[clamav-users] Problem with Max Open descriptor Files limit

Micah Snyder (micasnyd) micasnyd at cisco.com
Fri Jan 26 15:59:23 UTC 2018 

I’m sorry to say that 0.99.3 does not eliminate the 32-bit scan size limit.  This, and variable type consistency (particularly for file sizes) between our various libraries, is definitely on my radar.


Micah Snyder
Software Engineer
Talos
Cisco Systems, Inc.



On Jan 26, 2018, at 10:34 AM, Paul Kosinski <clamav-users at iment.com<mailto:clamav-users at iment.com>> wrote:

I observed this running out of file descriptors yesterday when running
0.99.2 to scan the download of 0.99.3. I had never seen this behavior
before, but ascribed it to using clamscan with its memory limit set to
4095M to ensure that absolutely everything was scanned.

One of our clamd process died trying to reload the database (see below),
and another is about to run out of file descriptors (419 and counting
of mostly 'deleted' ones according to lsof).

On the plus side HAVP, which uses libclamav with the standard set of
signatures, still seem to be running OK.

P.S. Does 0.99.3 eliminate the obsolete 32-bit scan size limit?

-------

Fri Jan 26 06:11:38 2018 -> SelfCheck: Database status OK.
Fri Jan 26 06:21:38 2018 -> SelfCheck: Database modification detected.
Forcing reload.
Fri Jan 26 06:21:38 2018 -> Reading databases
from /opt/clamav.d/clamav.0.99.2/share/clamav
Fri Jan 26 06:21:38 2018 -> ERROR: reload db failed: Can't duplicate
file descriptor
Fri Jan 26 06:21:38 2018 -> Terminating because of a fatal error.
Fri Jan 26 06:21:38 2018 -> Waiting for all threads to finish
Fri Jan 26 06:21:38 2018 -> Shutting down the main socket.
Fri Jan 26 06:21:38 2018 -> Pid file removed.
Fri Jan 26 06:21:38 2018 -> --- Stopped at Fri Jan 26 06:21:38 2018
Fri Jan 26 06:21:38 2018 -> Closing the main socket.

-------



On Fri, 26 Jan 2018 15:03:32 +0100
Carlos García Gómez <carlos.garcia at f-integra.org<mailto:carlos.garcia at f-integra.org>> wrote:

Hi,

We have a problem with ClamAV due to Max Open desciptor Files limit
It’s seems like delete temp files are not freeded
When the soft is reached the clamav proccess responses with an ERROR

THe problem has begined Today with 0.99.2 clamav version
We have updated to the last release 0.99.3 but then problem again be
here.



 [root at mx2 tmp]# ps -ef |grep clamav
 clamav   22927     1  0 13:50 ?
00:00:00 /home/vmail/antivirus/clamav/bin/freshclam -d root     23128
21677  0 15:01 pts/1    00:00:00 grep clamav clamav   23137     1  2
13:51 ?        00:01:39 /home/vmail/antivirus/clamav/sbin/clamd


 [root at mx2 tmp]# lsof -p
23137 COMMAND   PID   USER   FD   TYPE     DEVICE     SIZE       NODE
NAME clamd   23137 clamav  cwd    DIR        8,1     4096          2 /
 clamd   23137 clamav  rtd    DIR        8,1     4096          2 /
 clamd   23137 clamav  txt    REG        8,2   330823
1507346 /home/vmail/antivirus/clamav-0.99.3/sbin/clamd clamd   23137
clamav   11u   REG        8,2       46
1540613 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-40e1c3eb5c91506cd8029a626d44e430.tmp
(deleted) clamd   23137 clamav   12u   REG        8,2      119
1540264 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-6191bbf55622fa150f6a562fedaa96bf.tmp
(deleted) clamd   23137 clamav   13u   REG        8,2      119
1540266 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-d23444b929c3e8f70b245d0f7df9c64e.tmp
(deleted) clamd   23137 clamav   14u   REG        8,2       36
1540265 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-0323a84d6821a592bccefde5a36c0bb4.tmp
(deleted) clamd   23137 clamav   15u   REG        8,2     4793
1540268 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-a08b30fcf5ca4cbc35089753a49b688f.tmp
(deleted) clamd   23137 clamav   16u   REG        8,2     4793
1540267 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-8fa41cdf16f7e03e3fef00fa7faefe66.tmp
(deleted) clamd   23137 clamav   17u   REG        8,2       58
1540270 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-8106966405936ecc207ceb37377b2be5.tmp
(deleted) clamd   23137 clamav   18u   REG        8,2      183
1540272 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-6f395db61ea80440bbcdcccf8c1fd87e.tmp
(deleted) clamd   23137 clamav   19u   REG        8,2      293
1540273 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-4d454dfbedfa70c192000a2cc021a0e9.tmp
(deleted) clamd   23137 clamav   20u   REG        8,2      183
1540271 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-d7b9350895ea3c7c16a95810da93cbcd.tmp
(deleted) clamd   23137 clamav   21u   REG        8,2     3137
1540274 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-61ead91328b1a1fb2eed66e0092fab37.tmp
(deleted) clamd   23137 clamav   22u   REG        8,2     3137
1540276 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-ea8e77c7746f4e20efa08dd714e3bab1.tmp
(deleted) clamd   23137 clamav   23u   REG        8,2       42
1540275 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-6dc27ea80d232f5cf3354a7a3c8ec58d.tmp
(deleted) clamd   23137 clamav   24u   REG        8,2       44
1540277 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-fee6d1b3d366eda4e15f5ff8416bc606.tmp
(deleted) clamd   23137 clamav   25u   REG        8,2      677
1540279 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-2b9716c6173771c795a3b1c3bef56470.tmp
(deleted) clamd   23137 clamav   26u   REG        8,2      155
1540280 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-e63b9a7454908ebb5f47657898bdb2c5.tmp
(deleted) clamd   23137 clamav   27u   REG        8,2     1681
1540281 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-ba047ebfc0396a5b38b595eeec0f7437.tmp
(deleted) clamd   23137 clamav   28u   REG        8,2       46
1540278 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-49dbcc76c3c8b14d279a9d0aa74310a1.tmp
(deleted) clamd   23137 clamav   29u   REG        8,2     1681
1540283 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-46898158d350efefbe01636215301fad.tmp
(deleted) clamd   23137 clamav   30u   REG        8,2       48
1540282 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-fdc1f1fdaca0933e22778c22bf4306c2.tmp
(deleted) clamd   23137 clamav   31u   REG        8,2     1235
1540285 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-3849f6d05e67f2ad565d668e9a925158.tmp
(deleted) clamd   23137 clamav   32u   REG        8,2       38
1540284 /home/vmail/antivirus/clamav-0.99.3/var/tmp/clamav-9428301ea35432270076585aad066354.tmp
(deleted)

When there are 1024 FD => ClamAV crash

Any Ideas?

Regards.




_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list