Hi All, We have found a fairly reliable way to reproduce this bug.
1. Edit the clamd.conf so that SelfCheck is set to 30 (seconds). 2. Restart clamd 3. Wait for the databases to load plus an additional 30 seconds (a minute is plenty) 4. Scan a file with clamdscan 5. Look in the log file for something like: Tue Aug 14 15:08:40 2007 -> No stats for Database check - forcing reload Tue Aug 14 15:08:40 2007 -> Reading databases from /var/share/clamav Tue Aug 14 15:09:16 2007 -> Database correctly reloaded (304149 signatures) 6. If you don't see the "no stats" line, try scanning a file again. 7. Watch the memory usage go through the roof. Looking at the code in clamd/server-th.c, the only reason for the "no stats" line is if the dbstat pointer is NULL. It is almost as if when clamd starts, first it makes the dbstat pointer but sets it to null, then it loads the database but forgets to set the dbstat pointer. Then when a scan is initiated and the selfcheck timer has expired, clamd looks at the pointer, realizes it is NULL and decides to reload the database without first freeing the memory from the database it loaded on startup. This is just a guess... It also seems that setting SelfCheck to 0 (disabled) makes the problem go away. If freshclam is signaling clamd to reload the database when there are new definitions, is SelfCheck still required? Thanks, Joshua -- Joshua Rubin [EMAIL PROTECTED] Software Development Engineer Tel: 303-444-1600 Engineering Department Ext: 3238 eSoft, Inc. Fax: 303-444-1640 295 Interlocken Blvd Broomfield, CO 80021
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
