[clamav-users] temporary directories left in /var/lib/clamav

David Pullman david.pullman at gmail.com
Tue Jun 20 11:51:43 UTC 2017 

Hi Steve,

I've gathered some logs from one of the servers that had a bunch of the
clamor-nnnnnnnnnn.tmp directories over a number of days. I've aggregated
seven days of them below (we rotate the log daily). We run freshclam from
cron each day.

Please let me know if there's any suggestion on how I can get a definitive
reason for this, or correcting this? We have two issues, one is of course
that the sigs are not updated, but also on some of the smaller instances
the disk space is affected by the tmp files left in /var/lib/clamav.

Thanks very much for any suggestions or help!

Tue Jun 13 00:03:01 2017 -> --------------------------------------
Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue Jun 13
00:03:01 2017
Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
Wed Jun 14 00:03:02 2017 -> --------------------------------------
Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed Jun 14
00:03:02 2017
Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out (30 secs)
Wed Jun 14 00:03:38 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 207.57.106.31)
Wed Jun 14 00:04:08 2017 -> nonblock_connect: connect timing out (30 secs)
Wed Jun 14 00:04:08 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 208.72.56.53)
Wed Jun 14 00:04:08 2017 -> Trying host db.us.clamav.net (69.163.100.14)...
Wed Jun 14 00:04:08 2017 -> Downloading daily-23452.cdiff [100%]
Wed Jun 14 00:04:08 2017 -> Downloading daily-23453.cdiff [100%]
Wed Jun 14 00:04:17 2017 -> Downloading daily-23454.cdiff [100%]
Thu Jun 15 00:03:01 2017 -> --------------------------------------
Thu Jun 15 00:03:01 2017 -> ClamAV update process started at Thu Jun 15
00:03:01 2017
Thu Jun 15 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Thu Jun 15 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
Thu Jun 15 00:03:09 2017 -> Downloading daily-23453.cdiff [100%]
Thu Jun 15 00:03:11 2017 -> Downloading daily-23454.cdiff [100%]
Fri Jun 16 00:03:01 2017 -> --------------------------------------
Fri Jun 16 00:03:01 2017 -> ClamAV update process started at Fri Jun 16
00:03:01 2017
Fri Jun 16 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Fri Jun 16 00:03:37 2017 -> nonblock_connect: connect timing out (30 secs)
Fri Jun 16 00:03:38 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 128.199.133.36)
Fri Jun 16 00:03:38 2017 -> Trying host db.us.clamav.net (194.8.197.22)...
Fri Jun 16 00:03:38 2017 -> Downloading daily-23452.cdiff [100%]
Fri Jun 16 00:03:38 2017 -> Downloading daily-23453.cdiff [100%]
Fri Jun 16 00:03:55 2017 -> Downloading daily-23454.cdiff [100%]
Sat Jun 17 00:03:02 2017 -> --------------------------------------
Sat Jun 17 00:03:02 2017 -> ClamAV update process started at Sat Jun 17
00:03:02 2017
Sat Jun 17 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Sat Jun 17 00:03:37 2017 -> nonblock_connect: connect timing out (30 secs)
Sat Jun 17 00:03:37 2017 -> Can't connect to port 80 of host
db.us.clamav.net (IP: 168.143.19.95)
Sat Jun 17 00:03:37 2017 -> Trying host db.us.clamav.net (69.12.162.28)...
Sat Jun 17 00:03:37 2017 -> Downloading daily-23452.cdiff [100%]
Sat Jun 17 00:03:38 2017 -> Downloading daily-23453.cdiff [100%]
Sat Jun 17 00:03:39 2017 -> Downloading daily-23454.cdiff [100%]
Sun Jun 18 00:03:02 2017 -> --------------------------------------
Sun Jun 18 00:03:02 2017 -> ClamAV update process started at Sun Jun 18
00:03:02 2017
Sun Jun 18 00:03:02 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Sun Jun 18 00:03:44 2017 -> nonblock_recv: recv timing out (30 secs)
Sun Jun 18 00:03:44 2017 -> WARNING: getfile: Error while reading database
from db.us.clamav.net (IP: 104.131.196.175): Operation now in progress
Sun Jun 18 00:03:44 2017 -> WARNING: getpatch: Can't download
daily-23452.cdiff from db.us.clamav.net
Mon Jun 19 00:03:01 2017 -> --------------------------------------
Mon Jun 19 00:03:01 2017 -> ClamAV update process started at Mon Jun 19
00:03:01 2017
Mon Jun 19 00:03:01 2017 -> main.cld is up to date (version: 58, sigs:
4566249, f-level: 60, builder: sigmgr)
Mon Jun 19 00:03:08 2017 -> Downloading daily-23452.cdiff [100%]
Mon Jun 19 00:03:09 2017 -> Downloading daily-23453.cdiff [100%]
Mon Jun 19 00:03:11 2017 -> Downloading daily-23454.cdiff [100%]

Cheers!

