Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Matus UHLAR - fantomas 

On 26.01.18 13:09, Kees Theunissen wrote:

On Fri, 26 Jan 2018, Al Varnell wrote:


If you can't revert to daily 24255 then disable daily.cld until you know it's 
fixed.

Has anybody updated to daily 24257 to see if that helps? I doubt that it does 
as no sigs are shown as dropped.


I'm running ClamAv 0.99.2 on two mail servers (debian 9, with
sendmail / MimeDefang / SpamAssassing /ClamAv) and a
workstation (slackware 14.2) without any problem.

I'm currently running daily 24257. But 24256 ran without
problems too.


I've had to start clamd on 3 of servers I looked at, some other were OK.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
He who laughs last thinks slowest. 
___

clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Marcus Schopen 
Am Freitag, den 26.01.2018, 09:22 +0100 schrieb Reindl Harald:
> 
> Am 26.01.2018 um 09:19 schrieb Marco:
> > Il 26/01/2018 09:00, Reindl Harald ha scritto:
> > > freshclam and a custom script downloads anything to 
> > > /var/lib/clamav-download and then for the two "/var/lib/clamav"
> > > and 
> > > "/var/lib/clamav-sa" basend on file-lists hardlinks are set -
> > > from the 
> > > official only "safebrowsing" is active
> > 
> > We have the same problem: I confirm that without official
> > signature 
> > Clamav works!
> 
> looks like "freshclam" needs something like a downgrade option when
> bad 
> signatures can lead to such a massive fuckup

Is there a way to "downgrade" to 24255 as it seems it started with
24256. My first crash was at 7:47am GMT+1 and at this time I was on
24256.

Ciao!

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread ungifted01 

26.01.2018 16:22, Manuel Mausz пишет:

On 26.01.2018 14:10, Manuel Mausz wrote:

Hello list,

the attached patch should fix the fd leak in cli_scanscript.


The list stripped my attachment. 2nd try:
https://gist.github.com/manuelm/dbc94001c77c07363cdcb5b390c2cb04


Thanks! Works fine.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Gene Heskett 
On Friday 26 January 2018 08:10:51 Manuel Mausz wrote:

> Hello list,
>
> the attached patch should fix the fd leak in cli_scanscript.
>
> cheers,
> manuel

What patch? This list apparently does NOT pass attachments. So please 
insert them in your text plz.

> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Manuel Mausz 
On 26.01.2018 14:10, Manuel Mausz wrote:
> Hello list,
> 
> the attached patch should fix the fd leak in cli_scanscript.

The list stripped my attachment. 2nd try:
https://gist.github.com/manuelm/dbc94001c77c07363cdcb5b390c2cb04

manuel
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Yashodhan Barve 

On 2018-01-26 5:36 AM, Al Varnell wrote:

If you can't revert to daily 24255 then disable daily.cld until you know it's 
fixed.

Has anybody updated to daily 24257 to see if that helps? I doubt that it does 
as no sigs are shown as dropped.


[mailfw@mailfw clamav]# sigtool --info=daily.cld
File: daily.cld
Build time: 26 Jan 2018 04:24 -0500
Version: 24257
Signatures: 1835982
Functionality level: 63
Builder: neo
Verification OK.

Working well on 4 servers.

-yb

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Manuel Mausz 
Hello list,

the attached patch should fix the fd leak in cli_scanscript.

cheers,
manuel
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Tobi 
Do you mean this one ? 
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Am 26. Januar 2018 14:03:14 MEZ schrieb Andreas Schulze 
:
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Andreas Schulze 
Am 26.01.2018 um 13:50 schrieb Ralf Hildebrandt:
> If I had to guess: they used the beta for testing, but the release
> versions (both 0.99.2 and 0.99.3!) fail to operate properly...
yes, it's the explanation the matches best to the observed fallout :-/

usually there is a "official" announcement about new version with references to 
fixed CVEs
did only I misses that?


-- 
A. Schulze
DATEV eG
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Reindl Harald 



Am 26.01.2018 um 13:50 schrieb Ralf Hildebrandt:

* Reindl Harald :



Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt:

* maxal :

nobody of clamav/cisco reading this list?


