Hello!
I rebooted my CentOS 7 mail server last night and all of a sudden clamd
is refusing to start - it burns CPU for a couple of minutes and then
gives up. I've now narrowed it down as much as I could and it seems
there is a problem loading daily.cvd/daily.cld.
I started by removing all unofficial signatures, which didn't help. Then
I proceeded to remove all signatures completely and ran freshclam -v,
upon which it successfully loaded (before daily.cvd was downloaded).
Unfortunately when it downloaded daily.cvd it broke again.
It loads perfectly with main.cvd, bytecode.cvd and the rest of the
unofficial signatures, but as soon as daily.cvd appears, it fails.
It gets more interesting. If I start clamd without daily.cvd and then
run freshclam and wait for the 600 second signature check to catch the
new daily, it actually loads them.
Jul 24 14:43:30 orc clamd[25482]: SelfCheck: Database modification
detected. Forcing reload.
Jul 24 14:43:32 orc clamd[25482]: Reading databases from /var/lib/clamav
Jul 24 14:46:21 orc clamd[25482]: Database correctly reloaded (6392516
signatures)
So the problem exists only when completely (re)starting clamd.
Logs are below.
Any ideas?
Thanks!
Reio
Jul 24 14:11:21 orc clamd[4345]: clamd daemon 0.101.2 (OS: linux-gnu,
ARCH: x86_64, CPU: x86_64)
Jul 24 14:11:21 orc clamd[4345]: Running as user amavis (UID 994, GID 990)
Jul 24 14:11:21 orc clamd[4345]: Log file size limited to 1048576 bytes.
Jul 24 14:11:21 orc clamd[4345]: Reading databases from /var/lib/clamav
Jul 24 14:11:21 orc clamd[4345]: Not loading PUA signatures.
Jul 24 14:11:21 orc clamd[4345]: Bytecode: Security mode set to
"TrustSigned".
-------------------------------------------------------------------
This is where it stalls with daily.cvd. If I remove daily.cvd and
restart, it proceeds nicely.
-------------------------------------------------------------------
Jul 24 14:11:56 orc clamd[4345]: Loaded 4726922 signatures.
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Unix socket file
/var/run/clamd.amavisd/clamd.sock
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Setting connection queue length
to 200
Jul 24 14:11:59 orc clamd[5039]: Limits: Global size limit set to
104857600 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: File size limit set to 26214400
bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: Recursion level limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: Files limit set to 10000.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxEmbeddedPE limit set to
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNormalize limit set to
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNoTags limit set to
2097152 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxScriptNormalize limit set to
5242880 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxZipTypeRcg limit set to
1048576 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxPartitions limit set to 50.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxIconsPE limit set to 100.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxRecHWP3 limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMatchLimit limit set to 100000.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCRERecMatchLimit limit set to
2000.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMaxFileSize limit set to
26214400.
Jul 24 14:11:59 orc clamd[5039]: Archive support enabled.
Jul 24 14:11:59 orc clamd[5039]: AlertExceedsMax heuristic detection
disabled.
Jul 24 14:11:59 orc clamd[5039]: Heuristic alerts enabled.
Jul 24 14:11:59 orc clamd[5039]: Portable Executable support enabled.
Jul 24 14:11:59 orc clamd[5039]: ELF support enabled.
Jul 24 14:11:59 orc clamd[5039]: Mail files support enabled.
Jul 24 14:11:59 orc clamd[5039]: OLE2 support enabled.
Jul 24 14:11:59 orc clamd[5039]: PDF support enabled.
Jul 24 14:11:59 orc clamd[5039]: SWF support enabled.
Jul 24 14:11:59 orc clamd[5039]: HTML support enabled.
Jul 24 14:11:59 orc clamd[5039]: XMLDOCS support enabled.
Jul 24 14:11:59 orc clamd[5039]: HWP3 support enabled.
Jul 24 14:11:59 orc clamd[5039]: Self checking every 600 seconds.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
