On Dec 18, 2009, at 2:32 PM, Török Edwin wrote:
On 2009-12-18 21:14, Jim Preston wrote:
On Dec 18, 2009, at 11:35 AM, Török Edwin wrote:
On 2009-12-18 19:23, jimli...@commspeed.net wrote:
Hi All,
I have upgraded to the current Clamav 0.95.3 and now my clamav-
milter
crashes all the time. Not sure what other information is need to
investigate but here goes:
Is there anything in clamav-milter's logfile? (if you haven't
already
done so, set its logfile, and turn logging on).
Best regards,
--Edwin
Thanks Edwin,
I do have logging turned on but ..... only have entries for starting
the milter
This is from tail ../clamav-milter.log
Fri Dec 18 09:45:01 2009 -> +++ Started at Fri Dec 18 09:45:01 2009
Fri Dec 18 10:00:01 2009 -> +++ Started at Fri Dec 18 10:00:01 2009
Fri Dec 18 10:15:02 2009 -> +++ Started at Fri Dec 18 10:15:02 2009
Fri Dec 18 10:30:01 2009 -> +++ Started at Fri Dec 18 10:30:01 2009
Fri Dec 18 10:45:02 2009 -> +++ Started at Fri Dec 18 10:45:02 2009
Fri Dec 18 11:00:01 2009 -> +++ Started at Fri Dec 18 11:00:01 2009
Fri Dec 18 11:15:01 2009 -> +++ Started at Fri Dec 18 11:15:01 2009
Fri Dec 18 11:30:02 2009 -> +++ Started at Fri Dec 18 11:30:02 2009
Fri Dec 18 11:45:01 2009 -> +++ Started at Fri Dec 18 11:45:01 2009
Fri Dec 18 12:00:02 2009 -> +++ Started at Fri Dec 18 12:00:02 2009
From maillog
Dec 18 10:10:57 JimFedora sendmail[4885]: nBIHAmYr004885:
milter_sys_read(clamav-milter): cmd read returned 0, expecting 5
Dec 18 10:10:57 JimFedora sendmail[4885]: nBIHAmYr004885: Milter
(clamav-milter): to error state
As you can see no posting for it crashing. When it is in its failed
state in response to status I get "clamav-milter dead but subsys
locked"
mail is rejected until the milter is restarted.
Does the milter crash? Try starting it manually, and get a core dump.
Then open a bug, see http://clamav.net/bugs
Best regards,
--Edwin
Could freshclam be causing it to crash? I have a cron job set to run
freshclam at 10 minutes after each hour. In looking at the logs again
I just noticed that the crash all occur around 10 after the hour.
Dec 18 13:10:57 JimFedora sendmail[11696]: nBIKAmTr011696:
milter_sys_read(clamav-milter): cmd read returned 0, expecting 5
Dec 18 13:10:57 JimFedora sendmail[11696]: nBIKAmTr011696: Milter
(clamav-milter): to error state
Dec 18 14:10:57 JimFedora sendmail[13869]: nBILAmMO013869:
milter_sys_read(clamav-milter): cmd read returned 0, expecting 5
Dec 18 14:10:57 JimFedora sendmail[13869]: nBILAmMO013869: Milter
(clamav-milter): to error state
Dec 18 15:10:57 JimFedora sendmail[16083]: nBIMAmTC016083:
milter_sys_read(clamav-milter): cmd read returned 0, expecting 5
Dec 18 15:10:57 JimFedora sendmail[16083]: nBIMAmTC016083: Milter
(clamav-milter): to error state
Could I have a bad setting in the freshclam.conf?
This the diff output of my freshclam.conf and the example one from
0.95.3
# diff /etc/freshclam.conf /opt/clamav-0.95.3/etc/freshclam.conf
8c8
< # Example
---
> Example
13c13
< DatabaseDirectory /var/lib/clamav
---
> #DatabaseDirectory /var/lib/clamav
17c17
< UpdateLogFile /var/log/clamav/freshclam.log
---
> #UpdateLogFile /var/log/freshclam.log
25c25
< LogFileMaxSize 2M
---
> #LogFileMaxSize 2M
29c29
< LogTime yes
---
> #LogTime yes
33c33
< LogVerbose yes
---
> #LogVerbose yes
67c67
< DatabaseMirror db.us.clamav.net
---
> #DatabaseMirror db.XY.clamav.net
92c92
< Checks 24
---
> #Checks 24
114c114
< NotifyClamd /etc/clamd.conf
---
> #NotifyClamd /path/to/clamd.conf
143a144,175
>
> # When enabled freshclam will submit statistics to the ClamAV
Project about
> # the latest virus detections in your environment. The ClamAV
maintainers
> # will then use this data to determine what types of malware are
the most
> # detected in the field and in what geographic area they are.
> # This feature requires LogTime and LogFile to be enabled in
clamd.conf.
> # Default: no
> #SubmitDetectionStats /path/to/clamd.conf
>
> # Country of origin of malware/detection statistics (for statistical
> # purposes only). The statistics collector at ClamAV.net will look up
> # your IP address to determine the geographical origin of the malware
> # reported by your installation. If this installation is mainly
used to
> # scan data which comes from a different location, please enable this
> # option and enter a two-letter code (see
http://www.iana.org/domains/root/db/)
> # of the country of origin.
> # Default: disabled
> #DetectionStatsCountry country-code
>
> # This option enables support for Google Safe Browsing. When
activated for
> # the first time, freshclam will download a new database file
(safebrowsing.cvd)
> # which will be automatically loaded by clamd and clamscan during
the next
> # reload, provided that the heuristic phishing detection is turned
on. This
> # database includes information about websites that may be phishing
sites or
> # possible sources of malware. When using this option, it's
mandatory to run
> # freshclam at least every 30 minutes.
> # Freshclam uses the ClamAV's mirror infrastructure to distribute the
> # database and its updates but all the contents are provided under
Google's
> # terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
> # and http://safebrowsing.clamav.net for more information.
> # Default: disabled
> #SafeBrowsing yes
Thanks, Jim
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
