[clamav-users] clamav-users at lists.clamav.net

Richard Doyle listsub at arbitrarydomain.name
Fri Nov 18 22:25:14 UTC 2016 

Ah yes, that seems to have caused the hangup. The clamscan debug run
went from 257 seconds to 25 seconds

On 11/18/2016 02:07 PM, Steve basford wrote:
> Remove javascript.ndb and retry...
> 
> Cheers,
> 
> Steve
> Twitter: @sanesecurity
> 
> 
> 
> On 18 November 2016 22:02:41 Richard Doyle
> <listsub at arbitrarydomain.name> wrote:
> 
>> On 11/18/2016 01:52 PM, Steve basford wrote:
>>> Does clamscan --debug on the database folder show the same delays...
>>
>> Yes
>>
>>>
>>> Can you do a ls on the database folder
>> Sure:
>>
>> root at panic:/var/lib/clamav# ls
>> badmacro.ndb                 junk.ndb          porcupine.ndb     
>> spear.ndb
>> bofhland_cracked_URL.ndb     jurlbla.ndb       rfxn.hdb
>> bofhland_malware_attach.hdb  jurlbl.ndb        rfxn.ndb
>> winnow.attachments.hdb
>> bofhland_malware_URL.ndb     local.ign         rogue.hdb
>> winnow_bad_cw.hdb
>> bofhland_phishing_URL.ndb    lott.ndb          sanesecurity.ftm
>> winnow.complex.patterns.ldb
>> bytecode.cld                 main.cvd          scamnailer.ndb
>> winnow_extended_malware.hdb
>> crdfam.clamav.hdb            malwarehash.hsb   scam.ndb
>> winnow_extended_malware_links.ndb
>> daily.cld                    mirrors.dat       sigwhitelist.ign2
>> winnow_malware.hdb
>> daily.cld.hold               mirrors.dat.save  spamattach.hdb
>> winnow_malware_links.ndb
>> foxhole_all.cdb              phish.ndb         spamimg.hdb
>> winnow_phish_complete.ndb
>> hackingteam.hsb              phishtank.ndb     spam.ldb
>> winnow_spam_complete.ndb
>> javascript.ndb               porcupine.hsb     spearl.ndb
>>
>>
>>>
>>> Cheers,
>>>
>>> Steve
>>> Twitter: @sanesecurity
>>>
>>>
>>>
>>> On 18 November 2016 21:39:09 Richard Doyle
>>> <listsub at arbitrarydomain.name> wrote:
>>>
>>>> Last time I tried it with an empty list, and it still took 5 minutes
>>>> for
>>>> clamd to start.
>>>>
>>>> On 11/18/2016 01:25 PM, Steve basford wrote:
>>>>> Can you give me a list of 3rd party databases you are using....
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Steve
>>>>> Twitter: @sanesecurity
>>>>>
>>>>>
>>>>>
>>>>> On 18 November 2016 21:11:22 Richard Doyle
>>>>> <listsub at arbitrarydomain.name> wrote:
>>>>>
>>>>>> Yes, clamd on my system is taking about 5 minutes to start, which
>>>>>> causes
>>>>>> timeouts. This issue developed just this week.
>>>>>>
>>>>>> I found that setting
>>>>>>
>>>>>> OfficialDatabaseOnly true
>>>>>>
>>>>>> helped considerebly--clamd loads in a few seconds. I'd really like to
>>>>>> get back to using unofficial databases, but not right now.
>>>>>>
>>>>>>
>>>>>> On 11/18/2016 11:59 AM, Mike Grau wrote:
>>>>>>> Hello all,
>>>>>>>
>>>>>>> Since yesterday, 10:26:52 CST, I've gotten 30 if these in the mail
>>>>>>> log:
>>>>>>>
>>>>>>> "Timeout reading from clamd daemon at
>>>>>>> /var/spool/MIMEDefang/clamd.sock"
>>>>>>>
>>>>>>> Before that I can't remember when I've seen this message - perhaps
>>>>>>> years. This is on a low volume server with < 3500 total connection
>>>>>>> attempts per day. Has anyone else been seeing this?
>>>>>>>
>>>>>>> -- Mike G.
>>>>>>> _______________________________________________
>>>>>>> clamav-users mailing list
>>>>>>> clamav-users at lists.clamav.net
>>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>>
>>>>>>>
>>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>>
>>>>>>> http://www.clamav.net/contact.html#ml
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> clamav-users mailing list
>>>>>> clamav-users at lists.clamav.net
>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>
>>>>>>
>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>
>>>>>> http://www.clamav.net/contact.html#ml
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> clamav-users mailing list
>>>>> clamav-users at lists.clamav.net
>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>
>>>>>
>>>>> Help us build a comprehensive ClamAV guide:
>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>
>>>>> http://www.clamav.net/contact.html#ml
>>>>>
>>>>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> 
> 
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list