[clamav-users] clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response

Al Varnell alvarnell at mac.com
Mon Feb 22 06:08:16 UTC 2016 

Can’t be of much help with your primary issue, but to answer one or your questions, the official ClamAV database is a bit over 4 million.  I can’t conceive of a situation where you would need every conceivable unofficial database, but then I have no idea what you are doing with your setup, other than it would appear to have some relationship to e-mail service.

There was a discussion less than a month ago concerning minimum essential database subscriptions, so suggest you search around in the archive for that thread 
<clamav-user archives>.

-Al-

On Sun, Feb 21, 2016 at 03:40 PM, Alex wrote:
> 
> Hi,
> 
> I have a clamav-0.99-2 installation on fedora23 and periodically I
> receive a message when running clamav-notify-servers after having run
> freshclam that reports:
> 
> # clamav-notify-servers
> clamd server '/var/run/clamd.amavisd/clamd.sock' gave '' response
> 
> I have a script that periodically rsyncs the malwarepatrol db to the
> /var/lib/clamav directory then runs the clamav-notify-servers. I
> believe the problem is related to this occurring at the same time as
> the regular freshclam-sleep script running clamav-notify-servers.
> 
> Is this the intended behavior for clamd?
> 
> I have about 9M signatures now, so it appears to take a long time to
> reload the database every time the clamav-notify-servers signal is
> sent.
> 
> Can someone provide some advice on the best way to do this? I don't
> think I can control the timing of the clamav-notify-servers to make
> sure it doesn't happen while another instance occurs. Should I just
> redirect the output to /dev/null?
> 
> Is it common to have 9M entries?
> 
> It looks to take about 30s to reload the database:
> Feb 21 03:22:15 mail03 clamd[1006]: Reading databases from /var/lib/clamav
> Feb 21 03:22:46 mail03 clamd[1006]: Database correctly reloaded
> (8888331 signatures)
> Feb 21 03:22:46 mail03 clamd[1006]: Client disconnected (FD 23)
> 
> This is on a six-core 3Ghz system on SSD disks.
> 
> [root at mail03 clamav]# ls
> badmacro.ndb                 foxhole_filename.cdb  phishtank.ndb
>   spamattach.hdb
> blurl.ndb                    foxhole_generic.cdb   porcupine.hsb
>   spamimg.hdb
> bofhland_cracked_URL.ndb     hackingteam.hsb       porcupine.ndb
>   spam.ldb
> bofhland_malware_attach.hdb  javascript.ndb        rogue.hdb
>   spearl.ndb
> bofhland_malware_URL.ndb     junk.ndb              safebrowsing.cvd
>   spear.ndb
> bofhland_phishing_URL.ndb    jurlbla.ndb           sanesecurity.ftm
>   winnow.attachments.hdb
> my_sigwhitelist.gdb         jurlbl.ndb            scamnailer.ndb
>  winnow_bad_cw.hdb
> my_sigwhitelist.ign2        lott.ndb              scam.ndb
>  winnow.complex.patterns.ldb
> my_sigwhitelist.wdb         main.cvd
> securiteinfoascii.hdb  winnow_extended_malware.hdb
> bytecode.cld                 malwarehash.hsb       securiteinfo.hdb
>   winnow_malware.hdb
> crdfam.clamav.hdb            malwarepatrol.ndb
> securiteinfohtml.hdb   winnow_malware_links.ndb
> create_sig.txt               mirrors.dat           securiteinfo.ign2
>   winnow_phish_complete_url.ndb
> daily.cld                    phish.ndb             sigwhitelist.ign2
>   winnow_spam_complete.ndb
> 
> I think the commercial securiteinfo databases are entirely too large
> and don't perform very well.
> 
> Of course I could cut down on the databases, but I'm more interested
> in finding out why clamd produces the error message when multiple
> signals are sent.
> 
> Thanks,
> Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2370 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20160221/6ebea269/attachment.bin>

More information about the clamav-users mailing list