It's 7:45AM on the east coast


so what - i don't get how such updates slip through at all - it's not rocket
science load them on a test-machine and fire up a script that pies a
test-corups against clamd and *read* stderr/stdout/logs for "warning" and
"error"


If I had to guess: they used the beta for testing, but the release
versions (both 0.99.2 and 0.99.3!) fail to operate properly...


if thats true than they are plain idiots because the world is not using 
the beta and if the issue happens on the few beta users that's the risk 
they took by using something called "beta"

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Ralf Hildebrandt 
* Reindl Harald :
> 
> 
> Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt:
> > * maxal :
> > > nobody of clamav/cisco reading this list?
> > 
> > It's 7:45AM on the east coast
> 
> so what - i don't get how such updates slip through at all - it's not rocket
> science load them on a test-machine and fire up a script that pies a
> test-corups against clamd and *read* stderr/stdout/logs for "warning" and
> "error"

If I had to guess: they used the beta for testing, but the release
versions (both 0.99.2 and 0.99.3!) fail to operate properly...

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155


signature.asc
Description: PGP signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Reindl Harald 



Am 26.01.2018 um 13:40 schrieb Ralf Hildebrandt:

* maxal :

nobody of clamav/cisco reading this list?


It's 7:45AM on the east coast


so what - i don't get how such updates slip through at all - it's not 
rocket science load them on a test-machine and fire up a script that 
pies a test-corups against clamd and *read* stderr/stdout/logs for 
"warning" and "error"


but that requires that the word "fail", "warn" and "error" are not 
common left and right as it is in the shiny new IT world where nobody 
cares about anything - that applies also to distributions with broken 
systemd-units because the f***er who made the change don't do his basic 
homework after a reboot befor pipe his crap even on a distro-server


[root@srv-rhsoft:~]$ cat /scripts/system-errors.sh
#!/bin/bash
dmesg | grep -i warn
dmesg | grep -i fail
dmesg | grep -i error
cat /var/log/messages | grep -i warn
cat /var/log/messages | grep -i fail
cat /var/log/messages | grep -i error


___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Ralf Hildebrandt 
* lukn :

> As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are
> located in Silicon Valley area and therefore still enjoying a good
> Californian night's sleep.

Or maybe in Philadelphia.

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Ralf Hildebrandt 
* maxal :
> nobody of clamav/cisco reading this list? 

It's 7:45AM on the east coast.

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread lukn 
As ClamAV/Thalos is owned by Cisco I assume all ClamAV employees are
located in Silicon Valley area and therefore still enjoying a good
Californian night's sleep.

On 26.01.2018 13:17, maxal wrote:
> nobody of clamav/cisco reading this list? as the impact is heavy and
> probably worldwide - anyone with personal contacts or any other channel
> to reach someone there? contact info on clamav.net is only referring to
> mailing lists and not very useful 
> 
> On Fri, 2018-01-26 at 12:07 +0100, Marco wrote:
>> Il 26/01/2018 10:39, Ralf Hildebrandt ha scritto:
>>
>>> clamd is leaking filedescriptors for temporary files - ls
>>> /proc/`pidof clamd`/fd shows a
>>> lot of:
>>>
>>> lrwx-- 1 root root 64 Jan 26 10:38 993 -> /tmp/clamav-
>>> 736a3d0d2a944a0a79d465671fb754d5.tmp (deleted)
>>> lrwx-- 1 root root 64 Jan 26 10:38 994 -> /tmp/clamav-
>>> 59b5548fe87bc9a454486cbe37d5c89b.tmp (deleted)
>>> lrwx-- 1 root root 64 Jan 26 10:38 995 -> /tmp/clamav-
>>> 0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
>>> ...
>>
>> I think that Clamav now knows this very big problem... Anyway these
>> are 
>> other logs I see (0.99.2 version on RH EL7):
>>
>> 2018-01-26T03:41:29.246852+01:00  clamd[18086]: LibClamAV Error: 
>> cli_gentempfd: Can't create temporary file 
>> /tmp/clamav-f553aa378e37664837deb720f2ce10f6.tmp/clamav-
>> ef95d457b05dc585eb4bc09d3fc83edc.tmp: 
>> Too many open files
>>
>> 2018-01-26T03:41:29.247296+01:00  clamd[18086]: LibClamAV Warning: 
>> fileblobScan, fullname == NULL
>>
>> 2018-01-26T03:41:29.247458+01:00  clamd[18086]: LibClamAV Error: 
>> fileblobDestroy: mixedtextportion not saved: report to 
>> http://bugs.clamav.net
>>
>>
>> Regards
>> Marco
>> ___
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
> 
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Reindl Harald 



