Christian Kuehn wrote:
Hi,
we detect some massive problems with the 0.90-series of clamav under Solaris 10,
the clamd use 90-99% of all CPU after 15min and the maschine got a load of
minimum 50.
The logfile shows like that:
Thu Mar 15 07:22:31 2007 ->
/var/spool/exim/scan/1HRqqc-0002q2-MA/1HRqqc-0002q2-MA.eml: Unable to open file
or directory ERROR
Thu Mar 15 07:22:31 2007 -> Client disconnected
or
Thu Mar 15 04:15:36 2007 -> ERROR: accept() failed: Too many open files
or
Thu Mar 15 16:39:25 2007 -> /tmp/dgvirus/tfwYaq9i: Unable to open file or
directory ERROR
We downgrade from 0.90.1 to 0.90 in the first step, but the same, and know the
use 0.88.7 without ANY PROBLEMS.....
Anyone with the same experiences or and ideas how to solve?
Cheers
Christian
Today for the first time one of my Solaris 9 servers suffered this very
problem. Nothing in the clamd logs before or after helped explain the
problem. I'm going to check the smtp and milter logs to see if more
information is available. The result was the clamd process died. It was
restarted immediately successfully. The watchdog that restarts clamd
also removes any existing pattern files and brings forward a known good
set before restarting clamd and in hindsight that blows off some
forensics. I'm going to modify that so that it archives the current set
so that I can test them manually.
My personal opinion is that clamd is self-refreshing the databases at
the instant a new database is being installed. If so then it may be a
worthwhile thing to have a semaphore available as a socket query or as
an external file to all the processes that will help prevent these
timing errors.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
