[clamav-users] clamd.exe becomes unresponsive

David Miller davesgoogliemail at gmail.com
Wed Aug 14 09:23:43 EDT 2019


Optimism was short lived.  Clamd.exe went unresponsive right after my
last email.
It lasted about 12 hours, but the next run only lasted barely over 4
hours before
becoming unresponsive... so, no rhyme or reason that I see. Nothing telling in
clamd.log file that I can see.

Thoughts/suggestions/etc. very appreciated!

  Tue Aug 13 23:14:11 2019 -> SelfCheck: Database status OK.
  Tue Aug 13 23:34:41 2019 -> SelfCheck: Database status OK.
**Tue Aug 13 23:55:11 2019 -> SelfCheck: Database status OK.   <<<<
-----  This was the last entry before becoming unresponsive.
  Tue Aug 13 23:55:21 2019 -> +++ Started at Tue Aug 13 23:55:21 2019
 <<< ---- Restarted once monitoring application detected
unresponsiveness.
  Tue Aug 13 23:55:21 2019 -> Received 0 file descriptor(s) from systemd.
  Tue Aug 13 23:55:21 2019 -> clamd daemon 0.101.3 (OS: win32, ARCH:
x86_64, CPU: x86_64)
  Tue Aug 13 23:55:21 2019 -> Log file size limited to 2097152 bytes.
  Tue Aug 13 23:55:21 2019 -> Reading databases from
C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database
  Tue Aug 13 23:55:21 2019 -> Not loading PUA signatures.
  Tue Aug 13 23:55:21 2019 -> Bytecode: Security mode set to "TrustSigned".
  Tue Aug 13 23:55:54 2019 -> Loaded 6269854 signatures.
  Tue Aug 13 23:55:56 2019 -> TCP: Bound to [127.0.0.1]:3310
  Tue Aug 13 23:55:56 2019 -> TCP: Setting connection queue length to 200
  Tue Aug 13 23:55:56 2019 -> Limits: Global size limit set to 104857600 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: File size limit set to 26214400 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: Recursion level limit set to 16.
  Tue Aug 13 23:55:56 2019 -> Limits: Files limit set to 10000.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxHTMLNormalize limit set to
10485760 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxScriptNormalize limit set to
5242880 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxPartitions limit set to 50.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxIconsPE limit set to 100.
  Tue Aug 13 23:55:56 2019 -> Limits: MaxRecHWP3 limit set to 16.
  Tue Aug 13 23:55:56 2019 -> Limits: PCREMatchLimit limit set to 100000.
  Tue Aug 13 23:55:56 2019 -> Limits: PCRERecMatchLimit limit set to 2000.
  Tue Aug 13 23:55:56 2019 -> Limits: PCREMaxFileSize limit set to 26214400.
  Tue Aug 13 23:55:56 2019 -> Archive support enabled.
  Tue Aug 13 23:55:56 2019 -> AlertExceedsMax heuristic detection disabled.
  Tue Aug 13 23:55:56 2019 -> Heuristic alerts enabled.
  Tue Aug 13 23:55:56 2019 -> Portable Executable support enabled.
  Tue Aug 13 23:55:56 2019 -> ELF support enabled.
  Tue Aug 13 23:55:56 2019 -> Mail files support enabled.
  Tue Aug 13 23:55:56 2019 -> OLE2 support enabled.
  Tue Aug 13 23:55:56 2019 -> PDF support enabled.
  Tue Aug 13 23:55:56 2019 -> SWF support enabled.
  Tue Aug 13 23:55:56 2019 -> HTML support enabled.
  Tue Aug 13 23:55:56 2019 -> XMLDOCS support enabled.
  Tue Aug 13 23:55:56 2019 -> HWP3 support enabled.
  Tue Aug 13 23:55:56 2019 -> Self checking every 1200 seconds.
  Tue Aug 13 23:55:56 2019 -> Listening daemon: PID: 7132
  Tue Aug 13 23:55:56 2019 -> MaxQueue set to: 100
  Wed Aug 14 00:16:50 2019 -> SelfCheck: Database status OK.
  Wed Aug 14 00:37:20 2019 -> SelfCheck: Database status OK.

