[clamav-users] clamd.exe becomes unresponsive

David Miller davesgoogliemail at gmail.com
Wed Aug 14 09:36:01 EDT 2019


Morning:

Thanks for the response, Micah (i just missed it before sending my
update). No worries on things being quiet.  I'm sure people read and
thought about it, but I suppose no solid ideas yet.

I just enabled NotifyClamd only yesterday or the day before, so I'm
not too optimistic that's our culprit. In fact, the unresponsiveness
was apparent before I was even running freshclam daily. I went several
days without running freshclam during initial implementation and the
unresponsiveness was already there.

Have a great day!

Thanks,
-Dave

On Wed, Aug 14, 2019 at 8:23 AM David Miller <davesgoogliemail at gmail.com> wrote:
>
> Optimism was short lived.  Clamd.exe went unresponsive right after my
> last email.
> It lasted about 12 hours, but the next run only lasted barely over 4
> hours before
> becoming unresponsive... so, no rhyme or reason that I see. Nothing telling in
> clamd.log file that I can see.
>
> Thoughts/suggestions/etc. very appreciated!
>
>   Tue Aug 13 23:14:11 2019 -> SelfCheck: Database status OK.
>   Tue Aug 13 23:34:41 2019 -> SelfCheck: Database status OK.
> **Tue Aug 13 23:55:11 2019 -> SelfCheck: Database status OK.   <<<<
> -----  This was the last entry before becoming unresponsive.
>   Tue Aug 13 23:55:21 2019 -> +++ Started at Tue Aug 13 23:55:21 2019
>  <<< ---- Restarted once monitoring application detected
> unresponsiveness.
>   Tue Aug 13 23:55:21 2019 -> Received 0 file descriptor(s) from systemd.
>   Tue Aug 13 23:55:21 2019 -> clamd daemon 0.101.3 (OS: win32, ARCH:
> x86_64, CPU: x86_64)
>   Tue Aug 13 23:55:21 2019 -> Log file size limited to 2097152 bytes.
>   Tue Aug 13 23:55:21 2019 -> Reading databases from
> C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database
>   Tue Aug 13 23:55:21 2019 -> Not loading PUA signatures.
>   Tue Aug 13 23:55:21 2019 -> Bytecode: Security mode set to "TrustSigned".
>   Tue Aug 13 23:55:54 2019 -> Loaded 6269854 signatures.
>   Tue Aug 13 23:55:56 2019 -> TCP: Bound to [127.0.0.1]:3310
>   Tue Aug 13 23:55:56 2019 -> TCP: Setting connection queue length to 200
>   Tue Aug 13 23:55:56 2019 -> Limits: Global size limit set to 104857600 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: File size limit set to 26214400 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: Recursion level limit set to 16.
>   Tue Aug 13 23:55:56 2019 -> Limits: Files limit set to 10000.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxHTMLNormalize limit set to
> 10485760 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxScriptNormalize limit set to
> 5242880 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxPartitions limit set to 50.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxIconsPE limit set to 100.
>   Tue Aug 13 23:55:56 2019 -> Limits: MaxRecHWP3 limit set to 16.
>   Tue Aug 13 23:55:56 2019 -> Limits: PCREMatchLimit limit set to 100000.
>   Tue Aug 13 23:55:56 2019 -> Limits: PCRERecMatchLimit limit set to 2000.
>   Tue Aug 13 23:55:56 2019 -> Limits: PCREMaxFileSize limit set to 26214400.
>   Tue Aug 13 23:55:56 2019 -> Archive support enabled.
>   Tue Aug 13 23:55:56 2019 -> AlertExceedsMax heuristic detection disabled.
>   Tue Aug 13 23:55:56 2019 -> Heuristic alerts enabled.
>   Tue Aug 13 23:55:56 2019 -> Portable Executable support enabled.
>   Tue Aug 13 23:55:56 2019 -> ELF support enabled.
>   Tue Aug 13 23:55:56 2019 -> Mail files support enabled.
>   Tue Aug 13 23:55:56 2019 -> OLE2 support enabled.
>   Tue Aug 13 23:55:56 2019 -> PDF support enabled.
>   Tue Aug 13 23:55:56 2019 -> SWF support enabled.
>   Tue Aug 13 23:55:56 2019 -> HTML support enabled.
>   Tue Aug 13 23:55:56 2019 -> XMLDOCS support enabled.
>   Tue Aug 13 23:55:56 2019 -> HWP3 support enabled.
>   Tue Aug 13 23:55:56 2019 -> Self checking every 1200 seconds.
>   Tue Aug 13 23:55:56 2019 -> Listening daemon: PID: 7132
>   Tue Aug 13 23:55:56 2019 -> MaxQueue set to: 100
>   Wed Aug 14 00:16:50 2019 -> SelfCheck: Database status OK.
>   Wed Aug 14 00:37:20 2019 -> SelfCheck: Database status OK.
>
> Thanks,
> -Dave
>
> On Tue, Aug 13, 2019 at 10:37 PM David Miller
> <davesgoogliemail at gmail.com> wrote:
> >
> > Hi, All:
> >
> > Good news update: Clamd.exe is running longer than ever so far...
> > nearly 12 hours.  I had just switched the SelfCheck value from the
> > default 600 to 1200 to see if that made a difference.  I also enabled
