[clamav-users] Clamd fails to start with daily.cvd
Reio Remma
reio at mrstuudio.ee
Wed Jul 24 12:44:25 UTC 2019
It was that simple! Thank you very much! :)
Reio
On 24/07/2019 15:31, Axb via clamav-users wrote:
> try this:
>
> in file clamd.service
> to section:
> [Service]
> add
> TimeoutSec=900
>
> restart clamd service
>
> h2h
>
>
> On 7/24/19 1:49 PM, Reio Remma via clamav-users wrote:
>> Hello!
>>
>> I rebooted my CentOS 7 mail server last night and all of a sudden
>> clamd is refusing to start - it burns CPU for a couple of minutes and
>> then gives up. I've now narrowed it down as much as I could and it
>> seems there is a problem loading daily.cvd/daily.cld.
>>
>> I started by removing all unofficial signatures, which didn't help.
>> Then I proceeded to remove all signatures completely and ran
>> freshclam -v, upon which it successfully loaded (before daily.cvd was
>> downloaded). Unfortunately when it downloaded daily.cvd it broke again.
>>
>> It loads perfectly with main.cvd, bytecode.cvd and the rest of the
>> unofficial signatures, but as soon as daily.cvd appears, it fails.
>>
>> It gets more interesting. If I start clamd without daily.cvd and then
>> run freshclam and wait for the 600 second signature check to catch
>> the new daily, it actually loads them.
>>
>> Jul 24 14:43:30 orc clamd[25482]: SelfCheck: Database modification
>> detected. Forcing reload.
>> Jul 24 14:43:32 orc clamd[25482]: Reading databases from /var/lib/clamav
>> Jul 24 14:46:21 orc clamd[25482]: Database correctly reloaded
>> (6392516 signatures)
>>
>> So the problem exists only when completely (re)starting clamd.
>>
>> Logs are below.
>>
>> Any ideas?
>>
>> Thanks!
>> Reio
>>
>> Jul 24 14:11:21 orc clamd[4345]: clamd daemon 0.101.2 (OS: linux-gnu,
>> ARCH: x86_64, CPU: x86_64)
>> Jul 24 14:11:21 orc clamd[4345]: Running as user amavis (UID 994, GID
>> 990)
>> Jul 24 14:11:21 orc clamd[4345]: Log file size limited to 1048576 bytes.
>> Jul 24 14:11:21 orc clamd[4345]: Reading databases from /var/lib/clamav
>> Jul 24 14:11:21 orc clamd[4345]: Not loading PUA signatures.
>> Jul 24 14:11:21 orc clamd[4345]: Bytecode: Security mode set to
>> "TrustSigned".
>> -------------------------------------------------------------------
>> This is where it stalls with daily.cvd. If I remove daily.cvd and
>> restart, it proceeds nicely.
>> -------------------------------------------------------------------
>> Jul 24 14:11:56 orc clamd[4345]: Loaded 4726922 signatures.
>> Jul 24 14:11:59 orc clamd[4345]: LOCAL: Unix socket file
>> /var/run/clamd.amavisd/clamd.sock
>> Jul 24 14:11:59 orc clamd[4345]: LOCAL: Setting connection queue
>> length to 200
>> Jul 24 14:11:59 orc clamd[5039]: Limits: Global size limit set to
>> 104857600 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: File size limit set to
>> 26214400 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: Recursion level limit set to
>> 16.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: Files limit set to 10000.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxEmbeddedPE limit set to
>> 10485760 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNormalize limit set
>> to 10485760 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxHTMLNoTags limit set to
>> 2097152 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxScriptNormalize limit set
>> to 5242880 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxZipTypeRcg limit set to
>> 1048576 bytes.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxPartitions limit set to 50.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxIconsPE limit set to 100.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: MaxRecHWP3 limit set to 16.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMatchLimit limit set to
>> 100000.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: PCRERecMatchLimit limit set
>> to 2000.
>> Jul 24 14:11:59 orc clamd[5039]: Limits: PCREMaxFileSize limit set to
>> 26214400.
>> Jul 24 14:11:59 orc clamd[5039]: Archive support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: AlertExceedsMax heuristic detection
>> disabled.
>> Jul 24 14:11:59 orc clamd[5039]: Heuristic alerts enabled.
>> Jul 24 14:11:59 orc clamd[5039]: Portable Executable support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: ELF support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: Mail files support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: OLE2 support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: PDF support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: SWF support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: HTML support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: XMLDOCS support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: HWP3 support enabled.
>> Jul 24 14:11:59 orc clamd[5039]: Self checking every 600 seconds.
>>
>> _______________________________________________
>>
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
--
Tervitades
Reio Remma
MR Stuudio 25 aastat
*MR Stuudio OÜ*
Tondi 17b, 11316, Tallinn
Tel +372 650 4808
Mob +372 56 22 00 33
reio at mrstuudio.ee
www.mrstuudio.ee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190724/995277c1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: akdeepbpandhccef.png
Type: image/png
Size: 8540 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190724/995277c1/attachment.png>
More information about the clamav-users
mailing list