[Clamav-users] Problems with ClamAV
Hi, I have installed clamav / clamav-milter on a sendmail server with HIGH trafic. It worked well most of the time, but on peak hours (more than 600 concurrent connections per server and 200K mail per hour) the clamav-milter thorws these errors on the syslog and slows down the process: Dec 8 11:30:14 rssmtprelay1 clamav-milter[9347]: ClamAv: thread_create() failed: 12, try again Dec 8 11:30:15 rssmtprelay1 clamav-milter[9347]: ClamAv: thread_create() failed: 12, try again Dec 8 11:30:15 rssmtprelay1 clamav-milter[9347]: hit max-children limit (95 = 95): waiting for some to exit Please I need to resolv this problem. Any help would be appreciated, Javier ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] syserr out of memory
Little problem with sendmail in combination with clamav. Our sendmail complains: Dec 7 11:54:46 lionhead sendmail[13045]: jB7Askgv013045: SYSERR(root): out of memory: Cannot allocate memory ClamAv is configured in sendmail.mc as: INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamd.sock,, F=, T=C:15m;S:4m;R:4m;E:10m')dnl When we comment this milter out. All works fine. Put it back in and it fails. We updated the package with yum to the up-to-date version on dag wieers repository. clam version: clamav-0.87.1-1.2.el4.rf sendmail: sendmail-8.13.1-2 os: CentOS release 4.2 (Final) Any ideas? Regards David ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamav use 100% CPU
Hello! When clamav check mail http://starcat.dp.ua/tmp/clamav/1EKLBH-0002g4-Ek.eml.bz2 clamd enters into an endless loop and consumes 100% CPU time. Or it just silently dies. For example: $ ps ax|fgrep clamd 59921 ?? Ss 0:01.33 /usr/local/sbin/clamd $ clamdscan 1EKLBH-0002g4-Ek.eml /usr/home/starcat/tmp/clamav/1EKLBH-0002g4-Ek.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 33.966 sec (0 m 33 s) $ ps ax|fgrep clamd zsh: 61132 done ps ax | zsh: 61133 exit 1 fgrep clamd $ $ clamd --version ClamAV 0.87.1/1205/Wed Dec 7 16:00:48 2005 my clamd.conf: http://starcat.dp.ua/tmp/clamav/clamd.conf in logs - nothing interest. Where can be a problem? ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Problems with ClamAV
On Thu, Dec 08, 2005 at 11:35:50AM -0500, Javier López said: Hi, I have installed clamav / clamav-milter on a sendmail server with HIGH trafic. It worked well most of the time, but on peak hours (more than 600 concurrent connections per server and 200K mail per hour) the clamav-milter thorws these errors on the syslog and slows down the process: Dec 8 11:30:14 rssmtprelay1 clamav-milter[9347]: ClamAv: thread_create() failed: 12, try again Dec 8 11:30:15 rssmtprelay1 clamav-milter[9347]: ClamAv: thread_create() failed: 12, try again Dec 8 11:30:15 rssmtprelay1 clamav-milter[9347]: hit max-children limit (95 = 95): waiting for some to exit Please I need to resolv this problem. You are passing the '--max-children 95' parameter to the milter, so it doesn't create new children if 95 are already running. You should think about whether you want more than 95 concurrent milter threads, and if you do, raise the max-children parameter. -- -- | Stephen Gran | Nice boy, but about as sharp as a sack | | [EMAIL PROTECTED] | of wet mice. -- Foghorn Leghorn | | http://www.lobefin.net/~steve | | -- signature.asc Description: Digital signature ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Truncated or damaged zip files.
