clamav issues
Paul Macdonald
paul at ifdnrg.com
Wed Aug 18 11:25:32 UTC 2010
Hi,
I'm having some problems with a clamav install and wondered if anyone
had any suggestions.
As of a few days ago i noticed mail was getting rejected with 451 retry
codes.
Checking the milters this appeared to be clamav, and removing this
milter fixed the problem.
Afterwards, on tryign to fix the issue, i noticed that whilst clamd
started ok, it no longer stopped and just endlessly waited for the pid.
I suspect this is related, as freshclam also was unable to notifuy clamd
of updates.
I've rebuilt clamav several times, mainly thinking that the first issue
of why it wouldn;t stop was indictaive of it not responding to other
requests ( milter , freshclam etc).
I've moved the mail scanning onto another box, but would dearly like it
to be working on this particular box.
Where to start? Suggestions welcomed!
-clamd is listening on a local socket only ( changing to tcp only has no
effect)
- have rebuilt clamav, updated ports, and rebuilt a threaded perl.
startup debug is here: ( it looks to start fine, )
Starting clamav_clamd.
LibClamAV debug: Initialized 0.96.2 engine
LibClamAV debug: Initializing phishcheck module
LibClamAV debug: Phishcheck: Compiling regex: ^
*(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$
LibClamAV debug: Phishcheck module initialized
LibClamAV debug: Bytecode initialized in JIT mode
LibClamAV debug: Loading databases from /var/db/clamav
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = fad53de5357e9e0fe053afe917f215e6
LibClamAV debug: cli_versig: Decoded signature:
fad53de5357e9e0fe053afe917f215e6
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.info loaded
LibClamAV debug: in cli_tgzload()
LibClamAV debug: daily.cfg loaded
LibClamAV debug: daily.ign loaded
LibClamAV debug: daily.ign2 loaded
LibClamAV debug: Initializing engine->root[0]
LibClamAV debug: Initialising AC pattern matcher of root[0]
LibClamAV debug: cli_initroots: Initializing BM tables of root[0]
LibClamAV debug: Initializing engine->root[1]
LibClamAV debug: Initialising AC pattern matcher of root[1]
LibClamAV debug: cli_initroots: Initializing BM tables of root[1]
LibClamAV debug: Initializing engine->root[2]
LibClamAV debug: Initialising AC pattern matcher of root[2]
LibClamAV debug: Initializing engine->root[3]
LibClamAV debug: Initialising AC pattern matcher of root[3]
LibClamAV debug: Initializing engine->root[4]
LibClamAV debug: Initialising AC pattern matcher of root[4]
LibClamAV debug: Initializing engine->root[5]
LibClamAV debug: Initialising AC pattern matcher of root[5]
LibClamAV debug: Initializing engine->root[6]
LibClamAV debug: Initialising AC pattern matcher of root[6]
LibClamAV debug: Initializing engine->root[7]
LibClamAV debug: Initialising AC pattern matcher of root[7]
LibClamAV debug: Initializing engine->root[8]
LibClamAV debug: Initialising AC pattern matcher of root[8]
LibClamAV debug: Initializing engine->root[9]
LibClamAV debug: Initialising AC pattern matcher of root[9]
LibClamAV debug: Loaded 117 filetype definitions
LibClamAV debug: daily.ftm loaded
LibClamAV debug: daily.db loaded
LibClamAV debug: daily.hdb loaded
LibClamAV debug: daily.hdu loaded
LibClamAV debug: daily.mdb loaded
LibClamAV debug: daily.mdu loaded
LibClamAV debug: daily.ndb loaded
LibClamAV debug: daily.ndu loaded
LibClamAV debug: daily.ldb loaded
LibClamAV debug: daily.zmd loaded
LibClamAV debug: daily.idb loaded
LibClamAV debug: daily.fp loaded
LibClamAV debug: Loading regex_list
LibClamAV debug: daily.pdb loaded
LibClamAV debug: Loading regex_list
LibClamAV debug: daily.wdb loaded
LibClamAV debug: /var/db/clamav/daily.cvd loaded
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 59b7133605b0857b1a76bfe8b3645ff5
LibClamAV debug: cli_versig: Decoded signature:
59b7133605b0857b1a76bfe8b3645ff5
LibClamAV debug: cli_versig: Digital signature is correct.
