* Cross-posted to the SaneSecurity And ClamAV-Users lists. Folks, I disabled clamd's "SelfCheck" (SelfCheck 0) a few weeks ago and have not seen any crashed since. However, I went back this morning and parsed some of my old clamd.log files to see when clamd SelfCheck's were happening.
I didn't think I would find any forced reloads from SelfCheck since freshclam and my script were both set to signal clamd to reload databases when an update was detected. However, that was not the case. If fact, every SelfCheck forced reload came either within the same time interval as my scripts pause-run time-frame or at the same time as a freshclam update happened. I had SelfCheck configured to check ever 10 minutes, and it appears that at random times this SelfCheck would just happen to run either while a script update or a freshclam update was happening. If you have SelfCheck enabled in your clamd.conf, you can check and possibly confirm this by parsing your clamd.log files with: grep "SelfCheck.*Forcing reload" /your/path/to/clamd.log Check the time-frames and see if they coordinate with your script's run-times or your freshclam updates (see frashclam.log). I'm thinking that the times that clamd crashed on my systems most likely correspond to the times that SelfCheck ran during a script update or a freshclam update, which is why the crashes happened so randomly (I can't prove this now because I didn't maintain a record of my clamd crash date/times). If you find that the time-frames correspond to each other (SelfCheck/script-or-freshclam-updates/clamd-crash) then I would recommend disabling "SelfCheck" in your clamd.conf. It's really not necessary if you have enabled "NotifyClamd" in your freshclam.conf, as this will automatically signal clamd if a freshclam update happens, and I believe that most available scripts can be set to signal clamd to reload its databases if an update is detected (at least mine can). Anyway, feedback confirming or disproving this theory are welcome! Bill _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
