Re: [Clamav-users] Multiple stability problems on Solaris 9
On Wed, 21 Jan 2004 11:45:11 -0500 Jon R. Kibler [EMAIL PROTECTED] wrote: Hello: In the past few days we have experienced multiple stability problems with clamav. Here is our environment: I tried to reply on your yesterday's mail to bugs@ without success: [EMAIL PROTECTED]: host mx001.mail.trustem.net[63.113.59.72] said: 551 5.7.1 Sorry, but we do not accept email from broadband or dial-up connections with an ISP-supplied hostname (you.TPSA.PL). Best regards, Tomasz Kojm -- oo. [EMAIL PROTECTED] www.ClamAV.net (\/)\. http://www.clamav.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Wed Jan 21 20:54:43 CET 2004 pgp0.pgp Description: PGP signature
Re: [Clamav-users] Multiple stability problems on Solaris 9
Hi, Jon On Wed, 21 Jan 2004 11:45:11 -0500 Jon R. Kibler [EMAIL PROTECTED] wrote: Hello: In the past few days we have experienced multiple stability problems with clamav. Here is our environment: Solaris 9 (sparc) mimedefang 2.36 w/ sendmail 8.12.10 clamav 0.65 The problems appear to be two fold: 1) freshclam, run as a daemon, crashes without sending a notify. freshclam appears to die anytime it finds a problem with a database update instead of just reporting the error and keep on running to try again later. 2) something is causing clamd to die. this just started Monday. the only indication of a problem is that mimedefang starts reporting all sorts of strange errors. in mimedefang, we are using clamdscan instead of clamd directly, as it appears to catch some problems that are missed when running clamd directly under the control of mimedefang (which I view as a mimedefang problem, not a clamav problem). I am another clamav user with Solaris 9 SPARC and Sun's sendmail, so this is not an official response to your bug report. Why not run freshclam from a crontab entry? I have freshclam running twice a day and I always get a mail message, even when there is a problem such as the MD5 checksum error, et. al. that have occurred recently. Have you tried running clamav-milter? I have no problems with that setup. It even picked up a message with the recent bagel worm just shortly after I read about it on the net. Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Multiple stability problems on Solaris 9
Jon R. Kibler wrote: 1) freshclam, run as a daemon, crashes without sending a notify. freshclam appears to die anytime it finds a problem with a database update instead of just reporting the error and keep on running to try again later. Run freshclam from crontab, works like a charm. No daemon that can die. 2) something is causing clamd to die. this just started Monday. the only indication of a problem is that mimedefang starts reporting all sorts of strange errors. in mimedefang, we are using clamdscan instead of clamd directly, as it appears to catch some problems that are missed when running clamd directly under the control of mimedefang (which I view as a mimedefang problem, not a clamav problem). Use MailScanner, it scans files in batches with clamscan so no performance loss. No daemon that can die. http://www.mailscanner.info -- /Peter Bonivart --Unix lovers do it in the Sun Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14, SpamAssassin 2.61 + DCC 1.2.21, ClamAV 0.65 + GMP --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Multiple stability problems on Solaris 9
Jon R. Kibler wrote: Hello: In the past few days we have experienced multiple stability problems with clamav. Here is our environment: Solaris 9 (sparc) mimedefang 2.36 w/ sendmail 8.12.10 clamav 0.65 Isn't 0.65 known to have problems? I use daily snapshot (devel-20040115) and it works fine so far. This was submitted to [EMAIL PROTECTED] yesterday... just curious, is there any type of acknowledgment that we should expect from such submittals? Some acknowledgments are in ChangeLog. Here is an example of the problem from today. The previous entry in the log was from an hour earlier and all was OK. We discovered freshclam had died (with no notice sent) when we were preparing the documentation for the clamd problem. We received no notice that freshclam had any problems or had died. I use freshclam -d on Solaris9, and it didn't die during Malformed CVD header period. ClamAV update process started at Tue Jan 20 23:28:04 2004 main.cvd is up to date (version: 18, sigs: 19810, f-level: 1, builder: tomek) daily.cvd is up to date (version: 94, sigs: 488, f-level: 1, builder: diego) -- ClamAV update process started at Wed Jan 21 01:28:04 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.antispam.or.id (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:05 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.antispam.or.id (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:06 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from clamav.antispam.or.id (202.134.0.71) Giving up... ClamAV update process started at Wed Jan 21 01:28:06 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:08 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (202.134.0.71) Trying again... ClamAV update process started at Wed Jan 21 01:28:09 2004 ERROR: Malformed CVD header detected. ERROR: Can't read main.cvd header from database.clamav.net (202.134.0.71) Giving up... -- ClamAV update process started at Wed Jan 21 03:28:09 2004 main.cvd is up to date (version: 18, sigs: 19810, f-level: 1, builder: tomek) daily.cvd is up to date (version: 94, sigs: 488, f-level: 1, builder: diego) CLAMD PROBLEMS: === Yesterday, just before 11:00 we started getting all sorts of 'strange' mimedefang errors -- none of which were 'problem running virus scanner'. Checking, we found that clamd was not running. (We use clamdscan in mimedefang, not clamd directly, as it appears to be somewhat better at catching some viruses.) Notice that it appeared to die the first time shortly after finding 'Worm.Gibe.F' -- with no indication of why it died. (The virus hit was successfully passed back to mimedefang.) The problem might be in Mon Jan 19 12:04:37 2004 - Mail files support enabled. Try commenting ScanMail on clamav.conf. I don't know how stable (or reliable) ScanMail support is now, but since you use mimedefang you wont need clamd to unpack attachments. Disabling it will at least reduce scanning time a little. Regards, Fajar A. Nugraha --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Multiple stability problems on Solaris 9
On Wed, 21 Jan 2004 at 11:45:11 -0500, Jon R. Kibler wrote: [...] This was submitted to [EMAIL PROTECTED] yesterday... just curious, is there any type of acknowledgment that we should expect from such submittals? [...] Jon, the server which serves your domain (mx001.mail.trustem.net) permanently bounces mail sent to you by my server. That's why you didn't receive the response. BTW, when I connected to it to diagnose the problem, I got: 220-It is a crime in the state where this system is located to port scan 220-a system. If you connect to this MTA without attempting to send mail, 220-you will be subject to prosecution for port scanning. Because I connected to that MTA not to send mail but to see what's wrong, seems that I committed a crime! Eh..., good luck... P.S. Please, shorten line length in your MUA. Log excerpts may be not wrapped and it's OK, but human text should not exceed about 75 chars. -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only [EMAIL PROTECTED] http://www.lodz.tpsa.pl/ | ones and zeros. [EMAIL PROTECTED] http://www.ClamAV.net/ A GPL virus scanner --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
