[Pkg-clamav-devel] Bug#617262: clamd loses ExtendedDetectionInfo setting after database reload

Mark Hymers mhy at debian.org
Mon Mar 7 16:31:35 UTC 2011 

Package: clamav
Version: 0.96.5+dfsg-1~volatile1
Severity: normal

Hi,

I just noticed that after a clamav-daemon restart (security upgrade), our
nagios check started complaining about the response it was getting on port
3310.

We have:

ExtendedDetectionInfo true

in clamd.conf.  Immediately after restart, this works and we get:

/usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File(aa15bcf478d165efd2065190eb473bcb:544) FOUND

back from ClamAV when we send it a 'SCAN /usr/share/clamav-testfiles/clam.exe'

After a while, this changes to:

/usr/share/clamav-testfiles/clam.exe: ClamAV-Test-File FOUND

i.e. the md5sum and size are lost.  After a quick discussion with Steve Gran on
IRC, I discovered that this occurs after a SIGUSR2 is sent to clamd to get it
to reload its database but haven't had time to debug any further.

Thanks,

Mark


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize disabled
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory = "/tmp"
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket disabled
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "10485760"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
VirusEvent disabled
ExitOnOOM disabled
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
ClamukoScanOnAccess disabled
ClamukoScannerCount = "3"
ClamukoScanOnOpen disabled
ClamukoScanOnClose disabled
ClamukoScanOnExec disabled
ClamukoIncludePath disabled
ClamukoExcludePath disabled
ClamukoMaxFileSize = "5242880"
DevACOnly disabled
DevACDepth disabled
DevLiblog disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize disabled
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: devel-debian/0.95+dfsg-1-6689-g1d89fa4
WARNING: Version mismatch: libclamav=devel-debian/0.95+dfsg-1-6689-g1d89fa4, clamconf=0.96.5
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 JIT

Database information
--------------------
Database directory: /var/lib/clamav/
WARNING: freshclam.conf and clamd.conf point to different database directories
daily.cld: version 12805, sigs: 64745, built on Fri Mar  4 19:03:29 2011
daily.cld: WARNING: This database requires f-level 60 (current f-level: 58)
main.cld: version 53, sigs: 846214, built on Sun Nov 14 14:58:22 2010
bytecode.cld: version 141, sigs: 39, built on Sat Mar  5 19:06:38 2011
bytecode.cld: WARNING: This database requires f-level 60 (current f-level: 58)
Total number of signatures: 910998

Platform information
--------------------
uname: Linux 2.6.26-2-amd64 #1 SMP Tue Jan 25 05:59:43 UTC 2011 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 5.0.8 (lenny)
zlib version: 1.2.3.3 (1.2.3.3), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: i686, Little-endian
platform id: 0x0a213a3a0804030201040302

Build information
-----------------
GNU C: 4.3.2 (4.3.2)
GNU C++: 4.3.2 (4.3.2)
CPPFLAGS: 
CFLAGS: -Wall -g -O2
CXXFLAGS: -Wall -g -O2
LDFLAGS: 
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-clamav' '--with-dbdir=/var/lib/clamav/' '--sysconfdir=/etc/clamav' '--enable-milter' '--disable-clamuko' '--with-gnu-ld' '--enable-dns-fix' '--disable-unrar' '--libdir=/usr/lib' '--with-system-tommath' '--with-ltdl-include=/usr/include' '--with-ltdl-lib=/usr/lib' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=' 'CPPFLAGS='
sizeof(void*) = 8
Engine flevel: 58, dconf: 58

--- data dir ---
total 68564
-rw-r--r-- 1 clamav clamav   456192 2011-03-05 19:20 bytecode.cld
-rw-r--r-- 1 clamav clamav  4240384 2011-03-04 19:25 daily.cld
-rw-r--r-- 1 clamav clamav 65422336 2010-11-14 16:25 main.cld
-rw------- 1 clamav clamav      364 2011-03-07 16:25 mirrors.dat

-- System Information:
Debian Release: 5.0.8
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav depends on:
ii  clamav-freshclam 0.96.5+dfsg-1~volatile1 anti-virus utility for Unix - viru
ii  libc6            2.7-18lenny7            GNU C Library: Shared libraries
ii  libclamav6       0.96.5+dfsg-1~volatile1 anti-virus utility for Unix - libr
ii  zlib1g           1:1.2.3.3.dfsg-12       compression library - runtime

Versions of packages clamav recommends:
ii  clamav-base      0.96.5+dfsg-1~volatile1 anti-virus utility for Unix - base

Versions of packages clamav suggests:
pn  clamav-docs                   <none>     (no description available)

-- no debconf information

More information about the Pkg-clamav-devel mailing list