[Pkg-clamav-devel] Bug#749027: clamav-daemon: The ClamAV daemon seems to stop working and needs to be restarted.
Jim Barber
jim.barber at ddihealth.com
Fri May 23 05:56:19 UTC 2014
Package: clamav-daemon
Version: 0.98.4~rc1+dfsg-2
Severity: normal
Dear Maintainer,
I run a configuration where my squid3 proxy uses the havp proxy which in turn
uses the ClamAV daemon for virus scanning web content.
Recently I have found that web browsing stops working, or slows down to the
point where it is unusable.
Investigation showed messages in the /var/log/havp/error.log file like the following:
23/05/2014 04:08:13 Error: Some scanner has timed out! (lasturl: http://www.imdb.com/search/title?)
Once these errors start happening, all further URLs attempted to be browsed
end up in the havp error log file with the same error.
If I restart the ClamAV daemon, web browsing returns to normal again for a while
until the problem starts happening again.
Subjectively, I feel the problem is happening once or twice a day and had only been
happening for the past few days.
There doesn't seem to be an error reported in the /var/log/clamav/clamav.log file
relating to this.
The contents of the clamav log from when I last manually restarted the daemon up
to when the above havp error occurred is as follows:
Thu May 22 17:03:29 2014 -> +++ Started at Thu May 22 17:03:29 2014
Thu May 22 17:03:29 2014 -> clamd daemon 0.98.4-rc1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu May 22 17:03:29 2014 -> Log file size limited to 4294967295 bytes.
Thu May 22 17:03:29 2014 -> Reading databases from /var/lib/clamav
Thu May 22 17:03:29 2014 -> Not loading PUA signatures.
Thu May 22 17:03:29 2014 -> Bytecode: Security mode set to "TrustSigned".
Thu May 22 17:03:32 2014 -> Loaded 3379804 signatures.
Thu May 22 17:03:33 2014 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl
Thu May 22 17:03:33 2014 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Thu May 22 17:03:33 2014 -> LOCAL: Setting connection queue length to 15
Thu May 22 17:03:33 2014 -> Limits: Global size limit set to 104857600 bytes.
Thu May 22 17:03:33 2014 -> Limits: File size limit set to 26214400 bytes.
Thu May 22 17:03:33 2014 -> Limits: Recursion level limit set to 10.
Thu May 22 17:03:33 2014 -> Limits: Files limit set to 10000.
Thu May 22 17:03:33 2014 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Thu May 22 17:03:33 2014 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Thu May 22 17:03:33 2014 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Thu May 22 17:03:33 2014 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Thu May 22 17:03:33 2014 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Thu May 22 17:03:33 2014 -> Limits: MaxPartitions limit set to 50.
Thu May 22 17:03:33 2014 -> Limits: MaxIconsPE limit set to 100.
Thu May 22 17:03:33 2014 -> Archive support enabled.
Thu May 22 17:03:33 2014 -> Algorithmic detection enabled.
Thu May 22 17:03:33 2014 -> Portable Executable support enabled.
Thu May 22 17:03:33 2014 -> ELF support enabled.
Thu May 22 17:03:33 2014 -> Mail files support enabled.
Thu May 22 17:03:33 2014 -> OLE2 support enabled.
Thu May 22 17:03:33 2014 -> PDF support enabled.
Thu May 22 17:03:33 2014 -> SWF support enabled.
Thu May 22 17:03:33 2014 -> HTML support enabled.
Thu May 22 17:03:33 2014 -> Self checking every 3600 seconds.
Thu May 22 17:03:33 2014 -> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
Thu May 22 17:03:33 2014 -> ScanOnAccess: clamd must be started by root
Thu May 22 18:03:34 2014 -> No stats for Database check - forcing reload
Thu May 22 18:03:34 2014 -> Restarting on-access scan
Thu May 22 18:03:34 2014 -> Reading databases from /var/lib/clamav
Thu May 22 18:03:38 2014 -> Database correctly reloaded (3380315 signatures)
Thu May 22 18:03:38 2014 -> Restarting on-access scan
Thu May 22 18:03:38 2014 -> Reading databases from /var/lib/clamav
Thu May 22 18:03:42 2014 -> Database correctly reloaded (3380315 signatures)
Thu May 22 18:03:42 2014 -> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
Thu May 22 18:03:42 2014 -> ScanOnAccess: clamd must be started by root
Thu May 22 19:03:42 2014 -> SelfCheck: Database status OK.
Thu May 22 20:40:33 2014 -> SelfCheck: Database status OK.
Thu May 22 21:53:37 2014 -> SelfCheck: Database status OK.
Thu May 22 23:03:48 2014 -> SelfCheck: Database modification detected. Forcing reload.
Thu May 22 23:03:48 2014 -> Restarting on-access scan
Thu May 22 23:03:48 2014 -> Reading databases from /var/lib/clamav
Thu May 22 23:03:52 2014 -> Database correctly reloaded (3380826 signatures)
Thu May 22 23:03:52 2014 -> Restarting on-access scan
Thu May 22 23:03:52 2014 -> Reading databases from /var/lib/clamav
Thu May 22 23:03:56 2014 -> Database correctly reloaded (3380826 signatures)
Thu May 22 23:03:56 2014 -> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
Thu May 22 23:03:56 2014 -> ScanOnAccess: clamd must be started by root
Fri May 23 00:03:56 2014 -> SelfCheck: Database status OK.
Fri May 23 01:03:56 2014 -> SelfCheck: Database modification detected. Forcing reload.
Fri May 23 01:03:56 2014 -> Restarting on-access scan
Fri May 23 01:03:57 2014 -> Reading databases from /var/lib/clamav
Fri May 23 01:04:01 2014 -> Database correctly reloaded (3380802 signatures)
Fri May 23 01:04:01 2014 -> Restarting on-access scan
The only errors I see above are:
-> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
-> ScanOnAccess: clamd must be started by root
But I don't think they are related since web browsing is fine immediately after
the clamav daemon restart.
