New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clamonacc and stat() #857
Comments
Hi, I am not sure at this point what would cause this. Have you tried decreasing your LogFileMaxSize in clamd.conf to determine if it will still crash? Thanks, |
Hi Andy,
thank you for your e-mail and sorry for my bad english…
I decreased the LogFileMaxSize but nothing realy changed.
After clamd and clamonacc are started both works as i expect. Opening the eicar-testfile clamonacc and clamd will log this event. If i afterwards „open“ a MS-office-file on samba-directory for half a hour and save this file clamd produces log-files (see figur) with the described errors and warnings and clamonacc doesn’t work correctly anymore. When now the eicar-testfile is opened whether clamonacc nor clamd will recognise it. Reducing LogFileMaxSize reduces only „the number of logfiles“.
Because of your hint I use in clamd.conf only the defaults now and it seems that both clamd and clamonacc works fine. Now clamd logs only once the „File path check failure…“ when a MS-Office-file is opened. Clanonacc continues to work normally…
I have to addmit, that I changend the defaults in clamd.conf because I didn’t get started clamd and clamonacc. But the reason for the troubles was that max_user_watches in inotify was set wrong. The number of files in the samba-directory is apparently to large for the default max_user_watches (1024?) in inotify so clamd and clamonacc can’t start. Please excuse the circumstances I suspected.
***@***.***
Thanks you for hint,
Gerhard
Von: ragusaa ***@***.***>
Gesendet: Montag, 13. März 2023 19:10
An: Cisco-Talos/clamav ***@***.***>
Cc: Saller, Gerhard ***@***.***>; Author ***@***.***>
Betreff: Re: [Cisco-Talos/clamav] clamonacc and stat() (Issue #857)
Hi,
I am not sure at this point what would cause this. Have you tried decreasing your LogFileMaxSize in clamd.conf to determine if it will still crash?
Thanks,
Andy
—
Reply to this email directly, view it on GitHub<#857 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASUNKFEI2D5QWQRGDYAWY6LW35PFXANCNFSM6AAAAAAVUZMYZM>.
You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>
|
Hi Gerhard, Your English is fine, don't worry about it :) I believe this is a bug, and I will create a ticket internally, so that we can track it, but unfortunately I don't know when it will be scheduled. I appreciate you reporting this, and I will let you know when we have time to work on it. Thanks, |
I want to use clamd and clamonacc on a fileserver (Debian 11) for samba directories. Usually it works fine. But when a MS-Office-file or document (esp. in excel) is opend for more then 1 hour (from a Windows-Client) with out any changes and then works with this MS-Office-file goes on clamd causes errors (clamav 1.0.1 and with clamav stable version of Debian 11).
clamd.log:
Tue Mar 7 17:06:25 2023 -> WARNING: File path check failure for: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/02 EB mit neuen Anlagen.xlsx
Tue Mar 7 17:06:25 2023 -> WARNING: File path check failure on: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/02 EB mit neuen Anlagen.xlsx
Tue Mar 7 17:06:25 2023 -> WARNING: File path check failure for: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/02 EB mit neuen Anlagen.xlsx
Tue Mar 7 17:06:25 2023 -> WARNING: File path check failure on: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/02 EB mit neuen Anlagen.xlsx
.
.
.
later on
Tue Mar 7 17:06:26 2023 -> WARNING: File path check failure for: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/77EF24F1.tmp
Tue Mar 7 17:06:26 2023 -> WARNING: File path check failure on: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/77EF24F1.tmp
Tue Mar 7 17:06:26 2023 -> WARNING: File path check failure for: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/77EF24F1.tmp
Tue Mar 7 17:06:26 2023 -> WARNING: File path check failure on: /home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/77EF24F1.tmp
.
.
.
clamd produces log-files till clamd is stopped with (or no place left on harddisk)
pkill -SIGTERM clamd
clamonacc can not be stopped with -SIGTERM only be killed but I got onetime a "warning" in clamonacc.log
clamonacc.log:
/home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/7C895913.tmp: stat() failed with No such file or directory, clamd may not be responding
/home/data/01_PROJEKTE/01_Projekte/Firma/1_Projektdokumentation/Standort-W-Konzept 2022/Energiebilanzen/7C895913.tmp: stat() failed with No such file or directory, clamd may not be responding
ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
What do I wrong? I can't find any issues here or at the mailing-list...
Checking configuration files in /etc/clamav
Config file: clamd.conf
LogFile = "/var/log/clamav/clamd.log"
LogFileMaxSize = "2097152"
LogTime = "yes"
LogRotate = "yes"
LocalSocket = "/tmp/clamd.socket"
LocalSocketMode = "660"
MaxThreads = "20"
ReadTimeout = "300"
MaxQueue = "200"
MaxDirectoryRecursion = "12"
ExitOnOOM = "yes"
DetectPUA = "yes"
ScanHTML disabled
MaxScanSize = "4194304000"
MaxFileSize = "1572864000"
MaxFiles = "20000"
MaxEmbeddedPE = "104857600"
PCREMaxFileSize = "419430400"
OnAccessIncludePath = "/home"
OnAccessExcludePath = "/home/data/03_VERWALTUNG/10_Sicherung"
OnAccessExcludeRootUID = "yes"
OnAccessExcludeUname = "root"
OnAccessMaxFileSize = "52428800"
OnAccessMaxThreads = "15"
OnAccessRetryAttempts = "3"
Config file: freshclam.conf
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogRotate = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
Checks = "24"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
MaxAttempts = "5"
clamav-milter.conf not found
Software settings
Version: 0.103.8
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
Database directory: /var/lib/clamav
daily.cld: version 26835, sigs: 2025005, built on Wed Mar 8 09:35:43 2023
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023
[3rd Party] mywhitelist.ign2: 2 sigs
Total number of signatures: 8672525
Platform information
uname: Linux 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 11 (bullseye)
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a21818108000000000a0201
Build information
GNU C: 10.2.1 20210110 (10.2.1)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 8
Engine flevel: 129, dconf: 129
The text was updated successfully, but these errors were encountered: