clamsmtp : unix socket problem
Hello,
I am encontering a problem with clamsmtp or more exactly with clamav-daemon. When I start it, the unix socket used to communicate with clamsmtp isn t created. So once lauched in debug mode, clamsmtpd inform me of that problem ! Though, I tried the same configuration on a test server 2 months ago without any problem. Could it be a problem of a last update ... Strange ... cause I have updated the boths clam via an official site If someone has already encountered that problem and could help me Thanks for reply Envoyé avec Yahoo! Mail. Une boite mail plus intelligente. |
clamsmtp : unix socket problem
On Apr 9, 2008, at 4:52 PM, Stephane Durieux wrote:Hello,
I am encontering a problem with clamsmtp or more exactly with clamav-daemon. When I start it, the unix socket used to communicate with clamsmtp isn t created. So once lauched in debug mode, clamsmtpd inform me of that problem ! Though, I tried the same configuration on a test server 2 months ago without any problem. Could it be a problem of a last update ... Strange ... cause I have updated the boths clam via an official site* If someone has already encountered that problem and could help me* Thanks for reply Stephanie, The socket isn't created immediately - clamav has to read in all the definitions from its database, which can take awhile. *On a dual P3 I have it takes over 20 minutes sometimes if it reloads everything, and on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the same thing. If clamsmtp tries to connect it will fail since the socket isn't created until the database is completely loaded. *If this is the case, just run 'top' and watch the CPU load and the clamav process, which will probably be eating up most of the CPU time. *Also, if you tail /var/log/clamav/clamav.log, the last line will probably be "<date/time stamp>*-> Reading databases from /var/lib/clamav". *When it's done, it will print out "<date/time stamp*-> Database correctly reloaded (xxxxx signatures)". hose |
clamsmtp : unix socket problem
On Wed April 9 2008 16:35:48 hose wrote:
> The socket isn't created immediately - clamav has to read in all the > definitions from its database, which can take awhile. On a dual P3 I > have it takes over 20 minutes sometimes if it reloads everything, and > on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the > same thing. Here it takes 4 seconds on a 2.4GHz P4. Am I missing something? Wed Apr 9 16:44:10 2008 -> +++ Started at Wed Apr 9 16:44:10 2008 Wed Apr 9 16:44:10 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386, CPU: i486) Wed Apr 9 16:44:10 2008 -> Log file size limit disabled. Wed Apr 9 16:44:10 2008 -> Reading databases from /var/lib/clamav Wed Apr 9 16:44:10 2008 -> Not loading PUA signatures. Wed Apr 9 16:44:14 2008 -> Loaded 248771 signatures. Wed Apr 9 16:44:14 2008 -> Unix socket file /var/run/clamav/clamd.ctl --Mike Bird -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
clamsmtp : unix socket problem
On Apr 9, 2008, at 6:47 PM, Mike Bird wrote:
On Wed April 9 2008 16:35:48 hose wrote: The socket isn't created immediately - clamav has to read in all the definitions from its database, which can take awhile. On a dual P3 I have it takes over 20 minutes sometimes if it reloads everything, and on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the same thing. Here it takes 4 seconds on a 2.4GHz P4. Am I missing something? Wed Apr 9 16:44:10 2008 -> +++ Started at Wed Apr 9 16:44:10 2008 Wed Apr 9 16:44:10 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386, CPU: i486) Wed Apr 9 16:44:10 2008 -> Log file size limit disabled. Wed Apr 9 16:44:10 2008 -> Reading databases from /var/lib/clamav Wed Apr 9 16:44:10 2008 -> Not loading PUA signatures. Wed Apr 9 16:44:14 2008 -> Loaded 248771 signatures. Wed Apr 9 16:44:14 2008 -> Unix socket file /var/run/clamav/clamd.ctl --Mike Bird Interesting... on all the clamav machines I admin (admittedly this is only four) I've always had the delay in loading the sigs: From one server (the dual xeon): Tue Apr 1 02:55:53 2008 -> Reading databases from /var/lib/clamav Tue Apr 1 03:07:20 2008 -> Loaded 323514 signatures. Tue Apr 1 03:07:20 2008 -> Unix socket file /var/run/clamav/clamd.ctl From the dual P3: Tue Mar 25 15:06:34 2008 -> Reading databases from /var/lib/clamav Tue Mar 25 15:20:08 2008 -> Loaded 316396 signatures. Tue Mar 25 15:20:08 2008 -> Unix socket file /var/run/clamav/clamd.ctl And most painfully, from a single P3 we keep around for nostalgia: Sun Apr 6 23:50:27 2008 -> Reading databases from /var/lib/clamav Mon Apr 7 00:52:24 2008 -> Loaded 306287 signatures. Mon Apr 7 00:52:24 2008 -> Unix socket file /var/run/clamav/clamd.ctl I wonder what the deal is. Maybe something to do with PUA signatures, but strangely enough I never remember turning on that option to begin with. hose -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
clamsmtp : unix socket problem
On Apr 9, 2008, at 6:57 PM, hose wrote:
On Apr 9, 2008, at 6:47 PM, Mike Bird wrote: On Wed April 9 2008 16:35:48 hose wrote: The socket isn't created immediately - clamav has to read in all the definitions from its database, which can take awhile. On a dual P3 I have it takes over 20 minutes sometimes if it reloads everything, and on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the same thing. Here it takes 4 seconds on a 2.4GHz P4. Am I missing something? Wed Apr 9 16:44:10 2008 -> +++ Started at Wed Apr 9 16:44:10 2008 Wed Apr 9 16:44:10 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386, CPU: i486) Wed Apr 9 16:44:10 2008 -> Log file size limit disabled. Wed Apr 9 16:44:10 2008 -> Reading databases from /var/lib/clamav Wed Apr 9 16:44:10 2008 -> Not loading PUA signatures. Wed Apr 9 16:44:14 2008 -> Loaded 248771 signatures. Wed Apr 9 16:44:14 2008 -> Unix socket file /var/run/clamav/ clamd.ctl --Mike Bird Interesting... on all the clamav machines I admin (admittedly this is only four) I've always had the delay in loading the sigs: From one server (the dual xeon): Tue Apr 1 02:55:53 2008 -> Reading databases from /var/lib/clamav Tue Apr 1 03:07:20 2008 -> Loaded 323514 signatures. Tue Apr 1 03:07:20 2008 -> Unix socket file /var/run/clamav/clamd.ctl From the dual P3: Tue Mar 25 15:06:34 2008 -> Reading databases from /var/lib/clamav Tue Mar 25 15:20:08 2008 -> Loaded 316396 signatures. Tue Mar 25 15:20:08 2008 -> Unix socket file /var/run/clamav/clamd.ctl And most painfully, from a single P3 we keep around for nostalgia: Sun Apr 6 23:50:27 2008 -> Reading databases from /var/lib/clamav Mon Apr 7 00:52:24 2008 -> Loaded 306287 signatures. Mon Apr 7 00:52:24 2008 -> Unix socket file /var/run/clamav/clamd.ctl I wonder what the deal is. Maybe something to do with PUA signatures, but strangely enough I never remember turning on that option to begin with. hose Actually, it looks like you're running clamd .92.1. I'm currently running the version that comes with etch - .90.1. Maybe there's a huge diff in loading times, ie, they reload only changed parts of the db (sort of like how they implemented partial diff downloads for updates in the later versions). Now it's going to bother me until I figure out why... hose -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
clamsmtp : unix socket problem
Hose,
