Re: [Clamav-users] clamd missed
Sorry for the delayed response. I found that after install clamd is a ´normal exec´ file with some Kb ( lets say 83kb for example ). Then, after starting it, becomes a ´socket´ type, zero lenght. Rebooted in normal way, et voilà... no more clamd 83kb. So its not FS nor UPS Because of a backed up clamd file, copied it as clamd.and starts as normal! Regards H. --- El jue, 7/1/10, Shawn Bakhtiar shashan...@hotmail.com escribió: De: Shawn Bakhtiar shashan...@hotmail.com Asunto: Re: [Clamav-users] clamd missed A: clamav-users@lists.clamav.net Fecha: jueves, 1 de julio de 2010, 08:33 pm To preface the importance of what is being said: 1) Production servers should ALL have UPS and UPS should be tested, and if power outages are longer than the UPS ability to maintain, some proper shutdown mechanism must be enabled (do not be cheap with production servers). 2) I have hard booted linux boxes (FreeBSD should be very much similar - OS X - ) many many many times (in a lab environment, and on rare occasions in production) and have never experienced this, unless as stated here, there was a greater issue with the installation such as a failing drive, incorrect settings on a RAID, or something more sinister, which in turn would cause ALL kinds of failures. Services would not start up (missing configs and libs), etc... 3) I've compiled ClamAV since it is not available through yum on my distro (at least the latest version) and have had no issues of the kind you describe specifically related to clam. 4) Do you have anything like tripwire installed (yes you can tell exactly what files have been altered) ? You would have needed to install it before the system became unstable. 5) Do not focus on clam, focus on the fact that a file is getting corrupted when it should not. Do you have other mechanisms installed that check, or maintain files for you? Some other security. Is SELinux enabled (this is a far shot)? ONLY IF YOU ARE ABSOLUTLY SURE THIS IS THE ONLY FILE! All of the advice on this thread has been dead on. Critical systems should not be able to fail in this manor, and a good understanding of file structure and systems is important in being able to trace it down. Date: Thu, 1 Jul 2010 17:13:27 +0100 From: g...@jubileegroup.co.uk To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] clamd missed Hi there, On Thu, 1 Jul 2010 Jerry wrote: Yeah, It's an UPS failure. Perhaps you should get a better UPS. If it's important to you that the server runs reliably I'd recommend one which has the converter running continuously, not a cheap 'line interactive' one. Make sure that the battery health is monitored by the UPS and that batteries can be replaced while it is on line. Did you run a filesystem checking tool after the abnormal shutdown? Yes, fsck -f Are you sure about that? The man page for fsck on FreeBSD that I just checked seems to indicate that the -p flag is required with -f. How exactly did you run fsck? Do you know that it is dangerous to run it on a mounted, writable partition? If I had only one partiton on a machine I would normally want to boot on a LiveCD or move the disc to another machine to check it, so that I have a full running system with all the tools I need to examine and repair partitions. Did you only reinstall ClamAV?? If so I do not believe that you know that all is OK.? Under these circumstances, I would not know. As far as I know, mails get trought, Av is working, no file system errors How many files are there in the system? 10,000? 100,000? A million? How have you ensured that clamd in /usr/local/sbin/ was the only one which suffered any damage? What mechanism can you suggest which might explain that this one single file was damaged, and all the others were protected by some magical shield? Do you understand that damage to a directory is not the same as damage to the file? How can you explain that some tiny part of a directory which is normally only being read has twice accidentally been written in the same highly improbable way? Looking at the information before me I have to say that if this is not beyond the bounds of credibility, it's certainly out there at the edge. It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) I thought you said it was a UPS failure. By the way, still in dark of WHY clamd can't work. You showed us why in your OP. On Wed, 30 June Hook wrote: argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd It is easy to understand why clamd doesn't work if it's (a) zero length and (b) not executable Why not try this for yourself as an experiment? Create
Re: [Clamav-users] clamd missed
