Hi, I am using clamav to filter email. Here is the version info in the RPM (downloaded from the clamav site).
Name : clamav Relocations: (not relocateable) Version : 0.65 Vendor: B.O.F.H. Corp. Release : 4 Build Date: Sun Dec 7 13:54:45 2003 Install Date: Thu Jan 29 12:16:26 2004 Build Host: mr.kristof.cz Group : Applications/System Source RPM: clamav-0.65-4.src.rpm Size : 1827383 License: GPL Signature : DSA/SHA1, Sun Dec 7 14:35:17 2003, Key ID 707526816cdf2cc1 Packager : [EMAIL PROTECTED] URL : http://www.clamav.net/ Summary : An antivirus toolkit for Unix Description : Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with package, which you can use with your own software. Most importantly, the virus database is kept up to date . I use clamd and clamdscan to scan mails. Suddenly during the night clamd stops responding. Here is an extract from the log file: Tue Feb 3 03:57:42 2004 -> /tmp/WhDTrY2BUF: Worm.SCO.A FOUND Tue Feb 3 04:05:41 2004 -> /tmp/niYMI0BYmi: Worm.SCO.A FOUND Tue Feb 3 04:05:50 2004 -> /tmp/SWaeSbzY0U: Worm.SCO.A FOUND Tue Feb 3 04:07:30 2004 -> SelfCheck: Database modification detected. Forcing r eload. Tue Feb 3 04:07:32 2004 -> Reading databases from /var/lib/clamav Tue Feb 3 04:07:39 2004 -> Database correctly reloaded (20610 viruses) Tue Feb 3 04:15:23 2004 -> /tmp/s8h0VZaN7m: Worm.SCO.A FOUND Tue Feb 3 04:15:30 2004 -> /tmp/6LymUITPgA: Worm.SCO.A FOUND Tue Feb 3 04:17:16 2004 -> /tmp/10KTbl560z: Worm.SCO.A FOUND Tue Feb 3 04:17:24 2004 -> /tmp/NwKa7duZaZ: Worm.SCO.A FOUND Tue Feb 3 04:23:41 2004 -> /tmp/La58ibkt5K: Worm.SCO.A FOUND Tue Feb 3 04:23:56 2004 -> /tmp/qtig6iu4ff: Worm.SCO.A FOUND Tue Feb 3 04:24:13 2004 -> /tmp/8MJCJTytS7: Worm.SCO.A FOUND Tue Feb 3 04:24:27 2004 -> /tmp/GeMp3zGlRv: Worm.SCO.A FOUND Tue Feb 3 04:30:49 2004 -> /tmp/fCYkW5s4ha: Worm.SCO.A FOUND Tue Feb 3 04:32:48 2004 -> /tmp/Iucn6SJWlC: Worm.SCO.A FOUND Tue Feb 3 04:33:02 2004 -> /tmp/kVQBQhowla: Worm.SCO.A FOUND Tue Feb 3 04:37:37 2004 -> /tmp/RkAeVjyWem: Worm.SCO.A FOUND Tue Feb 3 04:44:25 2004 -> /tmp/Ep8OY~fbt: Worm.SCO.A FOUND Tue Feb 3 04:44:38 2004 -> /tmp/sIQrLoEMIE: Worm.SCO.A FOUND Tue Feb 3 04:44:44 2004 -> /tmp/BtkZeFN6ZT: Worm.SCO.A FOUND Tue Feb 3 04:44:51 2004 -> /tmp/uCrNYABOvj: Worm.SCO.A FOUND Tue Feb 3 04:46:44 2004 -> /tmp/Q7A0HULvui: Worm.SCO.A FOUND Tue Feb 3 04:54:19 2004 -> /tmp/9AAw9prxXD: Worm.SCO.A FOUND Tue Feb 3 04:55:11 2004 -> /tmp/YtfQN1cCYj: Worm.SCO.A FOUND Tue Feb 3 04:55:25 2004 -> /tmp/a9Z4vDsHt9: Worm.SCO.A FOUND Tue Feb 3 05:08:17 2004 -> SelfCheck: Database status OK. Tue Feb 3 05:09:31 2004 -> /tmp/MzuO9oRPFN: Worm.SCO.A FOUND Tue Feb 3 05:09:46 2004 -> /tmp/0gkcfxxtko: Worm.SCO.A FOUND Tue Feb 3 05:12:21 2004 -> /tmp/VreYUG4UdP: Worm.SCO.A FOUND Tue Feb 3 05:12:29 2004 -> /tmp/8PnRyzCOz1: Worm.SCO.A FOUND Tue Feb 3 05:18:05 2004 -> Session 2 stopped due to timeout. Tue Feb 