[clamav-users] Clamd fails to start with daily.cvd

Wed Jul 24 11:49:54 UTC 2019

Hello!

I rebooted my CentOS 7 mail server last night and all of a sudden clamd 
is refusing to start - it burns CPU for a couple of minutes and then 
gives up. I've now narrowed it down as much as I could and it seems 
there is a problem loading daily.cvd/daily.cld.

I started by removing all unofficial signatures, which didn't help. Then 
I proceeded to remove all signatures completely and ran freshclam -v, 
upon which it successfully loaded (before daily.cvd was downloaded). 
Unfortunately when it downloaded daily.cvd it broke again.

It loads perfectly with main.cvd, bytecode.cvd and the rest of the 
unofficial signatures, but as soon as daily.cvd appears, it fails.

It gets more interesting. If I start clamd without daily.cvd and then 
run freshclam and wait for the 600 second signature check to catch the 
new daily, it actually loads them.

Jul 24 14:43:30 orc clamd[25482]: SelfCheck: Database modification 
detected. Forcing reload.
Jul 24 14:43:32 orc clamd[25482]: Reading databases from /var/lib/clamav
Jul 24 14:46:21 orc clamd[25482]: Database correctly reloaded (6392516 
signatures)

So the problem exists only when completely (re)starting clamd.

Logs are below.

Any ideas?

Thanks!
Reio

Jul 24 14:11:21 orc clamd[4345]: clamd daemon 0.101.2 (OS: linux-gnu, 
ARCH: x86_64, CPU: x86_64)
Jul 24 14:11:21 orc clamd[4345]: Running as user amavis (UID 994, GID 990)
Jul 24 14:11:21 orc clamd[4345]: Log file size limited to 1048576 bytes.
Jul 24 14:11:21 orc clamd[4345]: Reading databases from /var/lib/clamav
Jul 24 14:11:21 orc clamd[4345]: Not loading PUA signatures.
Jul 24 14:11:21 orc clamd[4345]: Bytecode: Security mode set to 
"TrustSigned".
-------------------------------------------------------------------
This is where it stalls with daily.cvd. If I remove daily.cvd and 
restart, it proceeds nicely.
-------------------------------------------------------------------
Jul 24 14:11:56 orc clamd[4345]: Loaded 4726922 signatures.
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Unix socket file 
/var/run/clamd.amavisd/clamd.sock
Jul 24 14:11:59 orc clamd[4345]: LOCAL: Setting connection queue length 
to 200
Jul 24 14:11:59 orc clamd[5039]: Limits: Global size limit set to 
104857600 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: File size limit set to 26214400 
bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: Recursion level limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: Files limit set to 10000.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxEmbeddedPE limit set to 
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNormalize limit set to 
10485760 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNoTags limit set to 
2097152 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxScriptNormalize limit set to 
5242880 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxZipTypeRcg limit set to 
1048576 bytes.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxPartitions limit set to 50.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxIconsPE limit set to 100.
Jul 24 14:11:59 orc clamd[5039]: Limits: MaxRecHWP3 limit set to 16.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMatchLimit limit set to 100000.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCRERecMatchLimit limit set to 
2000.
Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMaxFileSize limit set to 
26214400.
Jul 24 14:11:59 orc clamd[5039]: Archive support enabled.
Jul 24 14:11:59 orc clamd[5039]: AlertExceedsMax heuristic detection 
disabled.
Jul 24 14:11:59 orc clamd[5039]: Heuristic alerts enabled.
Jul 24 14:11:59 orc clamd[5039]: Portable Executable support enabled.
Jul 24 14:11:59 orc clamd[5039]: ELF support enabled.
Jul 24 14:11:59 orc clamd[5039]: Mail files support enabled.
Jul 24 14:11:59 orc clamd[5039]: OLE2 support enabled.
Jul 24 14:11:59 orc clamd[5039]: PDF support enabled.
Jul 24 14:11:59 orc clamd[5039]: SWF support enabled.
Jul 24 14:11:59 orc clamd[5039]: HTML support enabled.
Jul 24 14:11:59 orc clamd[5039]: XMLDOCS support enabled.
Jul 24 14:11:59 orc clamd[5039]: HWP3 support enabled.
Jul 24 14:11:59 orc clamd[5039]: Self checking every 600 seconds.