On Tue, 06 Dec 2005 at 2:45:47 +, Mike Bremford wrote: Hi all. I've recently installed ClamAV 0.87.1 and although it's picking up geniune virii successfully, we're getting a large number of mangled W32/Mytob-GH through. I say mangled because the ZIP file appears to be damaged or truncated. [...] As a poor second alternative, is there a way to get clamd to pick up on MD5 signatures? I know about the .db files, but what I really want to do is something like sigtool --md5 brokenzips/* /var/lib/clamav/ badzips.hdb It's highly unlikely that you manage to stop other copies of damaged zip files with MD5 signatures. Because such files differ. and have that file picked up by clamd for it's automatic scanning. Currently it seems that clamd looks for .db and .cvb files, but not .hdb files. It does. If you mean that it doesn't work for you it may be due to the reason given above (next damaged zipfiles are different) or to some local misconfiguration at your site, like DatabaseDirectory other than /var/lib/clamav/ or so (if clamd really doesn't use your .hdb file). When you restart clamd, is the number in Protecting against 41294 viruses in clamd.log the same _with_ and _without_ your .hdb file? -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav use 100% CPU
Ruslan Petrenko wrote: Hello! When clamav check mail http://starcat.dp.ua/tmp/clamav/1EKLBH-0002g4-Ek.eml.bz2 clamd enters into an endless loop and consumes 100% CPU time. Or it just silently dies. $ clamscan -v 1EKLBH-0002g4-Ek.eml.bz2 Scanning 1EKLBH-0002g4-Ek.eml.bz2 1EKLBH-0002g4-Ek.eml.bz2: OK --- SCAN SUMMARY --- Known viruses: 41436 Engine version: 0.87 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 14.03 MB Time: 5.259 sec (0 m 5 s) No problems here. Also next time please don't post potentially harmful files to this list. See http://www.clamav.net/bugs.html instead. Cheers, -aCaB ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav use 100% CPU
aCaB wrote: $ clamscan -v 1EKLBH-0002g4-Ek.eml.bz2 Sorry i used clamscan instead of clamdscan. However works with clamd too. $ clamdscan 1EKLBH-0002g4-Ek.eml.bz2 /home/acab/1EKLBH-0002g4-Ek.eml.bz2: OK --- SCAN SUMMARY --- Infected files: 0 Time: 4.627 sec (0 m 4 s) ___ http://lurker.clamav.net/list/clamav-users.html
Re[2]: [Clamav-users] clamav use 100% CPU
Äîáðûé äåíü! When clamav check mail http://starcat.dp.ua/tmp/clamav/1EKLBH-0002g4-Ek.eml.bz2 clamd enters into an endless loop and consumes 100% CPU time. Or it just silently dies. $ clamscan -v 1EKLBH-0002g4-Ek.eml.bz2 Scanning 1EKLBH-0002g4-Ek.eml.bz2 1EKLBH-0002g4-Ek.eml.bz2: OK No problems here. please, try clamdscan. Also next time please don't post potentially harmful files to this list. See http://www.clamav.net/bugs.html instead. Thank. -- ICQ: 26352891 ___ http://lurker.clamav.net/list/clamav-users.html
Re[2]: [Clamav-users] clamav use 100% CPU
Äîáðûé äåíü! $ clamscan -v 1EKLBH-0002g4-Ek.eml.bz2 Sorry i used clamscan instead of clamdscan. However works with clamd too. in my case - after clamdscan process clamd silently dies: $ ps ax|fgrep clamd 59921 ?? Ss 0:01.33 /usr/local/sbin/clamd $ clamdscan 1EKLBH-0002g4-Ek.eml /usr/home/starcat/tmp/clamav/1EKLBH-0002g4-Ek.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 33.966 sec (0 m 33 s) $ ps ax|fgrep clamd zsh: 61132 done ps ax | zsh: 61133 exit 1 fgrep clamd $ $ clamdscan 1EKLBH-0002g4-Ek.eml.bz2 /home/acab/1EKLBH-0002g4-Ek.eml.bz2: OK --- SCAN SUMMARY --- Infected files: 0 Time: 4.627 sec (0 m 4 s) -- ICQ: 26352891 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav use 100% CPU
On Thu, 08 Dec 2005 at 18:44:47 +0200, Ruslan Petrenko wrote: When clamav check mail [...] clamd enters into an endless loop and consumes 100% CPU time. Or it just silently dies. For example: $ ps ax|fgrep clamd 59921 ?? Ss 0:01.33 /usr/local/sbin/clamd $ clamdscan 1EKLBH-0002g4-Ek.eml /usr/home/starcat/tmp/clamav/1EKLBH-0002g4-Ek.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 33.966 sec (0 m 33 s) $ ps ax|fgrep clamd zsh: 61132 done ps ax | zsh: 61133 exit 1 fgrep clamd $ $ clamd --version ClamAV 0.87.1/1205/Wed Dec 7 16:00:48 2005 my clamd.conf: http://starcat.dp.ua/tmp/clamav/clamd.conf in logs - nothing interest. Where can be a problem? Nothing bad with this file for me: $ clamdscan 1EKLBH-0002g4-Ek.eml /tmp/1EKLBH-0002g4-Ek.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 11.527 sec (0 m 11 s) BTW, Fcart.zip included in the message is 3,2 MB in size, while your clamd.conf contains ArchiveMaxFileSize 1M, so clamd won't scan it. -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
Re: Re[2]: [Clamav-users] clamav use 100% CPU
