Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   clamsmtp : unix socket problem (http://www.linux-archive.org/debian-user/67129-clamsmtp-unix-socket-problem.html)

Stephane Durieux 04-09-2008 09:52 PM

clamsmtp : unix socket problem
 
Hello,

I am encontering a problem with clamsmtp or more exactly with clamav-daemon.
When I start it, the unix socket used to communicate with clamsmtp isn t created.
So once lauched in debug mode, clamsmtpd inform me of that problem !

Though, I tried the same configuration on a test server 2 months ago without any problem.
Could it be a problem of a last update
... Strange ... cause I have updated the boths clam via an official site

If someone has already encountered that problem and could help me

Thanks for reply






Envoyé avec Yahoo! Mail.
Une boite mail plus intelligente.

hose 04-09-2008 11:35 PM

clamsmtp : unix socket problem
 
On Apr 9, 2008, at 4:52 PM, Stephane Durieux wrote:Hello,

I am encontering a problem with clamsmtp or more exactly with clamav-daemon.
When I start it, the unix socket used to communicate with clamsmtp isn t created.
So once lauched in debug mode, clamsmtpd inform me of that problem !

Though, I tried the same configuration on a test server 2 months ago without any problem.
Could it be a problem of a last update
... Strange ... cause I have updated the boths clam via an official site*

If someone has already encountered that problem and could help me*

Thanks for reply

Stephanie,
The socket isn't created immediately - clamav has to read in all the definitions from its database, which can take awhile. *On a dual P3 I have it takes over 20 minutes sometimes if it reloads everything, and on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the same thing.
If clamsmtp tries to connect it will fail since the socket isn't created until the database is completely loaded. *If this is the case, just run 'top' and watch the CPU load and the clamav process, which will probably be eating up most of the CPU time. *Also, if you tail /var/log/clamav/clamav.log, the last line will probably be "<date/time stamp>*-> Reading databases from /var/lib/clamav". *When it's done, it will print out "<date/time stamp*-> Database correctly reloaded (xxxxx signatures)".
hose

Mike Bird 04-09-2008 11:47 PM

clamsmtp : unix socket problem
 
On Wed April 9 2008 16:35:48 hose wrote:
> The socket isn't created immediately - clamav has to read in all the
> definitions from its database, which can take awhile. On a dual P3 I
> have it takes over 20 minutes sometimes if it reloads everything, and
> on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the
> same thing.

Here it takes 4 seconds on a 2.4GHz P4. Am I missing something?

Wed Apr 9 16:44:10 2008 -> +++ Started at Wed Apr 9 16:44:10 2008
Wed Apr 9 16:44:10 2008 -> clamd daemon 0.92.1 (OS: linux-gnu, ARCH: i386,
CPU: i486)
Wed Apr 9 16:44:10 2008 -> Log file size limit disabled.
Wed Apr 9 16:44:10 2008 -> Reading databases from /var/lib/clamav
Wed Apr 9 16:44:10 2008 -> Not loading PUA signatures.
Wed Apr 9 16:44:14 2008 -> Loaded 248771 signatures.
Wed Apr 9 16:44:14 2008 -> Unix socket file /var/run/clamav/clamd.ctl

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

hose 04-09-2008 11:57 PM

clamsmtp : unix socket problem
 
On Apr 9, 2008, at 6:47 PM, Mike Bird wrote:

On Wed April 9 2008 16:35:48 hose wrote:

The socket isn't created immediately - clamav has to read in all the
definitions from its database, which can take awhile. On a dual P3 I
have it takes over 20 minutes sometimes if it reloads everything, and
on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the
same thing.


Here it takes 4 seconds on a 2.4GHz P4. Am I missing something?

Wed Apr 9 16:44:10 2008 -> +++ Started at Wed Apr 9 16:44:10 2008
Wed Apr 9 16:44:10 2008 -> clamd daemon 0.92.1 (OS: linux-gnu,
ARCH: i386,

CPU: i486)
Wed Apr 9 16:44:10 2008 -> Log file size limit disabled.
Wed Apr 9 16:44:10 2008 -> Reading databases from /var/lib/clamav
Wed Apr 9 16:44:10 2008 -> Not loading PUA signatures.
Wed Apr 9 16:44:14 2008 -> Loaded 248771 signatures.
Wed Apr 9 16:44:14 2008 -> Unix socket file /var/run/clamav/clamd.ctl

--Mike Bird


Interesting... on all the clamav machines I admin (admittedly this is
only four) I've always had the delay in loading the sigs:


From one server (the dual xeon):
Tue Apr 1 02:55:53 2008 -> Reading databases from /var/lib/clamav
Tue Apr 1 03:07:20 2008 -> Loaded 323514 signatures.
Tue Apr 1 03:07:20 2008 -> Unix socket file /var/run/clamav/clamd.ctl

From the dual P3:
Tue Mar 25 15:06:34 2008 -> Reading databases from /var/lib/clamav
Tue Mar 25 15:20:08 2008 -> Loaded 316396 signatures.
Tue Mar 25 15:20:08 2008 -> Unix socket file /var/run/clamav/clamd.ctl

And most painfully, from a single P3 we keep around for nostalgia:
Sun Apr 6 23:50:27 2008 -> Reading databases from /var/lib/clamav
Mon Apr 7 00:52:24 2008 -> Loaded 306287 signatures.
Mon Apr 7 00:52:24 2008 -> Unix socket file /var/run/clamav/clamd.ctl

I wonder what the deal is. Maybe something to do with PUA signatures,
but strangely enough I never remember turning on that option to begin
with.


hose


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

hose 04-10-2008 12:02 AM

clamsmtp : unix socket problem
 
On Apr 9, 2008, at 6:57 PM, hose wrote:



On Apr 9, 2008, at 6:47 PM, Mike Bird wrote:

On Wed April 9 2008 16:35:48 hose wrote:

The socket isn't created immediately - clamav has to read in all the
definitions from its database, which can take awhile. On a dual
P3 I
have it takes over 20 minutes sometimes if it reloads everything,
and

on a dual Xeon 2.6 with HT, it can take 10 or so minutes to do the
same thing.


Here it takes 4 seconds on a 2.4GHz P4. Am I missing something?

Wed Apr 9 16:44:10 2008 -> +++ Started at Wed Apr 9 16:44:10 2008
Wed Apr 9 16:44:10 2008 -> clamd daemon 0.92.1 (OS: linux-gnu,
ARCH: i386,

CPU: i486)
Wed Apr 9 16:44:10 2008 -> Log file size limit disabled.
Wed Apr 9 16:44:10 2008 -> Reading databases from /var/lib/clamav
Wed Apr 9 16:44:10 2008 -> Not loading PUA signatures.
Wed Apr 9 16:44:14 2008 -> Loaded 248771 signatures.
Wed Apr 9 16:44:14 2008 -> Unix socket file /var/run/clamav/
clamd.ctl


--Mike Bird


Interesting... on all the clamav machines I admin (admittedly this
is only four) I've always had the delay in loading the sigs:


From one server (the dual xeon):
Tue Apr 1 02:55:53 2008 -> Reading databases from /var/lib/clamav
Tue Apr 1 03:07:20 2008 -> Loaded 323514 signatures.
Tue Apr 1 03:07:20 2008 -> Unix socket file /var/run/clamav/clamd.ctl

From the dual P3:
Tue Mar 25 15:06:34 2008 -> Reading databases from /var/lib/clamav
Tue Mar 25 15:20:08 2008 -> Loaded 316396 signatures.
Tue Mar 25 15:20:08 2008 -> Unix socket file /var/run/clamav/clamd.ctl

And most painfully, from a single P3 we keep around for nostalgia:
Sun Apr 6 23:50:27 2008 -> Reading databases from /var/lib/clamav
Mon Apr 7 00:52:24 2008 -> Loaded 306287 signatures.
Mon Apr 7 00:52:24 2008 -> Unix socket file /var/run/clamav/clamd.ctl

I wonder what the deal is. Maybe something to do with PUA
signatures, but strangely enough I never remember turning on that
option to begin with.


hose


Actually, it looks like you're running clamd .92.1. I'm currently
running the version that comes with etch - .90.1. Maybe there's a
huge diff in loading times, ie, they reload only changed parts of the
db (sort of like how they implemented partial diff downloads for
updates in the later versions). Now it's going to bother me until I
figure out why...


hose


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Mike Bird 04-10-2008 12:12 AM

clamsmtp : unix socket problem
 
Hose,

I turned on PUA signatures and got 3 seconds - not a significant
difference.

You seem to have a lot more signatures than I. Here's my clamd.conf
and my /var/lib/clamav. Any thoughts?

--Mike


# cat /etc/clamav/clamd.conf
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
TemporaryDirectory /tmp
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ArchiveBlockMax false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures true
PhishingScanURLs true
PhishingRestrictedScan true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA true
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
# cd /var/lib/clamav
# ls -l *
-rw-r--r-- 1 clamav clamav 124218 2006-08-29 23:51 clamav-03676d29ae5d080a
-rw------- 1 clamav clamav 1196 2008-04-09 16:17 mirrors.dat

daily.inc:
total 1240
-rw-r--r-- 1 clamav clamav 17992 2007-04-26 00:59 COPYING
-rw-r--r-- 1 clamav clamav 106 2008-03-21 11:30 daily.cfg
-rw-r--r-- 1 clamav clamav 26014 2008-04-06 14:09 daily.db
-rw-r--r-- 1 clamav clamav 4875 2008-04-07 02:12 daily.fp
-rw-r--r-- 1 clamav clamav 5607 2008-02-26 12:07 daily.ftm
-rw-r--r-- 1 clamav clamav 275 2008-04-07 16:12 daily.hdb
-rw-r--r-- 1 clamav clamav 1224 2008-02-05 08:06 daily.hdu
-rw-r--r-- 1 clamav clamav 629 2008-04-09 10:17 daily.info
-rw-r--r-- 1 clamav clamav 892009 2008-04-09 10:17 daily.mdb
-rw-r--r-- 1 clamav clamav 33422 2008-04-08 03:15 daily.mdu
-rw-r--r-- 1 clamav clamav 227183 2008-04-09 08:17 daily.ndb
-rw-r--r-- 1 clamav clamav 6824 2008-04-06 05:02 daily.ndu
-rw-r--r-- 1 clamav clamav 3218 2008-03-26 16:17 daily.pdb
-rw-r--r-- 1 clamav clamav 1454 2008-02-27 11:08 daily.wdb
-rw-r--r-- 1 clamav clamav 2922 2007-09-03 11:53 daily.zmd

main.inc:
total 27616
-rw-r--r-- 1 clamav clamav 17992 2007-04-10 16:41 COPYING
-rw-r--r-- 1 clamav clamav 4733425 2008-04-06 14:08 main.db
-rw-r--r-- 1 clamav clamav 4815 2008-04-06 14:08 main.fp
-rw-r--r-- 1 clamav clamav 652769 2008-04-06 14:08 main.hdb
-rw-r--r-- 1 clamav clamav 318 2008-04-06 14:08 main.info
-rw-r--r-- 1 clamav clamav 7864180 2008-04-06 14:08 main.mdb
-rw-r--r-- 1 clamav clamav 14934069 2008-04-06 14:08 main.ndb
-rw-r--r-- 1 clamav clamav 217 2007-04-10 16:41 main.zmd


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Mike Bird 04-10-2008 12:21 AM

clamsmtp : unix socket problem
 
On Wed April 9 2008 17:02:23 hose wrote:
> Actually, it looks like you're running clamd .92.1. I'm currently
> running the version that comes with etch - .90.1. Maybe there's a
> huge diff in loading times, ie, they reload only changed parts of the
> db (sort of like how they implemented partial diff downloads for
> updates in the later versions). Now it's going to bother me until I
> figure out why...

We're running Etch with clamav-daemon 0.92.1~dfsg-1volatile1 from
volatile. However I don't recall it being slow with the original Etch.
Kernel is Linux version 2.6.18-6-686 (Debian 2.6.18.dfsg.1-18etch1).

--Mike Bird


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

hose 04-10-2008 04:36 AM

clamsmtp : unix socket problem
 
On Apr 9, 2008, at 7:12 PM, Mike Bird wrote:

Hose,

I turned on PUA signatures and got 3 seconds - not a significant
difference.

You seem to have a lot more signatures than I. Here's my clamd.conf
and my /var/lib/clamav. Any thoughts?

--Mike


# cat /etc/clamav/clamd.conf
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
TemporaryDirectory /tmp
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ArchiveBlockMax false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures true
PhishingScanURLs true
PhishingRestrictedScan true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA true
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
# cd /var/lib/clamav
# ls -l *
-rw-r--r-- 1 clamav clamav 124218 2006-08-29 23:51
clamav-03676d29ae5d080a

-rw------- 1 clamav clamav 1196 2008-04-09 16:17 mirrors.dat

daily.inc:
total 1240
-rw-r--r-- 1 clamav clamav 17992 2007-04-26 00:59 COPYING
-rw-r--r-- 1 clamav clamav 106 2008-03-21 11:30 daily.cfg
-rw-r--r-- 1 clamav clamav 26014 2008-04-06 14:09 daily.db
-rw-r--r-- 1 clamav clamav 4875 2008-04-07 02:12 daily.fp
-rw-r--r-- 1 clamav clamav 5607 2008-02-26 12:07 daily.ftm
-rw-r--r-- 1 clamav clamav 275 2008-04-07 16:12 daily.hdb
-rw-r--r-- 1 clamav clamav 1224 2008-02-05 08:06 daily.hdu
-rw-r--r-- 1 clamav clamav 629 2008-04-09 10:17 daily.info
-rw-r--r-- 1 clamav clamav 892009 2008-04-09 10:17 daily.mdb
-rw-r--r-- 1 clamav clamav 33422 2008-04-08 03:15 daily.mdu
-rw-r--r-- 1 clamav clamav 227183 2008-04-09 08:17 daily.ndb
-rw-r--r-- 1 clamav clamav 6824 2008-04-06 05:02 daily.ndu
-rw-r--r-- 1 clamav clamav 3218 2008-03-26 16:17 daily.pdb
-rw-r--r-- 1 clamav clamav 1454 2008-02-27 11:08 daily.wdb
-rw-r--r-- 1 clamav clamav 2922 2007-09-03 11:53 daily.zmd

main.inc:
total 27616
-rw-r--r-- 1 clamav clamav 17992 2007-04-10 16:41 COPYING
-rw-r--r-- 1 clamav clamav 4733425 2008-04-06 14:08 main.db
-rw-r--r-- 1 clamav clamav 4815 2008-04-06 14:08 main.fp
-rw-r--r-- 1 clamav clamav 652769 2008-04-06 14:08 main.hdb
-rw-r--r-- 1 clamav clamav 318 2008-04-06 14:08 main.info
-rw-r--r-- 1 clamav clamav 7864180 2008-04-06 14:08 main.mdb
-rw-r--r-- 1 clamav clamav 14934069 2008-04-06 14:08 main.ndb
-rw-r--r-- 1 clamav clamav 217 2007-04-10 16:41 main.zmd




I currently only have 265244 sigs - it went down for some reason from
before (that line from the log above was from a previous restart, not
just a reloading of the database, but it had the socket creation
line). Another difference - we were having issues with .90.2 not
handling freshclam updates very well - since it was considered out of
date by clamav standards, the mirrors throttled our .diff downloads
significantly, even when we checked only once a day. Because of that,
we turned off ScriptedUpdates, pulled down main.cvd and daily.cvd
manually, restarted, and now freshclam downloads each of those fully
instead of the diffs. Clearly it's not the most efficient way to
update, but it mostly works.


In that vein, it looks like ScriptedUpdates branched your main.cvd
into the directory main.inc and daily.cvd into the directory
daily.inc, and uses some kind of different database. Currently our
clamav setup only has the regular databases and no ScriptedUpdates
directories:


-rw-r--r-- 1 clamav clamav 499635 2008-04-09 03:36 daily.cvd
-rw-r--r-- 1 clamav clamav 13050207 2008-04-07 03:01 main.cvd
-rw------- 1 clamav clamav 988 2008-04-09 20:03 mirrors.dat

This seems to be the only thing I can think of... but you were running
etch's version before without issue. Doh.


hose


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


All times are GMT. The time now is 04:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.