reloaded (8830356 
signatures)

Fri Sep  6 09:48:25 2019 -> Reading databases from /var/lib/clamav
Fri Sep  6 09:49:49 2019 -> Database correctly reloaded (8830677 
signatures)

Fri Sep  6 10:47:36 2019 -> Reading databases from /var/lib/clamav
Fri Sep  6 10:48:53 2019 -> Database correctly reloaded (8830954 
signatures)


average ~1:20 on X3440 CPU (10 years old).


On 06/09/2019 11:31, G.W. Haywood wrote:
That's very useful, thanks.  Can you compare the costs of running 
them for us?


On 06.09.19 11:54, Reio Remma via clamav-users wrote:
I suspect the i9-9900 is cheaper to actually run than the old 
whichever Core is in the mail server. :D


I think that virtual/cloud server has to be cheaper than power usage 
of the
existing server (plus housing, if you pay for that one). 


(Un)fortunately, we're in a building with practically free electricity 
due to some management error.


Otherwise I would have made a case to upgrade the server long ago based 
on power usage alone. :)


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2019-09-06 Thread Reio Remma via clamav-users 

On 06/09/2019 11:31, G.W. Haywood wrote:

Hi there,

On Fri, 6 Sep 2019, Reio Remma via clamav-users wrote:


I guess many of us are just running too old hardware. :)

Here's a comparison between my mail server and identical config
running in a VM.

Sep  6 09:41:06 mail clamd[31441]: Reading databases from 
/var/lib/clamav
Sep  6 09:44:05 mail clamd[31441]: Database correctly reloaded 
(10741767 ...


Sep  6 09:56:43 vm clamd[2108]: Reading databases from /var/lib/clamav
Sep  6 09:57:17 vm clamd[2108]: Database correctly reloaded (10742128 
...


That's very useful, thanks.  Can you compare the costs of running them 
for us? 


I suspect the i9-9900 is cheaper to actually run than the old whichever 
Core is in the mail server. :D


Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How to boost clamav? Reloading database results in a talking timeout?

2019-09-06 Thread Reio Remma via clamav-users 

On 04/09/2019 23:44, Micah Snyder (micasnyd) via clamav-users wrote:

The database load process reads signatures and uses the data to populate a 
couple of pseudo-tries (https://en.wikipedia.org/wiki/Trie).  The tries 
themselves could only be modified by a single thread at a time, with a mutex 
around each trie.  There might be some performance to be gained by using 
multiple threads.  I'm not certain.  Definitely a bunch of thread safety code 
would need to be written.


I guess many of us are just running too old hardware. :)

Here's a comparison between my mail server and identical config running 
in a VM.


Sep  6 09:41:06 mail clamd[31441]: Reading databases from /var/lib/clamav
Sep  6 09:44:05 mail clamd[31441]: Database correctly reloaded (10741767 
signatures)


Sep  6 09:56:43 vm clamd[2108]: Reading databases from /var/lib/clamav
Sep  6 09:57:17 vm clamd[2108]: Database correctly reloaded (10742128 
signatures)


Reio


___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

2019-08-26 Thread Reio Remma via clamav-users 
You only need:

[Service]
TimeoutSec = 600

Good luck,
Reio

> On 26 Aug 2019, at 14:22, Herbert via clamav-users 
>  wrote:
> 
> Followed instructions on how to custimize an existing systemd service:
> 
> 1) Created new folder /etc/systemd/system/clamd@.service.d
> 
> 2) Created new file /etc/systemd/system/clamd@.service.d/custom.conf
> [Unit]
> Description = Customized clamd scanner (%i) daemon
> Documentation=man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/
> # Check for database existence
> # ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
> # ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
> After = syslog.target nss-lookup.target network.target
> [Service]
> Type = forking
> ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
> #Restart = on-failure
> TimeoutSec = 600
> 
> 3) systemctl status clamd@scan.service reports an error:
> Warning: The unit file, source configuration file or drop-ins of 
> clamd@scan.service changed on disk. Run 'systemctl daemon-reload' to reload 
> units.
> ● clamd@scan.service - Customized clamd scanner (scan) daemon
>Loaded: bad-setting (Reason: Unit clamd@scan.service has a bad unit file 
> setting.)
>   Drop-In: /etc/systemd/system/clamd@.service.d
>└─custom.conf
>Active: inactive (dead)
>  Docs: man:clamd(8)
>man:clamd.conf(5)
>https://www.clamav.net/documents/
>man:clamd(8)
>man:clamd.conf(5)
>https://www.clamav.net/documents/
> 
> clamd@scan.service: Service has more than one ExecStart= setting, which is 
> only allowed for Type=oneshot services. Refusing.
> 
> What am I missing?
> 
> 
>> On 26.08.2019 12:08, Reio Remma via clamav-users wrote:
>>> On 26/08/2019 12:27, Fajar A. Nugraha via clamav-users wrote:
>>> On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
>>>  wrote:
>>>> Hi all,
>>>> 
>>>> System Fedora 5.2.9-200.fc30.x86_64
>>>> ClamAv 0.101.4
>>>> 
>>>> 
>>>> I wonder why a DNF update changes my customized 
>>>> /usr/lib/systemd/clam@,service file.
>>>> 
>>> 
>>> ... because you shouldn't have modified that file?
>>> https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services
>>> 
>>>  
>> 
>> Thanks for that link!
>> 
>> I'm having to modify service configuration as well due to fairly outdated 
>> hardware where clamd loads about 3 minutes.
>> 
>> Probably ought to bugrep it to Fedora/CentOS etc.
>> 
>> Thanks,
>> Reio
>> 
>> 
>> ___
>> 
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>> 
>> 
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>> 
>> http://www.clamav.net/contact.html#ml
> 
> 
> ___
> 
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update policy for clamd@.service

