[Clamav-users] clamd rejecting supervise parent
I am having a problem running clamd with supervise. Actually, it does this without supervise. It seems to run, then kill itselfs and daemonise itself. Then subsequent clamd's uses it as its parent instead on supervise This started after I upgraded to the latest CVS version, so I have fiddled and am sure I have done something wrong... Running before 0.8 CVS: root 190 173 0 Jan06 ?00:00:00 supervise clamd qscand 191 190 0 Jan06 ?00:00:02 /usr/sbin/clamd After my fiddling: root 18898 20172 0 12:07 pts/000:00:00 supervise /var/clamav/ supervise/ qscand 18900 1 0 12:07 ?00:00:00 /usr/local/sbin/clamd qscand 18909 18900 0 12:07 ?00:00:00 /usr/local/sbin/clamd My run: [EMAIL PROTECTED] clamd]# cat run exec 2>&1 CLAMD_FILE=/var/clamav/clamd.sock SCAN_FILE=$0 # Check for a leftover socket. if [ -e $CLAMD_FILE ] then echo "run: WARNING: file $CLAMD_FILE exists" if clamdscan $SCAN_FILE then echo "run: FATAL: Clamd is already running. Trying to start anyway..." else echo "run: INFO: Clamd is not running. Deleting $CLAMD_FILE" rm -f $CLAMD_FILE fi fi # Run the scanner daemon. exec /usr/local/sbin/clamd Thanks, Shaun Bugler Ps: Forgive me is nothing makes sense, complete clamav noob ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] clamd rejecting supervise parent
On Friday 07 January 2005 12:15, Trog wrote: > On Fri, 2005-01-07 at 10:11, Shaun Bugler wrote: > > I am having a problem running clamd with supervise. > > Actually, it does this without supervise. > > It seems to run, then kill itselfs and daemonise itself. > > Then subsequent clamd's uses it as its parent instead on supervise > > This started after I upgraded to the latest CVS version, so I have > > fiddled and am sure I have done something wrong... > > Set the "Foreground" option in clamd.conf > > -trog Thanks, that did it. You sure are fast :) SB ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Glibc requirements
We are still using RedHat 7, and were running glibc-2.2.4-18.7.0.9. Clamav complained about something that was in glibc, so I had to upgrade. I have installed clamav 0.8 using glibc-2.3.2-4.80.8 glibc-common-2.3.2-4.80.8 glibc-profile-2.3.2-4.80.8 Finally I tried glibc-devel-2.3.2-4.80.8 This required me to update binutils, so: binutils-2.13.90.0.2-2 which required a new version of gcc gcc-2.96-98 which required a new version of cpp cpp-2.96-98 I am now finally running clamav fine, problem is I would have to do this on a whole ton of production boxes. What I want to know is what pakckages do you guys recommend for RH7 or are the above packages ok. Shot -- Shaun Bügler Hetzner Africa Tel: +27 21 970 2000 Fax: +27 21 970 2001 Email Disclaimer: http://www.hetzner.co.za/index.php?id=245 [ * Awarded Top 50 ICT Companies status in SA - 2003/4] [ * Awarded Top 300 National Companies status - 2004/5/6 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Glibc requirements
> Shaun Bugler wrote: > >I am now finally running clamav fine, problem is I would have to do this > > on a whole ton of production boxes. > >What I want to know is what pakckages do you guys recommend for RH7 > >or are the above packages ok. > > If you have tons of RH7 boxes, you better compile your own RPMS. > use the SRPMS or .spec that you have (I hear Dag's and Crash Hat's work > great), > and start from there. I tried the following: 'rpm -i clamav-0.80-4.src.rpm' I then tried to rebuild: 'rpm -ba /usr/src/redhat/SPEC/clamav.spec' 'rpm -ba clamav.spec' (using crash hats) It said it had dependancies, I got them, installed them: autoconf253-2.53-3.noarch.rpm automake15-1.5-2.noarch.rpm libidn-0.5.2-0.fdr.0.rh73.i386.rpm libidn-devel-0.5.2-0.fdr.0.rh73.i386.rpm pkgconfig-0.7.0-3.i386.rpm sendmail-devel-8.12.8-9.1.rh73.dag.i386.rpm Once again, alot. But still it says: [EMAIL PROTECTED] clamav-source]# rpm -ba /usr/src/redhat/SPECS/clamav.spec error: failed build dependencies: autoconf is needed by clamav-0.80-4 automake is needed by clamav-0.80-4 [EMAIL PROTECTED] clamav-source]# ll /usr/bin | grep auto lrwxrwxrwx1 root root 22 Jan 11 14:23 autoconf -> /usr/bin/ autoconf-2.53 -rwxr-xr-x1 root root 6196 Mar 27 2002 autoconf-2.53 lrwxrwxrwx1 root root 12 Jan 11 14:22 automake -> automake-1.5 its there any suggestions for a struggling noob? -- Shaun Bügler Hetzner Africa Tel: +27 21 970 2000 Fax: +27 21 970 2001 Email Disclaimer: http://www.hetzner.co.za/index.php?id=245 [ * Awarded Top 50 ICT Companies status in SA - 2003/4] [ * Awarded Top 300 National Companies status - 2004/5/6 ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users]
We had a problem a while back of certain zip files failing to be scanned by clam. This was apparently fixed (zzip-file.c) but now we want to test this on our machines. We unfortunately don't have a zip file that caused the problems anymore. I am unable to generate such a file with winrar,winzip,pkzip etc so I was wondering if anyone could point me to an application that can make these zip files or how to create one with the zip program above. Thanks, Shaun Bugler ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] zip 2.1 example needed
- Original Message - From: "Bob Hutchinson" <[EMAIL PROTECTED]> To: Sent: Wednesday, January 19, 2005 2:53 PM Subject: Re: [Clamav-users] > On Wednesday 19 Jan 2005 10:27, Shaun Bugler wrote: > > We had a problem a while back of certain zip files failing to be scanned by > > clam. This was apparently fixed (zzip-file.c) but now we want to test this > > on our machines. > > http://www.eicar.org/anti_virus_test_file.htm These files use zip version 1.0. The problem zip file used zip version 2.1. I have been able to make verion 1.0, 2.0 etc just not 2.1 and this version doesn't seem to be used anymore... (only extract, not create). > > > > > We unfortunately don't have a zip file that caused the problems anymore. I > > am unable to generate such a file with winrar,winzip,pkzip etc so I was > > wondering if anyone could point me to an application that can make these > > zip files or how to create one with the zip program above. > > > > Thanks, > > Shaun Bugler > > > > ___ > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > -- > - > Bob Hutchinson > Midwales dot com > - > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Zip module failure
> > >On Wednesday 05 January 2005 14:59, Deon de Villiers wrote: > > > Hi > > > > > > We are experiencing this as well. > > > > > >How stable is the current CVS version? Is it OK to use in a busy > > >production environment? (I hope I am not asking a silly question..., > > but I need to get a fix for this asap). > >We moved to CVS and then we noticed that the issue disappeared. We have > been > >running CVS for a while now and we have not noticed any stability issues > I used the CVS version and it solves the problem, but I didn't upgrade to zlib 1.2.2 Regarding my previous thread: [Clamav-users] zip 2.1 example needed I have a zip file that didn't work, but it doesn't contain a virus. I tried adding to the file but all the zip utilities I use don't add the file using the same zip version (2.1). All I want to find out is if anyone has tried a zip file (containing a virus) that previously didn't work, on the new CVS and it picked the virus up. All a bit paraniod this I know, but just want to make sure. Thanks. Shaun > > > > Thanks > > Deon. > > > > Chris Gauch wrote: > > > Nigel, > > > > > > Sure enough the newer CVS and the installation of zlib 1.2.2 solved the > > > issue. Haven't seen a zip module error since then. > > > > > > - Chris > > > > > > --- > > > > > > Try the CVS version. If it still fails then contact me directly by > e-mail > > > and I'll try to help. > > > > > > -Nigel > > > > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problem with clamd hanging
- Original Message - From: <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Monday, January 24, 2005 1:13 PM Subject: Re: [Clamav-users] Problem with clamd hanging > > Trog <[EMAIL PROTECTED]> > > Date: Fri, 21 Jan 2005 16:27:51 GMT > > Subject: Re: [Clamav-users] Problem with clamd hanging > > > > >--===1591423761== > >Content-Type: multipart/signed; micalg=pgp-sha1; > >protocol="application/pgp-signature"; > >boundary="=-kxvkl7u/uvATrEmpmLSY" > > > > > >--=-kxvkl7u/uvATrEmpmLSY > >Content-Type: text/plain > >Content-Transfer-Encoding: quoted-printable > > > >On Fri, 2005-01-21 at 17:24 +0100, Frederic Goudal wrote: > > > >>=20 > >> I'm using 1.2.1 I'll try 1.2.2 monday, than the 0.81 if it does not work. > >>=20 > > > >I would definitely do that. 1.2.1 has a known crashing bug. > > > > It was not crashing. But I did switch to 1.2.2 and it does not solve the problem. > It hanged after 2 hours. > > Btw it seems that it occurs on specific mails, as it seems to hang 2 or three time in a row, than works for 2 hours or more... > > I'll try to compile the 0.81rc1 > > f.g. > We also have a problem with clamd "stalling", and then qmail rejects all incoming mail. WE are using an old version of zlib (zlib-1.1.4-8.7x). This activity seems random, and we haven't been able to reproduce this. I have browsed the list archieve and seen numerous people with the same problem but it seems there is no "concrete" answer to fix this. Hopefully someone can get to the bottom of this one :) sb > > > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problem with clamd hanging
- Original Message - From: "Tomasz Kojm" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Monday, January 24, 2005 3:59 PM Subject: Re: [Clamav-users] Problem with clamd hanging > It's rather a SESSION related bug. See my yesterday's post on a > temporary workaround for this problem. This fix was related to clamav-milter right? We don't use it, don't have the milter package installed at all (built own rpm from source), so should we install the milter package(with the fix) to fix the clamd bug? > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problem with clamd hanging
- Original Message - From: "Tomasz Kojm" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Monday, January 24, 2005 4:31 PM Subject: Re: [Clamav-users] Problem with clamd hanging > > It's rather a SESSION related bug. See my yesterday's post on a > > temporary workaround for this problem. > > > >This fix was related to clamav-milter right? We don't use it, don't > >have the milter package > >installed at all (built own rpm from source), so should we install the > >milter package(with the fix) >> to fix the clamd bug? >In your case it's rather a zlib problem. Make sure you have installed >the new version properly - by default its Makefile only installs the >static library. Tried on 1 box that had the problem. Compiled zlib 1.2.2-1 from source, with shared libraries. This morning it happened again Is there anything else we can try or check to try solve this? thanks, shaun bugler PS: you say its a zlib problem, what specifically is this problem? > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problem with clamd hanging
Content-Transfer-Encoding: plain
- Original Message -
From: "Trog" <[EMAIL PROTECTED]>
To: "ClamAV users ML"
Sent: Tuesday, January 25, 2005 11:02 AM
Subject: Re: [Clamav-users] Problem with clamd hanging
>
> > Tried on 1 box that had the problem.
>> Compiled zlib 1.2.2-1 from source, with shared libraries.
> > This morning it happened again Is there anything else we can try or
>> check to try solve this?
> > thanks,
> > shaun bugler
> attach gdb to the running clamd and do a backtrace *in each thread* when
> it crashes or stops responding
>
> >
> > PS: you say its a zlib problem, what specifically is this problem?
>
> It seg faults due to not handling an error correctly.
>
> -trog
While I was waiting to get a new version of gdb, I saw the problem appearing
again.
I saved the emails and retried scanning, it stalled again...
Did a strace:
shmat(4, 0x3, 0x3) = -1 ENOSYS (Function not
implemented)
fcntl(4, F_GETFL) = 0x2 (flags O_RDWR)
fstat(4, {st_mode=S_IFLNK|S_ISVTX|0254, st_size=0, ...}) = 0
mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x40018000
_llseek(0x4, 0, 0, 0xbfffe680, 0x1) = -1 ESPIPE (Illegal seek)
read(4,
and thats there it stopped. I did a clamscan and got:
[EMAIL PROTECTED] dd]# clamscan 1106645880.4304-0.mail1a.your-server.co.za
LibClamAV Warning: Unknown encoding type "plain" - report to [EMAIL PROTECTED]
1106645880.4304-0.mail1a.your-server.co.za: OK
I investigatd further and found the following line was causing the problem:
Content-Transfer-Encoding: plain
Once removed the emails went through fine. Should I report this to [EMAIL
PROTECTED]
or is this a know
problem?
thanks,
shaun bugler
> ___
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
___
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Re: [Clamav-users] Problem with clamd hanging
- Original Message - From: "Trog" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Tuesday, January 25, 2005 2:20 PM Subject: Re: [Clamav-users] Problem with clamd hanging >MTA; software used to pass emails to clam; any patches you have applied >(to all, but primarily to clam). Versions of each. even when we use clamdscan it hangs, so our mta has nothing to do with the problem. havving a bit of trouble with gdb configuration it aint working. but still working on it > ___ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] supervise error possibly meessing with clamd
Hi, when we run supervise for clamd we get this error Jan 25 17:24:34 mail1a clamd: supervise: fatal: unable to chdir to log: file does not exist Our run file contains this: #!/bin/shexec 2>&1CLAMD_FILE=/var/run/clamav/clamd.sockSCAN_FILE=$0 # Check for a leftover socket.if [ -e $CLAMD_FILE ]then echo "run: WARNING: file $CLAMD_FILE exists" if clamdscan $SCAN_FILE then echo "run: FATAL: Clamd is already running. Trying to start anyway..." else echo "run: INFO: Clamd is not running. Deleting $CLAMD_FILE" rm -f $CLAMD_FILE fifi # Run the scanner daemon.exec /usr/sbin/clamd don't have aclue where the log comes into this... thanks, -- Shaun Bügler Hetzner Africa Tel: +27 21 970 2000 Fax: +27 21 970 2001 Email Disclaimer: http://www.hetzner.co.za/index.php?id=245 [ * Awarded Top 50 ICT Companies status in SA - 2003/4][ * Awarded Top 300 National Companies status - 2004/5/6] ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] ArchiveMaxCompressionRatio
Hi, just want to know why does this option exist? We have had a couple emails containing "legit" zips being stopped because of this option, just want to know the benifits of having this option enabled. tx shaun bugler ___ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
[Clamav-users] Manual self check with clamd
Hi, I am busy implementing a new method for updating our clam database files (1 server uses freshclam, all other machines rsync the update to themselves). This works perfectly. Only problem now is, clam doesn't reload the database right away like with freshclam. I run clamd RELOAD, it reloads clamd, but also tries to start another process, which I don't want. Feb 24 08:48:43 lfap1a clamd[20770]: Daemon started. Feb 24 08:48:43 lfap1a clamd[20770]: clamd daemon 0.81 (OS: linux-gnu, ARCH: i386, CPU: i386) Feb 24 08:48:43 lfap1a clamd[20770]: Log file size limit disabled. Feb 24 08:48:43 lfap1a clamd[20770]: Running as user qscand (UID 511, GID 511) Feb 24 08:48:43 lfap1a clamd[20770]: Reading databases from /var/clamav Feb 24 08:48:44 lfap1a clamd[20770]: Protecting against 31093 viruses. Feb 24 08:48:44 lfap1a clamd[23932]: SelfCheck: Database modification detected. Forcing reload. Feb 24 08:48:44 lfap1a clamd[23932]: Reading databases from /var/clamav Feb 24 08:48:44 lfap1a clamd[20770]: Socket file /var/run/clamav/clamd.sock is in use by another process. Feb 24 08:48:45 lfap1a clamd[23932]: Database correctly reloaded (31093 viruses) All I want is the 23932 bits, not process 20770. How do I manually recreate the reload process that freshclam executes on an update? Thanks -- Shaun Bügler Hetzner Africa Tel: +27 21 970 2000 Fax: +27 21 970 2001 Email Disclaimer: http://www.hetzner.co.za/index.php?id=245 [ * Awarded Top 50 ICT Companies status in SA - 2003/4] [ * Awarded Top 300 National Companies status - 2004/5/6] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Manual self check with clamd
Come on anyone any suggestions, documentation to read ... anything please... - Original Message - From: "Shaun Bugler" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Thursday, February 24, 2005 9:22 AM Subject: [Clamav-users] Manual self check with clamd Hi, I am busy implementing a new method for updating our clam database files (1 server uses freshclam, all other machines rsync the update to themselves). This works perfectly. Only problem now is, clam doesn't reload the database right away like with freshclam. I run clamd RELOAD, it reloads clamd, but also tries to start another process, which I don't want. Feb 24 08:48:43 lfap1a clamd[20770]: Daemon started. Feb 24 08:48:43 lfap1a clamd[20770]: clamd daemon 0.81 (OS: linux-gnu, ARCH: i386, CPU: i386) Feb 24 08:48:43 lfap1a clamd[20770]: Log file size limit disabled. Feb 24 08:48:43 lfap1a clamd[20770]: Running as user qscand (UID 511, GID 511) Feb 24 08:48:43 lfap1a clamd[20770]: Reading databases from /var/clamav Feb 24 08:48:44 lfap1a clamd[20770]: Protecting against 31093 viruses. Feb 24 08:48:44 lfap1a clamd[23932]: SelfCheck: Database modification detected. Forcing reload. Feb 24 08:48:44 lfap1a clamd[23932]: Reading databases from /var/clamav Feb 24 08:48:44 lfap1a clamd[20770]: Socket file /var/run/clamav/clamd.sock is in use by another process. Feb 24 08:48:45 lfap1a clamd[23932]: Database correctly reloaded (31093 viruses) All I want is the 23932 bits, not process 20770. How do I manually recreate the reload process that freshclam executes on an update? Thanks -- Shaun Bügler Hetzner Africa Tel: +27 21 970 2000 Fax: +27 21 970 2001 Email Disclaimer: http://www.hetzner.co.za/index.php?id=245 [ * Awarded Top 50 ICT Companies status in SA - 2003/4] [ * Awarded Top 300 National Companies status - 2004/5/6] ___ http://lurker.clamav.net/list/clamav-users.html ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Manual self check with clamd
- Original Message - From: "Trog" <[EMAIL PROTECTED]> To: "ClamAV users ML" Sent: Friday, February 25, 2005 11:50 AM Subject: Re: [Clamav-users] Manual self check with clamd ___ http://lurker.clamav.net/list/clamav-users.html sorry, sorry. didn't get to that thread yet ___ http://lurker.clamav.net/list/clamav-users.html