I turned on PUA signatures and got 3 seconds - not a significant difference. You seem to have a lot more signatures than I. Here's my clamd.conf and my /var/lib/clamav. Any thoughts? --Mike # cat /etc/clamav/clamd.conf #Automatically Generated by clamav-base postinst #To reconfigure clamd run #dpkg-reconfigure clamav-base #Please read /usr/share/doc/clamav-base/README.Debian.gz for details LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true User clamav AllowSupplementaryGroups true ScanMail true ScanArchive true ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ArchiveMaxCompressionRatio 250 ArchiveLimitMemoryUsage false ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 StreamMaxLength 10M LogSyslog false LogFacility LOG_LOCAL6 LogClean false LogVerbose false PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav TemporaryDirectory /tmp SelfCheck 3600 Foreground false Debug false ScanPE true ScanOLE2 true ScanHTML true DetectBrokenExecutables false MailFollowURLs false ArchiveBlockMax false ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 MailMaxRecursion 64 PhishingSignatures true PhishingScanURLs true PhishingRestrictedScan true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false DetectPUA true LogFile /var/log/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 # cd /var/lib/clamav # ls -l * -rw-r--r-- 1 clamav clamav 124218 2006-08-29 23:51 clamav-03676d29ae5d080a -rw------- 1 clamav clamav 1196 2008-04-09 16:17 mirrors.dat daily.inc: total 1240 -rw-r--r-- 1 clamav clamav 17992 2007-04-26 00:59 COPYING -rw-r--r-- 1 clamav clamav 106 2008-03-21 11:30 daily.cfg -rw-r--r-- 1 clamav clamav 26014 2008-04-06 14:09 daily.db -rw-r--r-- 1 clamav clamav 4875 2008-04-07 02:12 daily.fp -rw-r--r-- 1 clamav clamav 5607 2008-02-26 12:07 daily.ftm -rw-r--r-- 1 clamav clamav 275 2008-04-07 16:12 daily.hdb -rw-r--r-- 1 clamav clamav 1224 2008-02-05 08:06 daily.hdu -rw-r--r-- 1 clamav clamav 629 2008-04-09 10:17 daily.info -rw-r--r-- 1 clamav clamav 892009 2008-04-09 10:17 daily.mdb -rw-r--r-- 1 clamav clamav 33422 2008-04-08 03:15 daily.mdu -rw-r--r-- 1 clamav clamav 227183 2008-04-09 08:17 daily.ndb -rw-r--r-- 1 clamav clamav 6824 2008-04-06 05:02 daily.ndu -rw-r--r-- 1 clamav clamav 3218 2008-03-26 16:17 daily.pdb -rw-r--r-- 1 clamav clamav 1454 2008-02-27 11:08 daily.wdb -rw-r--r-- 1 clamav clamav 2922 2007-09-03 11:53 daily.zmd main.inc: total 27616 -rw-r--r-- 1 clamav clamav 17992 2007-04-10 16:41 COPYING -rw-r--r-- 1 clamav clamav 4733425 2008-04-06 14:08 main.db -rw-r--r-- 1 clamav clamav 4815 2008-04-06 14:08 main.fp -rw-r--r-- 1 clamav clamav 652769 2008-04-06 14:08 main.hdb -rw-r--r-- 1 clamav clamav 318 2008-04-06 14:08 main.info -rw-r--r-- 1 clamav clamav 7864180 2008-04-06 14:08 main.mdb -rw-r--r-- 1 clamav clamav 14934069 2008-04-06 14:08 main.ndb -rw-r--r-- 1 clamav clamav 217 2007-04-10 16:41 main.zmd -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
clamsmtp : unix socket problem
On Wed April 9 2008 17:02:23 hose wrote:
> Actually, it looks like you're running clamd .92.1. I'm currently > running the version that comes with etch - .90.1. Maybe there's a > huge diff in loading times, ie, they reload only changed parts of the > db (sort of like how they implemented partial diff downloads for > updates in the later versions). Now it's going to bother me until I > figure out why... We're running Etch with clamav-daemon 0.92.1~dfsg-1volatile1 from volatile. However I don't recall it being slow with the original Etch. Kernel is Linux version 2.6.18-6-686 (Debian 2.6.18.dfsg.1-18etch1). --Mike Bird -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
clamsmtp : unix socket problem
On Apr 9, 2008, at 7:12 PM, Mike Bird wrote:
Hose, I turned on PUA signatures and got 3 seconds - not a significant difference. You seem to have a lot more signatures than I. Here's my clamd.conf and my /var/lib/clamav. Any thoughts? --Mike # cat /etc/clamav/clamd.conf #Automatically Generated by clamav-base postinst #To reconfigure clamd run #dpkg-reconfigure clamav-base #Please read /usr/share/doc/clamav-base/README.Debian.gz for details LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true User clamav AllowSupplementaryGroups true ScanMail true ScanArchive true ArchiveMaxRecursion 5 ArchiveMaxFiles 1000 ArchiveMaxFileSize 10M ArchiveMaxCompressionRatio 250 ArchiveLimitMemoryUsage false ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks false ReadTimeout 180 MaxThreads 12 MaxConnectionQueueLength 15 StreamMaxLength 10M LogSyslog false LogFacility LOG_LOCAL6 LogClean false LogVerbose false PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav TemporaryDirectory /tmp SelfCheck 3600 Foreground false Debug false ScanPE true ScanOLE2 true ScanHTML true DetectBrokenExecutables false MailFollowURLs false ArchiveBlockMax false ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 MailMaxRecursion 64 PhishingSignatures true PhishingScanURLs true PhishingRestrictedScan true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false DetectPUA true LogFile /var/log/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 # cd /var/lib/clamav # ls -l * -rw-r--r-- 1 clamav clamav 124218 2006-08-29 23:51 clamav-03676d29ae5d080a -rw------- 1 clamav clamav 1196 2008-04-09 16:17 mirrors.dat daily.inc: total 1240 -rw-r--r-- 1 clamav clamav 17992 2007-04-26 00:59 COPYING -rw-r--r-- 1 clamav clamav 106 2008-03-21 11:30 daily.cfg -rw-r--r-- 1 clamav clamav 26014 2008-04-06 14:09 daily.db -rw-r--r-- 1 clamav clamav 4875 2008-04-07 02:12 daily.fp -rw-r--r-- 1 clamav clamav 5607 2008-02-26 12:07 daily.ftm -rw-r--r-- 1 clamav clamav 275 2008-04-07 16:12 daily.hdb -rw-r--r-- 1 clamav clamav 1224 2008-02-05 08:06 daily.hdu -rw-r--r-- 1 clamav clamav 629 2008-04-09 10:17 daily.info -rw-r--r-- 1 clamav clamav 892009 2008-04-09 10:17 daily.mdb -rw-r--r-- 1 clamav clamav 33422 2008-04-08 03:15 daily.mdu -rw-r--r-- 1 clamav clamav 227183 2008-04-09 08:17 daily.ndb -rw-r--r-- 1 clamav clamav 6824 2008-04-06 05:02 daily.ndu -rw-r--r-- 1 clamav clamav 3218 2008-03-26 16:17 daily.pdb -rw-r--r-- 1 clamav clamav 1454 2008-02-27 11:08 daily.wdb -rw-r--r-- 1 clamav clamav 2922 2007-09-03 11:53 daily.zmd main.inc: total 27616 -rw-r--r-- 1 clamav clamav 17992 2007-04-10 16:41 COPYING -rw-r--r-- 1 clamav clamav 4733425 2008-04-06 14:08 main.db -rw-r--r-- 1 clamav clamav 4815 2008-04-06 14:08 main.fp -rw-r--r-- 1 clamav clamav 652769 2008-04-06 14:08 main.hdb -rw-r--r-- 1 clamav clamav 318 2008-04-06 14:08 main.info -rw-r--r-- 1 clamav clamav 7864180 2008-04-06 14:08 main.mdb -rw-r--r-- 1 clamav clamav 14934069 2008-04-06 14:08 main.ndb -rw-r--r-- 1 clamav clamav 217 2007-04-10 16:41 main.zmd I currently only have 265244 sigs - it went down for some reason from before (that line from the log above was from a previous restart, not just a reloading of the database, but it had the socket creation line). Another difference - we were having issues with .90.2 not handling freshclam updates very well - since it was considered out of date by clamav standards, the mirrors throttled our .diff downloads significantly, even when we checked only once a day. Because of that, we turned off ScriptedUpdates, pulled down main.cvd and daily.cvd manually, restarted, and now freshclam downloads each of those fully instead of the diffs. Clearly it's not the most efficient way to update, but it mostly works. In that vein, it looks like ScriptedUpdates branched your main.cvd into the directory main.inc and daily.cvd into the directory daily.inc, and uses some kind of different database. Currently our clamav setup only has the regular databases and no ScriptedUpdates directories: -rw-r--r-- 1 clamav clamav 499635 2008-04-09 03:36 daily.cvd -rw-r--r-- 1 clamav clamav 13050207 2008-04-07 03:01 main.cvd -rw------- 1 clamav clamav 988 2008-04-09 20:03 mirrors.dat This seems to be the only thing I can think of... but you were running etch's version before without issue. Doh. hose -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org |
| All times are GMT. The time now is 01:05 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.