I can't reproduce it, but installed clamav 097.1 on several amd64 boxes,
and i386 boxes running freebsd 7.3
had a problem on ONE freebsd amd64 freebsd 7.3 system with clamav 097.1.
others ran fine.
don't know if it was a DAT file update that did it, but I thought I
would document it as best as I can, so that if there is more people with
issue, we might be able to track it down.
Started to see a problem at 12:23 pm est.
Jun 21 12:23:08 mx2 amavis[28662]: (28662-15) (!!)TROUBLE in check_mail:
virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED
Jun 21 12:23:08 mx2 postfix/lmtp[30578]: 2478C6FE073:
to=<bte...@domain.com.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=389,
delays=4.4/0/0/385, dsn=4.5.0, status=deferred (host
127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=28662-15,
virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of
DATA command))
using clamd with tcpsocket. telnet to port 3310 and do a PING, no response.
clamd hung and would not die. sent sigv to it to kill it so I could
restart.
restart seems to go ok, could send PING to tcpsocket fine.. for 3 mins.
then it hung again.
sent sigv to clamd and replaced it with 097 (without updating dat) and
have not had a problem since.
from clamd.log: (nothing else interesting before this. this is first
reboot try:
+++ Started at Tue Jun 21 12:46:37 2011
clamd daemon 0.97.1 (OS: freebsd7.3, ARCH: amd64, CPU: amd64)
Running as user clamav (UID 106, GID 106)
Log file size limited to 1048576 bytes.
Reading databases from /var/jails/basejail/var/db/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
Loaded 1865682 signatures.
TCP: Bound to address baseip.loc on port 3310
TCP: Setting connection queue length to 240
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 524288000 bytes.
Limits: Recursion level limit set to 16.
WARNING: Limits: Files limit protection disabled.
Archive support enabled.
Algorithmic detection enabled.
Portable Executable support enabled.
ELF support enabled.
Detection of broken executables enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
HTML support enabled.
Self checking disabled.
Set stacksize to 2162688
needed to replace it, and start it again.
/var/jails2/mx1.netess.net//var/amavis/tmp/amavis-20110621T114142-32040/parts/../email.txt:
Sanesecurity.Lott.2271.UNOFFICIAL FOUND
Reading databases from /var/jails/basejail/var/db/clamav
Database correctly reloaded (1865743 signatures)
+++ Started at Tue Jun 21 13:05:27 2011
clamd daemon 0.97 (OS: freebsd7.3, ARCH: amd64, CPU: amd64)
Running as user clamav (UID 106, GID 106)
Log file size limited to 1048576 bytes.
Reading databases from /var/jails/basejail/var/db/clamav
Not loading PUA signatures.
...
freshclam:
ClamAV update process started at Tue Jun 21 11:50:09 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
daily.cld is up to date (version: 13224, sigs: 129381, f-level: 60,
builder: ccordes)
Downloading safebrowsing-30269.cdiff [100%]
safebrowsing.cld updated (version: 30269, sigs: 767036, f-level: 60,
builder: google)
bytecode.cld is up to date (version: 143, sigs: 40, f-level: 60,
builder: edwin)
Database updated (1742671 signatures) from db.us.clamav.net (IP:
194.47.250.218)
Clamd successfully notified about the update.
Received signal: wake up
ClamAV update process started at Tue Jun 21 12:50:19 2011
main.cld is up to date (version: 53, sigs: 846214, f-level: 53, builder:
sven)
daily.cld is up to date (version: 13224, sigs: 129381, f-level: 60,
builder: ccordes)
Downloading safebrowsing-30270.cdiff [100%]
safebrowsing.cld updated (version: 30270, sigs: 767097, f-level: 60,
builder: google)
bytecode.cld is up to date (version: 143, sigs: 40, f-level: 60,
builder: edwin)
Database updated (1742732 signatures) from db.us.clamav.net (IP:
155.98.64.87)
Clamd successfully notified about the update.
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