2019-08-26 Thread Reio Remma via clamav-users 

On 26/08/2019 12:27, Fajar A. Nugraha via clamav-users wrote:
On Mon, Aug 26, 2019 at 4:18 PM Herbert via clamav-users 
mailto:clamav-users@lists.clamav.net>> 
wrote:


Hi all,

System Fedora 5.2.9-200.fc30.x86_64
ClamAv 0.101.4


I wonder why a DNF update changes my customized
/usr/lib/systemd/clam@,service file.


... because you shouldn't have modified that file?
https://docs.fedoraproject.org/en-US/quick-docs/understanding-and-administering-systemd/#modifying-existing-systemd-services



Thanks for that link!

I'm having to modify service configuration as well due to fairly 
outdated hardware where clamd loads about 3 minutes.


Probably ought to bugrep it to Fedora/CentOS etc.

Thanks,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Update Frequency (15 min or 10 mins)

2019-08-13 Thread Reio Remma via clamav-users 

On 13/08/2019 15:17, Manna, Mohammed via clamav-users wrote:


Hello,

From the docs – it says that the most frequent update of clam AV 
definitions is 4 times an hour (e.g. every 15 mins).


However, we were investigating the clamAV logs, and it shows the 
following:


Tue Aug 13 12:11:01 2019 -> Self checking every 600 seconds.

Our confusion is here – is it actually the definition update 
frequency, or something else.


Apologies for any incorrect assumptions.

Regards,
MAnna



That's the interval at which ClamAV checks its local database files.

Good luck,
Reio

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed

2019-07-30 Thread Reio Remma via clamav-users 

I suspect it's might be the same issue I had a few days back.

Check out the thread "Clamd fails to start with daily.cvd".

As suggested by user Axb:

in file clamd.service
to section:
[Service]
add
TimeoutSec=900

restart clamd service

I personally increased the limit to 300 seconds. :)

I suspect systemd is killing the process because it goes over the 
timeout threshold when loading the signatures.


Good luck!
Reio


On 30.07.2019 21:58, Robert Kudyba wrote:

rpm -qa clamav-milter
clamav-milter-0.101.2-2.fc30.x86_64
rpm -qa clamd
clamd-0.101.2-2.fc30.x86_64

See some logs and statuses below. clamd takes up all of the CPU. clamd 
does appear to start based on the ps command but you can see the 
status shows no running;


  PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM TIME+ COMMAND
26618 root      20   0  214188 207576   7996 R  99.0   0.4 0:10.76 clamd

Tue Jul 30 14:30:17 2019 -> WARNING: No clamd server appears to be 
available

Tue Jul 30 14:31:16 2019 -> Failed to establish a connection to clamd
Tue Jul 30 14:31:16 2019 -> Probe for slot 1 returned: failed
Tue Jul 30 14:31:16 2019 -> WARNING: No clamd server appears to be 
available