On Thursday, December 8, 2005, at 05:42 pm, Ruslan Petrenko wrote: /usr/home/starcat/tmp/clamav/1EKLBH-0002g4-Ek.eml: OK Send me a copy of the email, zipped with the password 'virus' and I'll have a look into it. -Nigel ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] clamav use 100% CPU
On Thu, 08 Dec 2005 at 18:44:25 +0100, Tomasz Papszun wrote: [...] Nothing bad with this file for me: $ clamdscan 1EKLBH-0002g4-Ek.eml /tmp/1EKLBH-0002g4-Ek.eml: OK --- SCAN SUMMARY --- Infected files: 0 Time: 11.527 sec (0 m 11 s) [...] Sorry, I forgot to mention: my clamd processes did _not_ disappear while scanning that sample. -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Segmentation fault on reload
On Dec 7, 2005, at 10:19 AM, aCaB wrote: Phil Schilling wrote: On a fresh OS and ClamAV install, I am getting segmentation faults on every database reload. I have searched the list messages and Google but my search-foo must be weak. I have seen questions but no real answers as to how to track down this problem. OS: NetBSD 2.0.2 Sparc64 ClamAV 0.87.1 If anyone could point me in the way of some troubleshooting ideas, it would be greatly appreciated. Thanks Phil Hi Phil, Please have a look at http://www.clamav.net/bugs.html Cheers! Thank you very much. Tracked it down to pthreads on NetBSD 2.0.2. I have used them with 2.0 without trouble but I had to recompile without pthreads to stabalize. Phil ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] clamdscan can't parse configuration file
Hello, I'm new to clam av, but I tried installing version 0.83 this morning as per the instructions in the manual. When I start it up I get: [EMAIL PROTECTED]:~# clamdscan ERROR: Please edit the example config file /etc/clamd.conf. ERROR: Can't parse the configuration file. --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) I do the obvious checks - and I had previously edited /etc/clamd.conf [EMAIL PROTECTED]:~# ls /etc/clamd.conf /etc/clamd.conf [EMAIL PROTECTED]:~# ls -l /etc/clamd.conf -rw-r--r--1 clamav clamav 8133 Dec 9 13:33 /etc/clamd.conf [EMAIL PROTECTED]:~# chmod 755 /etc/clamd.conf [EMAIL PROTECTED]:~# ls -l /etc/clamd.conf -rwxr-xr-x1 clamav clamav 8133 Dec 9 13:33 /etc/clamd.conf* [EMAIL PROTECTED]:~# clamdscan ERROR: Please edit the example config file /etc/clamd.conf. ERROR: Can't parse the configuration file. and so on I've checked the list archives and I can't find any pointers to this particular error. ClamAV is built from sources on College Linux, a Slackware variant and appears to compile cleanly Any ideas? -Doug -- Doug Moncur 18 Gillespie Street, Weetangera ACT 2614, Australia ph +61 4 3755 2545 | fx +1 514 372 3479 (yes it's a virtual fax) ___ http://lurker.clamav.net/list/clamav-users.html
RE: [Clamav-users] clamdscan can't parse configuration file
You need to comment Example line in clamd.conf file Regards, Manish Bali CONFIDENTIALITY NOTICE This e-mail transmission and any documents, files, or previous e-mail messages appended or attached to it, may contain information that is confidential or legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, printing, distribution, or use of the information contained or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender by telephone (+91-172-229 9363) or return e-mail message ([EMAIL PROTECTED]) and delete the original transmission, its attachments, and any copies without reading or saving in any manner. Thank you. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of dgm1 Sent: Friday, December 09, 2005 9:33 AM To: clamav-users@lists.clamav.net Subject: [Clamav-users] clamdscan can't parse configuration file Hello, I'm new to clam av, but I tried installing version 0.83 this morning as per the instructions in the manual. When I start it up I get: [EMAIL PROTECTED]:~# clamdscan ERROR: Please edit the example config file /etc/clamd.conf. ERROR: Can't parse the configuration file. --- SCAN SUMMARY --- Infected files: 0 Time: 0.000 sec (0 m 0 s) I do the obvious checks - and I had previously edited /etc/clamd.conf [EMAIL PROTECTED]:~# ls /etc/clamd.conf /etc/clamd.conf [EMAIL PROTECTED]:~# ls -l /etc/clamd.conf -rw-r--r--1 clamav clamav 8133 Dec 9 13:33 /etc/clamd.conf [EMAIL PROTECTED]:~# chmod 755 /etc/clamd.conf [EMAIL PROTECTED]:~# ls -l /etc/clamd.conf -rwxr-xr-x1 clamav clamav 8133 Dec 9 13:33 /etc/clamd.conf* [EMAIL PROTECTED]:~# clamdscan ERROR: Please edit the example config file /etc/clamd.conf. ERROR: Can't parse the configuration file. and so on I've checked the list archives and I can't find any pointers to this particular error. ClamAV is built from sources on College Linux, a Slackware variant and appears to compile cleanly Any ideas? -Doug -- Doug Moncur 18 Gillespie Street, Weetangera ACT 2614, Australia ph +61 4 3755 2545 | fx +1 514 372 3479 (yes it's a virtual fax) ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html