I'm not sure which event triggered the error.
It was either the upgrade of clamav to version 0.98.4~rc1+dfsg-2, or it could be
that I also resolved an issue with clamav-freshclam a few days ago.
I had the same problem as described in the following bug report:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748670
I ran the dpkg-reconfigure clamav-freshclam to remove the '10' from the private
mirror.
I upgraded clamav on May 19th, and I fixed the freshclam issue on May 23rd
at 23:14:17 local time.
My first ClamAV daemon hang was at May 21st at 03:58:04 local time.
So it is probably a combination of the new version of ClamAV combined with getting
updates from freshclam that is triggering the problem.
(Perhaps it is the restarts that the ClamAV daemon does when new definitions
have been downloaded?)
Regards,
Jim Barber
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
StatsHostID = "auto"
StatsEnabled disabled
StatsPEDisabled = "yes"
StatsTimeout = "10"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk = "yes"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "10"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
ScanOnAccess = "yes"
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "10"
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck = "yes"
Config file: freshclam.conf
---------------------------
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode disabled
clamav-milter.conf not found
Software settings
-----------------
Version: 0.98.4-rc1
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 JIT
Database information
--------------------
Database directory: /var/lib/clamav
main.cld: version 55, sigs: 2424225, built on Tue Sep 17 22:57:28 2013
daily.cld: version 19021, sigs: 962982, built on Fri May 23 09:59:32 2014
Total number of signatures: 3387207
Platform information
--------------------
uname: Linux 3.14-1-amd64 #1 SMP Debian 3.14.2-1 (2014-04-28) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux unstable (sid)
zlib version: 1.2.8 (1.2.8), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: core-avx-i, Little-endian
platform id: 0x0a214d4d0804080201040802
Build information
-----------------
GNU C: 4.8.2 (4.8.2)
GNU C++: 4.8.2 (4.8.2)
CPPFLAGS: -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_LARGEFILE_SOURCE
-D_LARGEFILE64_SOURCE
CXXFLAGS:
LDFLAGS: -Wl,-z,relro
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode'
'--disable-dependency-tracking' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-z,relro' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar'
'--enable-milter' '--enable-dns-fix' '--with-gnu-ld' '--with-system-tommath' '--without-included-ltdl'
'-with-system-llvm=/usr/bin/llvm-config' 'build_alias=x86_64-linux-gnu'
sizeof(void*) = 8
Engine flevel: 77, dconf: 77
--- data dir ---
total 219812
-rw-r--r-- 1 clamav clamav 61611008 May 23 10:25 daily.cld
-rw-r--r-- 1 clamav clamav 163468288 Sep 18 2013 main.cld
-rw------- 1 clamav clamav 104 May 23 13:25 mirrors.dat
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages clamav-daemon depends on:
ii adduser 3.113+nmu3
ii clamav-base 0.98.4~rc1+dfsg-2
ii clamav-freshclam [clamav-data] 0.98.4~rc1+dfsg-2
ii debconf [debconf-2.0] 1.5.53
ii libbz2-1.0 1.0.6-5
ii libc6 2.18-7
ii libclamav6 0.98.4~rc1+dfsg-2
ii libncurses5 5.9+20140118-1
ii libssl1.0.0 1.0.1g-4
ii libtinfo5 5.9+20140118-1
ii lsb-base 4.1+Debian12
ii ucf 3.0029
ii zlib1g 1:1.2.8.dfsg-1
clamav-daemon recommends no packages.
Versions of packages clamav-daemon suggests:
pn apparmor <none>
pn clamav-docs <none>
ii daemon 0.6.4-1
-- debconf information:
clamav-daemon/StatsPEDisabled: true
clamav-daemon/TCPSocket: 3310
clamav-daemon/OnAccessMaxFileSize: 10
clamav-daemon/LogFile: /var/log/clamav/clamav.log
clamav-daemon/LogSyslog: false
clamav-daemon/DisableCertCheck: true
clamav-daemon/AllowAllMatchScan: true
clamav-daemon/SelfCheck: 3600
clamav-daemon/LocalSocketGroup: clamav
clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/ScanMail: true
clamav-daemon/FollowFileSymlinks: false
clamav-daemon/debconf: true
clamav-daemon/StatsHostID: auto
clamav-daemon/ForceToDisk: true
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/FollowDirectorySymlinks: false
clamav-daemon/ScanArchive: true
clamav-daemon/LocalSocketMode: 666
clamav-daemon/StatsTimeout: 10
clamav-daemon/ScanSWF: true
clamav-daemon/LogTime: true
clamav-daemon/StatsEnabled: false
clamav-daemon/MaxEmbeddedPE: 10M
clamav-daemon/Bytecode: true
clamav-daemon/TCPAddr: any
clamav-daemon/TcpOrLocal: UNIX
clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
clamav-daemon/User: clamav
clamav-daemon/StreamMaxLength: 25
clamav-daemon/LogRotate: true
clamav-daemon/MaxScriptNormalize: 5M
clamav-daemon/ScanOnAccess: true
clamav-daemon/MaxDirectoryRecursion: 15
clamav-daemon/MaxConnectionQueueLength: 15
clamav-daemon/MaxHTMLNormalize: 10M
clamav-daemon/FixStaleSocket: true
clamav-daemon/ReadTimeout: 180
clamav-daemon/AddGroups: havp
clamav-daemon/MaxZipTypeRcg: 1M
clamav-daemon/BytecodeSecurity: TrustSigned
clamav-daemon/MaxThreads: 12
More information about the Pkg-clamav-devel
mailing list