You've got your socket named incorrectly in clamd.conf. It is overwriting the executable. You should move your socket to /var/lib/clamav. On Jul 6, 2010, at 9:22 PM, Hook soygar...@yahoo.com wrote: Sorry for the delayed response. I found that after install clamd is a ´normal exec´ file with some Kb ( lets say 83kb for example ). Then, after starting it, becomes a ´socket´ type, zero lenght. Rebooted in normal way, et voilà... no more clamd 83kb. So its not FS nor UPS Because of a backed up clamd file, copied it as clamd.and starts as normal! Regards H. --- El jue, 7/1/10, Shawn Bakhtiar shashan...@hotmail.com escribió: De: Shawn Bakhtiar shashan...@hotmail.com Asunto: Re: [Clamav-users] clamd missed A: clamav-users@lists.clamav.net Fecha: jueves, 1 de julio de 2010, 08:33 pm To preface the importance of what is being said: 1) Production servers should ALL have UPS and UPS should be tested, and if power outages are longer than the UPS ability to maintain, some proper shutdown mechanism must be enabled (do not be cheap with production servers). 2) I have hard booted linux boxes (FreeBSD should be very much similar - OS X - ) many many many times (in a lab environment, and on rare occasions in production) and have never experienced this, unless as stated here, there was a greater issue with the installation such as a failing drive, incorrect settings on a RAID, or something more sinister, which in turn would cause ALL kinds of failures. Services would not start up (missing configs and libs), etc... 3) I've compiled ClamAV since it is not available through yum on my distro (at least the latest version) and have had no issues of the kind you describe specifically related to clam. 4) Do you have anything like tripwire installed (yes you can tell exactly what files have been altered) ? You would have needed to install it before the system became unstable. 5) Do not focus on clam, focus on the fact that a file is getting corrupted when it should not. Do you have other mechanisms installed that check, or maintain files for you? Some other security. Is SELinux enabled (this is a far shot)? ONLY IF YOU ARE ABSOLUTLY SURE THIS IS THE ONLY FILE! All of the advice on this thread has been dead on. Critical systems should not be able to fail in this manor, and a good understanding of file structure and systems is important in being able to trace it down. Date: Thu, 1 Jul 2010 17:13:27 +0100 From: g...@jubileegroup.co.uk To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] clamd missed Hi there, On Thu, 1 Jul 2010 Jerry wrote: Yeah, It's an UPS failure. Perhaps you should get a better UPS. If it's important to you that the server runs reliably I'd recommend one which has the converter running continuously, not a cheap 'line interactive' one. Make sure that the battery health is monitored by the UPS and that batteries can be replaced while it is on line. Did you run a filesystem checking tool after the abnormal shutdown? Yes, fsck -f Are you sure about that? The man page for fsck on FreeBSD that I just checked seems to indicate that the -p flag is required with -f. How exactly did you run fsck? Do you know that it is dangerous to run it on a mounted, writable partition? If I had only one partiton on a machine I would normally want to boot on a LiveCD or move the disc to another machine to check it, so that I have a full running system with all the tools I need to examine and repair partitions. Did you only reinstall ClamAV?? If so I do not believe that you know that all is OK.? Under these circumstances, I would not know. As far as I know, mails get trought, Av is working, no file system errors How many files are there in the system? 10,000? 100,000? A million? How have you ensured that clamd in /usr/local/sbin/ was the only one which suffered any damage? What mechanism can you suggest which might explain that this one single file was damaged, and all the others were protected by some magical shield? Do you understand that damage to a directory is not the same as damage to the file? How can you explain that some tiny part of a directory which is normally only being read has twice accidentally been written in the same highly improbable way? Looking at the information before me I have to say that if this is not beyond the bounds of credibility, it's certainly out there at the edge. It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) I thought you said it was a UPS failure. By the way, still in dark of WHY clamd can't work. You showed us why in your OP. On Wed, 30 June Hook wrote: argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd It is easy to understand
Re: [Clamav-users] clamd missed
