MailScanner broken suddenly?!?!

Michael R. Dilworth michael at dilworth.net
Fri Jul 20 19:52:24 IST 2007 

Happened here to just a few minutes ago.  I wasted the ClamAV databases and at the
moment freshclam can't connect to any of the mirrors.  Same thing that happened last
time ClamAV had a major update...  I commented out ClamAV for now and all is fine 
at the moment (yes I have multiple virus scanners).

Note all is fine until MailScanner restarts, then it will hang with 100% cpu usage.
Remember MailScanner restarts at least once a day.


> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of
> Gottschalk, David
> Sent: Friday, July 20, 2007 11:41 AM
> To: MailScanner discussion
> Subject: RE: MailScanner broken suddenly?!?!
> 
> 
> 
> ClamAV 0.90.3/3707/Fri Jul 20 12:08:45 2007
> 
> I think this is a different problem though, because it happened all at once. The children 
> were hanging for 20+ mins or more until I realized they were doing nothing but what that 
> trace showed me.
> 
> David Gottschalk
> 
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Richard Frovarp
> Sent: Friday, July 20, 2007 2:28 PM
> To: MailScanner discussion
> Subject: Re: MailScanner broken suddenly?!?!
> 
> Gottschalk, David wrote:
> > I have 5 MailScanner machines.
> >
> > I had to do some configuration changes, so I restarted them. One of
> > them now appears to be completely hosed. I've checked my
> > configuration, and can't figure out what is going on. I don't see
> > anything wrong at all.
> >
> > -sh-3.00$ sudo /usr/sbin/MailScanner --lint Checking version
> > numbers...
> > Version installed (4.60.8) does not match version stated in
> > MailScanner.conf file (4.57.6), you may want to run
> > upgrade_MailScanner_conf to ensure your MailScanner.conf file contains
> > all the latest settings.
> >
> > Checking for SpamAssassin errors (if you use it)...
> > Using SpamAssassin results cache
> > Connected to SpamAssassin cache database SpamAssassin reported no
> > errors.
> > Using locktype = posix
> > Creating hardcoded struct_flock subroutine for linux (Linux-type)
> > MailScanner.conf says "Virus Scanners = auto"
> > Found these virus scanners installed: bitdefender, clamavmodule
> >
> > Here is what is going on:
> >
> > 1. MailScanner starts, but just sits there does nothing:
> >
> > root     22553     1  0 13:58 ?        00:00:00 MailScanner: master
> > waiting for children, sleeping
> > root     22554 22553 70 13:58 ?        00:00:35 MailScanner: starting
> > children
> > root     22624 22553 69 13:58 ?        00:00:31 MailScanner: starting
> > children
> > root     22680 22553 67 13:58 ?        00:00:27 MailScanner: starting
> > children
> > root     22733 22553 73 13:58 ?        00:00:26 MailScanner: starting
> > children
> > root     22780 22553 44 13:58 ?        00:00:13 MailScanner: starting
> > children
> > root     22831 22553 42 13:58 ?        00:00:10 MailScanner: starting
> > children
> > root     22884 22553 47 13:58 ?        00:00:09 MailScanner: starting
> > children
> > root     22957 22553 44 13:59 ?        00:00:07 MailScanner: starting
> > children
> > root     23005 22553 31 13:59 ?        00:00:03 MailScanner: starting
> > children
> > root     23054 22553 49 13:59 ?        00:00:02 MailScanner: starting
> > children
> > If I trace a childre process, here is what it is doing over and over:
> >
> > sudo strace -p 19920
> > Process 19920 attached - interrupt to quit read(12,
> > "b560c3b9f08759aa3aa90:Trojan.Spy"..., 4096) = 4096 read(12,
> > ":Trojan.Spy-3720\n353280:f604589b"..., 4096) = 4096 read(12,
> > "55d8571268b7:Trojan.Clicker-133\n"..., 4096) = 4096 read(12,
> > "5b7b476404e1ea6dc24d48e50bdfa:Tr"..., 4096) = 4096 read(12,
> > "ba8f709e8b588009a34ee19ee1:Troja"..., 4096) = 4096 read(12,
> > "d5:Trojan.Spy-3998\n284672:7801e5"..., 4096) = 4096 read(12,
> > "6\n12288:6bfa649c48fc5982b231a2bb"..., 4096) = 4096
> > brk(0x4f23000)                          = 0x4f23000
> > read(12, "n.Spy-4128\n21504:3b072d4e76b7173"..., 4096) = 4096 read(12,
> > "bbe4f7d647f109b5317dd8794715:Tro"..., 4096) = 4096 read(12,
> > "n.Downloader-4997\n36864:bcc236c3"..., 4096) = 4096 read(12,
> > "der-5167\n29696:f7d986ddcc013d8e0"..., 4096) = 4096 read(12,
> > "f7e121997:Trojan.Downloader-5070"..., 4096) = 4096 read(12,
> > ".Downloader-5107\n10240:efd91a6ea"..., 4096) = 4096 read(12,
> > "ec7:Trojan.Downloader-4916\n2048:"..., 4096) = 4096 read(12,
> > "nloader-5244\n4768:096cc4cd04d5cf"..., 4096) = 4096 read(12,
> > ":Trojan.Bancos-3284\n271360:2bc5f"..., 4096) = 4096 read(12,
> > "ncos-3342\n377344:04230b7482e189a"..., 4096) = 4096 read(12,
> > "an.Spy-4204\n35840:4c8d2cbaf9ccaf"..., 4096) = 4096 read(12,
> > "jan.Bancos-3492\n659968:49df0eba0"..., 4096) = 4096 read(12,
> > "0:25f16f5f7ee84dee66f40f6c86e9b8"..., 4096) = 4096 read(12,
> > "86:Trojan.Small-1634\n229888:3579"..., 4096) = 4096 read(12,
> > "4d30b8cfcfe247337e424db964d816:T"..., 4096) = 4096 read(12,
> > "576:3c44fb4c3e7a07aa1d49ce91c492"..., 4096) = 4096 read(12,
> > "082cd8ac62e6878348b79:Trojan.Ban"..., 4096) = 4096
> >
> > 2. Strangely enough, if I start just MailScanner it works fine (with
> > sendmail not running)
> >
> > 3. If I start MailScanner with sendmail to, it will just hang there as
> > described. If I stop it, the master process dies for MailScanner, but
> > the children hang.
> >
> > 4. I did have this problem, but I resolved it quickly by changing the
> > option in MailScanner.conf to look for *.inc files.
> >
> > Jul 20 13:28:37 mr1 MailScanner[9747]: None of the files matched by
> > the "Monitors For ClamAV Updates" patterns exist!
> > Jul 20 13:28:47 mr1 MailScanner[8644]: None of the files matched by
> > the "Monitors For ClamAV Updates" patterns exist!
> >
> > Any ideas? I'm banging my head.
> >
> > David Gottschalk
> > david.gottschalk at emory.edu <mailto:david.gottschalk at emory.edu>
> >
> What version of ClamAV? 0.90 takes a very long time to load signatures.
> I do have one box in which it was very quick. The other ones took at least 3 minutes to 
> get up and going. Upgrading to 0.91 fixed that.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website!
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 
> 
>

More information about the MailScanner mailing list