[clamav-users] Fwd: Re: clamav-milter: Failed to create temporary file

Urban Loesch bind at enas.net
Mon Sep 8 14:57:02 UTC 2014 

Hi,

the patched version of clamav-milter is running since 5 days without problems.
I can confirm that your patch solved the problem.

Thanks and regards
Urban Loesch

-------- Original-Nachricht --------
Betreff: Re: [clamav-users] clamav-milter: Failed to create temporary file
Datum: Thu, 04 Sep 2014 15:21:00 +0200
Von: Urban Loesch <bind at enas.net>
An: Steven Morgan <smorgan at sourcefire.com>,  "J. David Rye" <d.rye at roadtech.co.uk>
Kopie (CC): Shawn Webb (shawebb) <shawebb at cisco.com>

Hi,

I installed the patch on one of my servers where it happens.
Now I have to wait some days, because to me it does not happen very frequently.

I let you know the result.

Many thanks
Urban


Am 04.09.2014 00:57, schrieb Steven Morgan:
> Hi,
> 
> We may have an answer. Is it possible try the following patch and see if it fixes the problem?
> 
> Thanks,
> Steve
> 
> --- a/clamav-milter/clamav-milter.c
> +++ b/clamav-milter/clamav-milter.c
> @@ -56,6 +56,8 @@ int main(int argc, char **argv) {
>      mode_t umsk;
>      int ret;
>  
> +    cl_initialize_crypto();
> +
>      memset(&descr, 0, sizeof(struct smfiDesc));
>      descr.xxfi_name = "ClamAV";                        /* filter name */
>      descr.xxfi_version = SMFI_VERSION;         /* milter version */
> 
> 
> On Tue, Sep 2, 2014 at 6:12 PM, Steven Morgan <smorgan at sourcefire.com <mailto:smorgan at sourcefire.com>> wrote:
> 
>     Hi J. David,
> 
>     Thanks for the additional analysis and information. I've been looking at this for a bit today. I have opened a ticket in the ClamAV bugzilla
>     system to track the issue. The ticket number is 11089. Hope to have an answer soon.
> 
>     Steve
> 
> 
>     On Sun, Aug 31, 2014 at 5:52 AM, J. David Rye <d.rye at roadtech.co.uk <mailto:d.rye at roadtech.co.uk>> wrote:
> 
>         On Thu, 2014-08-21 at 19:22 -0400, Steven Morgan wrote:
>         > Hi Urban,
>         >
>         > I took a look at this code. The real problem is the inability to
>         > create a
>         > temporary file. The second message just results from the return code
>         > of the
>         > function that attempts to create the temp file. We need to find out
>         > why the
>         > temp file creation fails. There should also be a clamav error message
>         > written from:  cli_errmsg("cli_gentempfd: Can't create temporary file
>         > %s:
>         > %s\n", *name, strerror(errno)); Can you find this message?
>         >
>         > Otherwise, it is a memory allocation failure for space for the temp
>         > file
>         > name, which seems unlikely.
>         >
>         > Steve
> 
>         I am also seeing this issue. Mostly intermitant but see further down.
> 
>         cli_errmsg wont work if clamav-milter has daemonezed.
>         it only writes to STDERR and the function daemonize closes standard
>         error even if you recompile with CL_DEBUG set.
> 
>         Only way to get is to get the error messages from  cli_gentempfd seams
>         to be to uncomment the line
> 
>         "#Foreground yes"
> 
>         In clamav-milter.conf, then run in foreground from command line.
> 
>         As an aside I wonder why cli_gentempfd does not use the function logg()
>         and output to file or syslog depending on configuration file.
> 
>         I am running clamav-milter on a VM. OS is CentoOS 6.5
>         VM has 4 vcpu, and 2GB RAM
>         clamav-milter is version 0.98.4-1.el6.rf installed from rpmforge
>         repository.
> 
>         Looking at he logs if time stamps in syslog for calls to clamav-milter
>         are two seconds or more apart the problem never shows.
> 
>         However if 4 or more messages arrive in two seconds problem always shows
>         up, the failure to create temp file is usually time stamped 2 seconds
>         after the first message in the burst that triggered it.
> 
>         On a sustained burst of traffic pretty much all the messages trip the
>         issue.
>         In a 1 hour period last week when I had a lot of messages due to a
>         different issue. I had 20,000 temp file failures, and 23 messages
>         delivered.
> 
>         [root at mailhost-c6 etc]# clamav-milter
>         --config-file=/etc/clamav-milter.conf.foreground
>         Local socket unix:/var/run/clamav/clamd.sock added to the pool (slot 1)
>         Probe for slot 1 returned: success
>         LibClamAV Error: cli_gentempfd: Can't create temporary
>         file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
>         ERROR: Failed to create temporary file
>         ERROR: Failed to initiate streaming/fdpassing
>         LibClamAV Error: cli_gentempfd: Can't create temporary
>         file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
>         ERROR: Failed to create temporary file
>         ERROR: Failed to initiate streaming/fdpassing
>         LibClamAV Error: cli_gentempfd: Can't create temporary
>         file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
>         ERROR: Failed to create temporary file
>         ERROR: Failed to initiate streaming/fdpassing
>         LibClamAV Error: cli_gentempfd: Can't create temporary
>         file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
>         ERROR: Failed to create temporary file
>         ERROR: Failed to initiate streaming/fdpassing
>         LibClamAV Error: cli_gentempfd: Can't create temporary
>         file /tmp/clamav-0000000000000000626683ff3a000000.tmp: File exists
>         ERROR: Failed to create temporary file
>         ERROR: Failed to initiate streaming/fdpassing
>         Message from <n0r3ply812361 at scotland117.wanadoo.co.uk <mailto:n0r3ply812361 at scotland117.wanadoo.co.uk>> to
>         <stevensonbros> infected by Heuristics.Phishing.Email.SpoofedDomain
>         Message from <n0r3ply620601 at aughamullan.dungannon.ni.sch.uk <mailto:n0r3ply620601 at aughamullan.dungannon.ni.sch.uk>> to
>         <brett01> infected by Heuristics.Phishing.Email.SpoofedDomain
>         Probe for slot 1 returned: success
> 
> 
>         I think
> 
>         clamav-milter does a lot of initialization, including setting up a
>         structure with a list of function entry points it then calls smfi_main.
> 
>         smfi_main in turn forks one thread for each message, and calls the entry
>         points in the context of the thread.
> 
>         call back to function clamfi_header
>         that calls sendchunk
>         which calls nc_connect_rand
>         which calls cli_gentempfd which prints the EEXISTS errors to stderr
>         shown above.
> 
>         File name looks like it is supposed to be based on a 16 byte MD5 digest
>         printed in hex.
> 
>         cli_gentempfd builds the name by calling cli_gentemp
>                 which adds 32 bytes of random data from cli_rndnum to a 16 byte seed
>                 passes a pointer the the 48 buffer to cli_md5buff
>                 which in turn calls cl_hash_data
>                 digest returned is used to create the file name,
>                 and update the seed for the next name.
> 
> 
>         Note cli_gentemp is common to all programs in the clam set.
> 
>         Note cl_hash_data is calling openssl library functions to calculate the
>         digest.
> 
>         Note cli_md5buff does not check for an error in cl_hash_data
> 
>         _______________________________________________
>         Help us build a comprehensive ClamAV guide:
>         https://github.com/vrtadmin/clamav-faq
>         http://www.clamav.net/support/ml
> 
> 
>

More information about the clamav-users mailing list