Hi there, On Thu, 1 Jul 2010 Jerry wrote: Yeah, It's an UPS failure. Perhaps you should get a better UPS. If it's important to you that the server runs reliably I'd recommend one which has the converter running continuously, not a cheap 'line interactive' one. Make sure that the battery health is monitored by the UPS and that batteries can be replaced while it is on line. Did you run a filesystem checking tool after the abnormal shutdown? Yes, fsck -f Are you sure about that? The man page for fsck on FreeBSD that I just checked seems to indicate that the -p flag is required with -f. How exactly did you run fsck? Do you know that it is dangerous to run it on a mounted, writable partition? If I had only one partiton on a machine I would normally want to boot on a LiveCD or move the disc to another machine to check it, so that I have a full running system with all the tools I need to examine and repair partitions. Did you only reinstall ClamAV?? If so I do not believe that you know that all is OK.? Under these circumstances, I would not know. As far as I know, mails get trought, Av is working, no file system errors How many files are there in the system? 10,000? 100,000? A million? How have you ensured that clamd in /usr/local/sbin/ was the only one which suffered any damage? What mechanism can you suggest which might explain that this one single file was damaged, and all the others were protected by some magical shield? Do you understand that damage to a directory is not the same as damage to the file? How can you explain that some tiny part of a directory which is normally only being read has twice accidentally been written in the same highly improbable way? Looking at the information before me I have to say that if this is not beyond the bounds of credibility, it's certainly out there at the edge. It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) I thought you said it was a UPS failure. By the way, still in dark of WHY clamd can't work. You showed us why in your OP. On Wed, 30 June Hook wrote: argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd It is easy to understand why clamd doesn't work if it's (a) zero length and (b) not executable Why not try this for yourself as an experiment? Create a file of zero length, make sure that it is not executable, and then try to run it. My guess is that you won't get very far. :) Zero lenght and ONLY clamd affected. I'm still far from convinced that you know what damage has been done to your system. I'm not convinced that you understand how filesystems work, and for example the difference between the content of a file and the information which is contained about it in a directory. From the information which you have given us, under these circumstances I would have no confidence that the only damage done to the filesystem was to one single file. The directory containing the file seems to have been corrupted -- the file should have been executable, and your directory listing shows that it is not. In my experience, when a filesystem is corrupted the damage is usually rather extensive, and fsck, when run correctly, will show many, many corrections being made. The symptoms which you have described (one single, specific binary file being truncated to zero bytes when the power to the machine is switched off on two separate occasions) make no sense to me at all. That makes me think that there's at least one important piece of this puzzle which we haven't seen yet. I suspect that, unintentionally perhaps, you are not giving us all the information that you have. -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
To preface the importance of what is being said: 1) Production servers should ALL have UPS and UPS should be tested, and if power outages are longer than the UPS ability to maintain, some proper shutdown mechanism must be enabled (do not be cheap with production servers). 2) I have hard booted linux boxes (FreeBSD should be very much similar - OS X - ) many many many times (in a lab environment, and on rare occasions in production) and have never experienced this, unless as stated here, there was a greater issue with the installation such as a failing drive, incorrect settings on a RAID, or something more sinister, which in turn would cause ALL kinds of failures. Services would not start up (missing configs and libs), etc... 3) I've compiled ClamAV since it is not available through yum on my distro (at least the latest version) and have had no issues of the kind you describe specifically related to clam. 4) Do you have anything like tripwire installed (yes you can tell exactly what files have been altered) ? You would have needed to install it before the system became unstable. 5) Do not focus on clam, focus on the fact that a file is getting corrupted when it should not. Do you have other mechanisms installed that check, or maintain files for you? Some other security. Is SELinux enabled (this is a far shot)? ONLY IF YOU ARE ABSOLUTLY SURE THIS IS THE ONLY FILE! All of the advice on this thread has been dead on. Critical systems should not be able to fail in this manor, and a good understanding of file structure and systems is important in being able to trace it down. Date: Thu, 1 Jul 2010 17:13:27 +0100 From: g...