Tue Jul 30 14:32:15 2019 -> Failed to establish a connection to clamd
Tue Jul 30 14:32:15 2019 -> Probe for slot 1 returned: failed
Tue Jul 30 14:32:15 2019 -> WARNING: No clamd server appears to be 
available


 ps -auwx|grep clam
clamav    2538  0.0  0.0  18348  3156 ?        Ss   Jul29 0:00 
/usr/bin/freshclam -d -c 4
clamav   24692  0.0  0.0  19852 10044 ?        Ss   14:10 0:00 
/usr/lib/systemd/systemd --user

clamav   24697  0.0  0.0 181296  5200 ?        S    14:10 0:00 (sd-pam)
clamav   24717  0.0  0.0 113064  3312 ?        Ss   14:10 0:00 /bin/sh 
-c [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash 
/usr/local/sbin/clamav-unofficial-sigs.sh > /dev/null
clamav   24718  0.0  0.0 113848  3908 ?        S    14:10 0:00 
/usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh
clamilt  26222  0.0  0.0  88488   588 ?        Ssl  14:18 0:00 
/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
root     26227 99.6  0.5 263348 251924 ?       Rs   14:18 0:20 
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
clamav   26360  1.8  0.0 126316 12992 ?        S    14:18 0:00 
/usr/bin/wget --no-check-certificate --quiet --connect-timeout=60 
--random-wait --tries=3 --timeout=180 
--output-document=/var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.hdb 
https://www.securiteinfo.com/get/signatures/6651194e2baf9979742029c715d7dd90c94e25355ca57fdf22c81828f6fe7a3fc01bfbee6c9a20efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1/securiteinfo.hdb\


systemctl  status clamd@scan.service
* clamd@scan.service - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; 
enabled; vendor preset: disabled)

   Active: inactive (dead) since Mon 2019-07-29 13:24:11 EDT; 24h ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
https://www.clamav.net/documents/

Jul 29 13:24:09 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, and support for them will be removed in a future version 
of systemd. Please use drop-in files instead.
Jul 29 13:24:11 ourdomain.edu  systemd[1]: 
clamd@scan.service: Control process exited, code=killed, status=15/TERM
Jul 29 13:24:11 ourdomain.edu  systemd[1]: 
clamd@scan.service: Succeeded.
Jul 29 13:24:11 ourdomain.edu  systemd[1]: 
Stopped Generic clamav scanner daemon.
Jul 30 04:53:06 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, and support for them will be removed in a future version 
of systemd. Please use drop-in files instead.
Jul 30 11:13:50 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, and support for them will be removed in a future version 
of systemd. Please use drop-in files instead.
Jul 30 11:19:10 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, and support for them will be removed in a future version 
of systemd. Please use drop-in files instead.
Jul 30 14:05:05 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, and support for them will be removed in a future version 
of systemd. Please use drop-in files instead.
Jul 30 14:05:07 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, and support for them will be removed in a future version 
of systemd. Please use drop-in files instead.
Jul 30 14:05:08 ourdomain.edu  systemd[1]: 
/usr/lib/systemd/system/clamd@scan.service:1: .include directives are 
deprecated, a

Re: [clamav-users] Clamd fails to start with daily.cvd

2019-07-24 Thread Reio Remma via clamav-users 

It was that simple! Thank you very much! :)

Reio

On 24/07/2019 15:31, Axb via clamav-users wrote:

try this:

in file clamd.service
to section:
[Service]
add
TimeoutSec=900

restart clamd service

h2h


On 7/24/19 1:49 PM, Reio Remma via clamav-users wrote:

Hello!

I rebooted my CentOS 7 mail server last night and all of a sudden 
clamd is refusing to start - it burns CPU for a couple of minutes and 
then gives up. I've now narrowed it down as much as I could and it 
seems there is a problem loading daily.cvd/daily.cld.


I started by removing all unofficial signatures, which didn't help. 
Then I proceeded to remove all signatures completely and ran 
freshclam -v, upon which it successfully loaded (before daily.cvd was 
downloaded). Unfortunately when it downloaded daily.cvd it broke again.


It loads perfectly with main.cvd, bytecode.cvd and the rest of the 
unofficial signatures, but as soon as daily.cvd appears, it fails.


It gets more interesting. If I start clamd without daily.cvd and then 
run freshclam and wait for the 600 second signature check to catch 
the new daily, it actually loads them.


Jul 24 14:43:30 orc clamd[25482]: SelfCheck: Database modification 
detected. Forcing reload.

Jul 24 14:43:32 orc clamd[25482]: Reading databases from /var/lib/clamav
Jul 24 14:46:21 orc clamd[25482]: Database correctly reloaded 
(6392516 signatures)


So the problem exists only when completely (re)starting clamd.

Logs are below.

Any ideas?

