[clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?

Stefan Schoeman stefan at internext.co.za
Fri Jan 26 05:42:10 UTC 2018


Yep, we have this as well this morning. I did upgrade to 0.99.3 but it 
did not resolve the problem.

My clamd.log shows the problem as follows:

ri Jan 26 07:24:30 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5OR8B009257/Work/msg-6677-606.txt: 
Can't create new file ERROR
Fri Jan 26 07:24:41 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5ObB6009266/Work/msg-6677-611.txt: 
Can't create new file ERROR
Fri Jan 26 07:24:45 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5OfC9009275/Work/INPUTMBOX: Can't open 
file or directory ERROR
Fri Jan 26 07:24:48 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5Odm1009269/Work/INPUTMBOX: Can't open 
file or directory ERROR
Fri Jan 26 07:24:50 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5OeIw009272/Work/INPUTMBOX: Can't open 
file or directory ERROR
Fri Jan 26 07:24:52 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5Ok8M009284/Work/msg-6677-621.txt: 
Can't create new file ERROR
Fri Jan 26 07:24:56 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5OqDL009303/Work/msg-6677-627.html: 
Can't open file or directory ERROR
Fri Jan 26 07:24:58 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5OqFV009305/Work/INPUTMBOX: Can't open 
file or directory ERROR
Fri Jan 26 07:25:01 2018 -> 
/var/spool/MIMEDefang/mdefang-w0Q5OxZk009311/Work/msg-6677-631.txt: 
Can't create new file ERROR

Looks like this started happening around 03:30GMT+2 this morning, with 
my errors starting after this freshclam update:

Fri Jan 26 03:34:43 2018 -> Received signal: wake up
Fri Jan 26 03:34:43 2018 -> ClamAV update process started at Fri Jan 26 
03:34:43 2018
Fri Jan 26 03:34:43 2018 -> WARNING: Your ClamAV installation is OUTDATED!
Fri Jan 26 03:34:43 2018 -> WARNING: Local version: 0.99.2 Recommended 
version: 0.99.3
Fri Jan 26 03:34:43 2018 -> DON'T PANIC! Read 
http://www.clamav.net/documents/upgrading-clamav
Fri Jan 26 03:34:43 2018 -> main.cvd is up to date (version: 58, sigs: 
4566249, f-level: 60, builder: sigmgr)
Fri Jan 26 03:34:49 2018 -> Downloading daily-24256.cdiff [100%]
Fri Jan 26 03:35:17 2018 -> daily.cld updated (version: 24256, sigs: 
1835772, f-level: 63, builder: neo)
Fri Jan 26 03:35:17 2018 -> safebrowsing.cld is up to date (version: 
46943, sigs: 3094076, f-level: 63, builder: google)
Fri Jan 26 03:35:17 2018 -> bytecode.cld is up to date (version: 319, 
sigs: 75, f-level: 63, builder: neo)
Fri Jan 26 03:35:25 2018 -> Database updated (9496172 signatures) from 
db.de.clamav.net (IP: 5.9.253.237)
Fri Jan 26 03:35:25 2018 -> Clamd successfully notified about the update.

Hope this hopes anyone?



On 26/01/2018 07:30, MIURA Toshitaka wrote:
> Hi,
>
>> Message-Id: <978EB23167DB24636CAB03DD at Mac-mini.local>
>> From: Karl Pielorz <kpielorz_lst at tdx.co.uk>
>> Date: Fri, 26 Jan 2018 04:22:13 +0000
>> Subject: [clamav-users] Anyone notice any issues with clamav 0.99.2 and recent patterns?
>> >From about 02:59 today (26/01) our we saw a pattern update, and we also 
>> noticed freshclam logged, "DON'T PANIC! Read
>> http://www.clamav.net/documents/upgrading-clamav"
>>
>> 'freshclam' output shows:
>>
>> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder:
>> sigmgr)
>> daily.cld is up to date (version: 24256, sigs: 1835772, f-level: 63,
>> builder: neo)
>> bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder:
>> neo)
>>
>> We're currently running clamav 0.99.2 (technically shown as 0.99.2_8) under
>> FreeBSD 10.3 amd64 - since then we've seen an issue where clamd "kind of
>> dies" - it's still running, there are no errors logged anywhere (we log to
>> syslog) - but whilst it's accepting connections to scan things - for lots
>> of them it doesn't seem to either be accepting data sent to it's socket
>> (causing the caller to hang/timeout eventually) - or return results.
>>
>> This ends up with a lot of wedged mail processes (and we slowly run out of
>> fd's as the process table fills up).
>>
>> I can't yet update to 0.99.3 (as we use FreeBSD's pkg system - and it's not
>> available yet).
>>
>> Anyone else seen any similar issues? This literally just started with the
>> update at 02:59 - Any ideas how we can get some kind of logging out of it?
>>
>> Worst case, is it possible / easy to roll back to a previous pattern file?
>>
>> We only use clamd / freshclam - as our mail system accesses clamd direct
>> via it's unix socket. We've tried rebuilding the exe that talks to clamd
>> (just in case it got left behind in the last clamav binaries update) and
>> that hasn't made any difference :(
> We're in trouble with the same situation with 0.99.1.
>
> Since clamd couldn't read daily.cld version 24256, we rolled
> it back to version 24255 and stop running freshclam.
>
> We may have to upgrade clamav to 0.99.3 immediately.
>
> syslog messages says as follows:
> --
> Jan 26 10:37:01 vc06 freshclam[22972]: ClamAV update process started at Fri Jan 26 10:37:01 2018
> Jan 26 10:37:01 vc06 freshclam[22972]: Your ClamAV installation is OUTDATED!
> Jan 26 10:37:01 vc06 freshclam[22972]: Local version: 0.99.1 Recommended version: 0.99.3
> Jan 26 10:37:01 vc06 freshclam[22972]: DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
> Jan 26 10:37:01 vc06 freshclam[22972]: main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
> Jan 26 10:37:02 vc06 freshclam[22972]: Downloading daily-24256.cdiff [100%]
> Jan 26 10:37:05 vc06 freshclam[22972]: daily.cld updated (version: 24256, sigs: 1835772, f-level: 63, builder: neo)
> Jan 26 10:37:06 vc06 freshclam[22972]: bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)
> Jan 26 10:37:08 vc06 freshclam[22972]: Database updated (6402096 signatures) from db.jp.clamav.net (IP: 124.35.85.83)
> Jan 26 10:37:08 vc06 clamd[26151]: Reading databases from /var/lib/clamav
> Jan 26 10:37:08 vc06 freshclam[22972]: Clamd successfully notified about the update.
> Jan 26 10:37:21 vc06 clamd[26151]: Database correctly reloaded (6396044 signatures)
> Jan 26 10:39:32 vc06 clamd[26151]: instream(10.32.198.32 at 64291): Can't open file or directory ERROR
> Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.4 at 46430): Can't open file or directory ERROR
> Jan 26 10:39:35 vc06 clamd[26151]: instream(10.32.198.8 at 50122): Can't open file or directory ERROR
> Jan 26 10:39:39 vc06 clamd[26151]: instream(10.32.198.8 at 50124): Can't open file or directory ERROR
> Jan 26 10:39:40 vc06 clamd[26151]: instream(10.32.198.5 at 60368): Can't open file or directory ERROR
> Jan 26 10:39:41 vc06 clamd[26151]: instream(10.32.198.33 at 37696): Can't open file or directory ERROR
> Jan 26 10:39:53 vc06 clamd[26151]: accept() failed:
> (... the last message repeated until rollback)
> --
>

-- 



More information about the clamav-users mailing list