Well, still no luck, same errors over the weekend. Anybody have any other ideas?
Thanks, Ben On 22 mrt. 2013, at 18:43, Ben Stuyts <b...@altesco.nl> wrote: > > On 22 mrt. 2013, at 18:29, David Raynor <dray...@sourcefire.com> wrote: > >> On Fri, Mar 22, 2013 at 1:11 PM, Ben Stuyts <b...@altesco.nl> wrote: >> >>> Hi, >>> >>> I was using clamscan for daily scanning of our user's home directories, >>> but it was getting too slow with scan times of up to 6 hours. Therefor I'm >>> testing clamdscan and using multiple threads to scan. (cmd line is >>> /usr/local/bin/clamdscan -m --fdpass /home) >>> >>> I am getting the following error messages from clamd while scanning, and >>> it's missing a lot of files. If put the Eicar test file at various spots >>> and it's being missed by the scan. >>> >>> Thu Mar 21 22:00:01 2013 -> SelfCheck: Database status OK. >>> Thu Mar 21 22:10:01 2013 -> SelfCheck: Database status OK. >>> Thu Mar 21 22:13:48 2013 -> Client disconnected while scanjob was active >>> Thu Mar 21 22:13:48 2013 -> Client disconnected while scanjob was active >>> (repeat...) >>> Thu Mar 21 22:14:06 2013 -> Client disconnected while scanjob was active >>> Thu Mar 21 22:17:29 2013 -> Reading databases from /var/db/clamav >>> Thu Mar 21 22:17:36 2013 -> Database correctly reloaded (2019434 >>> signatures) >>> >>> Output from clamdscan, no errors: >>> >>> ----------- SCAN SUMMARY ----------- >>> Infected files: 0 >>> Time: 3846.032 sec (64 m 6 s) >>> >>> This is on FreeBSD 7.4-stable, clamav-0.97.7 (clamav-0.97.6 had the same >>> problem). The home directories are all zfs based. clamd runs as user >>> clamav, clamdscan as user root. >>> >>> What could be causing this? >>> >>> Kind regards, >>> Ben >>> >>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >>> http://www.clamav.net/support/ml >>> >> >> Ben, >> >> The "Client disconnected while scanjob was active" lines can also show up >> when the scanning threads are being told to shutdown. Did freshclam run and >> update your signatures during this scan? >> >> Dave R. >> >> -- >> --- >> Dave Raynor >> Sourcefire Vulnerability Research Team >> dray...@sourcefire.com >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net >> http://www.clamav.net/support/ml >> > > Yes it ran, but at the end at 22:17, not at 22:13 when the first errors > appeared. From freshclam.log: > > -------------------------------------- > Received signal: wake up > ClamAV update process started at Thu Mar 21 20:17:17 2013 > > ... and then the next entry: > -------------------------------------- > Received signal: wake up > ClamAV update process started at Thu Mar 21 22:17:23 2013 > main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder: > sven) > WARNING: getfile: daily-16881.cdiff not found on remote server (IP: > 217.19.16.188) > WARNING: getpatch: Can't download daily-16881.cdiff from database.clamav.net > Downloading daily-16881.cdiff [100%] > daily.cld updated (version: 16881, sigs: 980411, f-level: 63, builder: guitar) > bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo) > Database updated (2024839 signatures) from database.clamav.net (IP: > 145.58.29.83) > Clamd successfully notified about the update. > > ... and the next: > -------------------------------------- > Received signal: wake up > ClamAV update process started at Fri Mar 22 00:17:29 2013 > > There were also a few incoming e-mails during that time which were scanned > via clamav-milter and clamd. Could that have an effect? > > Ben > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
