[Pkg-clamav-devel] Bug#749027: Bug#749027: The ClamAV daemon stops working.

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Thu May 29 09:10:59 UTC 2014 

Hi Jim,

On 28.05.2014 02:55, Jim Barber wrote:
> On 2014-05-27 18:39, Andreas Cadhalpun wrote:
>> I think the problem here is that there is a second 'Restarting
>> on-access scan' message only 4 seconds after another one and without
>> the usual 'ERROR: ScanOnAccess: fanotify_init [...]' between them.
>>
>> This looks as if the reload is started again, while the previous
>> reload is not yet finished. Probably this should not happen, as it
>> seems to cause a deadlock.
>
> It does appear that way.
> Higher up in the log there are also instances where two restarts happened
> within seconds of each other, but I guess were far enough apart to
> avoid the race/deadlock situation that the daemon seems to be encountering.

Yes, it's strange. I tried to reproduce this, but failed. What I did:
  * Set ScanOnAccess to true.
  * Set SelfCheck to 10 seconds.
  * Stop the freshclam daemon: sudo service clamav-freshclam stop
  * Delete /var/lib/clamav/bytecode.cvd.
  * Run 'freshclam --daemon-notify=/etc/clamav/clamd.conf'.

Repeating the last two steps, I saw three different patterns in the log.
  * Only one reload, triggered by freshclam.
  * Two reloads, but far enough apart, so that the 'ERROR:' message
    appears between them.
  * Two reloads, but without the 'ERROR:' message between them.

Since it didn't hang in any of my tries, there must either be a really 
precise timing to cause the hang and I was lucky not to have it or there 
is something else needed.

> I have upgraded to 0.98.4-rc1 again, but at this stage I've left the
> freshclam
> notications on to see if we can find the cause of the hangs.

Thanks for your help in finding the cause.
Since the logs are inconclusive, it would really help if you could get 
us a backtrace, when clamd is hanging.
For this install clamav-dbg and gdb.
When it hangs again, please determine the PIDs of all clamd threads, 
e.g. with:
ps -eL | grep clamd
The second column contains this number.
For every thread of clamd, run (replacing <PID> with the actual number):
sudo gdb /usr/sbin/clamd <PID>
And then in gdb:
bt full
The output of this should help to figure out, where exactly clamd is 
hanging.

> It looks like freshclam believes the notification was successful.

Yes, that's what I expected.

>> You can set 'Debug true' in clamd.conf.
>
> I have done this to see if there is more information the next time
> version 0.98.4-rc1 hangs.
> There is also a 'LogVerbose false' parameter.
> Is it worth settng that to true?
> Or is that pointless when you have Debug enabled?

Yes, it's pointless, as Debug is the most verbose setting, overriding 
any LogVerbose setting.

Best regards,
Andreas

More information about the Pkg-clamav-devel mailing list