Hi, On 3 apr. 2013, at 00:58, Greg Folkert <g...@donor.com> wrote:
> On Thu, 2013-03-28 at 22:41 +0100, Ben Stuyts wrote: >> On 27 Mar 2013, at 19:20, Ben Stuyts wrote: >> >>> Hi Steve, >>> >>> On 26 mrt. 2013, at 17:54, Steven Morgan <smor...@sourcefire.com> wrote: >>> >>>> Ben, >>>> >>>> I am looking into this issue. In the meantime, can you get any effect from >>>> increasing the clamd.conf parameters ReadTimeout, CommandReadTimeout, >>>> SendBufTimeout, and SelfCheck? >>> >>> I have doubled them and will let clamdscan run tonight. I'll report the >>> results tomorrow. >> >> Unfortunately, this did not have any effect. Same number of errors. What is >> odd is that these errors happen in quick succession. The scan started at >> 21h10, and it seemed to go ok for about 64 minutes: >> >> Thu Mar 28 20:49:25 2013 -> SelfCheck: Database status OK. >> Thu Mar 28 21:10:00 2013 -> SelfCheck: Database status OK. >> Thu Mar 28 21:30:00 2013 -> SelfCheck: Database status OK. >> Thu Mar 28 21:50:00 2013 -> SelfCheck: Database status OK. >> Thu Mar 28 22:10:00 2013 -> SelfCheck: Database status OK. >> Thu Mar 28 22:14:10 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:11 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:12 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:15 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:15 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:16 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:18 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:19 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:14:29 2013 -> Client disconnected while scanjob was active >> Thu Mar 28 22:34:04 2013 -> SelfCheck: Database status OK. >> >> Is there any way to log which files are being scanned at that moment? >> >> At 22:14:29 the scan was considered 'finished' with no errors: >> >> ----------- SCAN SUMMARY ----------- >> Infected files: 0 >> Time: 3868.837 sec (64 m 28 s) >> >> Should I increase the parameters even more? >> >> Ben > > I'm wondering, do you have a File Alteration Monitor daemon running? > Like FAM on Gamin? If not, this might be part of your issue. No, nothing like that. > I've seen screwy notifications happen, especially with mail related > systems in the past. Not so much recently, because many/most have them > by default as soon as an IMAP Daemon is installed. Dovecot is running, but I don't think it does fam. > I also had to change from FAM to Gamin on Debian Sid a while ago, since > FAM was no longer delivering the functionality Courier's IMAP daemon > required. But that is just me. > > It is something to look at, additionally. Thanks for the tip, I'll check what's running at the moment it fails. Ben _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