@jubileegroup.co.uk To: clamav-users@lists.clamav.net Subject: Re: [Clamav-users] clamd missed Hi there, On Thu, 1 Jul 2010 Jerry wrote: Yeah, It's an UPS failure. Perhaps you should get a better UPS. If it's important to you that the server runs reliably I'd recommend one which has the converter running continuously, not a cheap 'line interactive' one. Make sure that the battery health is monitored by the UPS and that batteries can be replaced while it is on line. Did you run a filesystem checking tool after the abnormal shutdown? Yes, fsck -f Are you sure about that? The man page for fsck on FreeBSD that I just checked seems to indicate that the -p flag is required with -f. How exactly did you run fsck? Do you know that it is dangerous to run it on a mounted, writable partition? If I had only one partiton on a machine I would normally want to boot on a LiveCD or move the disc to another machine to check it, so that I have a full running system with all the tools I need to examine and repair partitions. Did you only reinstall ClamAV?? If so I do not believe that you know that all is OK.? Under these circumstances, I would not know. As far as I know, mails get trought, Av is working, no file system errors How many files are there in the system? 10,000? 100,000? A million? How have you ensured that clamd in /usr/local/sbin/ was the only one which suffered any damage? What mechanism can you suggest which might explain that this one single file was damaged, and all the others were protected by some magical shield? Do you understand that damage to a directory is not the same as damage to the file? How can you explain that some tiny part of a directory which is normally only being read has twice accidentally been written in the same highly improbable way? Looking at the information before me I have to say that if this is not beyond the bounds of credibility, it's certainly out there at the edge. It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) I thought you said it was a UPS failure. By the way, still in dark of WHY clamd can't work. You showed us why in your OP. On Wed, 30 June Hook wrote: argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd It is easy to understand why clamd doesn't work if it's (a) zero length and (b) not executable Why not try this for yourself as an experiment? Create a file of zero length, make sure that it is not executable, and then try to run it. My guess is that you won't get very far. :) Zero lenght and ONLY clamd affected. I'm still far from convinced that you know what damage has been done to your system. I'm not convinced that you understand how filesystems work, and for example the difference between the content of a file and the information which is contained about it in a directory. From the information which you have given us, under these circumstances I would have no confidence that the only damage done to the filesystem was to one single file. The directory containing the file seems to have been corrupted -- the file should have been executable
Re: [Clamav-users] clamd missed
On Tue, 29 Jun 2010 18:39:13 -0700 (PDT) Hook soygar...@yahoo.com wrote: Hi there I am using last ClamAv in FreeBSD 8. I did install as normal, from .tar After some time, by external issue, my server was rebooted by the ´button´, ie hard way. After that, the clamd file is missingzero lenght! argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd Sounds like a filesystem issue. Some filesystems may truncate files to 0 length after a crash, *if* that file was being written to at the time of the crash. Nothing is supposed to write to clamd though, once installed. Is it only clamd that becomes 0 length? Best regards, --Edwin ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
On Tue, 29 Jun 2010 18:39:13 -0700 (PDT) Hook wrote: Hi there I am using last ClamAv in FreeBSD 8. I did install as normal, from .tar After some time, by external issue, my server was rebooted by the ´button´, ie hard way. After that, the clamd file is missingzero lenght! argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd argos [/var/log/clamav]# So if I do a start, i get: argos [/var/log/clamav]# /usr/local/etc/rc.d/clamav-clamd start /usr/local/etc/rc.d/clamav-clamd: WARNING: run_rc_command: cannot run /usr/local/sbin/clamd The X-bit is missing, /usr/local/sbin/clamd isnot eXecutable. --Frank Elsner ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
