[clamav-users] Problem with Max Open descriptor Files limit

Paul Kosinski clamav-users at iment.com
Fri Jan 26 15:34:56 UTC 2018


I observed this running out of file descriptors yesterday when running
0.99.2 to scan the download of 0.99.3. I had never seen this behavior
before, but ascribed it to using clamscan with its memory limit set to
4095M to ensure that absolutely everything was scanned.

One of our clamd process died trying to reload the database (see below),
and another is about to run out of file descriptors (419 and counting
of mostly 'deleted' ones according to lsof).

On the plus side HAVP, which uses libclamav with the standard set of
signatures, still seem to be running OK.

P.S. Does 0.99.3 eliminate the obsolete 32-bit scan size limit?

-------

Fri Jan 26 06:11:38 2018 -> SelfCheck: Database status OK.
Fri Jan 26 06:21:38 2018 -> SelfCheck: Database modification detected.
Forcing reload.
Fri Jan 26 06:21:38 2018 -> Reading databases
from /opt/clamav.d/clamav.0.99.2/share/clamav
Fri Jan 26 06:21:38 2018 -> ERROR: reload db failed: Can't duplicate
file descriptor
Fri Jan 26 06:21:38 2018 -> Terminating because of a fatal error.
Fri Jan 26 06:21:38 2018 -> Waiting for all threads to finish
Fri Jan 26 06:21:38 2018 -> Shutting down the main socket.
Fri Jan 26 06:21:38 2018 -> Pid file removed.
Fri Jan 26 06:21:38 2018 -> --- Stopped at Fri Jan 26 06:21:38 2018
Fri Jan 26 06:21:38 2018 -> Closing the main socket.

-------



On Fri, 26 Jan 2018 15:03:32 +0100
Carlos García Gómez <carlos.garcia at f-integra.org> wrote:

> Hi,
> 
> We have a problem with ClamAV due to Max Open desciptor Files limit
> It’s seems like delete temp files are not freeded 
> When the soft is reached the clamav proccess responses with an ERROR
> 
> THe problem has begined Today with 0.99.2 clamav version
> We have updated to the last release 0.99.3 but then problem again be
> here.
> 
> 
> 
>   [root at mx2 tmp]# ps -ef |grep clamav
>   clamav   22927     1  0 13:50 ?
> 00:00:00 /home/vmail/antivirus/clamav/bin/freshclam -d root     23128
> 21677  0 15:01 pts/1    00:00:00 grep clamav clamav   23137     1  2
> 13:51 ?        00:01:39 /home/vmail/antivirus/clamav/sbin/clamd
> 
> 
>   [root at mx2 tmp]# lsof -p
> 23137 COMMAND   PID   USER   FD   TYPE     DEVICE     SIZE       NODE
> NAME clamd   23137 clamav  cwd    DIR        8,1     4096          2 /
>   clamd   23137 clamav  rtd    DIR        8,1     4096          2 /
>   clamd   23137 clamav  txt    REG        8,2   330823
> 1507346 /home/vmail/antivirus/clamav-0.99.3/sbin/clamd clamd   23137
> clamav   11u   REG        8,2       46
> 1540613 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-40e1c3eb5c91506cd8029a626d44e430.tmp
> (deleted) clamd   23137 clamav   12u   REG        8,2      119
> 1540264 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-6191bbf55622fa150f6a562fedaa96bf.tmp
> (deleted) clamd   23137 clamav   13u   REG        8,2      119
> 1540266 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-d23444b929c3e8f70b245d0f7df9c64e.tmp
> (deleted) clamd   23137 clamav   14u   REG        8,2       36
> 1540265 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-0323a84d6821a592bccefde5a36c0bb4.tmp
> (deleted) clamd   23137 clamav   15u   REG        8,2     4793
> 1540268 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-a08b30fcf5ca4cbc35089753a49b688f.tmp
> (deleted) clamd   23137 clamav   16u   REG        8,2     4793
> 1540267 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-8fa41cdf16f7e03e3fef00fa7faefe66.tmp
> (deleted) clamd   23137 clamav   17u   REG        8,2       58
> 1540270 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-8106966405936ecc207ceb37377b2be5.tmp
> (deleted) clamd   23137 clamav   18u   REG        8,2      183
> 1540272 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-6f395db61ea80440bbcdcccf8c1fd87e.tmp
> (deleted) clamd   23137 clamav   19u   REG        8,2      293
> 1540273 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-4d454dfbedfa70c192000a2cc021a0e9.tmp
> (deleted) clamd   23137 clamav   20u   REG        8,2      183
> 1540271 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-d7b9350895ea3c7c16a95810da93cbcd.tmp
> (deleted) clamd   23137 clamav   21u   REG        8,2     3137
> 1540274 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-61ead91328b1a1fb2eed66e0092fab37.tmp
> (deleted) clamd   23137 clamav   22u   REG        8,2     3137
> 1540276 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-ea8e77c7746f4e20efa08dd714e3bab1.tmp
> (deleted) clamd   23137 clamav   23u   REG        8,2       42
> 1540275 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-6dc27ea80d232f5cf3354a7a3c8ec58d.tmp
> (deleted) clamd   23137 clamav   24u   REG        8,2       44
> 1540277 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-fee6d1b3d366eda4e15f5ff8416bc606.tmp
> (deleted) clamd   23137 clamav   25u   REG        8,2      677
> 1540279 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-2b9716c6173771c795a3b1c3bef56470.tmp
> (deleted) clamd   23137 clamav   26u   REG        8,2      155
> 1540280 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-e63b9a7454908ebb5f47657898bdb2c5.tmp
> (deleted) clamd   23137 clamav   27u   REG        8,2     1681
> 1540281 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-ba047ebfc0396a5b38b595eeec0f7437.tmp
> (deleted) clamd   23137 clamav   28u   REG        8,2       46
> 1540278 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-49dbcc76c3c8b14d279a9d0aa74310a1.tmp
> (deleted) clamd   23137 clamav   29u   REG        8,2     1681
> 1540283 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-46898158d350efefbe01636215301fad.tmp
> (deleted) clamd   23137 clamav   30u   REG        8,2       48
> 1540282 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-fdc1f1fdaca0933e22778c22bf4306c2.tmp
> (deleted) clamd   23137 clamav   31u   REG        8,2     1235
> 1540285 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-3849f6d05e67f2ad565d668e9a925158.tmp
> (deleted) clamd   23137 clamav   32u   REG        8,2       38
> 1540284 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-9428301ea35432270076585aad066354.tmp
> (deleted)
> 
> When there are 1024 FD => ClamAV crash
> 
> Any Ideas?
> 
> Regards.
> 
> 
> 
> 
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml



More information about the clamav-users mailing list