Clamav Ping Timeout During Update

Julian Field MailScanner at ecs.soton.ac.uk
Tue Mar 4 20:26:49 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Neal Morgan wrote:
>  Rick Cooper wrote: 
>  > 
>  > Julian Field wrote: 
>  > > 
>  > > Neal Morgan wrote:
>  > > > Greetings:
>  > > >
>  > > > My Mailscanner has been reporting timeouts when clamav updates
> its
>  > > > database.  I see entries like this in syslog:
>  > > >
>  > > > 2008-03-03 08:41:10.000	Server-05	MailScanner[20773]:
>  > > > Clamd::ERROR:: CLAM PING TIMED OUT! :: .
>  > > >
>  > > >
>  > > > If I review the clamav log, it seems that the timeout always
> occurs
>  > > > within several seconds of the "database reloaded" entry:
>  > > >
>  > > > Mon Mar  3 08:30:21 2008 -> SelfCheck: Database 
>  > > modification detected.
>  > > > Forcing reload.
>  > > > Mon Mar  3 08:30:21 2008 -> Reading databases from
> /var/lib/clamav
>  > > > Mon Mar  3 08:41:09 2008 -> Database correctly reloaded (223704
>  > > > signatures)
>  > > >   
>  > > The ping timeout is set to 90 seconds. This should be way 
>  > > more than is 
>  > > needed for a database reload. You are welcome to try 
>  > > increasing it, look 
>  > > for the setting of the variable "PingTimeOut" in SweepViruses.pm.
>  > > 
>  > > >
>  >
>  >I would think MailScanner wouldn't even bother to monitor the database
> files
>  >if not using ClamAVModule as clamd handles reloading upon updates and
>  >MailScanner shouldn't care because it's not going to load them anyway.
> It
>  >kind of makes me wonder if he is running both clamd and clamavmodule
>  >
>  >Rick
>  >
>  >
>
> Thanks Julian and Rick for your responses.  I am running clamd, and when
> I run the lint test MailScanner correctly finds it.  I am not
> referencing clamavmodule.  (Lint confirms this as well).
>
> I did have the "Monitors for ClamAV Updates" configured in
> MailScanner.conf (upgrade_MailScanner_conf complained about them on my
> last upgrade, so I updated the line to point to the proper locations).
> Rick, per your suggestion, I have taken this setting out.
>   
That's equivalent to setting it to "/usr/local/share/clamav/*.cvd" which 
may or may not be what you want. Setting a conf setting to blank is not 
the same as leaving it out of the conf file altogether.

This setting should only be checked, when MailScanner runs, if you 
actually mention "clamavmodule" in your "Virus Scanners =" setting. In 
that case, it cannot be blank. If you want to not check anything, then 
set it to point to some file whose timestamp won't change, such as your 
kernel or a program such as "/bin/true" or something like that.

> I am using Unix sockets.  To be sure MailScanner isn't trying TCP/IP, I
> took the port number out leaving only the path to the socket.  One thing
> that might be of interest, my clamd does create a socket and pid file,
> but doesn't create a lock file (that I can find).  Could this have an
> impact?
>
> As far as other messages in the clamav.log file, the only other ones I
> find are 1) self check, and 2) the occasional "file not found."  Those
> seem to correspond with MailScanner reporting "not spam (too large)".
>
> Anyway, I am still left with the behavior that I get the ping timeout
> messages within 1 to 3 seconds of the time clamav.log reports "Database
> correctly reloaded".  Weird.
>
> I agree that 90 seconds is more than enough.  Changing this has no
> effect on the problem.
>
> If others running clamd aren't getting these
> 	"MailScanner[4899]: ClamD Timed Out During PING Check!" 
> 	and " MailScanner[3841]: Clamd::ERROR:: CLAM PING TIMED OUT! ::
> ." messages, then it must be something I have mis-configured.  ...I just
> have no idea what that is.  
>
> Any other suggestions?
>
>
> Many thanks,
>
> Neal Morgan
>   

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.1 (Build 2523)
Comment: Use Thunderbird Enigmail to verify this message
Charset: ISO-8859-1

wj8DBQFHzbCMEfZZRxQVtlQRAgNYAJsHeDbrhZJv/ZnuakMLYLPwaBdSNACffsWn
cyt0bk4U8Fk4Ol6QRSVozds=
=JKcI
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list