[clamav-users] clamd.exe becomes unresponsive

Micah Snyder (micasnyd) micasnyd at cisco.com
Wed Aug 14 09:22:25 EDT 2019


Hi Dave,

Thanks for your research on this issue.  Sorry we've all been quiet on the subject.  I guess I'm glad to that people aren't chiming in to confirm similar behavior.  However, it's definitely disturbing to me to hear that clamd.exe is becoming unresponsive over time.  I'm going to try running clamd.exe in a debugger for an extended period of time with a very low SelfCheck setting to see if it becomes unresponsive and if so, to see if I can find some more details. 

Hanno Böck reported a similar issue on a Gentoo Linux system wherein clamd was becoming unresponsive after 2-3 days, usually after being notified by freshclam (a feature which also invokes a database check): https://bugzilla.clamav.net/show_bug.cgi?id=12292  Perhaps this is related and the bug is not limited to just Windows?  

Micah

On 8/13/19, 11:38 PM, "clamav-users on behalf of David Miller via clamav-users" <clamav-users-bounces at lists.clamav.net on behalf of clamav-users at lists.clamav.net> wrote:

    Hi, All:
    
    Good news update: Clamd.exe is running longer than ever so far...
    nearly 12 hours.  I had just switched the SelfCheck value from the
    default 600 to 1200 to see if that made a difference.  I also enabled
    LogVerbose.  Those are the only 2 updates to the clamd.config.  One
    other change I made is to call PING less often to see if clamd.exe is
    still responsive.  Right now, it checks once per minute... previously,
    it checked every 15 seconds. I don't believe this change had anything
    to do with tonight's improved result because initially, I wasn't
    calling PING at all - the PINGs were added as a result of the
    unresponsiveness.  I'm optimistic, but still stumped.  I suspect the
    change relates to the less frequent SelfCheck calls.
    Thoughts/suggestions/etc. very appreciated!
    
    Thanks,
    -Dave
    
    On Tue, Aug 13, 2019 at 1:15 PM David Miller <davesgoogliemail at gmail.com> wrote:
    >
    > Hello, All:
    >
    > clamav-0.101.2-win-x64-portable
    > clamav-0.101.3-win-x64-portable
    >
    > After clamd.exe runs successfully for several hours, it becomes unresponsive.
    > Hosted on 2 Windows 2016 Servers and a Windows 10 - all respond the same.
    > Last log entry for clamd shows: "SelfCheck: Database status OK."  An example
    > of the unresponsive timelines from one of the deployments is pasted below.
    >
    > Restarted                     Unresponsive:              Timespan:
    > 8/10/19 01:30:30 a.m.   8/10/19 06:06:29 a.m.   4:35:59
    > 8/10/19 06:06:30 a.m.   8/10/19 12:34:12 p.m.   6:27:42
    > 8/10/19 12:34:13 p.m.   8/10/19 07:01:55 p.m.   5:32:18
    > 8/10/19 07:01:56 p.m.   8/11/19 01:29:37 a.m.   5:32:19
    > 8/11/19 01:29:38 a.m.   8/11/19 06:05:35 a.m.   4:35:57
    > 8/11/19 06:05:37 a.m.   8/11/19 12:33:17 p.m.   6:27:40
    > 8/11/19 12:33:19 p.m.   8/11/19 07:01:00 p.m.   5:32:19
    > 8/11/19 07:01:01 p.m.   8/12/19 01:28:42 a.m.   6:27:41
    >
    > Clamd.exe remains responsive for the timespans listed above, but then
    > becomes unresponsive and I have to kill the process and start a new
    > instance of clamd.exe. (The outage time consistency is telling, but
    > what it's telling I still don't know.) FWIW: I run freshclam once an hour,
    > but it seems to have no impact on the unresponsiveness of clamd. Also, the
    > clamd.exe becomes unresponsive whether or not there are files being
    > scanned. I've tried a few .conf changes with no noticeable impact on the
    > unresponsiveness. Any pointers/tools/suggestions are greatly appreciated.
    >
    > I've appended my current .conf results to this email.
    >
    > Thanks for your time & have a great day!
    > -Dave,
    >
    >
    > clamconf -n
    >
    > Checking configuration files in
    > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable
    >
    > Config file: clamd.conf
    > -----------------------
    > LogFile = "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\clamd.log"
    > LogFileMaxSize = "2097152"
    > LogTime = "yes"
    > LogVerbose = "yes"
    > TCPSocket = "3310"
    > TCPAddr = "127.0.0.1"
    > SendBufTimeout = "200"
    > IdleTimeout = "60"
    > SelfCheck = "1200"
    >
    > Config file: freshclam.conf
    > ---------------------------
    > LogFileMaxSize = "2097152"
    > LogTime = "yes"
    > UpdateLogFile =
    > "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\freshclam.log"
    > DatabaseMirror = "database.clamav.net"
    >
    > clamav-milter.conf not found
    >
    > Software settings
    > -----------------
    > Version: 0.101.3
    > Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 RAR JIT
    >
    > Database information
    > --------------------
    > Database directory:
    > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database
    > bytecode.cvd: version 330, sigs: 94, built on Wed Jul 17 08:11:08 2019
    > daily.cld: version 25540, sigs: 1713558, built on Tue Aug 13 03:16:47 2019
    > main.cvd: version 58, sigs: 4566249, built on Wed Jun  7 16:38:10 2017
    > Total number of signatures: 6279901
    >
    > Platform information
    > --------------------
    > uname: Microsoft Windows 6.2 SP0.0 Build 9200
    > OS: win32, ARCH: x86_64, CPU: x86_64
    > zlib version: 1.2.11 (1.2.11), compile flags: 65
    > Triple: x86_64-pc-win32
    > CPU: i686, Little-endian
    > platform id: 0x102566660800077c0100077c
    >
    > Build information
    > -----------------
    > Microsoft Visual C++: (0.7.124)
    > Microsoft Visual C++ 1916
    > sizeof(void*) = 8
    > Engine flevel: 102, dconf: 102
    
    _______________________________________________
    
    clamav-users mailing list
    clamav-users at lists.clamav.net
    https://lists.clamav.net/mailman/listinfo/clamav-users
    
    
    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq
    
    http://www.clamav.net/contact.html#ml
    



More information about the clamav-users mailing list