[clamav-users] clamav-users at lists.clamav.net
Steve basford
steveb_clamav at sanesecurity.com
Fri Nov 18 22:28:29 UTC 2016
Great... thanks for confirming the hunch.
Cheers,
Steve
Twitter: @sanesecurity
On 18 November 2016 22:26:13 Richard Doyle <listsub at arbitrarydomain.name>
wrote:
> Ah yes, that seems to have caused the hangup. The clamscan debug run
> went from 257 seconds to 25 seconds
>
> On 11/18/2016 02:07 PM, Steve basford wrote:
>> Remove javascript.ndb and retry...
>>
>> Cheers,
>>
>> Steve
>> Twitter: @sanesecurity
>>
>>
>>
>> On 18 November 2016 22:02:41 Richard Doyle
>> <listsub at arbitrarydomain.name> wrote:
>>
>>> On 11/18/2016 01:52 PM, Steve basford wrote:
>>>> Does clamscan --debug on the database folder show the same delays...
>>>
>>> Yes
>>>
>>>>
>>>> Can you do a ls on the database folder
>>> Sure:
>>>
>>> root at panic:/var/lib/clamav# ls
>>> badmacro.ndb junk.ndb porcupine.ndb
>>> spear.ndb
>>> bofhland_cracked_URL.ndb jurlbla.ndb rfxn.hdb
>>> bofhland_malware_attach.hdb jurlbl.ndb rfxn.ndb
>>> winnow.attachments.hdb
>>> bofhland_malware_URL.ndb local.ign rogue.hdb
>>> winnow_bad_cw.hdb
>>> bofhland_phishing_URL.ndb lott.ndb sanesecurity.ftm
>>> winnow.complex.patterns.ldb
>>> bytecode.cld main.cvd scamnailer.ndb
>>> winnow_extended_malware.hdb
>>> crdfam.clamav.hdb malwarehash.hsb scam.ndb
>>> winnow_extended_malware_links.ndb
>>> daily.cld mirrors.dat sigwhitelist.ign2
>>> winnow_malware.hdb
>>> daily.cld.hold mirrors.dat.save spamattach.hdb
>>> winnow_malware_links.ndb
>>> foxhole_all.cdb phish.ndb spamimg.hdb
>>> winnow_phish_complete.ndb
>>> hackingteam.hsb phishtank.ndb spam.ldb
>>> winnow_spam_complete.ndb
>>> javascript.ndb porcupine.hsb spearl.ndb
>>>
>>>
>>>>
>>>> Cheers,
>>>>
>>>> Steve
>>>> Twitter: @sanesecurity
>>>>
>>>>
>>>>
>>>> On 18 November 2016 21:39:09 Richard Doyle
>>>> <listsub at arbitrarydomain.name> wrote:
>>>>
>>>>> Last time I tried it with an empty list, and it still took 5 minutes
>>>>> for
>>>>> clamd to start.
>>>>>
>>>>> On 11/18/2016 01:25 PM, Steve basford wrote:
>>>>>> Can you give me a list of 3rd party databases you are using....
>>>>>>
>>>>>> Cheers,
>>>>>>
>>>>>> Steve
>>>>>> Twitter: @sanesecurity
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 18 November 2016 21:11:22 Richard Doyle
>>>>>> <listsub at arbitrarydomain.name> wrote:
>>>>>>
>>>>>>> Yes, clamd on my system is taking about 5 minutes to start, which
>>>>>>> causes
>>>>>>> timeouts. This issue developed just this week.
>>>>>>>
>>>>>>> I found that setting
>>>>>>>
>>>>>>> OfficialDatabaseOnly true
>>>>>>>
>>>>>>> helped considerebly--clamd loads in a few seconds. I'd really like to
>>>>>>> get back to using unofficial databases, but not right now.
>>>>>>>
>>>>>>>
>>>>>>> On 11/18/2016 11:59 AM, Mike Grau wrote:
>>>>>>>> Hello all,
>>>>>>>>
>>>>>>>> Since yesterday, 10:26:52 CST, I've gotten 30 if these in the mail
>>>>>>>> log:
>>>>>>>>
>>>>>>>> "Timeout reading from clamd daemon at
>>>>>>>> /var/spool/MIMEDefang/clamd.sock"
>>>>>>>>
>>>>>>>> Before that I can't remember when I've seen this message - perhaps
>>>>>>>> years. This is on a low volume server with < 3500 total connection
>>>>>>>> attempts per day. Has anyone else been seeing this?
>>>>>>>>
>>>>>>>> -- Mike G.
>>>>>>>> _______________________________________________
>>>>>>>> clamav-users mailing list
>>>>>>>> clamav-users at lists.clamav.net
>>>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>>>
>>>>>>>>
>>>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>>>
>>>>>>>> http://www.clamav.net/contact.html#ml
>>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> clamav-users mailing list
>>>>>>> clamav-users at lists.clamav.net
>>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>>
>>>>>>>
>>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>>
>>>>>>> http://www.clamav.net/contact.html#ml
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> clamav-users mailing list
>>>>>> clamav-users at lists.clamav.net
>>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>>
>>>>>>
>>>>>> Help us build a comprehensive ClamAV guide:
>>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>>
>>>>>> http://www.clamav.net/contact.html#ml
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> clamav-users mailing list
>>>>> clamav-users at lists.clamav.net
>>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>>
>>>>>
>>>>> Help us build a comprehensive ClamAV guide:
>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>
>>>>> http://www.clamav.net/contact.html#ml
>>>>
>>>>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>>
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list