On Thu, 2013-03-28 at 22:41 +0100, Ben Stuyts wrote:
> On 27 Mar 2013, at 19:20, Ben Stuyts wrote:
>
> > Hi Steve,
> >
> > On 26 mrt. 2013, at 17:54, Steven Morgan <smor...@sourcefire.com> wrote:
> >
> >> Ben,
> >>
> >> I am looking into this issue. In the meantime, can you get any effect from
> >> increasing the clamd.conf parameters ReadTimeout, CommandReadTimeout,
> >> SendBufTimeout, and SelfCheck?
> >
> > I have doubled them and will let clamdscan run tonight. I'll report the
> > results tomorrow.
>
> Unfortunately, this did not have any effect. Same number of errors. What is
> odd is that these errors happen in quick succession. The scan started at
> 21h10, and it seemed to go ok for about 64 minutes:
>
> Thu Mar 28 20:49:25 2013 -> SelfCheck: Database status OK.
> Thu Mar 28 21:10:00 2013 -> SelfCheck: Database status OK.
> Thu Mar 28 21:30:00 2013 -> SelfCheck: Database status OK.
> Thu Mar 28 21:50:00 2013 -> SelfCheck: Database status OK.
> Thu Mar 28 22:10:00 2013 -> SelfCheck: Database status OK.
> Thu Mar 28 22:14:10 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:11 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:12 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:15 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:15 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:16 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:18 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:19 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:14:29 2013 -> Client disconnected while scanjob was active
> Thu Mar 28 22:34:04 2013 -> SelfCheck: Database status OK.
>
> Is there any way to log which files are being scanned at that moment?
>
> At 22:14:29 the scan was considered 'finished' with no errors:
>
> ----------- SCAN SUMMARY -----------
> Infected files: 0
> Time: 3868.837 sec (64 m 28 s)
>
> Should I increase the parameters even more?
>
> Ben
I'm wondering, do you have a File Alteration Monitor daemon running?
Like FAM on Gamin? If not, this might be part of your issue.
I've seen screwy notifications happen, especially with mail related
systems in the past. Not so much recently, because many/most have them
by default as soon as an IMAP Daemon is installed.
I also had to change from FAM to Gamin on Debian Sid a while ago, since
FAM was no longer delivering the functionality Courier's IMAP daemon
required. But that is just me.
It is something to look at, additionally.
--
greg folkert - systems administration and support
web: donor.com
email: g...@donor.com
phone: 877-751-3300 x416
direct: 616-328-6449 (direct dial and fax)
"The purpose of life is a life of purpose."
-- Robert Byrne
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
