Hi, >>>> I have a fedora15 x86_64 box with clamav-0.97.2, postfix-2.8.4, and >>>> amavisd-new-2.6.6 with spamassassin-3.3.2 that has been running fine >>>> for quite a while. Recently, clamd has died with an error similar to > > Was it clamd that died or both clamd and clamscan?
It looks like both: Oct 10 01:11:02 mail02 amavis[31956]: (31956-07-4) ClamAV-clamd: Can't send to socket /var/spool/amavisd/clamd.sock: Transport endpoint is not connected, retrying (1) And here is clamd failing: Oct 10 12:03:29 mail02 amavis[14313]: (14313-03-6) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: cli_loadhash: Problem parsing database at line 662180\nLibClamAV Error: Can't load main.mdb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.mdb\nLibClamAV Error: Can't load /var/lib/clamav/main.cvd: Malformed database\nERROR: Malformed database" at (eval 91) line 596. I notice that it's not always the same database or line number that it is failing on, and it's now just happened again, so it's now more frequent. I suppose it could be a hardware problem, but it's a kvm virtual machine running on new x86_64 Xeon hardware that was stress tested before putting into production. It ran without any difficulties for probably a week prior to the first occurrence of the problem. >>>> Oct 10 02:55:56 mail02 amavis[25696]: (25696-18) (!)run_av >>>> (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV > > The error message refers to clamscan, but maybe because that is the "backup > scanner"? It looks like clamd is the primary and clamscan is set up as a backup with amavisd. >> Oct 10 03:52:33 INFO - Successfully updated Sanesecurity production >> database file: INetMsg-SpamDomains-2w.ndb > > Was there an "integrity tested good" message before that? Yes, it always reported that afterwards. I've just run freshclam manually, and the output is interesting: # freshclam ClamAV update process started at Mon Oct 10 12:04:16 2011 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) connect_error: getsockopt(SO_ERROR): fd=5 error=111: Connection refused Can't connect to port 80 of host db.local.clamav.net (IP: 69.12.162.28) Downloading daily-13777.cdiff [100%] daily.cld updated (version: 13777, sigs: 206679, f-level: 60, builder: ccordes) Empty script safebrowsing-32883.cdiff, need to download entire database Downloading safebrowsing.cvd [100%] WARNING: Mirror 194.186.47.19 is not synchronized. Trying again in 5 secs... ClamAV update process started at Mon Oct 10 12:04:39 2011 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cld is up to date (version: 13777, sigs: 206679, f-level: 60, builder: ccordes) Empty script safebrowsing-32883.cdiff, need to download entire database Downloading safebrowsing.cvd [100%] WARNING: Mirror 150.214.142.197 is not synchronized. Trying again in 5 secs... ClamAV update process started at Mon Oct 10 12:05:00 2011 main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven) daily.cld is up to date (version: 13777, sigs: 206679, f-level: 60, builder: ccordes) Empty script safebrowsing-32883.cdiff, need to download entire database Downloading safebrowsing.cvd [100%] WARNING: Mirror 200.236.31.1 is not synchronized. Giving up on db.local.clamav.net... Update failed. Your network may be down or none of the mirrors listed in /etc/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons. After it finished, I ran it again and it completed successfully. I'm also sure there isn't anything wrong with the network. I'm really stuck here. I hope someone has some ideas. Thanks again, Alex _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