3 06:08:55 2004 -> SelfCheck: Database status OK. Tue Feb 3 07:09:34 2004 -> SelfCheck: Database status OK. Tue Feb 3 08:10:13 2004 -> SelfCheck: Database status OK. Tue Feb 3 09:10:52 2004 -> SelfCheck: Database status OK. Tue Feb 3 10:11:31 2004 -> SelfCheck: Database status OK. Tue Feb 3 11:12:10 2004 -> SelfCheck: Database status OK. I attached to the process with gdb. Here is what I saw: (gdb) attach 22362 Attaching to program: /usr/sbin/clamd, process 22362 Reading symbols from /usr/lib/libclamav.so.1...done. Loaded symbols for /usr/lib/libclamav.so.1 Reading symbols from /usr/lib/libz.so.1...done. Loaded symbols for /usr/lib/libz.so.1 Reading symbols from /usr/lib/libbz2.so.1...done. Loaded symbols for /usr/lib/libbz2.so.1 Reading symbols from /usr/lib/libgmp.so.3...done. Loaded symbols for /usr/lib/libgmp.so.3 Reading symbols from /lib/libpthread.so.0...done. [New Thread 16384 (LWP 22362)] [New Thread 32769 (LWP 22363)] [New Thread 16386 (LWP 22364)] Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /lib/libnss_files.so.2...done. Loaded symbols for /lib/libnss_files.so.2 0x4010b6a8 in sigsuspend () from /lib/libc.so.6 (gdb) bt #0 0x4010b6a8 in sigsuspend () from /lib/libc.so.6 #1 0x40099c28 in __pthread_wait_for_restart_signal () from /lib/libpthread.so.0 #2 0x40099421 in pthread_create@@GLIBC_2.1 () from /lib/libpthread.so.0 #3 0x0804c698 in acceptloop () #4 0x0804b3ae in localserver () #5 0x0804ad46 in clamd () #6 0x08049ef8 in main () #7 0x400f8917 in __libc_start_main () from /lib/libc.so.6 (gdb) thread 1 [Switching to thread 1 (Thread 16384 (LWP 22362))]#0 0x4010b6a8 in sigsuspend () from /lib/libc.so.6 (gdb) bt #0 0x4010b6a8 in sigsuspend () from /lib/libc.so.6 #1 0x40099c28 in __pthread_wait_for_restart_signal () from /lib/libpthread.so.0 #2 0x40099421 in pthread_create@@GLIBC_2.1 () from /lib/libpthread.so.0 #3 0x0804c698 in acceptloop () #4 0x0804b3ae in localserver () #5 0x0804ad46 in clamd () #6 0x08049ef8 in main () #7 0x400f8917 in __libc_start_main () from /lib/libc.so.6 (gdb) thread 2 [Switching to thread 2 (Thread 32769 (LWP 22363))]#0 0x401bd487 in poll () from /lib/libc.so.6 (gdb) bt #0 0x401bd487 in poll () from /lib/libc.so.6 #1 0x40096dee in __pthread_manager () from /lib/libpthread.so.0 (gdb) thread 3 [Switching to thread 3 (Thread 16386 (LWP 22364))]#0 0x401912f6 in nanosleep () from /lib/libc.so.6 (gdb) bt #0 0x401912f6 in nanosleep () from /lib/libc.so.6 #1 0xffffffc0 in ?? () #2 0x0804bc2b in threadwatcher () #3 0x40097ae0 in pthread_start_thread () from /lib/libpthread.so.0 (gdb) thread 4 Thread ID 4 not known. I am running on Linux 2.4.20 SMP on a dual PPro with glibc-2.3.2-11.9 (Red Hat) Any ideas? -- Erik Corry I'd be a Libertarian, if they weren't all a [EMAIL PROTECTED] bunch of tax-dodging professional whiners. - B. Breathed. ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