David


On Mon, Jun 19, 2017 at 1:15 PM, Steven Morgan <smorgan at sourcefire.com>
wrote:

> Hi,
>
> Any temporary files left by "normal" ClamAV processing is considered to be
> a bug. Temporary files may be left if a ClamAV component terminates
> ungracefully. Do you have any other logs or know of any other events from
> June 3 that may provide additional info about these files left in the temp
> directory?
>
> Steve
>
> On Mon, Jun 19, 2017 at 8:01 AM, David Pullman <david.pullman at gmail.com>
> wrote:
>
> > Hi,
> >
> > We're seeing cases on some servers where tmp directories are possibly
> being
> > left behind in /var/lib/clamav. The following is one example, there are
> > some where more than one tmp dir is occurring.
> >
> > Is this a sign of a failure to clean up after a download? Is there
> > something I can check in logs or in configuration regarding this? Or is
> it
> > simply a need to run a clean up process?
> >
> > Thanks very much!
> >
> > David
> >
> > $ ls -alR /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/
> > /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/:
> > total 12
> > drwxr-xr-x 3 clamav clamav 4096 Jun 19 11:16 .
> > drwxr-xr-x 3 clamav clamav 4096 Jun 19 00:05 ..
> > drwxr-xr-x 2 clamav clamav 4096 Jun  3 00:03
> > clamav-6ef20391b3924221fc3fce4a535e157e.tmp
> >
> > /var/lib/clamav/clamav-12a37b16fb99966eac0b8cc6f66d5d8c.tmp/clamav-
> > 6ef20391b3924221fc3fce4a535e157e.tmp:
> > total 145216
> > drwxr-xr-x 2 clamav clamav      4096 Jun  3 00:03 .
> > drwxr-xr-x 3 clamav clamav      4096 Jun 19 11:16 ..
> > -rw-r--r-- 1 clamav clamav     17992 Jun  3 00:03 COPYING
> > -rw-r--r-- 1 clamav clamav       557 Jun  3 00:03 daily.cdb
> > -rw-r--r-- 1 clamav clamav       424 Jun  3 00:03 daily.cfg
> > -rw-r--r-- 1 clamav clamav      6040 Jun  3 00:03 daily.crb
> > -rw-r--r-- 1 clamav clamav     26043 Jun  3 00:03 daily.fp
> > -rw-r--r-- 1 clamav clamav      9965 Jun  3 00:03 daily.ftm
> > -rw-r--r-- 1 clamav clamav  29125847 Jun  3 00:03 daily.hdb
> > -rw-r--r-- 1 clamav clamav      3530 Jun  3 00:03 daily.hdu
> > -rw-r--r-- 1 clamav clamav 112488731 Jun  3 00:03 daily.hsb
> > -rw-r--r-- 1 clamav clamav        89 Jun  3 00:03 daily.hsu
> > -rw-r--r-- 1 clamav clamav     36126 Jun  3 00:03 daily.idb
> > -rw-r--r-- 1 clamav clamav      5709 Jun  3 00:03 daily.ign
> > -rw-r--r-- 1 clamav clamav      4235 Jun  3 00:03 daily.ign2
> > -rw-r--r-- 1 clamav clamav      2271 Jun  3 00:03 daily.info
> > -rw-r--r-- 1 clamav clamav    849664 Jun  3 00:03 daily.ldb
> > -rw-r--r-- 1 clamav clamav    199116 Jun  3 00:03 daily.ldu
> > -rw-r--r-- 1 clamav clamav   4847600 Jun  3 00:03 daily.mdb
> > -rw-r--r-- 1 clamav clamav     69427 Jun  3 00:03 daily.mdu
> > -rw-r--r-- 1 clamav clamav        92 Jun  3 00:03 daily.msb
> > -rw-r--r-- 1 clamav clamav        92 Jun  3 00:03 daily.msu
> > -rw-r--r-- 1 clamav clamav     97624 Jun  3 00:03 daily.ndb
> > -rw-r--r-- 1 clamav clamav    823647 Jun  3 00:03 daily.ndu
> > -rw-r--r-- 1 clamav clamav      4094 Jun  3 00:03 daily.pdb
> > -rw-r--r-- 1 clamav clamav        87 Jun  3 00:03 daily.sfp
> > -rw-r--r-- 1 clamav clamav     10095 Jun  3 00:03 daily.wdb
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list