Clam module broken after main.cvd update
Drew Marshall
drew at technologytiger.net
Wed Apr 11 08:45:14 IST 2007
On 11 Apr 2007, at 01:53, Raymond Dijkxhoorn wrote:
> Hi!
>
> We have seen several servers barfing due to a broken clamlib after
> a update of freshclam.
>
> Tonight clamav released a new main.cvd, when this happened the
> update files were placed inside subdirs, this is part of the new
> clamav update scheme.
>
> Mailscanner however dont take this and will report:
>
> Apr 11 02:37:25 vmx120 MailScanner[1011]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:37:30 vmx120 MailScanner[1013]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:37:35 vmx120 MailScanner[1016]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:37:40 vmx120 MailScanner[1018]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:37:45 vmx120 MailScanner[1023]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:37:50 vmx120 MailScanner[1029]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:37:55 vmx120 MailScanner[1035]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:38:00 vmx120 MailScanner[1037]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:38:05 vmx120 MailScanner[1040]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
> Apr 11 02:38:10 vmx120 MailScanner[1062]: None of the files matched
> by the "Monitors For ClamAV Updates" patterns exist!
>
> This will give defuncts on all your MS processes.
>
> The behaviour is only with 0.9x so be aware you will for sure see
> your incomming queue raise till you manually fix this.
>
> On my system clam created dirs like:
>
> /usr/local/share/clamav/daily.inc
>
> I removed all inside /usr/local/share/clamav/ (all subdirs also)
> and did a freshclam. Now the main.cvd remains in the main dir again
> and its going again.
>
> This is most likely a temp fix till someone fixes MS to detect
> this. ;)
>
> If you see the above behaviour, or wonder why your MS is defuncting
> all off the sudden, you know what to do....
I found this which might be of interest... http://wiki.clamav.net/
Main/ScriptedUpdates
I have also put the following into MailScanner.conf
Monitors for ClamAV Updates = /var/db/clamav/*.inc/* /var/db/clamav/
*.cvd
Your path to the update files may be different than the FreeBSD ones
but the principle remains. MailScanner seems quite happy having two
paths to check specified in the .conf file.
I have only been running this for 30 minutes or so and you can never
get an update when you want one so I can't tell you how it performs
when the incremental db does update but I can see no reason for it
not to work. Certainly if I corrupt the files in main.inc then
freshclam Clam removes the incremental directory, installs the
complete new .cvd and MailScanner restarts to pick up the new file so
it seems happy enough...
Drew
--
In line with our policy, this message has been scanned for viruses and dangerous
content by the Technology Tiger MailScanner.
Further information can be found at www.technologytiger.net/policy
Technology Tiger Limited is registered in Scotland with registration number: 310997
Registered Office 55-57 West High Street Inverurie AB51 3QQ
More information about the MailScanner
mailing list