On Tue, 29 Jun 2010 18:39:13 -0700 (PDT) Hook soygar...@yahoo.com articulated: I am using last ClamAv in FreeBSD 8. I did install as normal, from .tar Are you inferring that you did NOT use the ports system to install Clamav? -- Jerry clamav.u...@seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ The great merit of society is to make one appreciate solitude. Charles Chincholles, Reflections on the Art of Life ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
Hi there, On Wed, 30 Jun 2010 hook wrote: I am using last ClamAv in FreeBSD 8. I did install as normal, from .tar After some time, by external issue, External issue? my server was rebooted by the ?button?, ie hard way. Who did that? Why? Was there no alternative? (Such as using CTRL-ALT-DEL or one of the other keyboard interrupts, logging in via a serial port, logging in over the network with ssh...) After that, the clamd file is missing Incorrect. It is not missing. You can see the directory entry. zero lenght! The directory listing tells you it has zero length. This may be true or it may not. The filesystem has been damaged and requires repair. Did you run a filesystem checking tool after the abnormal shutdown? If not, then you should. It is possible that the filesystem damage was serious, and that you cannot rely on it now. I do not know how often FreeBSD 'syncs' its filesystems; if it is infrequent you might want to consider a crontab entry to do that every few minutes so that in the case of a system crash, a power failure or a hard reset there is less risk of changes which are cached in RAM failing to be written to disc. Previous ?clean? reboots did not affect the behaviour. No surprise there. :) After new install, all ok. Did you only reinstall ClamAV? If so I do not believe that you know that all is OK. Under these circumstances, I would not know. Tested a second ?hard reboot?, and same problem! No more surprising than the first time. :( What can I do to prevent it ... It is a _very_ bad idea to shut down a modern operating system the hard way unless the installation has been designed with that in mind. You are probably starting to understand why. One way of preventing filesystem damage under these circumstances is to mount it read only. In that case you would need to re-structure your directory hierarchy. You might also want to consider more extreme measures such as using read-only media like CD-R or DVD-R to store the files. Performance can become an issue so you can load the files into a RAM filesystem for the actual operation each time the system boots. But I have to say that all this should be completely unnecessary. Something is wrong with the way your system is installed and/or operated and the damage to a single file like the clamd binary is going to be just a tip of one of many icebergs. You really need to fix your system and your methods of working, not just try to hide the symptoms. Patient: Doctor, doctor, it hurts when I do this... Doctor: Then don't do it! -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
After some time, by external issue, External issue? Yeah, It's an UPS failure. my server was rebooted by the ?button?, ie hard way. Who did that? Why? Was there no alternative? (Such as using CTRL-ALT-DEL or one of the other keyboard interrupts, logging in via a serial port, logging in over the network with ssh...) Nop, until the CMOS battery can row enough ;) After that, the clamd file is missing Incorrect. It is not missing. You can see the directory entry. Ok, let's say, it's zero lenght. The directory listing tells you it has zero length. This may be true or it may not. The filesystem has been damaged and requires repair. Did you run a filesystem checking tool after the abnormal shutdown? Yes, fsck -f Did you only reinstall ClamAV? If so I do not believe that you know that all is OK. Under these circumstances, I would not know. As far as I know, mails get trought, Av is working, no file system errors It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) your methods of working, not just try to hide the symptoms. By the way, still in dark of WHY clamd can't work. Zero lenght and ONLY clamd affected. Andres.- ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
On Wed, 30 Jun 2010 12:11:06 +0100 (BST) G.W. Haywood g...@jubileegroup.co.uk wrote: Hi there, On Wed, 30 Jun 2010 hook wrote: I am using last ClamAv in FreeBSD 8. I did install as normal, from .tar After some time, by external issue, External issue? my server was rebooted by the ?button?, ie hard way. Who did that? Why? Was there no alternative? (Such as using CTRL-ALT-DEL or one of the other keyboard interrupts, logging in via a serial port, logging in over the network with ssh...) After that, the clamd file is missing Incorrect. It is not missing. You can see the directory entry. zero lenght! The directory listing tells you it has zero length. This may be true or it may not. The filesystem has been damaged and requires repair. Journaling filesystems are supposed to prevent these kind of issues. I would understand getting a file that you just wrote to damaged if you hard reboot, getting some random file in /usr damaged sounds like a bug in the filesystem's design. What filesystem are you using? Is it a journaling FS? Do you have the journal turned on? Linux usually runs a journal recovery when mounting a filesystem that was not cleanly unmounted. I don't know if FreeBSD does that. Did you run a filesystem checking tool after the abnormal shutdown? If not, then you should. It is possible that the filesystem damage was serious, and that you cannot rely on it now. Agreed. I do not know how often FreeBSD 'syncs' its filesystems; if it is infrequent you might want to consider a crontab entry to do that every few minutes so that in the case of a system crash, a power failure or a hard reset there is less risk of changes which are cached in RAM failing to be written to disc. Previous ?clean? reboots did not affect the behaviour. No surprise there. :) After new install, all ok. Did you only reinstall ClamAV? If so I do not believe that you know that all is OK. Under these circumstances, I would not know. Tested a second ?hard reboot?, and same problem! Did you run 'sync' after reinstalling ClamAV? (or wait long enough so the system does this) No more surprising than the first time. :( What can I do to prevent it ... It is a _very_ bad idea to shut down a modern operating system the hard way unless the installation has been designed with that in mind. You are probably starting to understand why. One way of preventing filesystem damage under these circumstances is to mount it read only. In that case you would need to re-structure your directory hierarchy. You might also want to consider more extreme measures such as using read-only media like CD-R or DVD-R to store the files. Performance can become an issue so you can load the files into a RAM filesystem for the actual operation each time the system boots. But I have to say that all this should be completely unnecessary. Something is wrong with the way your system is installed and/or operated and the damage to a single file like the clamd binary is going to be just a tip of one of many icebergs. You really need to fix your system and your methods of working, not just try to hide the symptoms. Patient: Doctor, doctor, it hurts when I do this... Doctor: Then don't do it! -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
On Wed, 30 Jun 2010 04:47:38 -0700 (PDT) Hook soygar...@yahoo.com articulated: It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) Invest in UPS. No respectable server should be without one. Considering how cheap they are versus the time and possible money to repair a damaged system, they should really be considered a requirement. -- Jerry clamav.u...@seibercom.net Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ The road to hell is paved with good intentions. And littered with sloppy analysis! ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] clamd missed
On Jun 30, 2010, at 5:51 AM, Jerry wrote: On Wed, 30 Jun 2010 04:47:38 -0700 (PDT) Hook soygar...@yahoo.com articulated: It is a _very_ bad idea to shut down a modern operating system the hard way This is crystal clear. I'll let Power company know that :)) Invest in UPS. No respectable server should be without one. Considering how cheap they are versus the time and possible money to repair a damaged system, they should really be considered a requirement. -- Jerry clamav.u...@seibercom.net Hi Jerry, From reading his response, it looks like it was the UPS that failed.. Jim ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] clamd missed
Hi there I am using last ClamAv in FreeBSD 8. I did install as normal, from .tar After some time, by external issue, my server was rebooted by the ´button´, ie hard way. After that, the clamd file is missingzero lenght! argos [/var/log/clamav]# ll /usr/local/sbin/clamd srw-rw-rw- 1 root wheel 0 Jun 2 08:37 /usr/local/sbin/clamd argos [/var/log/clamav]# So if I do a start, i get: argos [/var/log/clamav]# /usr/local/etc/rc.d/clamav-clamd start /usr/local/etc/rc.d/clamav-clamd: WARNING: run_rc_command: cannot run /usr/local/sbin/clamd argos [/var/log/clamav]# /usr/local/sbin/clamd /usr/local/sbin/clamd: Permission denied. argos [/var/log/clamav]# Previous ´clean´ reboots did not affect the behaviour. After new install, all ok. Tested a second ´hard reboot´, and same problem! What can I do to prevent it and reinstall just clamav everytime after such crashes ( besides avoid the crahs!! ) Regards Andres ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml