[clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

MIURA Toshitaka tmiura at dti.ad.jp
Fri Jan 26 05:30:30 UTC 2018


Hi,

> Message-Id: <978EB23167DB24636CAB03DD at Mac-mini.local>
> From: Karl Pielorz <kpielorz_lst at tdx.co.uk>
> Date: Fri, 26 Jan 2018 04:22:13 +0000
> Subject: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

> >From about 02:59 today (26/01) our we saw a pattern update, and we also 
> noticed freshclam logged, "DON'T PANIC! Read 
> http://www.clamav.net/documents/upgrading-clamav"
> 
> 'freshclam' output shows:
> 
> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: 
> sigmgr)
> daily.cld is up to date (version: 24256, sigs: 1835772, f-level: 63, 
> builder: neo)
> bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: 
> neo)
> 
> We're currently running clamav 0.99.2 (technically shown as 0.99.2_8) under 
> FreeBSD 10.3 amd64 - since then we've seen an issue where clamd "kind of 
> dies" - it's still running, there are no errors logged anywhere (we log to 
> syslog) - but whilst it's accepting connections to scan things - for lots 
> of them it doesn't seem to either be accepting data sent to it's socket 
> (causing the caller to hang/timeout eventually) - or return results.
> 
> This ends up with a lot of wedged mail processes (and we slowly run out of 
> fd's as the process table fills up).
> 
> I can't yet update to 0.99.3 (as we use FreeBSD's pkg system - and it's not 
> available yet).
> 
> Anyone else seen any similar issues? This literally just started with the 
> update at 02:59 - Any ideas how we can get some kind of logging out of it?
> 
> Worst case, is it possible / easy to roll back to a previous pattern file?
> 
> We only use clamd / freshclam - as our mail system accesses clamd direct 
> via it's unix socket. We've tried rebuilding the exe that talks to clamd 
> (just in case it got left behind in the last clamav binaries update) and 
> that hasn't made any difference :(

We're in trouble with the same situation with 0.99.1.

Since clamd couldn't read daily.cld version 24256, we rolled
it back to version 24255 and stop running freshclam.

We may have to upgrade clamav to 0.99.3 immediately.

syslog messages says as follows:
--
Jan 26 10:37:01 vc06 freshclam[22972]: ClamAV update process started at Fri Jan 26 10:37:01 2018
Jan 26 10:37:01 vc06 freshclam[22972]: Your ClamAV installation is OUTDATED!
Jan 26 10:37:01 vc06 freshclam[22972]: Local version: 0.99.1 Recommended version: 0.99.3
Jan 26 10:37:01 vc06 freshclam[22972]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
Jan 26 10:37:01 vc06 freshclam[22972]: main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Jan 26 10:37:02 vc06 freshclam[22972]: Downloading daily-24256.cdiff [100%]
Jan 26 10:37:05 vc06 freshclam[22972]: daily.cld updated (version: 24256, sigs: 1835772, f-level: 63, builder: neo)
Jan 26 10:37:06 vc06 freshclam[22972]: bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
Jan 26 10:37:08 vc06 freshclam[22972]: Database updated (6402096 signatures) from db.jp.clamav.net (IP: 124.35.85.83)
Jan 26 10:37:08 vc06 clamd[26151]: Reading databases from /var/lib/clamav
Jan 26 10:37:08 vc06 freshclam[22972]: Clamd successfully notified about the update.
Jan 26 10:37:21 vc06 clamd[26151]: Database correctly reloaded (6396044 signatures)
Jan 26 10:39:32 vc06 clamd[26151]: instream(10.32.198.32 at 64291): Can't open file or directory ERROR
Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.4 at 46430): Can't open file or directory ERROR
Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.8 at 50122): Can't open file or directory ERROR
Jan 26 10:39:39 vc06 clamd[26151]: instream(10.32.198.8 at 50124): Can't open file or directory ERROR
Jan 26 10:39:40 vc06 clamd[26151]: instream(10.32.198.5 at 60368): Can't open file or directory ERROR
Jan 26 10:39:41 vc06 clamd[26151]: instream(10.32.198.33 at 37696): Can't open file or directory ERROR
Jan 26 10:39:53 vc06 clamd[26151]: accept() failed:
(... the last message repeated until rollback)
--

-- 
Toshitaka MIURA



More information about the clamav-users mailing list