Am 26.01.2018 um 13:17 schrieb maxal:

nobody of clamav/cisco reading this list? as the impact is heavy and
probably worldwide - anyone with personal contacts or any other channel
to reach someone there? contact info on clamav.net is only referring to
mailing lists and not very useful


the better question is has the whole fucking IT branche lost it's brain 
because nobody seems to have tests for anything, spit out random junk 
and watch for the fallout, be it Cisco or Intel with microcode updates 
where you than get such things:


DISCLAIMER: This update supersedes microcode provided  by Red Hat with 
the CVE-2017-5715 (?Spectre?)
DISCLAIMER: CPU branch injection vulnerability mitigation. 
(Historically, Red Hat has provided updated
DISCLAIMER: microcode, developed by our microprocessor partners, as a 
customer convenience.) Further
DISCLAIMER: testing has uncovered problems with the microcode provided 
along with the ?Spectre? mitigation
DISCLAIMER: that could lead to system instabilities. As a result, Red 
Hat is providing an microcode update
DISCLAIMER: that reverts to the last known good microcode version dated 
before 03 January 2018.
DISCLAIMER: Red Hat strongly recommends that customers contact their 
hardware provider for the latest microcode updates.

DISCLAIMER:
DISCLAIMER: IMPORTANT: Customers using Intel Skylake-, Broadwell-, and 
Haswell-based platforms must obtain and
DISCLAIMER: install updated microcode from their hardware vendor 
immediately. The "Spectre" mitigation requires
DISCLAIMER: both an updated kernel from Red Hat and updated microcode 
from your hardware vendor.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread maxal 
nobody of clamav/cisco reading this list? as the impact is heavy and
probably worldwide - anyone with personal contacts or any other channel
to reach someone there? contact info on clamav.net is only referring to
mailing lists and not very useful 

On Fri, 2018-01-26 at 12:07 +0100, Marco wrote:
> Il 26/01/2018 10:39, Ralf Hildebrandt ha scritto:
> 
> > clamd is leaking filedescriptors for temporary files - ls
> > /proc/`pidof clamd`/fd shows a
> > lot of:
> > 
> > lrwx-- 1 root root 64 Jan 26 10:38 993 -> /tmp/clamav-
> > 736a3d0d2a944a0a79d465671fb754d5.tmp (deleted)
> > lrwx-- 1 root root 64 Jan 26 10:38 994 -> /tmp/clamav-
> > 59b5548fe87bc9a454486cbe37d5c89b.tmp (deleted)
> > lrwx-- 1 root root 64 Jan 26 10:38 995 -> /tmp/clamav-
> > 0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
> > ...
> 
> I think that Clamav now knows this very big problem... Anyway these
> are 
> other logs I see (0.99.2 version on RH EL7):
> 
> 2018-01-26T03:41:29.246852+01:00  clamd[18086]: LibClamAV Error: 
> cli_gentempfd: Can't create temporary file 
> /tmp/clamav-f553aa378e37664837deb720f2ce10f6.tmp/clamav-
> ef95d457b05dc585eb4bc09d3fc83edc.tmp: 
> Too many open files
> 
> 2018-01-26T03:41:29.247296+01:00  clamd[18086]: LibClamAV Warning: 
> fileblobScan, fullname == NULL
> 
> 2018-01-26T03:41:29.247458+01:00  clamd[18086]: LibClamAV Error: 
> fileblobDestroy: mixedtextportion not saved: report to 
> http://bugs.clamav.net
> 
> 
> Regards
> Marco
> ___
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Kees Theunissen 
On Fri, 26 Jan 2018, Al Varnell wrote:

>If you can't revert to daily 24255 then disable daily.cld until you know it's 
>fixed.
>
>Has anybody updated to daily 24257 to see if that helps? I doubt that it does 
>as no sigs are shown as dropped.

