[Pkg-clamav-devel] Bug#824196: clamav-daemon: clamd crashes daily

Will Aoki waoki at umnh.utah.edu
Fri May 13 15:43:24 UTC 2016 

Package: clamav-daemon
Version: 0.99+dfsg-0+deb7u2
Severity: important

After upgrading from 0.98.7+dfsg-0+deb7u1 to 0.99+dfsg-0+deb7u2 two
months ago, clamd on one of our servers has crashed approximately daily.
It's rarely stayed running for more than 24 hours. 

Before crashing, the daemon spews the message

   accept() failed:

This is often, but not always, preceeded by:

   Reading databases from /var/lib/clamav

The kernel is not reporting segfaults or OOM.

I had initially suspected this might be related to the custom
configuration file we were using, but the crashes persisted after I
allowed the package to regenerate it.

On this particular server, clamd is used by clamav-milter. A Nagios
check script also runs clamdscan about every five minutes against a CAB,
an EXE, a bzip2'd EXE and a zip file that alll contain
"Clamav.Test.File-6". As of a Monday (long after the problem starte),
the script has started scanning another file we've had false-positive
problems with.

-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile disabled
StatsHostID = "auto"
StatsEnabled disabled
StatsPEDisabled = "yes"
StatsTimeout = "10"
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
AllowSupplementaryGroups disabled
Bytecode = "yes"
BytecodeSecurity = "Paranoid"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA = "yes"
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled

Config file: freshclam.conf
---------------------------
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
AllowSupplementaryGroups disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "48"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing = "yes"
Bytecode = "yes"

Config file: clamav-milter.conf
-------------------------------
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
PidFile = "/var/run/clamav/clamav-milter.pid"
TemporaryDirectory = "/tmp"
FixStaleSocket = "yes"
MaxThreads = "10"
ReadTimeout = "120"
Foreground disabled
User = "clamav"
AllowSupplementaryGroups = "yes"
MaxFileSize = "26214400"
ClamdSocket = "unix:/var/run/clamav/clamd.ctl"
MilterSocket = "local:/var/run/clamav/clmilter.sock"
MilterSocketGroup disabled
MilterSocketMode disabled
LocalNet disabled
OnClean = "Accept"
OnInfected = "Reject"
OnFail = "Accept"
RejectMsg disabled
AddHeader = "Replace"
ReportHostname disabled
VirusAction disabled
Chroot disabled
Whitelist = "/etc/mail/clamav-whitelist"
SkipAuthenticated disabled
LogInfected = "Off"
LogClean disabled
SupportMultipleRecipients disabled

Software settings
-----------------
Version: 0.99
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT

Database information
--------------------
Database directory: /var/lib/clamav
safebrowsing.cvd: version 44607, sigs: 2280661, built on Fri May 13 08:00:06 2016
main.cvd: version 57, sigs: 4218790, built on Wed Mar 16 17:17:06 2016
daily.cld: version 21538, sigs: 141187, built on Fri May 13 06:56:46 2016
bytecode.cld: version 277, sigs: 47, built on Fri Apr 15 12:57:09 2016
[3rd Party] local-js-sigs.ndb: 6 sigs
Total number of signatures: 6640691

Platform information
--------------------
uname: Linux 3.2.0-4-686-pae #1 SMP Debian 3.2.78-1 i686
OS: linux-gnu, ARCH: i386, CPU: i486
Full OS version: Debian GNU/Linux 7.10 (wheezy)
zlib version: 1.2.7 (1.2.7), compile flags: 55
Triple: i386-pc-linux-gnu
CPU: corei7, Little-endian
platform id: 0x0a1151510404070201040702

Build information
-----------------
GNU C: 4.7.2 (4.7.2)
GNU C++: 4.7.2 (4.7.2)
CPPFLAGS: -D_FORTIFY_SOURCE=2 
CFLAGS: -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
CXXFLAGS: 
LDFLAGS: -Wl,-z,relro -Wl,--as-needed -L/usr/lib/i386-linux-gnu -lpcre
Configure: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' 'build_alias=i486-linux-gnu'
sizeof(void*) = 4
Engine flevel: 81, dconf: 81

--- data dir ---
total 158064
-rw-r--r--    1 clamav clamav    378368 Apr 15 13:26 bytecode.cld
-rw-r--r--    1 clamav clamav  10165248 May 13 07:48 daily.cld
-rw-r--r--    1 root   root        5397 Nov 17 11:09 local-js-sigs.ndb
-rw-r--r--    1 clamav clamav 109143933 Mar 17 04:28 main.cvd
-rw-------    1 clamav clamav      4212 May 13 08:55 mirrors.dat
-rw-r--r--    1 root   root          64 May 10 18:11 pdfstuff.ign2
drwx------ 1223 clamav adm        32768 May 19  2009 quarantine
-rw-r--r--    1 clamav clamav  42079137 May 13 08:55 safebrowsing.cvd

-- System Information:
Debian Release: 7.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav-daemon depends on:
ii  adduser                         3.113+nmu3
ii  clamav-base                     0.99+dfsg-0+deb7u2
ii  clamav-freshclam [clamav-data]  0.99+dfsg-0+deb7u2
ii  debconf [debconf-2.0]           1.5.49
ii  dpkg                            1.16.17
ii  libc6                           2.13-38+deb7u10
ii  libclamav7                      0.99+dfsg-0+deb7u2
ii  libncurses5                     5.9-10
ii  libssl1.0.0                     1.0.1e-2+deb7u21
ii  libtinfo5                       5.9-10
ii  lsb-base                        4.1+Debian8+deb7u1
ii  procps                          1:3.3.3-3
ii  ucf                             3.0025+nmu3
ii  zlib1g                          1:1.2.7.dfsg-13

clamav-daemon recommends no packages.

Versions of packages clamav-daemon suggests:
pn  apparmor     <none>
ii  clamav-docs  0.99+dfsg-0+deb7u2
pn  daemon       <none>

-- debconf information:
* clamav-daemon/debconf: true
* clamav-daemon/ReadTimeout: 180
* clamav-daemon/StatsEnabled: false
* clamav-daemon/MaxConnectionQueueLength: 15
  clamav-daemon/ScanOnAccess: false
  clamav-daemon/AllowAllMatchScan: true
* clamav-daemon/LogFile:
* clamav-daemon/ScanMail: true
* clamav-daemon/BytecodeTimeout: 60000
  clamav-daemon/LogTime: true
  clamav-daemon/MaxEmbeddedPE: 10M
* clamav-daemon/BytecodeSecurity: Paranoid
  clamav-daemon/ScanSWF: true
* clamav-daemon/MaxDirectoryRecursion: 0
* clamav-daemon/MaxThreads: 12
* clamav-daemon/StatsHostID: auto
  clamav-daemon/TCPAddr: any
  clamav-daemon/DisableCertCheck: false
* clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
* clamav-daemon/LocalSocketMode: 666
* clamav-daemon/StatsTimeout: 10
* clamav-daemon/LogSyslog: true
* clamav-daemon/AddGroups:
* clamav-daemon/ScanArchive: true
  clamav-daemon/MaxHTMLNormalize: 10M
* clamav-daemon/StatsPEDisabled: true
* clamav-daemon/FollowDirectorySymlinks: false
* clamav-daemon/StreamMaxLength: 25
  clamav-daemon/LogRotate: true
  clamav-daemon/OnAccessMaxFileSize: 5M
* clamav-daemon/TcpOrLocal: UNIX
* clamav-daemon/FixStaleSocket: true
* clamav-daemon/User: clamav
* clamav-daemon/LocalSocketGroup: clamav
  clamav-daemon/MaxScriptNormalize: 5M
  clamav-daemon/ForceToDisk: false
* clamav-daemon/FollowFileSymlinks: false
  clamav-daemon/TCPSocket: 3310
* clamav-daemon/SelfCheck: 3600
  clamav-daemon/MaxZipTypeRcg: 1M
  clamav-daemon/MaxHTMLNoTags: 2M
* clamav-daemon/Bytecode: true

More information about the Pkg-clamav-devel mailing list