[Pkg-clamav-devel] Bug#605122: /usr/bin/freshclam: excessive logging of "Network is unreachable" fills up /var[/log/clamav/freshclam.log]
Andreas Beckmann
debian at abeckmann.de
Sat Nov 27 16:30:21 UTC 2010
Package: clamav-freshclam
Version: 0.96.4+dfsg-1~volatile1
Severity: normal
File: /usr/bin/freshclam
I just noticed that my disk is filling up when freshclam runs but the
internet connection is not available. From
/var/log/clamav/freshclam.log:
Received signal: wake up
ClamAV update process started at Sat Nov 27 12:07:56 2010
WARNING: DNS record is older than 3 hours.
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Reading CVD header (main.cvd): connect_error: getsockopt(SO_ERROR): fd=5 error=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 91.198.238.33)
connect_error: getsockopt(SO_ERROR): fd=5 error=101: Network is unreachable
*** repeat the previous two lines for 0.85 MB ***
Can't connect to port 80 of host db.local.clamav.net (IP: 85.214.115.224)
connect_error: getsockopt(SO_ERROR): fd=5 error=101: Network is unreachable
Can't connect to port 80 of host db.local.clamav.net (IP: 85.214.115.224)
connect_error: getsockopt(SO_ERROR): fd=5 error=22: Invalid argument
Can't connect to port 80 of host db.local.clamav.net (IP: 85.214.115.224)
nonblock_connect: connect(): fd=5 errno=101: Network is unreachable
*** repeat the previous two lines for 275 MB ***
After that, the disk was full (and freshclam.log had a size of 1.4 GB,
so this happened several times in the last days ...)
IMO, freshclam should throttle the rate it creates connections when the
network seems to be unreachable.
DNS resolution was working because I run a local caching pdnsd proxy.
Filling disks with useless log entries can result in DoS for local
services or prevent serious log entries from being written to disk.
Andreas
-- Package-specific info:
--- configuration ---
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
StreamMaxLength 10M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogTime no
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav/
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
--- data dir ---
total 64506
-rw-r--r-- 1 clamav clamav 354304 Nov 23 15:48 bytecode.cld
-rw-r--r-- 1 clamav clamav 201416 Nov 27 07:53 daily.cvd
-rw-r--r-- 1 clamav clamav 65422336 Nov 14 17:38 main.cld
-rw------- 1 clamav clamav 2340 Nov 27 11:07 mirrors.dat
-- System Information:
Debian Release: squeeze/sid
APT prefers stable
APT policy: (800, 'stable'), (700, 'testing'), (600, 'unstable'), (130, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.96.4+dfsg-1~volatile1 anti-virus utility for Unix - base
ii debconf [debconf 1.5.36 Debian configuration management sy
ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib
ii libclamav6 0.96.4+dfsg-1~volatile1 anti-virus utility for Unix - libr
ii logrotate 3.7.8-6 Log rotation utility
ii lsb-base 3.2-23.1 Linux Standard Base 3.2 init scrip
ii ucf 3.0025+nmu1 Update Configuration File: preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
clamav-freshclam recommends no packages.
Versions of packages clamav-freshclam suggests:
pn clamav-docs <none> (no description available)
-- Configuration Files:
/etc/logrotate.d/clamav-freshclam changed:
/var/log/clamav/freshclam.log {
rotate 12
weekly
compress
delaycompress
missingok
create 640 clamav adm
postrotate
/etc/init.d/clamav-freshclam reload-log > /dev/null
endscript
}
-- debconf information:
* clamav-freshclam/autoupdate_freshclam: daemon
* clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/internet_interface:
clamav-freshclam/proxy_user:
* clamav-freshclam/NotifyClamd: false
* clamav-freshclam/http_proxy:
* clamav-freshclam/update_interval: 24
More information about the Pkg-clamav-devel
mailing list