LibClamAV debug: in cli_tgzload()
LibClamAV debug: main.info loaded
LibClamAV debug: in cli_tgzload()
LibClamAV debug: main.db loaded
LibClamAV debug: Ignoring signature Exploit.PDF-552
LibClamAV debug: Ignoring signature Exploit.PDF-6064
LibClamAV debug: Ignoring signature Trojan.Agent-119128
LibClamAV debug: main.hdb loaded
LibClamAV debug: Ignoring signature Trojan.Inject-601
LibClamAV debug: Ignoring signature Trojan.Agent-32909
LibClamAV debug: Ignoring signature Trojan.Dropper-16405
LibClamAV debug: Ignoring signature Worm.Downadup-282
LibClamAV debug: Ignoring signature Worm.Downadup-319
LibClamAV debug: Ignoring signature Trojan.Agent-121212
LibClamAV debug: Ignoring signature Trojan.Dropper-20544
LibClamAV debug: main.mdb loaded
LibClamAV debug: Ignoring signature HTML.Phishing.Bank-22
LibClamAV debug: Ignoring signature HTML.Phishing.Pay-159
LibClamAV debug: Ignoring signature Worm.Stration.NS
LibClamAV debug: Ignoring signature Email.Faketube
LibClamAV debug: Ignoring signature Email.Phishing.DblDom-57
LibClamAV debug: Ignoring signature Email.Phishing.DblDom-78
LibClamAV debug: Ignoring signature Email.Phishing.DblDom-89
LibClamAV debug: Ignoring signature Email.Phishing.DblDom-91
LibClamAV debug: Ignoring signature Trojan.VB-3950
LibClamAV debug: Ignoring signature JS.Agent-35
LibClamAV debug: Ignoring signature Worm.Kido-23
LibClamAV debug: Ignoring signature W32.Virut-29
LibClamAV debug: Ignoring signature Exploit.PDF-34
LibClamAV debug: Ignoring signature Trojan.Pakes-2516
LibClamAV debug: main.ndb loaded
LibClamAV debug: main.zmd loaded
LibClamAV debug: main.fp loaded
LibClamAV debug: /var/db/clamav/main.cvd loaded
LibClamAV debug: Using filter for trie 0
LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 6134 (reloff: 4, absoff:
0) BM sigs: 30024 (reloff: 15, absoff: 102) maxpatlen 470
LibClamAV debug: Using filter for trie 1
LibClamAV debug: Matcher[1]: PE: AC sigs: 13627 (reloff: 4484, absoff:
0) BM sigs: 47001 (reloff: 43057, absoff: 3944) maxpatlen 468
LibClamAV debug: Matcher[2]: OLE2: AC sigs: 1723 (reloff: 0, absoff: 0)
BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 176 (ac_only mode)
LibClamAV debug: Matcher[3]: HTML: AC sigs: 5828 (reloff: 3, absoff: 0)
BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 461 (ac_only mode)
LibClamAV debug: Using filter for trie 4
LibClamAV debug: Matcher[4]: MAIL: AC sigs: 1150 (reloff: 0, absoff: 0)
BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 255 (ac_only mode)
LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 26 (reloff: 0, absoff:
0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 227 (ac_only mode)
LibClamAV debug: Matcher[6]: ELF: AC sigs: 24 (reloff: 4, absoff: 0) BM
sigs: 0 (reloff: 0, absoff: 0) maxpatlen 304 (ac_only mode)
LibClamAV debug: Using filter for trie 7
LibClamAV debug: Matcher[7]: ASCII: AC sigs: 1557 (reloff: 0, absoff: 0)
BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 467 (ac_only mode)
LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0)
BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode)
LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0)
BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode)
LibClamAV debug: MD5 sigs (files): 43630
LibClamAV debug: MD5 sigs (PE sections): 676860
LibClamAV debug: Building regex list
LibClamAV debug: Using filter for trie 0
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: Building regex list
LibClamAV debug: Using filter for trie 0
LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0
LibClamAV debug: Converting hashset to array: 40047 entries
LibClamAV debug: hashtab: Freeing hashset, elements: 40047, capacity: 65536
LibClamAV debug: Dynamic engine configuration settings:
LibClamAV debug: --------------------------------------
LibClamAV debug: Module PE: On
LibClamAV debug: * Submodule PARITE: On
LibClamAV debug: * Submodule KRIZ: On
LibClamAV debug: * Submodule MAGISTR: On
LibClamAV debug: * Submodule POLIPOS: On
LibClamAV debug: * Submodule MD5SECT: On
LibClamAV debug: * Submodule UPX: On
LibClamAV debug: * Submodule FSG: On
LibClamAV debug: * Submodule SWIZZOR: On
LibClamAV debug: * Submodule PETITE: On
LibClamAV debug: * Submodule PESPIN: On
LibClamAV debug: * Submodule YC: On
LibClamAV debug: * Submodule WWPACK: On
LibClamAV debug: * Submodule NSPACK: On
LibClamAV debug: * Submodule MEW: On
LibClamAV debug: * Submodule UPACK: On
LibClamAV debug: * Submodule ASPACK: On
LibClamAV debug: Module ELF: On
LibClamAV debug: Module MACHO: On
LibClamAV debug: Module ARCHIVE: On
LibClamAV debug: * Submodule RAR: On
LibClamAV debug: * Submodule ZIP: On
LibClamAV debug: * Submodule GZIP: On
LibClamAV debug: * Submodule BZIP: On
LibClamAV debug: * Submodule ARJ: On
LibClamAV debug: * Submodule SZDD: On
LibClamAV debug: * Submodule CAB: On
LibClamAV debug: * Submodule CHM: On
LibClamAV debug: * Submodule OLE2: On
LibClamAV debug: * Submodule TAR: On
LibClamAV debug: * Submodule CPIO: On
LibClamAV debug: * Submodule BINHEX: On
LibClamAV debug: * Submodule SIS: On
LibClamAV debug: * Submodule NSIS: On
LibClamAV debug: * Submodule AUTOIT: On
LibClamAV debug: * Submodule ISHIELD: On
LibClamAV debug: * Submodule 7zip: On
LibClamAV debug: Module DOCUMENT: On
LibClamAV debug: * Submodule HTML: On
LibClamAV debug: * Submodule RTF: On
LibClamAV debug: * Submodule PDF: On
LibClamAV debug: * Submodule SCRIPT: On
LibClamAV debug: * Submodule HTMLSKIPRAW: On
LibClamAV debug: * Submodule JSNORM: On
LibClamAV debug: Module MAIL: On
LibClamAV debug: * Submodule MBOX: On
LibClamAV debug: * Submodule TNEF: On
LibClamAV debug: Module OTHER: On
LibClamAV debug: * Submodule UUENCODED: On
LibClamAV debug: * Submodule SCRENC: On
LibClamAV debug: * Submodule RIFF: On
LibClamAV debug: * Submodule JPEG: On
LibClamAV debug: * Submodule CRYPTFF: On
LibClamAV debug: * Submodule DLP: On
LibClamAV debug: * Submodule MYDOOMLOG: On
LibClamAV debug: * Submodule PREFILTERING: On
LibClamAV debug: Module PHISHING On
LibClamAV debug: * Submodule ENGINE: On
LibClamAV debug: * Submodule ENTCONV: On
LibClamAV debug: Module BYTECODE On
LibClamAV debug: * Submodule INTERPRETER: On
LibClamAV debug: * Submodule JIT X86: On
LibClamAV debug: * Submodule JIT PPC: On
LibClamAV debug: * Submodule JIT ARM: ** Off **
LibClamAV debug: environment detected:
LibClamAV debug: check_platform(0x03113636, 0x04040201, 0x01040201)
LibClamAV debug: check_platform(0x03 1 1 36 36,0x0 4 04 02
01,0x01 04 02 01)
LibClamAV debug: check_platform( OS CPU COM FL DCONF,BE PTR CXX
VV.VV.VV, FLG CC VV.VV.VV)
LibClamAV debug: Engine version: 0.96.2
LibClamAV debug: Host triple: i386-portbld-freebsd7.1
LibClamAV debug: Host CPU: core2
LibClamAV debug: OS: FreeBSD
LibClamAV debug: OS release: 7.1-RELEASE
LibClamAV debug: OS version: FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25
UTC 2009 root at lo
LibClamAV debug: OS hardware: i386
LibClamAV debug: OS LLVM category: 5
LibClamAV debug: Has JIT compiled: 1
LibClamAV debug: ------------------------------------------------------
LibClamAV debug: Bytecode: mode is 0
LibClamAV debug: Loading trusted bytecode
LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 74
LibClamAV debug: unknown inst type: 89
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: unknown inst type: 67
LibClamAV debug: Parsed 41 BBs, 176 instructions
LibClamAV debug: Parsed 1 functions
LibClamAV debug: Bytecode: BC_STARTUP running (builtin)
LibClamAV debug: Bytecode: executing in interpeter mode
LibClamAV debug: bytecode: registered ctx variable at 0x0 (+0) id 6
LibClamAV debug: bytecode: registered ctx variable at 0x28a53980 (+2) id 2
LibClamAV debug: bytecode: registered ctx variable at 0x28915080 (+256) id 1
LibClamAV debug: bytecode: registered ctx variable at 0x28a53984 (+4) id 5
LibClamAV debug: bytecode: registered ctx variable at 0x28a539a0 (+648) id 4
LibClamAV debug: bytecode: registered ctx variable at 0x28d1f200 (+512) id 7
LibClamAV debug: bytecode debug: startup: bytecode execution in auto mode
LibClamAV debug: intepreter bytecode run finished in 35us, after
executing 133 opcodes
LibClamAV debug: Bytecode: disable status is 0
bytecode JIT: emitted function bc4294967295f0 of 23 bytes at 0x2de60010
bytecode JIT: emitted function bc4294967295f0_wrap of 16 bytes at 0x2de60030
LibClamAV debug: bytecode self test running
LibClamAV debug: Bytecode: executing in JIT mode
bytecode finished in 112us
LibClamAV debug: bytecode self test succeeded
LibClamAV debug: Bytecode: 0 bytecode prepared with JIT
--
-------------------------
Paul Macdonald
IFDNRG Ltd
Web and video hosting
-------------------------
t: 0131 5548070
m: 07534206249
e: paul at ifdnrg.com
w: http://www.ifdnrg.com
-------------------------
IFDNRG
40 Maritime Street
Edinburgh
EH6 6SA
-------------------------
More information about the freebsd-questions
mailing list