Hi, It would help a lot and eliminate much guesswork if someone who has this problem could build a debug version of clamav, as in:
./configure --enable-debug [other flags] CFLAGS='-g -O0' and reproduce the problem with clamd running under gdb (sudo gdb clamd) with the clamd.conf statement: Foreground yes When the crash occurs, obtain the stack trace(bt) and also print(p) relevant variable values surrounding the crash location. Either that, or send in some files that we can use to reproduce the problem. Thanks, Steve On Tue, May 20, 2014 at 1:54 PM, Al Varnell <alvarn...@mac.com> wrote: > I think there may be some confusion here. There have been three users > report crashed clamd with Thunderbird, but I believe the INBOX files > concerned were all less than the 25MB limit at the time. In my case, I had > never used Thunderbird and installed it simply for test purposes. So as > the INBOX was growing there were many scans required as new messages > flooded in which resulted in multiple clamdscan processes being spawned > against that same INBOX mailbox. That’s when the clamd crash occurred > leaving a could of clamdscan processes running at high CPU usage. After > the INBOX grew to 1.15GB and clamd was restarted, there were no more > crashes, but the logs show no more scans of the INBOX which is consistent > with the 25MB limit. > > At least one of the other two users has four accounts with INBOX files > below 25MB. Both that user and myself are still using 0.98.3. > > The third user compiled and ran his own copy of 0.98.4rc1 and is still > seeing clamd crashes and high CPU usage daily. He has not yet reported the > size or number of INBOX files he has and as Mark said, has been asked to > supply his crash log. > > My theory is that it’s the initial flood of messages at Thunderbird > startup that’s initiating this and not my huge INBOX. > > > -Al- > -- > Al Varnell > Mountain View, CA > > On May 20, 2014, at 6:14 AM, Shawn Webb <sw...@sourcefire.com> wrote: > > > Hey Mark, > > > > Is there a way you could get me the sample? > > > > Thanks, > > > > Shawn > > > > > > On Tue, May 20, 2014 at 6:49 AM, Mark Allan <markjal...@blueyonder.co.uk > >wrote: > > > >> I may have been a bit hasty with this. It appears there's another issue > >> with clamd. > >> > >> I'm receiving reports of clamd crashing when attempting to parse email > in > >> an incredibly large (1.15 GB) Thunderbird mailbox file. > >> > >> This particular report is from 0.98.3, but the user is reporting it > still > >> happens when testing against 0.98.4-rc1. I'll attempt to get a crash > log > >> from the user. > >> > >> Exception Type: EXC_BAD_ACCESS (SIGSEGV) > >> Exception Codes: KERN_INVALID_ADDRESS at 0x0000000117ffffff > >> > >> Thread 2 Crashed: > >> 0 libclamav.6.dylib 0x000000010004fa6c parseEmailBody + 4668 > >> 1 libclamav.6.dylib 0x000000010004d701 cli_mbox + 1057 > >> 2 libclamav.6.dylib 0x0000000100048b97 cli_scanmail + 119 > >> 3 libclamav.6.dylib 0x0000000100044349 magic_scandesc + 8537 > >> 4 libclamav.6.dylib 0x0000000100042142 cli_base_scandesc + 242 > >> 5 libclamav.6.dylib 0x0000000100046360 scan_common + 416 > >> 6 libclamav.6.dylib 0x00000001000465d8 cl_scanfile_callback + 88 > >> 7 clamd 0x000000010000c62d scan_callback + 749 > >> 8 libclamav.6.dylib 0x00000001006c966c handle_entry + 252 > >> 9 libclamav.6.dylib 0x00000001006c9388 cli_ftw + 424 > >> 10 clamd 0x0000000100007363 command + 1331 > >> 11 clamd 0x000000010000bd38 scanner_thread + 56 > >> 12 clamd 0x000000010000918a thrmgr_worker + 938 > >> 13 libsystem_c.dylib 0x00007fff8cb7b772 _pthread_start + 327 > >> 14 libsystem_c.dylib 0x00007fff8cb681a1 thread_start + 13 > >> > >> I'm aware the offsets won't be too useful, but at least the method names > >> ought to help I think. > >> > >> Mark > >> > >> On 16 May 2014, at 03:03 pm, Mark Allan <markjal...@gmail.com> wrote: > >> > >>> All works fine for me on OS X 10.6 - 10.9. > >>> > >>> For info, compiled on 10.9.2 with support for 10.6 onwards. > >>> > >>> CFLAGS="-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.6 -arch > >> x86_64" CXXFLAGS="-O2 -g -D_FILE_OFFSET_BITS=64 > -mmacosx-version-min=10.6 > >> -arch x86_64" ./configure --disable-dependency-tracking --enable-llvm > >> --enable-clamdtop --with-user=_clamav --with-group=_clamav > >> --enable-all-jit-targets > >>> > >>> Mark > >>> > >>> On 16 May 2014, at 02:01 pm, Joel Esler (jesler) <jes...@cisco.com> > >> wrote: > >>> > >>>> http://blog.clamav.net/2014/05/clamav-0984rc1-is-now-available.html > >>>> > >>>> ClamAV 0.98.4rc1 is now available for download. Shown below are the > >> notes concerning this release: > >>>> > >>>> > >>>> 0.98.4rc1 > >>>> ------ > >>>> > >>>> ClamAV 0.98.4 is a bug fix release. The following issues are now > >> resolved: > >>>> > >>>> - Various build problems on Solaris, OpenBSD, AIX. > >>>> > >>>> - Crashes of clamd on Windows and Mac OS X platforms when reloading > >>>> the virus signature database. > >>>> > >>>> - Infinite loop in clamdscan when clamd is not running. > >>>> > >>>> - Freshclam failure on Solaris 10. > >>>> > >>>> - Buffer underruns when handling multi-part MIME email attachments. > >>>> > >>>> - Configuration of OpenSSL on various platforms. > >>>> > >>>> ---- > >>>> > >>>> ClamAV 0.98.4rc1 is available for download here: > >> http://sourceforge.net/projects/clamav/files/RC/clamav-0.98.4-rc1/. > >> Please download, test, and provide feedback to the mailing list here: > >>>> > >>>> http://lists.clamav.net/mailman/listinfo/clamav-users > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