I'm running ClamAv 0.99.2 on two mail servers (debian 9, with
sendmail / MimeDefang / SpamAssassing /ClamAv) and a
workstation (slackware 14.2) without any problem.

I'm currently running daily 24257. But 24256 ran without
problems too.


Regards,

Kees Theunissen.

-- 
Kees Theunissen,  System and network manager,   Tel: +31 (0)40-3334724
Dutch Institute For Fundamental Energy Research (DIFFER)
e-mail address:   c.j.theunis...@differ.nl
postal address:   PO Box 6336, 5600 HH, Eindhoven, the Netherlands
visitors address: De Zaale 20, 5612 AJ, Eindhoven, the Netherlands

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Marco 

Il 26/01/2018 10:39, Ralf Hildebrandt ha scritto:


clamd is leaking filedescriptors for temporary files - ls /proc/`pidof 
clamd`/fd shows a
lot of:

lrwx-- 1 root root 64 Jan 26 10:38 993 -> 
/tmp/clamav-736a3d0d2a944a0a79d465671fb754d5.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 994 -> 
/tmp/clamav-59b5548fe87bc9a454486cbe37d5c89b.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 995 -> 
/tmp/clamav-0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
...


I think that Clamav now knows this very big problem... Anyway these are 
other logs I see (0.99.2 version on RH EL7):


2018-01-26T03:41:29.246852+01:00  clamd[18086]: LibClamAV Error: 
cli_gentempfd: Can't create temporary file 
/tmp/clamav-f553aa378e37664837deb720f2ce10f6.tmp/clamav-ef95d457b05dc585eb4bc09d3fc83edc.tmp: 
Too many open files


2018-01-26T03:41:29.247296+01:00  clamd[18086]: LibClamAV Warning: 
fileblobScan, fullname == NULL


2018-01-26T03:41:29.247458+01:00  clamd[18086]: LibClamAV Error: 
fileblobDestroy: mixedtextportion not saved: report to 
http://bugs.clamav.net



Regards
Marco
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Andreas Schulze 
Am 26.01.2018 um 11:48 schrieb Ralf Hildebrandt:
>> Arguably if a bug in the signatures can lead to such massive problems
>> then that is in itself a bug in the software, which might be (but
>> apparently so far isn't) fixed in a later version.
> 
> Amen to that.

the former 0.99.3beta2 don't crash with latest daily.cvd
I'll could use that version, but what's with the CVE's?
assume, they are still unfixed in the beta code...


-- 
A. Schulze
DATEV eG
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Ralf Hildebrandt 
> Arguably if a bug in the signatures can lead to such massive problems
> then that is in itself a bug in the software, which might be (but
> apparently so far isn't) fixed in a later version.

Amen to that.
-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155


signature.asc
Description: PGP signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Tilman Schmidt 
Am 26.01.2018 um 11:36 schrieb Reindl Harald:
> Am 26.01.2018 um 11:28 schrieb Andreas Schulze:
>>
>> just updated to 0.99.3 ( which is a 0.99.2 + Security fixes ) bit
>> still clamav don't work as expected.
>>
>> Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed:
>> Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed:
> 
> because it's a bug in the signatures?
> as expected!

Arguably if a bug in the signatures can lead to such massive problems
then that is in itself a bug in the software, which might be (but
apparently so far isn't) fixed in a later version.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Reindl Harald 



Am 26.01.2018 um 11:28 schrieb Andreas Schulze:

Am 26.01.2018 um 10:01 schrieb Ralf Hildebrandt:

* Reindl Harald :


sounds like an issue with the official signatures given that you are not the
first reporter and that we don't use them and have no problems


Thought so. Must be a recent signature in daily.cvd.


just updated to 0.99.3 ( which is a 0.99.2 + Security fixes ) bit still clamav 
don't work as expected.

Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed:
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed:


because it's a bug in the signatures?
as expected!
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Al Varnell 
If you can't revert to daily 24255 then disable daily.cld until you know it's 
fixed.

Has anybody updated to daily 24257 to see if that helps? I doubt that it does 
as no sigs are shown as dropped.

Sent from my iPad

-Al-

> On Jan 26, 2018, at 2:28 AM, Andreas Schulze  wrote:
> 
> looks like we have to disable official sigs or clamav at all...
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Andreas Schulze 
Am 26.01.2018 um 10:01 schrieb Ralf Hildebrandt:
> * Reindl Harald :
> 
>> sounds like an issue with the official signatures given that you are not the
>> first reporter and that we don't use them and have no problems
> 
> Thought so. Must be a recent signature in daily.cvd.

just updated to 0.99.3 ( which is a 0.99.2 + Security fixes ) bit still clamav 
don't work as expected.

Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> ERROR: accept() failed: 
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afwkdfLS/parts/p006: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afpEpkat/parts/p004: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afpEpkat/parts/p001: Can't 
create new file ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afpEpkat/parts/p002: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afka2dVq/parts/p001: Can't 
create new file ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afka2dVq/parts/p005: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afka2dVq/parts/p002: Can't 
create new file ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afka2dVq/parts/p003: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afVaWWDm/parts/p007: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afVaWWDm/parts/p001: Can't 
create new file ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afVaWWDm/parts/p002: Can't open 
file or directory ERROR
Fri Jan 26 11:23:10 2018 -> /opt/amavis/tmp/afruM9hl/parts/p001: Can't 
create new file ERROR
Fri Jan 26 11:23:11 2018 -> /opt/amavis/tmp/afruM9hl/parts/p004: Can't 
create temporary file ERROR
Fri Jan 26 11:23:11 2018 -> /opt/amavis/tmp/afruM9hl/parts/p005: Can't 
create temporary file ERROR

looks like we have to disable official sigs or clamav at all...

-- 
A. Schulze
DATEV eG
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Ralf Hildebrandt 
* Dianne Skoll :
> Hi,
> 
> Something went badly wrong with clamd recently; it's stuck with
> hundreds/thousands of open files per process and interrupting mail flow.
> 
> When a scanning thread finishes, I see this in the strace output.
> (I ran clamdscan /etc/hosts as a test):
> 
> [pid  3707] 02:11:01 sendto(295, "/etc/hosts: OK\n", 15, 0, NULL, 0) = 15
> [pid  3707] 02:11:01 shutdown(295, SHUT_RDWR) = 0
> [pid  3707] 02:11:01 close(295) = 0
> [pid  3707] 02:11:01 futex(0x1933c3c, 
> FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 387, {1516950691, 0}, 
> ) = -1 ETIMEDOUT (Connection timed out)
> [pid  3707] 02:11:31 futex(0x1933c10, FUTEX_WAKE_PRIVATE, 1) = 0
> [pid  3707] 02:11:31 madvise(0x7fae6affe000, 8368128, MADV_DONTNEED) = 0
> [pid  3707] 02:11:31 _exit(0)   = ?
> [pid  3707] 02:11:31 +++ exited with 0 +++

clamd is leaking filedescriptors for temporary files - ls /proc/`pidof 
clamd`/fd shows a
lot of:

lrwx-- 1 root root 64 Jan 26 10:38 993 -> 
/tmp/clamav-736a3d0d2a944a0a79d465671fb754d5.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 994 -> 
/tmp/clamav-59b5548fe87bc9a454486cbe37d5c89b.tmp (deleted)
lrwx-- 1 root root 64 Jan 26 10:38 995 -> 
/tmp/clamav-0e2983c3f35c37d833ea37c2867a0aba.tmp (deleted)
...

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155


signature.asc
Description: PGP signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Ralf Hildebrandt 
* Reindl Harald :

> sounds like an issue with the official signatures given that you are not the
> first reporter and that we don't use them and have no problems

Thought so. Must be a recent signature in daily.cvd.

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155


signature.asc
Description: PGP signature
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Rajesh M 
yes all our servers are stuck

disabled official signatures

we have sanesecurity foxhole foxhole_all.cdb -- customized for our use which 
blocks all bad attachments 

it seems to work now.

rajesh


- Original Message -
From: Reindl Harald [mailto:h.rei...@thelounge.net]
To: clamav-users@lists.clamav.net
Sent: Fri, 26 Jan 2018 09:22:14 +0100
Subject: 



Am 26.01.2018 um 09:19 schrieb Marco:
> Il 26/01/2018 09:00, Reindl Harald ha scritto:
>> freshclam and a custom script downloads anything to 
>> /var/lib/clamav-download and then for the two "/var/lib/clamav" and 
>> "/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the 
>> official only "safebrowsing" is active
> 
> We have the same problem: I confirm that without official signature 
> Clamav works!

looks like "freshclam" needs something like a downgrade option when bad 
signatures can lead to such a massive fuckup
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Reindl Harald 



Am 26.01.2018 um 09:19 schrieb Marco:

Il 26/01/2018 09:00, Reindl Harald ha scritto:
freshclam and a custom script downloads anything to 
/var/lib/clamav-download and then for the two "/var/lib/clamav" and 
"/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the 
official only "safebrowsing" is active


We have the same problem: I confirm that without official signature 
Clamav works!


looks like "freshclam" needs something like a downgrade option when bad 
signatures can lead to such a massive fuckup

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Marco 

Il 26/01/2018 09:00, Reindl Harald ha scritto:
freshclam and a custom script downloads anything to 
/var/lib/clamav-download and then for the two "/var/lib/clamav" and 
"/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the 
official only "safebrowsing" is active


We have the same problem: I confirm that without official signature 
Clamav works!


Regards
Marco
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-26 Thread Reindl Harald 



Am 26.01.2018 um 08:32 schrieb Dianne Skoll:

Something went badly wrong with clamd recently; it's stuck with
hundreds/thousands of open files per process and interrupting mail flow.

When a scanning thread finishes, I see this in the strace output.
(I ran clamdscan /etc/hosts as a test):

[pid  3707] 02:11:01 sendto(295, "/etc/hosts: OK\n", 15, 0, NULL, 0) = 15
[pid  3707] 02:11:01 shutdown(295, SHUT_RDWR) = 0
[pid  3707] 02:11:01 close(295) = 0
[pid  3707] 02:11:01 futex(0x1933c3c, 
FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 387, {1516950691, 0}, ) 
= -1 ETIMEDOUT (Connection timed out)
[pid  3707] 02:11:31 futex(0x1933c10, FUTEX_WAKE_PRIVATE, 1) = 0
[pid  3707] 02:11:31 madvise(0x7fae6affe000, 8368128, MADV_DONTNEED) = 0
[pid  3707] 02:11:31 _exit(0)   = ?
[pid  3707] 02:11:31 +++ exited with 0 +++

So it scans the file, says it's OK. and then hangs in the futex for 30
seconds.

HELP!  This is causing major outages for many of our customers


sounds like an issue with the official signatures given that you are not 
the first reporter and that we don't use them and have no problems


freshclam and a custom script downloads anything to 
/var/lib/clamav-download and then for the two "/var/lib/clamav" and 
"/var/lib/clamav-sa" basend on file-lists hardlinks are set - from the 
official only "safebrowsing" is active

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] URGENT: Clamd is wedged on multiple installations

2018-01-25 Thread Dianne Skoll 
Hi,

Something went badly wrong with clamd recently; it's stuck with
hundreds/thousands of open files per process and interrupting mail flow.

When a scanning thread finishes, I see this in the strace output.
(I ran clamdscan /etc/hosts as a test):

[pid  3707] 02:11:01 sendto(295, "/etc/hosts: OK\n", 15, 0, NULL, 0) = 15
[pid  3707] 02:11:01 shutdown(295, SHUT_RDWR) = 0
[pid  3707] 02:11:01 close(295) = 0
[pid  3707] 02:11:01 futex(0x1933c3c, 
FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 387, {1516950691, 0}, ) 
= -1 ETIMEDOUT (Connection timed out)
[pid  3707] 02:11:31 futex(0x1933c10, FUTEX_WAKE_PRIVATE, 1) = 0
[pid  3707] 02:11:31 madvise(0x7fae6affe000, 8368128, MADV_DONTNEED) = 0
[pid  3707] 02:11:31 _exit(0)   = ?
[pid  3707] 02:11:31 +++ exited with 0 +++

So it scans the file, says it's OK. and then hangs in the futex for 30
seconds.

HELP!  This is causing major outages for many of our customers.

Regards,

Dianne.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml