clamav-users October 2011 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] clamd abending at selfcheck

Re: [clamav-users] clamd abending at selfcheck

From: David Alix <David.Alix_at_nospam>
Date: Thu Oct 20 2011 - 23:16:32 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

Thinking that the problem was the selfcheck, I disabled it in clamd.conf.
I also stopped the freshclamd process. When clamd was restarted the next
time, the log reported:

  Self checking disabled.

But, the clamd daemon continues to abend one hour after it starts.

What other clamd process could be running one hour after starting? Is the
report that selfcheck is disabled bogus?

Any ideas?

Thanks

David

--On Thursday, October 20, 2011 11:28 AM -0700 David Alix
<David.Alix@isc.ucsb.edu> wrote:

> I am running Clamav and freshclam 0.97.1, called from mimedefang, with
> sendmail on Solaris 2.9. Starting yesterday morning, clamd has abended
> whenever it selfchecks.
>
> The clamd.log reported the following when the problem began:
>
> Wed Oct 19 09:52:25 2011 -> SelfCheck: Database modification detected.
> Forcing reload.
> Wed Oct 19 09:52:25 2011 -> Reading databases from
> /opt/ClamAV/share/clamav
> Wed Oct 19 09:52:37 2011 -> Database correctly reloaded (1056463
> signatures)
>
> Wed Oct 19 10:52:38 2011 -> SelfCheck: Database status OK.
> Wed Oct 19 10:56:01 2011 -> +++ Started at Wed Oct 19 10:56:01 2011
> Wed Oct 19 10:56:01 2011 -> clamd daemon 0.97.1 (OS: solaris2.9, ARCH:
> sparc, CPU: sparc)
> Wed Oct 19 10:56:01 2011 -> Log file size limited to 1048576000 bytes.
>
> daily.clv was updated from 13820 to 13822 at 8:54 that morning.
>
>
> Since, then, a "self-check:database status OK" has not been recorded.
> The freshclam log reports:
>
> Received signal: wake up
> ClamAV update process started at Thu Oct 20 10:03:18 2011
> WARNING: Can't query current.cvd.clamav.net
> WARNING: Invalid DNS reply. Falling back to HTTP mode.
> Reading CVD header (main.cvd): connect_error: getsockopt(SO_ERROR): fd=5
> error=146: Connection refused
> Can't connect to port 80 of host db.us.clamav.net (IP: 69.12.162.28)
> OK
> main.cld is up to date (version: 54, sigs: 1044387, f-level: 60, builder:
> sven)
> Reading CVD header (daily.cvd): OK (IMS)
> daily.cld is up to date (version: 13828, sigs: 15076, f-level: 60,
> builder: neo)
> Can't query daily.13828.61.1.0.194.186.47.19.ping.clamav.net
> Reading CVD header (bytecode.cvd): OK (IMS)
> bytecode.cld is up to date (version: 148, sigs: 39, f-level: 60, builder:
> acab)
> Can't query bytecode.148.61.1.0.194.186.47.19.ping.clamav.net
> --------------------------------------
> Update process interrupted
> --------------------------------------
>
> The daily.cld continues to be updated successfully.
>
> I have a script that checks for an active clamd daemon every minute, and
> restarts it when necessary.
>
> ANyone else seeing this problem with clamd and selfchecks, or can give me
> some suggestions on how to address it?
>
> As a side note, at 9:30 AM this morning I changed the clamd.conf file to
> perform a selfcheck every 7200 seconds. The clamd died, and was
> restarted a few minutes after 10AM. But the selfcheck was performed a
> few minutes after 11AM (3600 seconds later). I don't understand why it
> wouldn't go at two hour intervals.
>
>
> Thanks
>
> ___________________________________
> David Alix
> Information Systems and Computing
> David.Alix@isc.ucsb.edu
> (805)893-4456
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml

___________________________________
David Alix
Information Systems and Computing
David.Alix@isc.ucsb.edu
(805)893-4456
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml