MailScanner broken suddenly?!?!
Michael R. Dilworth
michael at dilworth.net
Fri Jul 20 20:43:35 IST 2007
MS 4.58.9
clamav 0.90.3 virus db 44 and 3708.
Currently downloading Clamav 91 source, and MS 4.61.7-2 will hopefully
be installing a MailScanner -> Clamd setup this afternoon. It was on
my todo list, but it just got bumped to a priority.
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info]On Behalf Of
> Gottschalk, David
> Sent: Friday, July 20, 2007 12:26 PM
> To: MailScanner discussion
> Subject: RE: MailScanner broken suddenly?!?!
>
>
> Yeah, maybe it was a combination of factors. I don't know.
>
> To anyone else who had the problem, what version of clamav are you running?
>
> David Gottschalk
>
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Richard Frovarp
> Sent: Friday, July 20, 2007 3:20 PM
> To: MailScanner discussion
> Subject: Re: MailScanner broken suddenly?!?!
>
> Even before the update, 0.90.x had a known issue with loading the signatures taking an
> very very long time. I don't know that you can blame that on any update here.
>
> I just ran a freshclam manually. I'm running the latest definitions as reported on
> clamav.net (44 and 3708). However, freshclam was not able to connect a minute ago, now it
> can. Restarting MailScanner was not an issue against clamav 0.91.0. What people might be
> seeing is the effect of the known issue in 0.90.x. It could have been a broken update,
> that made things even worse.
>
> In short, latest sigs with 0.91 is not an issue.
>
> Gottschalk, David wrote:
> > So a few things I've just learned (I think everyone else is broken that is using clamav
> and doesn't know it yet, that's why they aren't replying) I just happened to be working
> on my boxes and noticed.
> >
> > I realized that the reason MailScanner worked temporarily is because I disabled
> scanning all together on the box with problems. I did this so my one broken box (at the
> time) could catch up since it was backed up big time.
> >
> > Clamscan takes forever to scan messages now.
> >
> > sudo clamscan -v mailertable.new
> > Scanning mailertable.new
> > mailertable.new: OK
> >
> > ----------- SCAN SUMMARY -----------
> > Known viruses: 139329
> > Engine version: 0.90.3
> > Scanned directories: 0
> > Scanned files: 1
> > Infected files: 0
> > Data scanned: 0.00 MB
> > Time: 37.524 sec (0 m 37 s)
> > -sh-3.00$ du -sh mailertable.new
> > 12K mailertable.new
> >
> > All of my *.cvd directories in /usr/local/share/clamav are now gone.
> >
> > They are all renamed to *.inc at the time of the breakage. I think that could have
> been part of the problem, but I changed my config line in MailScanner, and that didn't
> resolve the hanging issue.
> >
> > David Gottschalk
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> > Gottschalk, David
> > Sent: Friday, July 20, 2007 2:41 PM
> > To: MailScanner discussion
> > Subject: RE: MailScanner broken suddenly?!?!
> >
> >
> > ClamAV 0.90.3/3707/Fri Jul 20 12:08:45 2007
> >
> > I think this is a different problem though, because it happened all at once. The
> children were hanging for 20+ mins or more until I realized they were doing nothing but
> what that trace showed me.
> >
> > David Gottschalk
> >
> > -----Original Message-----
> > From: mailscanner-bounces at lists.mailscanner.info
> > [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> > Richard Frovarp
> > Sent: Friday, July 20, 2007 2:28 PM
> > To: MailScanner discussion
> > Subject: Re: MailScanner broken suddenly?!?!
> >
> > Gottschalk, David wrote:
> >
> >> I have 5 MailScanner machines.
> >>
> >> I had to do some configuration changes, so I restarted them. One of
> >> them now appears to be completely hosed. I've checked my
> >> configuration, and can't figure out what is going on. I don't see
> >> anything wrong at all.
> >>
> >> -sh-3.00$ sudo /usr/sbin/MailScanner --lint Checking version
> >> numbers...
> >> Version installed (4.60.8) does not match version stated in
> >> MailScanner.conf file (4.57.6), you may want to run
> >> upgrade_MailScanner_conf to ensure your MailScanner.conf file
> >> contains all the latest settings.
> >>
> >> Checking for SpamAssassin errors (if you use it)...
> >> Using SpamAssassin results cache
> >> Connected to SpamAssassin cache database SpamAssassin reported no
> >> errors.
> >> Using locktype = posix
> >> Creating hardcoded struct_flock subroutine for linux (Linux-type)
> >> MailScanner.conf says "Virus Scanners = auto"
> >> Found these virus scanners installed: bitdefender, clamavmodule
> >>
> >> Here is what is going on:
> >>
> >> 1. MailScanner starts, but just sits there does nothing:
> >>
> >> root 22553 1 0 13:58 ? 00:00:00 MailScanner: master
> >> waiting for children, sleeping
> >> root 22554 22553 70 13:58 ? 00:00:35 MailScanner: starting
> >> children
> >> root 22624 22553 69 13:58 ? 00:00:31 MailScanner: starting
> >> children
> >> root 22680 22553 67 13:58 ? 00:00:27 MailScanner: starting
> >> children
> >> root 22733 22553 73 13:58 ? 00:00:26 MailScanner: starting
> >> children
> >> root 22780 22553 44 13:58 ? 00:00:13 MailScanner: starting
> >> children
> >> root 22831 22553 42 13:58 ? 00:00:10 MailScanner: starting
> >> children
> >> root 22884 22553 47 13:58 ? 00:00:09 MailScanner: starting
> >> children
> >> root 22957 22553 44 13:59 ? 00:00:07 MailScanner: starting
> >> children
> >> root 23005 22553 31 13:59 ? 00:00:03 MailScanner: starting
> >> children
> >> root 23054 22553 49 13:59 ? 00:00:02 MailScanner: starting
> >> children
> >> If I trace a childre process, here is what it is doing over and over:
> >>
> >> sudo strace -p 19920
> >> Process 19920 attached - interrupt to quit read(12,
> >> "b560c3b9f08759aa3aa90:Trojan.Spy"..., 4096) = 4096 read(12,
> >> ":Trojan.Spy-3720\n353280:f604589b"..., 4096) = 4096 read(12,
> >> "55d8571268b7:Trojan.Clicker-133\n"..., 4096) = 4096 read(12,
> >> "5b7b476404e1ea6dc24d48e50bdfa:Tr"..., 4096) = 4096 read(12,
> >> "ba8f709e8b588009a34ee19ee1:Troja"..., 4096) = 4096 read(12,
> >> "d5:Trojan.Spy-3998\n284672:7801e5"..., 4096) = 4096 read(12,
> >> "6\n12288:6bfa649c48fc5982b231a2bb"..., 4096) = 4096
> >> brk(0x4f23000) = 0x4f23000
> >> read(12, "n.Spy-4128\n21504:3b072d4e76b7173"..., 4096) = 4096
> >> read(12, "bbe4f7d647f109b5317dd8794715:Tro"..., 4096) = 4096 read(12,
> >> "n.Downloader-4997\n36864:bcc236c3"..., 4096) = 4096 read(12,
> >> "der-5167\n29696:f7d986ddcc013d8e0"..., 4096) = 4096 read(12,
> >> "f7e121997:Trojan.Downloader-5070"..., 4096) = 4096 read(12,
> >> ".Downloader-5107\n10240:efd91a6ea"..., 4096) = 4096 read(12,
> >> "ec7:Trojan.Downloader-4916\n2048:"..., 4096) = 4096 read(12,
> >> "nloader-5244\n4768:096cc4cd04d5cf"..., 4096) = 4096 read(12,
> >> ":Trojan.Bancos-3284\n271360:2bc5f"..., 4096) = 4096 read(12,
> >> "ncos-3342\n377344:04230b7482e189a"..., 4096) = 4096 read(12,
> >> "an.Spy-4204\n35840:4c8d2cbaf9ccaf"..., 4096) = 4096 read(12,
> >> "jan.Bancos-3492\n659968:49df0eba0"..., 4096) = 4096 read(12,
> >> "0:25f16f5f7ee84dee66f40f6c86e9b8"..., 4096) = 4096 read(12,
> >> "86:Trojan.Small-1634\n229888:3579"..., 4096) = 4096 read(12,
> >> "4d30b8cfcfe247337e424db964d816:T"..., 4096) = 4096 read(12,
> >> "576:3c44fb4c3e7a07aa1d49ce91c492"..., 4096) = 4096 read(12,
> >> "082cd8ac62e6878348b79:Trojan.Ban"..., 4096) = 4096
> >>
> >> 2. Strangely enough, if I start just MailScanner it works fine (with
> >> sendmail not running)
> >>
> >> 3. If I start MailScanner with sendmail to, it will just hang there
> >> as described. If I stop it, the master process dies for MailScanner,
> >> but the children hang.
> >>
> >> 4. I did have this problem, but I resolved it quickly by changing the
> >> option in MailScanner.conf to look for *.inc files.
> >>
> >> Jul 20 13:28:37 mr1 MailScanner[9747]: None of the files matched by
> >> the "Monitors For ClamAV Updates" patterns exist!
> >> Jul 20 13:28:47 mr1 MailScanner[8644]: None of the files matched by
> >> the "Monitors For ClamAV Updates" patterns exist!
> >>
> >> Any ideas? I'm banging my head.
> >>
> >> David Gottschalk
> >> david.gottschalk at emory.edu <mailto:david.gottschalk at emory.edu>
> >>
> >>
> > What version of ClamAV? 0.90 takes a very long time to load signatures.
> > I do have one box in which it was very quick. The other ones took at least 3 minutes to
> get up and going. Upgrading to 0.91 fixed that.
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/mailman/listinfo/mailscanner
> >
> > Before posting, read http://wiki.mailscanner.info/posting
> >
> > Support MailScanner development - buy the book off the website!
> >
> >
>
>
> --
> Richard Frovarp
> EduTech System Administrator
> 1-701-231-5127 or
> 1-800-774-1091
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>
More information about the MailScanner
mailing list