Hey folks,
I ran into an interesting situation just a bit ago while building
a new mail server. I did not have my firewall rules ready yet, so
freshclam was not able to retrieve the databases. Unfortunately,
though, it did not fail gracefully:
[r...@host ~]# head -3 /var/log/freshclam.log ; echo "" ; tail -3
/var/log/freshclam.log
Tue Nov 23 18:52:32 2010 -> --------------------------------------
Tue Nov 23 18:52:32 2010 -> freshclam daemon 0.96.4 (OS: openbsd4.8, ARCH:
x86_64, CPU: x86_64)
Tue Nov 23 18:52:32 2010 -> ClamAV update process started at Tue Nov 23
18:52:32 2010
Tue Nov 23 18:52:39 2010 -> Trying host db.us.clamav.net (213.165.80.159)...
Log size = 12582977, max = 12582912
LOGGING DISABLED (Maximal log file size exceeded).
[r...@host ~]# wc -l /var/log/freshclam.log
142451 /var/log/freshclam.log
Yes, that's right - in *seven seconds*, it wrote out 142,000+ log
entries and managed to disable logging due to the log's new *12MB*
size.
Now, obviously this is my bad, as I didn't give freshclam a chance.
However, it shouldn't retry 47,482 times (literally) in seven
seconds when it doesn't have a route to host:
Tue Nov 23 18:52:32 2010 -> freshclam daemon 0.96.4 (OS: openbsd4.8, ARCH:
x86_64, CPU: x86_64)
Tue Nov 23 18:52:32 2010 -> ClamAV update process started at Tue Nov 23
18:52:32 2010
Tue Nov 23 18:52:32 2010 -> nonblock_connect: connect(): fd=6 errno=65: No
route to host
Tue Nov 23 18:52:32 2010 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 155.98.64.87)
Tue Nov 23 18:52:32 2010 -> Trying host db.us.clamav.net (213.165.80.159)...
Tue Nov 23 18:52:32 2010 -> nonblock_connect: connect(): fd=6 errno=65: No
route to host
Tue Nov 23 18:52:32 2010 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 213.165.80.159)
Tue Nov 23 18:52:32 2010 -> Trying host db.us.clamav.net (213.165.80.159)...
Tue Nov 23 18:52:32 2010 -> nonblock_connect: connect(): fd=6 errno=65: No
route to host
... etc etc etc
This is 0.96.4 on OpenBSD -CURRENT on amd64 architecture. I know
0.96.5 is due out shortly, but I don't recall seeing any similar
issues on the mailing list so I don't know if this is a known
issue. This is a config file I've used over several versions, so
perhaps there is something wrong there? Here are the non-default,
uncommented lines from freshclam.conf:
DatabaseDirectory /var/db/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 12M
LogTime yes
DatabaseOwner _clamav
AllowSupplementaryGroups yes
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.us.clamav.net
DatabaseMirror database.clamav.net
Checks 13
NotifyClamd /etc/clamd.conf
Please let me know if there's any other information you might need
to help track this down...
Thanks!
Benny
--
"No matter how many shorts we have in the system, my guards will
be instructed to treat every surveillance camera malfunction as a
full-scale emergency."
-- Peter Anspach's Evil Overlord List, #67
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
