Package: clamav-daemon Version: 0.99+dfsg-0+deb7u2 Severity: important After upgrading from 0.98.7+dfsg-0+deb7u1 to 0.99+dfsg-0+deb7u2 two months ago, clamd on one of our servers has crashed approximately daily. It's rarely stayed running for more than 24 hours.
Before crashing, the daemon spews the message accept() failed: This is often, but not always, preceeded by: Reading databases from /var/lib/clamav The kernel is not reporting segfaults or OOM. I had initially suspected this might be related to the custom configuration file we were using, but the crashes persisted after I allowed the package to regenerate it. On this particular server, clamd is used by clamav-milter. A Nagios check script also runs clamdscan about every five minutes against a CAB, an EXE, a bzip2'd EXE and a zip file that alll contain "Clamav.Test.File-6". As of a Monday (long after the problem starte), the script has started scanning another file we've had false-positive problems with. -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- LogFile disabled StatsHostID = "auto" StatsEnabled disabled StatsPEDisabled = "yes" StatsTimeout = "10" LogFileUnlock disabled LogFileMaxSize = "1048576" LogTime disabled LogClean disabled LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile = "/var/run/clamd.pid" TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" AllowSupplementaryGroups disabled Bytecode = "yes" BytecodeSecurity = "Paranoid" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA = "yes" ExcludePUA disabled IncludePUA disabled AlgorithmicDetection = "yes" ScanPE = "yes" ScanELF = "yes" DetectBrokenExecutables disabled ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" PhishingAlwaysBlockCloak disabled PhishingAlwaysBlockSSLMismatch disabled PartitionIntersection disabled HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" OLE2BlockMacros disabled ScanPDF = "yes" ScanSWF = "yes" ScanArchive = "yes" ArchiveBlockEncrypted disabled ForceToDisk disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" PCREMatchLimit = "10000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" ScanOnAccess disabled OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeUID disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled Config file: freshclam.conf --------------------------- StatsHostID disabled StatsEnabled disabled StatsTimeout disabled LogFileMaxSize = "4294967295" LogTime disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled AllowSupplementaryGroups disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "48" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout = "30" SubmitDetectionStats disabled DetectionStatsCountry disabled DetectionStatsHostID disabled SafeBrowsing = "yes" Bytecode = "yes" Config file: clamav-milter.conf ------------------------------- LogFile disabled LogFileUnlock disabled LogFileMaxSize = "1048576" LogTime disabled LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled PidFile = "/var/run/clamav/clamav-milter.pid" TemporaryDirectory = "/tmp" FixStaleSocket = "yes" MaxThreads = "10" ReadTimeout = "120" Foreground disabled User = "clamav" AllowSupplementaryGroups = "yes" MaxFileSize = "26214400" ClamdSocket = "unix:/var/run/clamav/clamd.ctl" MilterSocket = "local:/var/run/clamav/clmilter.sock" MilterSocketGroup disabled MilterSocketMode disabled LocalNet disabled OnClean = "Accept" OnInfected = "Reject" OnFail = "Accept" RejectMsg disabled AddHeader = "Replace" ReportHostname disabled VirusAction disabled Chroot disabled Whitelist = "/etc/mail/clamav-whitelist" SkipAuthenticated disabled LogInfected = "Off" LogClean disabled SupportMultipleRecipients disabled Software settings ----------------- Version: 0.99 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT Database information -------------------- Database directory: /var/lib/clamav safebrowsing.cvd: version 44607, sigs: 2280661, built on Fri May 13 08:00:06 2016 main.cvd: version 57, sigs: 4218790, built on Wed Mar 16 17:17:06 2016 daily.cld: version 21538, sigs: 141187, built on Fri May 13 06:56:46 2016 bytecode.cld: version 277, sigs: 47, built on Fri Apr 15 12:57:09 2016 [3rd Party] local-js-sigs.ndb: 6 sigs Total number of signatures: 6640691 Platform information -------------------- uname: Linux 3.2.0-4-686-pae #1 SMP Debian 3.2.78-1 i686 OS: linux-gnu, ARCH: i386, CPU: i486 Full OS version: Debian GNU/Linux 7.10 (wheezy) zlib version: 1.2.7 (1.2.7), compile flags: 55 Triple: i386-pc-linux-gnu CPU: corei7, Little-endian platform id: 0x0a1151510404070201040702 Build information ----------------- GNU C: 4.7.2 (4.7.2) GNU C++: 4.7.2 (4.7.2) CPPFLAGS: -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE CXXFLAGS: LDFLAGS: -Wl,-z,relro -Wl,--as-needed -L/usr/lib/i386-linux-gnu -lpcre Configure: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' 'build_alias=i486-linux-gnu' sizeof(void*) = 4 Engine flevel: 81, dconf: 81 --- data dir --- total 158064 -rw-r--r-- 1 clamav clamav 378368 Apr 15 13:26 bytecode.cld -rw-r--r-- 1 clamav clamav 10165248 May 13 07:48 daily.cld -rw-r--r-- 1 root root 5397 Nov 17 11:09 local-js-sigs.ndb -rw-r--r-- 1 clamav clamav 109143933 Mar 17 04:28 main.cvd -rw------- 1 clamav clamav 4212 May 13 08:55 mirrors.dat -rw-r--r-- 1 root root 64 May 10 18:11 pdfstuff.ign2 drwx------ 1223 clamav adm 32768 May 19 2009 quarantine -rw-r--r-- 1 clamav clamav 42079137 May 13 08:55 safebrowsing.cvd -- System Information: Debian Release: 7.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages clamav-daemon depends on: ii adduser 3.113+nmu3 ii clamav-base 0.99+dfsg-0+deb7u2 ii clamav-freshclam [clamav-data] 0.99+dfsg-0+deb7u2 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.17 ii libc6 2.13-38+deb7u10 ii libclamav7 0.99+dfsg-0+deb7u2 ii libncurses5 5.9-10 ii libssl1.0.0 1.0.1e-2+deb7u21 ii libtinfo5 5.9-10 ii lsb-base 4.1+Debian8+deb7u1 ii procps 1:3.3.3-3 ii ucf 3.0025+nmu3 ii zlib1g 1:1.2.7.dfsg-13 clamav-daemon recommends no packages. Versions of packages clamav-daemon suggests: pn apparmor <none> ii clamav-docs 0.99+dfsg-0+deb7u2 pn daemon <none> -- debconf information: * clamav-daemon/debconf: true * clamav-daemon/ReadTimeout: 180 * clamav-daemon/StatsEnabled: false * clamav-daemon/MaxConnectionQueueLength: 15 clamav-daemon/ScanOnAccess: false clamav-daemon/AllowAllMatchScan: true * clamav-daemon/LogFile: * clamav-daemon/ScanMail: true * clamav-daemon/BytecodeTimeout: 60000 clamav-daemon/LogTime: true clamav-daemon/MaxEmbeddedPE: 10M * clamav-daemon/BytecodeSecurity: Paranoid clamav-daemon/ScanSWF: true * clamav-daemon/MaxDirectoryRecursion: 0 * clamav-daemon/MaxThreads: 12 * clamav-daemon/StatsHostID: auto clamav-daemon/TCPAddr: any clamav-daemon/DisableCertCheck: false * clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl * clamav-daemon/LocalSocketMode: 666 * clamav-daemon/StatsTimeout: 10 * clamav-daemon/LogSyslog: true * clamav-daemon/AddGroups: * clamav-daemon/ScanArchive: true clamav-daemon/MaxHTMLNormalize: 10M * clamav-daemon/StatsPEDisabled: true * clamav-daemon/FollowDirectorySymlinks: false * clamav-daemon/StreamMaxLength: 25 clamav-daemon/LogRotate: true clamav-daemon/OnAccessMaxFileSize: 5M * clamav-daemon/TcpOrLocal: UNIX * clamav-daemon/FixStaleSocket: true * clamav-daemon/User: clamav * clamav-daemon/LocalSocketGroup: clamav clamav-daemon/MaxScriptNormalize: 5M clamav-daemon/ForceToDisk: false * clamav-daemon/FollowFileSymlinks: false clamav-daemon/TCPSocket: 3310 * clamav-daemon/SelfCheck: 3600 clamav-daemon/MaxZipTypeRcg: 1M clamav-daemon/MaxHTMLNoTags: 2M * clamav-daemon/Bytecode: true
