Hi Steve, I've gathered some logs from one of the servers that had a bunch of the clamor-nnnnnnnnnn.tmp directories over a number of days. I've aggregated seven days of them below (we rotate the log daily). We run freshclam from cron each day.
Please let me know if there's any suggestion on how I can get a definitive reason for this, or correcting this? We have two issues, one is of course that the sigs are not updated, but also on some of the smaller instances the disk space is affected by the tmp files left in /var/lib/clamav. Thanks very much for any suggestions or help! Tue Jun 13 00:03:01 2017 -> -------------------------------------- Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun 13 00:03:01 2017 Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%] Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%] Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%] Wed Jun 14 00:03:02 2017 -> -------------------------------------- Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun 14 00:03:02 2017 Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30 secs) Wed Jun 14 00:03:38 2017 -> Can't connect to port 80 of host db.us.clamav.net (IP: 207.57.106.31) Wed Jun 14 00:04:08 2017 -> nonblock_connect: connect timing out (30 secs) Wed Jun 14 00:04:08 2017 -> Can't connect to port 80 of host db.us.clamav.net (IP: 208.72.56.53) Wed Jun 14 00:04:08 2017 -> Trying host db.us.clamav.net (69.163.100.14)... Wed Jun 14 00:04:08 2017 -> Downloading daily-23452.cdiff [100%] Wed Jun 14 00:04:08 2017 -> Downloading daily-23453.cdiff [100%] Wed Jun 14 00:04:17 2017 -> Downloading daily-23454.cdiff [100%] Thu Jun 15 00:03:01 2017 -> -------------------------------------- Thu Jun 15 00:03:01 2017 -> ClamAV update process started at Thu Jun 15 00:03:01 2017 Thu Jun 15 00:03:01 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Thu Jun 15 00:03:09 2017 -> Downloading daily-23452.cdiff [100%] Thu Jun 15 00:03:09 2017 -> Downloading daily-23453.cdiff [100%] Thu Jun 15 00:03:11 2017 -> Downloading daily-23454.cdiff [100%] Fri Jun 16 00:03:01 2017 -> -------------------------------------- Fri Jun 16 00:03:01 2017 -> ClamAV update process started at Fri Jun 16 00:03:01 2017 Fri Jun 16 00:03:01 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Fri Jun 16 00:03:37 2017 -> nonblock_connect: connect timing out (30 secs) Fri Jun 16 00:03:38 2017 -> Can't connect to port 80 of host db.us.clamav.net (IP: 128.199.133.36) Fri Jun 16 00:03:38 2017 -> Trying host db.us.clamav.net (194.8.197.22)... Fri Jun 16 00:03:38 2017 -> Downloading daily-23452.cdiff [100%] Fri Jun 16 00:03:38 2017 -> Downloading daily-23453.cdiff [100%] Fri Jun 16 00:03:55 2017 -> Downloading daily-23454.cdiff [100%] Sat Jun 17 00:03:02 2017 -> -------------------------------------- Sat Jun 17 00:03:02 2017 -> ClamAV update process started at Sat Jun 17 00:03:02 2017 Sat Jun 17 00:03:02 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Sat Jun 17 00:03:37 2017 -> nonblock_connect: connect timing out (30 secs) Sat Jun 17 00:03:37 2017 -> Can't connect to port 80 of host db.us.clamav.net (IP: 168.143.19.95) Sat Jun 17 00:03:37 2017 -> Trying host db.us.clamav.net (69.12.162.28)... Sat Jun 17 00:03:37 2017 -> Downloading daily-23452.cdiff [100%] Sat Jun 17 00:03:38 2017 -> Downloading daily-23453.cdiff [100%] Sat Jun 17 00:03:39 2017 -> Downloading daily-23454.cdiff [100%] Sun Jun 18 00:03:02 2017 -> -------------------------------------- Sun Jun 18 00:03:02 2017 -> ClamAV update process started at Sun Jun 18 00:03:02 2017 Sun Jun 18 00:03:02 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Sun Jun 18 00:03:44 2017 -> nonblock_recv: recv timing out (30 secs) Sun Jun 18 00:03:44 2017 -> WARNING: getfile: Error while reading database from db.us.clamav.net (IP: 104.131.196.175): Operation now in progress Sun Jun 18 00:03:44 2017 -> WARNING: getpatch: Can't download daily-23452.cdiff from db.us.clamav.net Mon Jun 19 00:03:01 2017 -> -------------------------------------- Mon Jun 19 00:03:01 2017 -> ClamAV update process started at Mon Jun 19 00:03:01 2017 Mon Jun 19 00:03:01 2017 -> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Mon Jun 19 00:03:08 2017 -> Downloading daily-23452.cdiff [100%] Mon Jun 19 00:03:09 2017 -> Downloading daily-23453.cdiff [100%] Mon Jun 19 00:03:11 2017 -> Downloading daily-23454.cdiff [100%] Cheers! David On Mon, Jun 19, 2017 at 1:15 PM, Steven Morgan <smor...@sourcefire.com> wrote: > Hi, > > Any temporary files left by "normal" ClamAV processing is considered to be > a bug. Temporary files may be left if a ClamAV component terminates > ungracefully. Do you have any other logs or know of any other events from > June 3 that may provide additional info about these files left in the temp > directory? > > Steve > > On Mon, Jun 19, 2017 at 8:01 AM, David Pullman <david.pull...@gmail.com> > wrote: > > > Hi, > > > > We're seeing cases on some servers where tmp directories are possibly > being > > left behind in /var/lib/clamav. The following is one example, there are > > some where more than one tmp dir is occurring. > > > > Is this a sign of a failure to clean up after a download? Is there > > something I can check in logs or in configuration regarding this? Or is > it > > simply a need to run a clean up process? > > > > Thanks very much! > > > > David > > > > $ ls -alR /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/ > > /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/: > > total 12 > > drwxr-xr-x 3 clamav clamav 4096 Jun 19 11:16 . > > drwxr-xr-x 3 clamav clamav 4096 Jun 19 00:05 .. > > drwxr-xr-x 2 clamav clamav 4096 Jun 3 00:03 > > clamav-6ef20391b3924221fc3fce4a535e157e.tmp > > > > /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/clamav- > > 6ef20391b3924221fc3fce4a535e157e.tmp: > > total 145216 > > drwxr-xr-x 2 clamav clamav 4096 Jun 3 00:03 . > > drwxr-xr-x 3 clamav clamav 4096 Jun 19 11:16 .. > > -rw-r--r-- 1 clamav clamav 17992 Jun 3 00:03 COPYING > > -rw-r--r-- 1 clamav clamav 557 Jun 3 00:03 daily.cdb > > -rw-r--r-- 1 clamav clamav 424 Jun 3 00:03 daily.cfg > > -rw-r--r-- 1 clamav clamav 6040 Jun 3 00:03 daily.crb > > -rw-r--r-- 1 clamav clamav 26043 Jun 3 00:03 daily.fp > > -rw-r--r-- 1 clamav clamav 9965 Jun 3 00:03 daily.ftm > > -rw-r--r-- 1 clamav clamav 29125847 Jun 3 00:03 daily.hdb > > -rw-r--r-- 1 clamav clamav 3530 Jun 3 00:03 daily.hdu > > -rw-r--r-- 1 clamav clamav 112488731 Jun 3 00:03 daily.hsb > > -rw-r--r-- 1 clamav clamav 89 Jun 3 00:03 daily.hsu > > -rw-r--r-- 1 clamav clamav 36126 Jun 3 00:03 daily.idb > > -rw-r--r-- 1 clamav clamav 5709 Jun 3 00:03 daily.ign > > -rw-r--r-- 1 clamav clamav 4235 Jun 3 00:03 daily.ign2 > > -rw-r--r-- 1 clamav clamav 2271 Jun 3 00:03 daily.info > > -rw-r--r-- 1 clamav clamav 849664 Jun 3 00:03 daily.ldb > > -rw-r--r-- 1 clamav clamav 199116 Jun 3 00:03 daily.ldu > > -rw-r--r-- 1 clamav clamav 4847600 Jun 3 00:03 daily.mdb > > -rw-r--r-- 1 clamav clamav 69427 Jun 3 00:03 daily.mdu > > -rw-r--r-- 1 clamav clamav 92 Jun 3 00:03 daily.msb > > -rw-r--r-- 1 clamav clamav 92 Jun 3 00:03 daily.msu > > -rw-r--r-- 1 clamav clamav 97624 Jun 3 00:03 daily.ndb > > -rw-r--r-- 1 clamav clamav 823647 Jun 3 00:03 daily.ndu > > -rw-r--r-- 1 clamav clamav 4094 Jun 3 00:03 daily.pdb > > -rw-r--r-- 1 clamav clamav 87 Jun 3 00:03 daily.sfp > > -rw-r--r-- 1 clamav clamav 10095 Jun 3 00:03 daily.wdb > > _______________________________________________ > > clamav-users mailing list > > clamav-users@lists.clamav.net > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
