[Pkg-clamav-devel] Bug#749027: Bug#749027: The ClamAV daemon stops working.

Jim Barber jim.barber at ddihealth.com
Wed May 28 00:55:36 UTC 2014 

Hi Andreas

On 2014-05-27 18:39, Andreas Cadhalpun wrote:
> Hi Jim,
> 
> You could try it with 0.98.1, but I'm not sure if that would help.

I think I'll keep moving on with the new versions, and hopefully we
can find the real problem.

> I think the problem here is that there is a second 'Restarting
> on-access scan' message only 4 seconds after another one and without
> the usual 'ERROR: ScanOnAccess: fanotify_init [...]' between them.
> 
> This looks as if the reload is started again, while the previous
> reload is not yet finished. Probably this should not happen, as it
> seems to cause a deadlock.

It does appear that way.
Higher up in the log there are also instances where two restarts 
happened
within seconds of each other, but I guess were far enough apart to
avoid the race/deadlock situation that the daemon seems to be 
encountering.

>> Shall I upgrade to 0.98.4~rc1 again and reconfigure freshclam to no 
>> longer
>> notify the ClamAV daemon when an update is available?
> 
> Yes, please try this and let us know, if it helps.

I have upgraded to 0.98.4-rc1 again, but at this stage I've left the 
freshclam
notications on to see if we can find the cause of the hangs.

> Also could you please check, if /var/log/clamav/freshclam.log contains
> 'Clamd successfully notified about the update.' around the time 'Mon
> May 26 22:52:23 2014', where the hang happened, or if there is a
> related error message.

The freshclam logs around this time are as follows:

     Mon May 26 21:52:15 2014 -> --------------------------------------
     Mon May 26 22:52:15 2014 -> Received signal: wake up
     Mon May 26 22:52:15 2014 -> ClamAV update process started at Mon May 
26 22:52:15 2014
     Mon May 26 22:52:15 2014 -> main.cld is up to date (version: 55, 
sigs: 2424225, f-level: 60, builder: neo)
     Mon May 26 22:52:16 2014 -> Downloading daily-19034.cdiff [100%]
     Mon May 26 22:52:17 2014 -> daily.cld updated (version: 19034, sigs: 
968759, f-level: 63, builder: neo)
     Mon May 26 22:52:19 2014 -> Database updated (3392984 signatures) 
from db.local.clamav.net (IP: 117.104.160.194)
     Mon May 26 22:52:23 2014 -> Clamd successfully notified about the 
update.
     Mon May 26 22:52:23 2014 -> --------------------------------------
     Mon May 26 23:52:23 2014 -> Received signal: wake up
     Mon May 26 23:52:23 2014 -> ClamAV update process started at Mon May 
26 23:52:23 2014
     Mon May 26 23:52:23 2014 -> main.cld is up to date (version: 55, 
sigs: 2424225, f-level: 60, builder: neo)
     Mon May 26 23:52:23 2014 -> daily.cld is up to date (version: 19034, 
sigs: 968759, f-level: 63, builder: neo)
     Mon May 26 23:52:24 2014 -> --------------------------------------

It looks like freshclam believes the notification was successful.

> You can set 'Debug true' in clamd.conf.

I have done this to see if there is more information the next time
version 0.98.4-rc1 hangs.
There is also a 'LogVerbose false' parameter.
Is it worth settng that to true?
Or is that pointless when you have Debug enabled?

>> Is the problem perhaps related to these messages?
>> 
>>      -> ERROR: ScanOnAccess: fanotify_init failed: Operation not 
>> permitted
>>      -> ScanOnAccess: clamd must be started by root
> 
> I don't think this is related, but if the above doesn't help, you
> could try disabling ScanOnAccess or running clamd as root.

Okay, I'll hold off on doing that for now since I also think this is
probably not related.

Jim.

More information about the Pkg-clamav-devel mailing list