Yep, we have this as well this morning. I did upgrade to 0.99.3 but it
did not resolve the problem.
My clamd.log shows the problem as follows:
ri Jan 26 07:24:30 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5OR8B009257/Work/msg-6677-606.txt:
Can't create new file ERROR
Fri Jan 26 07:24:41 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5ObB6009266/Work/msg-6677-611.txt:
Can't create new file ERROR
Fri Jan 26 07:24:45 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5OfC9009275/Work/INPUTMBOX: Can't open
file or directory ERROR
Fri Jan 26 07:24:48 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5Odm1009269/Work/INPUTMBOX: Can't open
file or directory ERROR
Fri Jan 26 07:24:50 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5OeIw009272/Work/INPUTMBOX: Can't open
file or directory ERROR
Fri Jan 26 07:24:52 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5Ok8M009284/Work/msg-6677-621.txt:
Can't create new file ERROR
Fri Jan 26 07:24:56 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5OqDL009303/Work/msg-6677-627.html:
Can't open file or directory ERROR
Fri Jan 26 07:24:58 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5OqFV009305/Work/INPUTMBOX: Can't open
file or directory ERROR
Fri Jan 26 07:25:01 2018 ->
/var/spool/MIMEDefang/mdefang-w0Q5OxZk009311/Work/msg-6677-631.txt:
Can't create new file ERROR
Looks like this started happening around 03:30GMT+2 this morning, with
my errors starting after this freshclam update:
Fri Jan 26 03:34:43 2018 -> Received signal: wake up
Fri Jan 26 03:34:43 2018 -> ClamAV update process started at Fri Jan 26
03:34:43 2018
Fri Jan 26 03:34:43 2018 -> WARNING: Your ClamAV installation is OUTDATED!
Fri Jan 26 03:34:43 2018 -> WARNING: Local version: 0.99.2 Recommended
version: 0.99.3
Fri Jan 26 03:34:43 2018 -> DON'T PANIC! Read
http://www.clamav.net/documents/upgrading-clamav
Fri Jan 26 03:34:43 2018 -> main.cvd is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Fri Jan 26 03:34:49 2018 -> Downloading daily-24256.cdiff [100%]
Fri Jan 26 03:35:17 2018 -> daily.cld updated (version: 24256, sigs:
1835772, f-level: 63, builder: neo)
Fri Jan 26 03:35:17 2018 -> safebrowsing.cld is up to date (version:
46943, sigs: 3094076, f-level: 63, builder: google)
Fri Jan 26 03:35:17 2018 -> bytecode.cld is up to date (version: 319,
sigs: 75, f-level: 63, builder: neo)
Fri Jan 26 03:35:25 2018 -> Database updated (9496172 signatures) from
db.de.clamav.net (IP: 5.9.253.237)
Fri Jan 26 03:35:25 2018 -> Clamd successfully notified about the update.
Hope this hopes anyone?
On 26/01/2018 07:30, MIURA Toshitaka wrote:
Hi,
Message-Id: <978EB23167DB24636CAB03DD@Mac-mini.local>
From: Karl Pielorz <kpielorz_...@tdx.co.uk>
Date: Fri, 26 Jan 2018 04:22:13 +0000
Subject: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent
patterns?
>From about 02:59 today (26/01) our we saw a pattern update, and we also
noticed freshclam logged, "DON'T PANIC! Read
http://www.clamav.net/documents/upgrading-clamav";
'freshclam' output shows:
main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)
daily.cld is up to date (version: 24256, sigs: 1835772, f-level: 63,
builder: neo)
bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder:
neo)
We're currently running clamav 0.99.2 (technically shown as 0.99.2_8) under
FreeBSD 10.3 amd64 - since then we've seen an issue where clamd "kind of
dies" - it's still running, there are no errors logged anywhere (we log to
syslog) - but whilst it's accepting connections to scan things - for lots
of them it doesn't seem to either be accepting data sent to it's socket
(causing the caller to hang/timeout eventually) - or return results.
This ends up with a lot of wedged mail processes (and we slowly run out of
fd's as the process table fills up).
I can't yet update to 0.99.3 (as we use FreeBSD's pkg system - and it's not
available yet).
Anyone else seen any similar issues? This literally just started with the
update at 02:59 - Any ideas how we can get some kind of logging out of it?
Worst case, is it possible / easy to roll back to a previous pattern file?
We only use clamd / freshclam - as our mail system accesses clamd direct
via it's unix socket. We've tried rebuilding the exe that talks to clamd
(just in case it got left behind in the last clamav binaries update) and
that hasn't made any difference :(
We're in trouble with the same situation with 0.99.1.
Since clamd couldn't read daily.cld version 24256, we rolled
it back to version 24255 and stop running freshclam.
We may have to upgrade clamav to 0.99.3 immediately.
syslog messages says as follows:
--
Jan 26 10:37:01 vc06 freshclam[22972]: ClamAV update process started at Fri Jan
26 10:37:01 2018
Jan 26 10:37:01 vc06 freshclam[22972]: Your ClamAV installation is OUTDATED!
Jan 26 10:37:01 vc06 freshclam[22972]: Local version: 0.99.1 Recommended
version: 0.99.3
Jan 26 10:37:01 vc06 freshclam[22972]: DON'T PANIC! Read
http://www.clamav.net/documents/upgrading-clamav
Jan 26 10:37:01 vc06 freshclam[22972]: main.cld is up to date (version: 58,
sigs: 4566249, f-level: 60, builder: sigmgr)
Jan 26 10:37:02 vc06 freshclam[22972]: Downloading daily-24256.cdiff [100%]
Jan 26 10:37:05 vc06 freshclam[22972]: daily.cld updated (version: 24256, sigs:
1835772, f-level: 63, builder: neo)
Jan 26 10:37:06 vc06 freshclam[22972]: bytecode.cld is up to date (version:
319, sigs: 75, f-level: 63, builder: neo)
Jan 26 10:37:08 vc06 freshclam[22972]: Database updated (6402096 signatures)
from db.jp.clamav.net (IP: 124.35.85.83)
Jan 26 10:37:08 vc06 clamd[26151]: Reading databases from /var/lib/clamav
Jan 26 10:37:08 vc06 freshclam[22972]: Clamd successfully notified about the
update.
Jan 26 10:37:21 vc06 clamd[26151]: Database correctly reloaded (6396044
signatures)
Jan 26 10:39:32 vc06 clamd[26151]: instream(10.32.198.32@64291): Can't open
file or directory ERROR
Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.4@46430): Can't open file
or directory ERROR
Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.8@50122): Can't open file
or directory ERROR
Jan 26 10:39:39 vc06 clamd[26151]: instream(10.32.198.8@50124): Can't open file
or directory ERROR
Jan 26 10:39:40 vc06 clamd[26151]: instream(10.32.198.5@60368): Can't open file
or directory ERROR
Jan 26 10:39:41 vc06 clamd[26151]: instream(10.32.198.33@37696): Can't open
file or directory ERROR
Jan 26 10:39:53 vc06 clamd[26151]: accept() failed:
(... the last message repeated until rollback)
--
--
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
