Hi, I've asked the user to recompile with the options below and provide feedback. OS X uses llvm instead of gcc, which means using lldb instead of gdb, so hopefully I've given him the correct command to provide a stack trace!
He said it's likely to be the weekend before he gets a chance to do it though. I'll feed the results back here as soon as he manages to do something. Mark On 20 May 2014, at 08:13 pm, Steven Morgan <smor...@sourcefire.com> wrote: > Hi, > > It would help a lot and eliminate much guesswork if someone who has this > problem could build a debug version of clamav, as in: > > ./configure --enable-debug [other flags] CFLAGS='-g -O0' > > and reproduce the problem with clamd running under gdb (sudo gdb clamd) > with the clamd.conf statement: > > Foreground yes > > When the crash occurs, obtain the stack trace(bt) and also print(p) > relevant variable values surrounding the crash location. > > Either that, or send in some files that we can use to reproduce the problem. > > Thanks, > Steve > > > On Tue, May 20, 2014 at 1:54 PM, Al Varnell <alvarn...@mac.com> wrote: > >> I think there may be some confusion here. There have been three users >> report crashed clamd with Thunderbird, but I believe the INBOX files >> concerned were all less than the 25MB limit at the time. In my case, I had >> never used Thunderbird and installed it simply for test purposes. So as >> the INBOX was growing there were many scans required as new messages >> flooded in which resulted in multiple clamdscan processes being spawned >> against that same INBOX mailbox. That’s when the clamd crash occurred >> leaving a could of clamdscan processes running at high CPU usage. After >> the INBOX grew to 1.15GB and clamd was restarted, there were no more >> crashes, but the logs show no more scans of the INBOX which is consistent >> with the 25MB limit. >> >> At least one of the other two users has four accounts with INBOX files >> below 25MB. Both that user and myself are still using 0.98.3. >> >> The third user compiled and ran his own copy of 0.98.4rc1 and is still >> seeing clamd crashes and high CPU usage daily. He has not yet reported the >> size or number of INBOX files he has and as Mark said, has been asked to >> supply his crash log. >> >> My theory is that it’s the initial flood of messages at Thunderbird >> startup that’s initiating this and not my huge INBOX. >> >> >> -Al- >> -- >> Al Varnell >> Mountain View, CA >> >> On May 20, 2014, at 6:14 AM, Shawn Webb <sw...@sourcefire.com> wrote: >> >>> Hey Mark, >>> >>> Is there a way you could get me the sample? >>> >>> Thanks, >>> >>> Shawn >>> >>> >>> On Tue, May 20, 2014 at 6:49 AM, Mark Allan <markjal...@blueyonder.co.uk >>> wrote: >>> >>>> I may have been a bit hasty with this. It appears there's another issue >>>> with clamd. >>>> >>>> I'm receiving reports of clamd crashing when attempting to parse email >> in >>>> an incredibly large (1.15 GB) Thunderbird mailbox file. >>>> >>>> This particular report is from 0.98.3, but the user is reporting it >> still >>>> happens when testing against 0.98.4-rc1. I'll attempt to get a crash >> log >>>> from the user. >>>> >>>> Exception Type: EXC_BAD_ACCESS (SIGSEGV) >>>> Exception Codes: KERN_INVALID_ADDRESS at 0x0000000117ffffff >>>> >>>> Thread 2 Crashed: >>>> 0 libclamav.6.dylib 0x000000010004fa6c parseEmailBody + 4668 >>>> 1 libclamav.6.dylib 0x000000010004d701 cli_mbox + 1057 >>>> 2 libclamav.6.dylib 0x0000000100048b97 cli_scanmail + 119 >>>> 3 libclamav.6.dylib 0x0000000100044349 magic_scandesc + 8537 >>>> 4 libclamav.6.dylib 0x0000000100042142 cli_base_scandesc + 242 >>>> 5 libclamav.6.dylib 0x0000000100046360 scan_common + 416 >>>> 6 libclamav.6.dylib 0x00000001000465d8 cl_scanfile_callback + 88 >>>> 7 clamd 0x000000010000c62d scan_callback + 749 >>>> 8 libclamav.6.dylib 0x00000001006c966c handle_entry + 252 >>>> 9 libclamav.6.dylib 0x00000001006c9388 cli_ftw + 424 >>>> 10 clamd 0x0000000100007363 command + 1331 >>>> 11 clamd 0x000000010000bd38 scanner_thread + 56 >>>> 12 clamd 0x000000010000918a thrmgr_worker + 938 >>>> 13 libsystem_c.dylib 0x00007fff8cb7b772 _pthread_start + 327 >>>> 14 libsystem_c.dylib 0x00007fff8cb681a1 thread_start + 13 >>>> >>>> I'm aware the offsets won't be too useful, but at least the method names >>>> ought to help I think. >>>> >>>> Mark >>>> >>>> On 16 May 2014, at 03:03 pm, Mark Allan <markjal...@gmail.com> wrote: >>>> >>>>> All works fine for me on OS X 10.6 - 10.9. >>>>> >>>>> For info, compiled on 10.9.2 with support for 10.6 onwards. >>>>> >>>>> CFLAGS="-O2 -g -D_FILE_OFFSET_BITS=64 -mmacosx-version-min=10.6 -arch >>>> x86_64" CXXFLAGS="-O2 -g -D_FILE_OFFSET_BITS=64 >> -mmacosx-version-min=10.6 >>>> -arch x86_64" ./configure --disable-dependency-tracking --enable-llvm >>>> --enable-clamdtop --with-user=_clamav --with-group=_clamav >>>> --enable-all-jit-targets >>>>> >>>>> Mark >>>>> >>>>> On 16 May 2014, at 02:01 pm, Joel Esler (jesler) <jes...@cisco.com> >>>> wrote: >>>>> >>>>>> http://blog.clamav.net/2014/05/clamav-0984rc1-is-now-available.html >>>>>> >>>>>> ClamAV 0.98.4rc1 is now available for download. Shown below are the >>>> notes concerning this release: >>>>>> >>>>>> >>>>>> 0.98.4rc1 >>>>>> ------ >>>>>> >>>>>> ClamAV 0.98.4 is a bug fix release. The following issues are now >>>> resolved: >>>>>> >>>>>> - Various build problems on Solaris, OpenBSD, AIX. >>>>>> >>>>>> - Crashes of clamd on Windows and Mac OS X platforms when reloading >>>>>> the virus signature database. >>>>>> >>>>>> - Infinite loop in clamdscan when clamd is not running. >>>>>> >>>>>> - Freshclam failure on Solaris 10. >>>>>> >>>>>> - Buffer underruns when handling multi-part MIME email attachments. >>>>>> >>>>>> - Configuration of OpenSSL on various platforms. >>>>>> >>>>>> ---- >>>>>> >>>>>> ClamAV 0.98.4rc1 is available for download here: >>>> http://sourceforge.net/projects/clamav/files/RC/clamav-0.98.4-rc1/. >>>> Please download, test, and provide feedback to the mailing list here: >>>>>> >>>>>> http://lists.clamav.net/mailman/listinfo/clamav-users >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> http://www.clamav.net/support/ml >> > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > http://www.clamav.net/support/ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml