|Main Archive Page > Month Archives > clamav-users archives|
Nathan Phillip Brink wrote:
>> On 2009-08-17 15:15, Federico Giovannini wrote: >> > Hi all, >> > >> > I'm new in this mailing-list and also as clamav-user so sorry for my >> elementary questions. >> > With my configuration gentoo, postfix ( 2.2.11-r1), amavisd-new >> (2.5.2) and ClamAV 0.95.2 sometimes when my mailserver receives emails >> with attachments, clamd stops working and also clamscan dies as >> indicated in the following amavis logs:
> If you expect clamav + amavisd + postfix to essentially work out of the
> box in gentoo, you should file a bug at https://bugs.gentoo.org/ (and CC
> me, for my benefit ;-)). Personally, I use clamav-milter to scan emails,
> so all my advice for your use of amavisd is primarily guessing based on
> the information you have posted.
>> > >> > Aug 17 03:42:59 scilla.sestante.net /usr/sbin/amavisd: >> (10531-12) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL >> VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0x8011a434) >> Too many retries to talk to /var/amavis/clamd.sock (Can't connect to >> UNIX socket /var/amavis/clamd.sock: Connection refused) at (eval 67) >> line 310. at (eval 67) line 511.; ClamAV-clamscan av-scanner FAILED: >> /usr/bin/clamscan DIED on signal 11 (000b) at (eval 67) line 511. >> >
> Could you check if /var/amavis/clamd.sock exists after clamd has been
> started? Please also give the permissions of the file. You can get this
> information by running:
> stat /var/amavis/clamd.sock
> Of course, you should tell amavisd to look for the clamd socket in
> /var/run/clamav/clamd.sock instead. If you still have trouble after
> updating amavisd's configuration, please also give the output of:
> stat /var/run/clamav/clamd.sock
> Also, why is /usr/bin/clamscan being run when a connection is being made
> to clamd? wouldn't it be better to run clamdscan?
I posted a reply to the other thread about this, but my message has been stuck in the hold queue for a couple of days.
In all of these cases, clamd/clamscan are either segfaulting, or being killed off by PaX. At first, I suspected a (possibly exploitable) bug in LibClamAV, but it would seem that this is not the case. I now believe the bug is actually in our particular version of GCC, which is why only Gentoo users have noticed.
For example, with my default,
CFLAGS="-march=pentium4 -O2 -pipe -fomit-frame-pointer"
I get the crash (PaX is killing off an execution attempt at NULL):
mx1 test-cases # clamscan postcard.zip LibClamAV Error: cli_checkfp(): lseek() failed Killed
Everything works as expected:
mx1 ~ # clamscan postcard.zip
postcard.zip: Trojan.Delf-5385 FOUND
I haven't filed a Gentoo bug yet, but I plan to if nobody beats me to it.