On Mon, Jun 18, 2012 at 1:08 PM, Bill Landry <b...@inetmsg.com> wrote:
> On 6/18/2012 8:01 AM, David Raynor wrote: > >> On Fri, Jun 15, 2012 at 2:42 PM, Daniel McDonald< >> dan.mcdon...@austinenergy.com> wrote: >> >> I just upgraded to clamav 0.97.5, and I am getting the following error: >>> >>> $ grep amavis-20120615T112026-02578/**parts/p002 >>> /var/log/clamav/clamd.log >>> Fri Jun 15 11:22:06 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.**comickingnewjersey_info.**UNOFFICIAL FOUND >>> Fri Jun 15 11:28:46 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.**thai2order_com.UNOFFICIAL FOUND >>> Fri Jun 15 11:28:55 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.**thai2order_com.UNOFFICIAL FOUND >>> Fri Jun 15 11:38:14 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.**comickingnewjersey_info.**UNOFFICIAL FOUND >>> Fri Jun 15 11:38:23 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.**comickingnewjersey_info.**UNOFFICIAL FOUND >>> Fri Jun 15 11:58:40 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.sdhs1_**com.UNOFFICIAL FOUND >>> ======> upgrade here<========= >>> Fri Jun 15 12:13:42 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 12:20:58 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 12:35:06 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 12:35:45 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 12:35:58 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 12:59:12 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 13:00:24 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 13:05:39 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 13:12:10 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: Can't >>> create >>> temporary directory ERROR >>> Fri Jun 15 13:29:36 2012 -> >>> /var/lib/amavis/tmp/amavis-**20120615T112026-02578/parts/**p002: >>> INetMsg.SpamDomain-2w.**hopelasting_in.UNOFFICIAL FOUND >>> >>> This was not observed under 0.97.4 >>> >>> Clamd is being called from amavisd-new 2.6.6. >>> >>> Ideas on how to troubleshoot this issue and resolve it greatly >>> appreciated. >>> >>> >>> -- >>> Daniel J McDonald, CCIE # 2495, CISSP # 78281 >>> >>> ______________________________**_________________ >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >>> http://www.clamav.net/support/**ml <http://www.clamav.net/support/ml> >>> >>> >> Daniel, >> >> Replying off-list. >> >> Dave R. >> > > Why an off-list reply? Others may want to know what the resolutions is to > this issue, as well. > > Bill > > Bill, No good reason in retrospect. Here's the content of my message to Daniel about the error message. I wrote to Unix since that looks like Daniel's specific case. There would be some variance for Windows (e.g. checks TEMP and TMP env variables instead of TMPDIR) but the basis is similar. -- begin -- Here is the context from the clamd.log content. /var/lib/amavis/tmp/amavis-20120615T112026-02578/parts/p002 <== descriptor Can't create temporary directory <== error text that goes along with CL_ETMPDIR return code ERROR <== categorization of result The "Can't create temporary directory" message is very specific. When clamd encounters content that needs to be unpacked (zip, tar, etc.) it creates a temporary directory for the content. That error code happens when clamd has a problem when it tries to create that temporary directory. To find out where to create that directory, clamd defaults to /tmp but will check for a TMPDIR environment variable setting or the "TemporaryDirectory" configuration value inside the clamd.conf file. That will help you determine where it was trying to create the directory. The new directory's name always starts with "clamav-" and the rest is 32 randomly generated alphanumeric characters. Hex digits, really. The two most likely issues are a name collision (that temp directory already existed) or access problems (if clamd is not running as root). The exact temporary directory name it tried to create will only get logged as a debug message, but check the base temporary directory location for any subdirectories that start with "clamav-" and are more than a few minutes old. It is also possible the upgrade reseeded the random name generator for the clamd threads and they had some early name collisions before diverging. A full partition could be a cause but it is very unlikely for this to be the only symptom you see if that happened. Hope this helps, Dave R. --- Dave Raynor dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
