[clamav-users] ClamAV 1.0.1

Steve Basford steveb_clamav at sanesecurity.com
Wed May 24 20:57:00 UTC 2023 

Could you do a ls of the clamav database folder... So I can see what 
databases you are using

Does the database name appear in the logs when clamd.con

# Enable verbose logging.
# Default: no
LogVerbose yes
If you run clamscan -- database=clamav database folder test.file does it 
report database errors
How much memory/disk space....

What download script... Any errors logs there to look at?

Sorry for the number of questions...
On 24 May 2023 19:54:57 Paul Netpresto <paul at netpresto.co.uk> wrote:
> Hi Steve
> Note it would be nice if clamd said which db it did not like ..
> I reckon the start of the problem is "Database reload failed, keeping the 
> previous instance" when there is no previous instance.
> Mon May 22 13:04:40 2023 -> Reading databases from /var/lib/clamav/
> Mon May 22 13:05:01 2023 -> ERROR: reload_th: Database load failed: 
> Malformed da
> tabase
> Mon May 22 13:05:02 2023 -> Database reload completed.
> Mon May 22 13:05:02 2023 -> WARNING: Database reload failed, keeping the 
> previou
> s instance
> Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
> Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
> Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
> Mon May 22 13:06:30 2023 -> ERROR: cl_engine_addref() failed
> Mon May 22 13:06:30 2023 -> ERROR: Command dispatch failed
> Mon May 22 13:06:30 2023 -> ERROR: INSTREAM: Can't write to temporary file.
> Mon May 22 13:06:46 2023 -> ERROR: cl_engine_addref() failed
> Mon May 22 13:06:46 2023 -> ERROR: Command dispatch failed
> Mon May 22 13:08:31 2023 -> ERROR: cl_engine_addref() failed
> Mon May 22 13:08:31 2023 -> ERROR: Command dispatch failedLots more of the 
> above snipped
> Note a /tmp/clamav-*** is created for each connection containing whatever 
> was submitted till max files open limit is reached.
>
> Then this starts
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
> Mon May 22 13:45:02 2023 -> ERROR: accept() failed: Too many open files
>
> 3.5 G later /var/ is full !!
> On 24/05/2023 19:39, Steve Basford via clamav-users wrote:
>> On 24 May 2023 18:52:04 Paul Netpresto <paul at netpresto.co.uk> wrote:
>>> Hi
>>> I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
>>> malformed db. Agreed freshclam checks out the clamav/cisco db's.
>>> I have yet to determine what unofficial db caused the failure. They should 
>>> all have been verified before being placed in /var/lib/clamav/
>> How are you downloading the 3rd party sigs...
>>
>> This script checks integrity... before copying to live folder...
>>
>>
>> https://github.com/extremeshok/clamav-unofficial-sigs
>>
>> I check db integrity before uploading to mirrors.
>>
>> Please email me off list with some logs....
>>
>> Cheers,
>>
>> Steve
>> Twitter: @sanesecurity
>>
>> _______________________________________________ Manage your clamav-users 
>> mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a 
>> comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation 
>> https://docs.clamav.net/#mailing-lists-and-chat
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat

Cheers,
Steve
Twitter: @sanesecurity
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230524/6d10a817/attachment.htm>

More information about the clamav-users mailing list