> > LogVerbose.  Those are the only 2 updates to the clamd.config.  One
> > other change I made is to call PING less often to see if clamd.exe is
> > still responsive.  Right now, it checks once per minute... previously,
> > it checked every 15 seconds. I don't believe this change had anything
> > to do with tonight's improved result because initially, I wasn't
> > calling PING at all - the PINGs were added as a result of the
> > unresponsiveness.  I'm optimistic, but still stumped.  I suspect the
> > change relates to the less frequent SelfCheck calls.
> > Thoughts/suggestions/etc. very appreciated!
> >
> > Thanks,
> > -Dave
> >
> > On Tue, Aug 13, 2019 at 1:15 PM David Miller <davesgoogliemail at gmail.com> wrote:
> > >
> > > Hello, All:
> > >
> > > clamav-0.101.2-win-x64-portable
> > > clamav-0.101.3-win-x64-portable
> > >
> > > After clamd.exe runs successfully for several hours, it becomes unresponsive.
> > > Hosted on 2 Windows 2016 Servers and a Windows 10 - all respond the same.
> > > Last log entry for clamd shows: "SelfCheck: Database status OK."  An example
> > > of the unresponsive timelines from one of the deployments is pasted below.
> > >
> > > Restarted                     Unresponsive:              Timespan:
> > > 8/10/19 01:30:30 a.m.   8/10/19 06:06:29 a.m.   4:35:59
> > > 8/10/19 06:06:30 a.m.   8/10/19 12:34:12 p.m.   6:27:42
> > > 8/10/19 12:34:13 p.m.   8/10/19 07:01:55 p.m.   5:32:18
> > > 8/10/19 07:01:56 p.m.   8/11/19 01:29:37 a.m.   5:32:19
> > > 8/11/19 01:29:38 a.m.   8/11/19 06:05:35 a.m.   4:35:57
> > > 8/11/19 06:05:37 a.m.   8/11/19 12:33:17 p.m.   6:27:40
> > > 8/11/19 12:33:19 p.m.   8/11/19 07:01:00 p.m.   5:32:19
> > > 8/11/19 07:01:01 p.m.   8/12/19 01:28:42 a.m.   6:27:41
> > >
> > > Clamd.exe remains responsive for the timespans listed above, but then
> > > becomes unresponsive and I have to kill the process and start a new
> > > instance of clamd.exe. (The outage time consistency is telling, but
> > > what it's telling I still don't know.) FWIW: I run freshclam once an hour,
> > > but it seems to have no impact on the unresponsiveness of clamd. Also, the
> > > clamd.exe becomes unresponsive whether or not there are files being
> > > scanned. I've tried a few .conf changes with no noticeable impact on the
> > > unresponsiveness. Any pointers/tools/suggestions are greatly appreciated.
> > >
> > > I've appended my current .conf results to this email.
> > >
> > > Thanks for your time & have a great day!
> > > -Dave,
> > >
> > >
> > > clamconf -n
> > >
> > > Checking configuration files in
> > > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable
> > >
> > > Config file: clamd.conf
> > > -----------------------
> > > LogFile = "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\clamd.log"
> > > LogFileMaxSize = "2097152"
> > > LogTime = "yes"
> > > LogVerbose = "yes"
> > > TCPSocket = "3310"
> > > TCPAddr = "127.0.0.1"
> > > SendBufTimeout = "200"
> > > IdleTimeout = "60"
> > > SelfCheck = "1200"
> > >
> > > Config file: freshclam.conf
> > > ---------------------------
> > > LogFileMaxSize = "2097152"
> > > LogTime = "yes"
> > > UpdateLogFile =
> > > "C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\freshclam.log"
> > > DatabaseMirror = "database.clamav.net"
> > >
> > > clamav-milter.conf not found
> > >
> > > Software settings
> > > -----------------
> > > Version: 0.101.3
> > > Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 RAR JIT
> > >
> > > Database information
> > > --------------------
> > > Database directory:
> > > C:\MyStuff\Tools\ClamAv\clamav-0.101.3-win-x64-portable\database
> > > bytecode.cvd: version 330, sigs: 94, built on Wed Jul 17 08:11:08 2019
> > > daily.cld: version 25540, sigs: 1713558, built on Tue Aug 13 03:16:47 2019
> > > main.cvd: version 58, sigs: 4566249, built on Wed Jun  7 16:38:10 2017
> > > Total number of signatures: 6279901
> > >
> > > Platform information
> > > --------------------
> > > uname: Microsoft Windows 6.2 SP0.0 Build 9200
> > > OS: win32, ARCH: x86_64, CPU: x86_64
> > > zlib version: 1.2.11 (1.2.11), compile flags: 65
> > > Triple: x86_64-pc-win32
> > > CPU: i686, Little-endian
> > > platform id: 0x102566660800077c0100077c
> > >
> > > Build information
> > > -----------------
> > > Microsoft Visual C++: (0.7.124)
> > > Microsoft Visual C++ 1916
> > > sizeof(void*) = 8
> > > Engine flevel: 102, dconf: 102


More information about the clamav-users mailing list