On Wed, 10 Aug 2005, Apostolos Papayanakis wrote:
> On Tue, 9 Aug 2005 James Kosin wrote:
>
> > Apostolos Papayanakis wrote:
> >
> > | Last month I started getting 10-20 random clamav-milter segfaults
> > |each day. The load is a few tens of thousand scans daily.
> > |
> > | The very same clamav-milter segfaults can also be induced
> > |persistently by "clmilter_watch". That was a surprize to me, because
> > |clmilter_watch is only a health monitoring utility for the clamav-milter
> > |daemon (see http://www.itg.uiuc.edu/itg_software/clmilter_watch).
> > |
> > | On a completely quiet system when tested with clmilter_watch, the
> > |segfaults happen only when using nscd (name service cache daemon) which
> > |comes as a part of glibc (v2.3.5). This means that if I just "pkill nscd"
> > |then the problem vanishes, but if I have nscd running, restart
> > clamav-milter,
> > |then probe it with clmilter_watch, clamav-milter segfaults immediately.
> > |
> > |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_eoh
> > |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_envbody: 4756 bytes
> > |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_eom
> > |Aug 8 22:07:30 alpha clamav-milter[13116]: j78RCJ7TXH930484: clean
> > message from <>
> > |Aug 8 22:07:30 alpha clamav-milter[13116]: clamfi_close
> > |Aug 8 22:07:30 alpha clamav-milter[13116]: Segmentation fault :-( Bye..
> > |
> > | I have enabled debug code and modes and then tried to strace the
> > |problem, with limited results. It seems that clamav-milter segfaults
> > right
> > |after reading from the nscd socket a hostname resolution result (for
> > |localhost.localdomain), and before anything else. It maybe a glibc
> > problem
> > |as there was a glibc upgrade last month indeed.
> > |
> > | Here are the command lines used:
> > |
> > | /usr/sbin/clamav-milter --debug --max-children 150 --force-scan
> > - --timeout=0 --quiet --local inet:33100
> > | /noc/scripts/nst/clmilter_watch -L /dev/null -s 43210 -t 5 #
> > monitor of clamav-milter
> > |
> > | Here are the options from /etc/clamd.conf
> > |
> > |LogClean
> > |LogSyslog
> > |LogVerbose
> > |PidFile /var/run/clamav/clamd.pid
> > |TemporaryDirectory /var/tmp
> > |LocalSocket /var/run/clamav/clamd.sock
> > |FixStaleSocket
> > |StreamMaxLength 20M
> > |MaxThreads 150
> > |User clamav
> > |Foreground
> > |Debug
> > |DetectBrokenExecutables
> > |ScanRAR
> > |
> > | I am currently in the process of testing with a previous version of
> > |glibc, just in case I have hit a new bug, but this will take time.
> > Does any
> > |body else have another hint?
> > |
> > I had a simular problem. That seemed to be fixed with the latest ZLib
> > libraries:
> > ~ http://www.zlib.net
> >
> > I would get errors from clamav-milter looking something like the
> > following:
> > ~ Aug 5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter
> > (clmilter): local socket name /var/run/clamav/clamav-milter.sock unsafe
> > ~ Aug 5 12:02:39 beta sendmail[29124]: j75G2dHC029124: Milter
> > (clmilter): to error state
> >
> > (1) What platform are you using? Debian, Redhat, Fedora, Gentoo?
> >
> > Good Luck,
> > James Kosin
>
> All software is recent. The platform
> is Gentoo Linux on x86 and the software is
>
> kernel: 2.6.11-gentoo-r8
> glibc: 2.3.5
> zlibc: 1.2.3
> clamav: 0.86.2
>
> However I have just verified that clamav-milter does not segfault
> with nscd coming with glibc-2.3.4.20041102-r1, as it does with nscd from
> glibc-2.3.5. I will focus on the glibc side of the problem, maybe try more
> recent versions of glibc and contact glibc forums.
>
>
The problem seems to be a new bug in the current packaging of glibc
for my distro (Gentoo sys-libs/glibc-2.3.5) which has already been fixed in
a subsequent release (sys-libs/glibc-2.3.5-r1). However the new version is
not characterized stable for x86 yet.
Here is what I have found out:
I have had CFLAGS="-fomit-frame-pointer" in my system-wide compile
options for more than a year without problems. It seems that this flag is
incompatible with glibc, but glibc compile scripts had always been quietly
clearing it out in the past, so there was no problem.
However the current version of glibc compile scripts in Gentoo
(glibc-2.3.5) do not clear this flag, and so the problem appeared. In
subsequent versions of the glibc packaging (glibc-2.3.5-r1) the flag gets
always cleared again, and there are no problems (yet).
I now have a glibc-2.3.5 compiled without "-fomit-frame-pointer",
and no problems with clamav-milter for now. I hope it will stay that way.
Apostolis Papayanakis
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
