[clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

Karl Pielorz kpielorz_lst at tdx.co.uk
Fri Jan 26 04:22:13 UTC 2018


>From about 02:59 today (26/01) our we saw a pattern update, and we also 
noticed freshclam logged, "DON'T PANIC! Read 

'freshclam' output shows:

main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
daily.cld is up to date (version: 24256, sigs: 1835772, f-level: 63, 
builder: neo)
bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: 

We're currently running clamav 0.99.2 (technically shown as 0.99.2_8) under 
FreeBSD 10.3 amd64 - since then we've seen an issue where clamd "kind of 
dies" - it's still running, there are no errors logged anywhere (we log to 
syslog) - but whilst it's accepting connections to scan things - for lots 
of them it doesn't seem to either be accepting data sent to it's socket 
(causing the caller to hang/timeout eventually) - or return results.

This ends up with a lot of wedged mail processes (and we slowly run out of 
fd's as the process table fills up).

I can't yet update to 0.99.3 (as we use FreeBSD's pkg system - and it's not 
available yet).

Anyone else seen any similar issues? This literally just started with the 
update at 02:59 - Any ideas how we can get some kind of logging out of it?

Worst case, is it possible / easy to roll back to a previous pattern file?

We only use clamd / freshclam - as our mail system accesses clamd direct 
via it's unix socket. We've tried rebuilding the exe that talks to clamd 
(just in case it got left behind in the last clamav binaries update) and 
that hasn't made any difference :(



More information about the clamav-users mailing list