Thanks,
-Dave

On Tue, Aug 13, 2019 at 10:37 PM David Miller
<davesgoogliemail at gmail.com> wrote:
>
> Hi, All:
>
> Good news update: Clamd.exe is running longer than ever so far...
> nearly 12 hours.  I had just switched the SelfCheck value from the
> default 600 to 1200 to see if that made a difference.  I also enabled
> LogVerbose.  Those are the only 2 updates to the clamd.config.  One
> other change I made is to call PING less often to see if clamd.exe is
> still responsive.  Right now, it checks once per minute... previously,
> it checked every 15 seconds. I don't believe this change had anything
> to do with tonight's improved result because initially, I wasn't
> calling PING at all - the PINGs were added as a result of the
> unresponsiveness.  I'm optimistic, but still stumped.  I suspect the
> change relates to the less frequent SelfCheck calls.
> Thoughts/suggestions/etc. very appreciated!
>
> Thanks,
> -Dave
>
> On Tue, Aug 13, 2019 at 1:15 PM David Miller <davesgoogliemail at gmail.com> wrote:
> >
> > Hello, All:
> >
> > clamav-0.101.2-win-x64-portable
> > clamav-0.101.3-win-x64-portable
> >
> > After clamd.exe runs successfully for several hours, it becomes unresponsive.
> > Hosted on 2 Windows 2016 Servers and a Windows 10 - all respond the same.
> > Last log entry for clamd shows: "SelfCheck: Database status OK."  An example
> > of the unresponsive timelines from one of the deployments is pasted below.
> >
> > Restarted                     Unresponsive:              Timespan:
> > 8/10/19 01:30:30 a.m.   8/10/19 06:06:29 a.m.   4:35:59
> > 8/10/19 06:06:30 a.m.   8/10/19 12:34:12 p.m.   6:27:42
> > 8/10/19 12:34:13 p.m.   8/10/19 07:01:55 p.m.   5:32:18
> > 8/10/19 07:01:56 p.m.   8/11/19 01:29:37 a.m.   5:32:19
> > 8/11/19 01:29:38 a.m.   8/11/19 06:05:35 a.m.   4:35:57
> > 8/11/19 06:05:37 a.m.   8/11/19 12:33:17 p.m.   6:27:40
> > 8/11/19 12:33:19 p.m.   8/11/19 07:01:00 p.m.   5:32:19
> > 8/11/19 07:01:01 p.m.   8/12/19 01:28:42 a.m.   6:27:41
> >
> > Clamd.exe remains responsive for the timespans listed above, but then
> > becomes unresponsive and I have to kill the process and start a new
> > instance of clamd.exe. (The outage time consistency is telling, but
> > what it's telling I still don't know.) FWIW: I run freshclam once an hour,
> > but it seems to have no impact on the unresponsiveness of clamd. Also, the
> > clamd.exe becomes unresponsive whether or not there are files being
> > scanned. I've tried a few .conf changes with no noticeable impact on the
> > unresponsiveness. Any pointers/tools/suggestions are greatly appreciated.
> >
> > I've appended my current .conf results to this email.
> >
> > Thanks for your time & have a great day!
> > -Dave,
> >
> >
> > clamconf -n
> >
> > Checking configuration files in
> > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable
> >
> > Config file: clamd.conf
> > -----------------------
> > LogFile = "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\clamd.log"
> > LogFileMaxSize = "2097152"
> > LogTime = "yes"
> > LogVerbose = "yes"
> > TCPSocket = "3310"
> > TCPAddr = "127.0.0.1"
> > SendBufTimeout = "200"
> > IdleTimeout = "60"
> > SelfCheck = "1200"
> >
> > Config file: freshclam.conf
> > ---------------------------
> > LogFileMaxSize = "2097152"
> > LogTime = "yes"
> > UpdateLogFile =
> > "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\freshclam.log"
> > DatabaseMirror = "database.clamav.net"
> >
> > clamav-milter.conf not found
> >
> > Software settings
> > -----------------
> > Version: 0.101.3
> > Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 RAR JIT
> >
> > Database information
> > --------------------
> > Database directory:
> > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database
> > bytecode.cvd: version 330, sigs: 94, built on Wed Jul 17 08:11:08 2019
> > daily.cld: version 25540, sigs: 1713558, built on Tue Aug 13 03:16:47 2019
> > main.cvd: version 58, sigs: 4566249, built on Wed Jun  7 16:38:10 2017
> > Total number of signatures: 6279901
> >
> > Platform information
> > --------------------
> > uname: Microsoft Windows 6.2 SP0.0 Build 9200
> > OS: win32, ARCH: x86_64, CPU: x86_64
> > zlib version: 1.2.11 (1.2.11), compile flags: 65
> > Triple: x86_64-pc-win32
> > CPU: i686, Little-endian
> > platform id: 0x102566660800077c0100077c
> >
> > Build information
> > -----------------
> > Microsoft Visual C++: (0.7.124)
> > Microsoft Visual C++ 1916
> > sizeof(void*) = 8
> > Engine flevel: 102, dconf: 102


More information about the clamav-users mailing list