Hi, > Message-Id: <978EB23167DB24636CAB03DD@Mac-mini.local> > From: Karl Pielorz <kpielorz_...@tdx.co.uk> > Date: Fri, 26 Jan 2018 04:22:13 +0000 > Subject: [clamav-users] Anyone notice any issues with clamav 0.99.2 and > recent patterns?
> >From about 02:59 today (26/01) our we saw a pattern update, and we also > noticed freshclam logged, "DON'T PANIC! Read > http://www.clamav.net/documents/upgrading-clamav"; > > 'freshclam' output shows: > > main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: > sigmgr) > daily.cld is up to date (version: 24256, sigs: 1835772, f-level: 63, > builder: neo) > bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: > neo) > > We're currently running clamav 0.99.2 (technically shown as 0.99.2_8) under > FreeBSD 10.3 amd64 - since then we've seen an issue where clamd "kind of > dies" - it's still running, there are no errors logged anywhere (we log to > syslog) - but whilst it's accepting connections to scan things - for lots > of them it doesn't seem to either be accepting data sent to it's socket > (causing the caller to hang/timeout eventually) - or return results. > > This ends up with a lot of wedged mail processes (and we slowly run out of > fd's as the process table fills up). > > I can't yet update to 0.99.3 (as we use FreeBSD's pkg system - and it's not > available yet). > > Anyone else seen any similar issues? This literally just started with the > update at 02:59 - Any ideas how we can get some kind of logging out of it? > > Worst case, is it possible / easy to roll back to a previous pattern file? > > We only use clamd / freshclam - as our mail system accesses clamd direct > via it's unix socket. We've tried rebuilding the exe that talks to clamd > (just in case it got left behind in the last clamav binaries update) and > that hasn't made any difference :( We're in trouble with the same situation with 0.99.1. Since clamd couldn't read daily.cld version 24256, we rolled it back to version 24255 and stop running freshclam. We may have to upgrade clamav to 0.99.3 immediately. syslog messages says as follows: -- Jan 26 10:37:01 vc06 freshclam[22972]: ClamAV update process started at Fri Jan 26 10:37:01 2018 Jan 26 10:37:01 vc06 freshclam[22972]: Your ClamAV installation is OUTDATED! Jan 26 10:37:01 vc06 freshclam[22972]: Local version: 0.99.1 Recommended version: 0.99.3 Jan 26 10:37:01 vc06 freshclam[22972]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav Jan 26 10:37:01 vc06 freshclam[22972]: main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr) Jan 26 10:37:02 vc06 freshclam[22972]: Downloading daily-24256.cdiff [100%] Jan 26 10:37:05 vc06 freshclam[22972]: daily.cld updated (version: 24256, sigs: 1835772, f-level: 63, builder: neo) Jan 26 10:37:06 vc06 freshclam[22972]: bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo) Jan 26 10:37:08 vc06 freshclam[22972]: Database updated (6402096 signatures) from db.jp.clamav.net (IP: 124.35.85.83) Jan 26 10:37:08 vc06 clamd[26151]: Reading databases from /var/lib/clamav Jan 26 10:37:08 vc06 freshclam[22972]: Clamd successfully notified about the update. Jan 26 10:37:21 vc06 clamd[26151]: Database correctly reloaded (6396044 signatures) Jan 26 10:39:32 vc06 clamd[26151]: instream(10.32.198.32@64291): Can't open file or directory ERROR Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.4@46430): Can't open file or directory ERROR Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.8@50122): Can't open file or directory ERROR Jan 26 10:39:39 vc06 clamd[26151]: instream(10.32.198.8@50124): Can't open file or directory ERROR Jan 26 10:39:40 vc06 clamd[26151]: instream(10.32.198.5@60368): Can't open file or directory ERROR Jan 26 10:39:41 vc06 clamd[26151]: instream(10.32.198.33@37696): Can't open file or directory ERROR Jan 26 10:39:53 vc06 clamd[26151]: accept() failed: (... the last message repeated until rollback) -- -- Toshitaka MIURA _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