Thanks!
Reio

Jul 24 14:11:21 orc clamd[4345]: clamd daemon 0.101.2 (OS: linux-gnu, 
ARCH: x86_64, CPU: x86_64)
Jul 24 14:11:21 orc clamd[4345]: Running as user amavis (UID 994, GID 
990)

Jul 24 14:11:21 orc clamd[4345]: Log file size limited to 1048576 bytes.
Jul 24 14:11:21 orc clamd[4345]: Reading databases from /var/lib/clamav
Jul 24 14:11:21 orc clamd[4345]: Not loading PUA signatures.
Jul 24 14:11:21 orc clamd[4345]: Bytecode: Security mode set to 
"TrustSigned".

---
This is where it stalls with daily.cvd. If I remove daily.cvd and 
restart, it proceeds nicely.

---
Jul 24 14:11:56 orc clamd[4345]: Loaded 4726922 signatures.
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Unix socket file 
/var/run/clamd.amavisd/clamd.sock
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Setting connection queue 
length to 200
Jul 24 14:11:59 orc clamd[5039]: Limits: Global size limit set to 
104857600 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: File size limit set to 
26214400 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: Recursion level limit set to 
16.

Jul 24 14:11:59 orc clamd[5039]: Limits: Files limit set to 1.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxEmbeddedPE limit set to 
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNormalize limit set 
to 10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNoTags limit set to 
2097152 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxScriptNormalize limit set 
to 5242880 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxZipTypeRcg limit set to 
1048576 bytes.

Jul 24 14:11:59 orc clamd[5039]: Limits: MaxPartitions limit set to 50.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxIconsPE limit set to 100.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxRecHWP3 limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMatchLimit limit set to 
10.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCRERecMatchLimit limit set 
to 2000.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMaxFileSize limit set to 
26214400.

Jul 24 14:11:59 orc clamd[5039]: Archive support enabled.
Jul 24 14:11:59 orc clamd[5039]: AlertExceedsMax heuristic detection 
disabled.

Jul 24 14:11:59 orc clamd[5039]: Heuristic alerts enabled.
Jul 24 14:11:59 orc clamd[5039]: Portable Executable support enabled.
Jul 24 14:11:59 orc clamd[5039]: ELF support enabled.
Jul 24 14:11:59 orc clamd[5039]: Mail files support enabled.
Jul 24 14:11:59 orc clamd[5039]: OLE2 support enabled.
Jul 24 14:11:59 orc clamd[5039]: PDF support enabled.
Jul 24 14:11:59 orc clamd[5039]: SWF support enabled.
Jul 24 14:11:59 orc clamd[5039]: HTML support enabled.
Jul 24 14:11:59 orc clamd[5039]: XMLDOCS support enabled.
Jul 24 14:11:59 orc clamd[5039]: HWP3 support enabled.
Jul 24 14:11:59 orc clamd[5039]: Self checking every 600 seconds.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml




___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



--
Tervitades
Reio R

[clamav-users] Clamd fails to start with daily.cvd

2019-07-24 Thread Reio Remma via clamav-users 

Hello!

I rebooted my CentOS 7 mail server last night and all of a sudden clamd 
is refusing to start - it burns CPU for a couple of minutes and then 
gives up. I've now narrowed it down as much as I could and it seems 
there is a problem loading daily.cvd/daily.cld.


I started by removing all unofficial signatures, which didn't help. Then 
I proceeded to remove all signatures completely and ran freshclam -v, 
upon which it successfully loaded (before daily.cvd was downloaded). 
Unfortunately when it downloaded daily.cvd it broke again.


It loads perfectly with main.cvd, bytecode.cvd and the rest of the 
unofficial signatures, but as soon as daily.cvd appears, it fails.


It gets more interesting. If I start clamd without daily.cvd and then 
run freshclam and wait for the 600 second signature check to catch the 
new daily, it actually loads them.


Jul 24 14:43:30 orc clamd[25482]: SelfCheck: Database modification 
detected. Forcing reload.

Jul 24 14:43:32 orc clamd[25482]: Reading databases from /var/lib/clamav
Jul 24 14:46:21 orc clamd[25482]: Database correctly reloaded (6392516 
signatures)


So the problem exists only when completely (re)starting clamd.

Logs are below.

Any ideas?

Thanks!
Reio

Jul 24 14:11:21 orc clamd[4345]: clamd daemon 0.101.2 (OS: linux-gnu, 
ARCH: x86_64, CPU: x86_64)

Jul 24 14:11:21 orc clamd[4345]: Running as user amavis (UID 994, GID 990)
Jul 24 14:11:21 orc clamd[4345]: Log file size limited to 1048576 bytes.
Jul 24 14:11:21 orc clamd[4345]: Reading databases from /var/lib/clamav
Jul 24 14:11:21 orc clamd[4345]: Not loading PUA signatures.
Jul 24 14:11:21 orc clamd[4345]: Bytecode: Security mode set to 
"TrustSigned".

---
This is where it stalls with daily.cvd. If I remove daily.cvd and 
restart, it proceeds nicely.

---
Jul 24 14:11:56 orc clamd[4345]: Loaded 4726922 signatures.
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Unix socket file 
/var/run/clamd.amavisd/clamd.sock
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Setting connection queue length 
to 200
Jul 24 14:11:59 orc clamd[5039]: Limits: Global size limit set to 
104857600 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: File size limit set to 26214400 
bytes.

Jul 24 14:11:59 orc clamd[5039]: Limits: Recursion level limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: Files limit set to 1.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxEmbeddedPE limit set to 
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNormalize limit set to 
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNoTags limit set to 
2097152 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxScriptNormalize limit set to 
5242880 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxZipTypeRcg limit set to 
1048576 bytes.

Jul 24 14:11:59 orc clamd[5039]: Limits: MaxPartitions limit set to 50.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxIconsPE limit set to 100.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxRecHWP3 limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMatchLimit limit set to 10.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCRERecMatchLimit limit set to 
2000.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMaxFileSize limit set to 
26214400.

Jul 24 14:11:59 orc clamd[5039]: Archive support enabled.
Jul 24 14:11:59 orc clamd[5039]: AlertExceedsMax heuristic detection 
disabled.

Jul 24 14:11:59 orc clamd[5039]: Heuristic alerts enabled.
Jul 24 14:11:59 orc clamd[5039]: Portable Executable support enabled.
Jul 24 14:11:59 orc clamd[5039]: ELF support enabled.
Jul 24 14:11:59 orc clamd[5039]: Mail files support enabled.
Jul 24 14:11:59 orc clamd[5039]: OLE2 support enabled.
Jul 24 14:11:59 orc clamd[5039]: PDF support enabled.
Jul 24 14:11:59 orc clamd[5039]: SWF support enabled.
Jul 24 14:11:59 orc clamd[5039]: HTML support enabled.
Jul 24 14:11:59 orc clamd[5039]: XMLDOCS support enabled.
Jul 24 14:11:59 orc clamd[5039]: HWP3 support enabled.
Jul 24 14:11:59 orc clamd[5039]: Self checking every 600 seconds.

___

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

2018-01-26 Thread Reio Remma 

Thanks!

fd's holding steady now.

Maybe I should go clean some logs now before nightly Logwatch kicks in.

Good luck!
Reio

On 26.01.2018 19:38, Joel Esler (jesler) wrote:

Reio,

Thanks, I was just about to send this out.  A new daily.cvd is now shipping.


--
Joel Esler | Talos: Manager | jes...@cisco.com<mailto:jes...@cisco.com>






On Jan 26, 2018, at 12:35 PM, Reio Remma 
mailto:r...@mrstuudio.ee>> wrote:

Hello!

News from the front:

daily.cld updated (version: 24258, sigs: 1836466, f-level: 63, builder: neo)

Good luck!
Reio



___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] How the bad signature happened - conjecture (was Re: URGENT: Clamd is wedged on multiple installations)

2018-01-26 Thread Reio Remma 

Hello!

News from the front:

daily.cld updated (version: 24258, sigs: 1836466, f-level: 63, builder: neo)

Good luck!
Reio


On 26.01.2018 19:29, Joel Esler (jesler) wrote:

Steve Morgan, a developer here at Cisco that worked on ClamAV for about the 
past five years or so, decided to retire.  Monday was his last day.  On top of 
that, one our other developers (Micah) was out of the office today for a 
holiday, and so that only left, essentially myself and a couple other people to 
see this action on the list.

So while we regret the issue that this signature caused (and we will fix, not 
only the signature, but the code itself in an upcoming release), I am super 
proud of the community that came together and solved the problem.



--
Joel Esler | Talos: Manager | jes...@cisco.com






On Jan 26, 2018, at 10:02 AM, Dianne Skoll 
mailto:d...@roaringpenguin.com>> wrote:

On Fri, 26 Jan 2018 06:44:30 -0800
"Jason J. W. Williams" 
mailto:jasonjwwilli...@gmail.com>> wrote:

We started seeing this problem last night as well. Reading through the
thread, it doesn't appear that ClamAV has fixed the signatures yet
(as of 24257), or am I wrong?

Not only has it not been fixed, there hasn't been a peep out of the
developers.

This is NOT the way to deal with issues like this, especially in
security-sensitive software.

Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml