Nathan Phillip Brink wrote:
On 2009-08-17 15:15, Federico Giovannini wrote:
> Hi all,
>
> I'm new in this mailing-list and also as clamav-user so sorry for my
elementary questions.
> With my configuration gentoo, postfix ( 2.2.11-r1), amavisd-new
(2.5.2) and ClamAV 0.95.2 sometimes when my mailserver receives emails
with attachments, clamd stops working and also clamscan dies as
indicated in the following amavis logs:
If you expect clamav + amavisd + postfix to essentially work out of the
box in gentoo, you should file a bug at https://bugs.gentoo.org/ (and CC
me, for my benefit ;-)). Personally, I use clamav-milter to scan emails,
so all my advice for your use of amavisd is primarily guessing based on
the information you have posted.
>
> Aug 17 03:42:59 scilla.sestante.net /usr/sbin/amavisd[10531]:
(10531-12) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL
VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0x8011a434)
Too many retries to talk to /var/amavis/clamd.sock (Can't connect to
UNIX socket /var/amavis/clamd.sock: Connection refused) at (eval 67)
line 310. at (eval 67) line 511.; ClamAV-clamscan av-scanner FAILED:
/usr/bin/clamscan DIED on signal 11 (000b) at (eval 67) line 511.
>
Could you check if /var/amavis/clamd.sock exists after clamd has been
started? Please also give the permissions of the file. You can get this
information by running:
stat /var/amavis/clamd.sock
Of course, you should tell amavisd to look for the clamd socket in
/var/run/clamav/clamd.sock instead. If you still have trouble after
updating amavisd's configuration, please also give the output of:
stat /var/run/clamav/clamd.sock
Also, why is /usr/bin/clamscan being run when a connection is being made
to clamd? wouldn't it be better to run clamdscan?
I posted a reply to the other thread about this, but my message has been
stuck in the hold queue for a couple of days.
In all of these cases, clamd/clamscan are either segfaulting, or being
killed off by PaX. At first, I suspected a (possibly exploitable) bug in
LibClamAV, but it would seem that this is not the case. I now believe
the bug is actually in our particular version of GCC, which is why only
Gentoo users have noticed.
For example, with my default,
CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer"
I get the crash (PaX is killing off an execution attempt at NULL):
mx1 test-cases # clamscan postcard.zip
LibClamAV Error: cli_checkfp(): lseek() failed
Killed
But with,
CFLAGS="-pipe -fomit-frame-pointer"
Everything works as expected:
mx1 ~ # clamscan postcard.zip
postcard.zip: Trojan.Delf-5385 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1358189
Engine version: 0.95.2
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.08 MB
Data read: 0.08 MB (ratio 1.00:1)
Time: 9.645 sec (0 m 9 s)
I haven't filed a Gentoo bug yet, but I plan to if nobody beats me to it.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
