Hi. I'm using clamd/clamav-milter from clamav-devel-latest with sendmail 8.12 on a linux/2.2. Unfortunately, I can't tell when this bug was introduced. At the moment, I'm on clamav-devel-20031125 with clamav-milter patched *a bit* [just to make its 'virus intercepted' emails more useful for our users]
Clamd seem to leak some descriptors. Take a look: [EMAIL PROTECTED]:~# grep -i socket /etc/clamav.conf # Remove stale socket after unclean shutdown. FixStaleSocket # Path to the local socket. The daemon doesn't change the mode of the LocalSocket /var/run/clamav/clamd #TCPSocket 3310 So, clamav uses AF_UNIX socket to listen. But after some time [few hours running], there is a bunch of open ports, which clamd is listening on (which I think are not closed after scanning a message received from clamav-milter): [EMAIL PROTECTED]:~# netstat -nlp | grep clam tcp 0 0 0.0.0.0:8076 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:32640 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:52369 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:27451 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:3087 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:13918 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:9896 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:53371 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:27301 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:22677 0.0.0.0:* LISTEN 18818/clamd tcp 0 0 0.0.0.0:40824 0.0.0.0:* LISTEN 18818/clamd unix 0 [ ACC ] STREAM LISTENING 2976549 18818/clamd /var/run/clamav/clamd unix 0 [ ACC ] STREAM LISTENING 2976557 18824/clamav-milter /var/run/clmilter.sock [EMAIL PROTECTED]:~# ls -al /proc/18818/fd [...] lrwx------ 1 root proc 64 Nov 28 13:40 0 -> socket:[2976549] lr-x------ 1 root proc 64 Nov 28 13:40 1 -> pipe:[2976552] lrwx------ 1 root proc 64 Nov 28 13:40 10 -> /tmp/tmpfYzbdY6\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 11 -> socket:[3051478] lrwx------ 1 root proc 64 Nov 28 13:40 12 -> socket:[3039092] lrwx------ 1 root proc 64 Nov 28 13:40 13 -> socket:[3039093] lrwx------ 1 root proc 64 Nov 28 13:40 14 -> /tmp/tmpfKNhpaY\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 15 -> socket:[3040223] lrwx------ 1 root proc 64 Nov 28 13:40 16 -> socket:[3039565] lrwx------ 1 root proc 64 Nov 28 13:40 17 -> socket:[3039566] lrwx------ 1 root proc 64 Nov 28 13:40 18 -> /tmp/tmpfreM4U7\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 19 -> socket:[3039806] l-wx------ 1 root proc 64 Nov 28 13:40 2 -> pipe:[2976552] lrwx------ 1 root proc 64 Nov 28 13:40 20 -> socket:[3039807] lrwx------ 1 root proc 64 Nov 28 13:40 21 -> /tmp/tmpfedXGCu\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 22 -> socket:[3040224] lrwx------ 1 root proc 64 Nov 28 13:40 23 -> /tmp/tmpfShHqIm\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 24 -> socket:[3051479] lrwx------ 1 root proc 64 Nov 28 13:40 25 -> /tmp/tmpfEcVZiN\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 26 -> socket:[3056386] lrwx------ 1 root proc 64 Nov 28 13:40 27 -> socket:[3054569] lrwx------ 1 root proc 64 Nov 28 13:40 28 -> socket:[3054570] lrwx------ 1 root proc 64 Nov 28 13:40 29 -> /tmp/tmpfGoCLhu\ (deleted) l-wx------ 1 root proc 64 Nov 28 13:40 3 -> /var/log/clamav/clamd.log lrwx------ 1 root proc 64 Nov 28 13:40 30 -> socket:[3056387] lrwx------ 1 root proc 64 Nov 28 13:40 31 -> /tmp/tmpfaGK03w\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 32 -> socket:[3063845] lrwx------ 1 root proc 64 Nov 28 13:40 33 -> socket:[3063846] lrwx------ 1 root proc 64 Nov 28 13:40 34 -> /tmp/tmpfPkfDwB\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 35 -> socket:[3076204] lrwx------ 1 root proc 64 Nov 28 13:40 36 -> socket:[3076205] lrwx------ 1 root proc 64 Nov 28 13:40 37 -> /tmp/tmpfLqwRtn\ (deleted) lrwx------ 1 root proc 64 Nov 28 13:40 38 -> socket:[3113720] lrwx------ 1 root proc 64 Nov 28 13:40 39 -> socket:[3113721] lrwx------ 1 root proc 64 Nov 28 13:40 4 -> socket:[2976537] lrwx------ 1 root proc 64 Nov 28 13:40 40 -> /tmp/tmpf2LuNwM\ (deleted) lr-x------ 1 root proc 64 Nov 28 13:40 5 -> /usr/share/clamav/ lr-x------ 1 root proc 64 Nov 28 13:40 7 -> /dev/urandom lrwx------ 1 root proc 64 Nov 28 13:40 8 -> socket:[3039412] lrwx------ 1 root proc 64 Nov 28 13:40 9 -> socket:[3039413] [EMAIL PROTECTED]:~# As you can see, there is a bunch of deleted files with not close()d descriptors. I assume that similar thing happens to socked descriptors not being close()d. During some investigations, I found out that it happens for clamd to have fd for /usr/share/clamav opened more than once. Of course, restarting clamd helps, but I think it's a bug worth fixing. If you need more information on this issue, I can provide you logs, enviroment info, and whatever you need to trace the bug. Regards, Jakub Jankowski -- (0> Jakub Jankowski [url]: s.atn.pl "Nawet w Krainie Czarow //\ [EMAIL PROTECTED] [rlu]: 174516 latwiej jest spotkac V_/_ [EMAIL PROTECTED] [ekg]: 921514 Babe Jage niz Alicje" Fingerprint: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
