[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] temporary directories left in /var/lib/clamav
From: David Pullman <david.pullman () gmail ! com>
Date: 2017-06-28 13:22:03
Message-ID: CAB2cqJLu0JCQWekwd_SO2GC4JhUgW9x3-19DxyQJ=uAE2rBd0g () mail ! gmail ! com
[Download RAW message or body]
We've updated the cron script to capture the result code and finding that
where we are getting the failures, it's consistently 137. I would guess
this is an OOM situation, but does anyone know if there are other reasons
we might be getting a 137 from a freshclam run?
Thanks!
David
On Wed, Jun 21, 2017 at 7:38 AM, David Pullman <david.pullman@gmail.com>
wrote:
> I've tried to duplicate this a few time since we started seeing it on a
> test instance, but no luck. But we have lots of instances each day in
> production that are having an error. I've just proposed changing the cron
> script to capture the result code to log it, as it's not one of the
> documented codes. Just so we have that info.
>
> David
>
> On Wed, Jun 21, 2017 at 7:35 AM, David Pullman <david.pullman@gmail.com>
> wrote:
>
>> Yes, there were no new temp dirs left after the successful run. I'm
>> wondering if it's a time of day network issue, or perhaps a mirror? I've
>> seen some complaints about a mirror IP that is also in our logs. Don't know.
>>
>> David
>>
>> On Tue, Jun 20, 2017 at 6:25 PM, Steven Morgan <smorgan@sourcefire.com>
>> wrote:
>>
>>> David,
>>>
>>> Thanks, so when you say freshclam "completed successfully" you mean there
>>> were no temp files left?
>>>
>>> Steve
>>>
>>> On Tue, Jun 20, 2017 at 11:21 AM, David Pullman <david.pullman@gmail.com
>>> >
>>> wrote:
>>>
>>> > Steve,
>>> >
>>> > Yes, we run freshclam and then clamscan once each day at 00:03 UTC.
>>> There
>>> > were many days of tmp directories. We ran the freshclam utility by hand
>>> > yesterday, on the instance the logs are from, at about 22:00 UTC, and
>>> it
>>> > completed the download. The subsequent update at 00:03 this morning
>>> > completed successfully as well.
>>> >
>>> > The version is the package install on Ubuntu of clamav and
>>> > clamav-freshclam: 0.99.2+addedllvm-0ubuntu0.14.04.1.
>>> >
>>> > Thanks!
>>> >
>>> > David
>>> >
>>> > On Tue, Jun 20, 2017 at 11:03 AM, Steven Morgan <
>>> smorgan@sourcefire.com>
>>> > wrote:
>>> >
>>> > > David,
>>> > >
>>> > > So freshclam runs every day at ~00:03:00, and to confirm, the temp
>>> > > directories/files are left for each of these runs?
>>> > >
>>> > > Which version of ClamAV are you using?
>>> > >
>>> > > Steve
>>> > >
>>> > > On Tue, Jun 20, 2017 at 7:51 AM, David Pullman <
>>> david.pullman@gmail.com>
>>> > > wrote:
>>> > >
>>> > > > Hi Steve,
>>> > > >
>>> > > > I've gathered some logs from one of the servers that had a bunch
>>> of the
>>> > > > clamor-nnnnnnnnnn.tmp directories over a number of days. I've
>>> > aggregated
>>> > > > seven days of them below (we rotate the log daily). We run
>>> freshclam
>>> > from
>>> > > > cron each day.
>>> > > >
>>> > > > Please let me know if there's any suggestion on how I can get a
>>> > > definitive
>>> > > > reason for this, or correcting this? We have two issues, one is of
>>> > course
>>> > > > that the sigs are not updated, but also on some of the smaller
>>> > instances
>>> > > > the disk space is affected by the tmp files left in
>>> /var/lib/clamav.
>>> > > >
>>> > > > Thanks very much for any suggestions or help!
>>> > > >
>>> > > > Tue Jun 13 00:03:01 2017 -> --------------------------------------
>>> > > > Tue Jun 13 00:03:01 2017 -> ClamAV update process started at Tue
>>> Jun 13
>>> > > > 00:03:01 2017
>>> > > > Tue Jun 13 00:03:01 2017 -> main.cld is up to date (version: 58,
>>> sigs:
>>> > > > 4566249, f-level: 60, builder: sigmgr)
>>> > > > Tue Jun 13 00:03:09 2017 -> Downloading daily-23452.cdiff [100%]
>>> > > > Tue Jun 13 00:03:10 2017 -> Downloading daily-23453.cdiff [100%]
>>> > > > Tue Jun 13 00:03:13 2017 -> Downloading daily-23454.cdiff [100%]
>>> > > > Wed Jun 14 00:03:02 2017 -> --------------------------------------
>>> > > > Wed Jun 14 00:03:02 2017 -> ClamAV update process started at Wed
>>> Jun 14
>>> > > > 00:03:02 2017
>>> > > > Wed Jun 14 00:03:02 2017 -> main.cld is up to date (version: 58,
>>> sigs:
>>> > > > 4566249, f-level: 60, builder: sigmgr)
>>> > > > Wed Jun 14 00:03:38 2017 -> nonblock_connect: connect timing out
>>> (30
>>> > > secs)
>>> > > >
>>> > > >
>>> > > _______________________________________________
>>> > > clamav-users mailing list
>>> > > clamav-users@lists.clamav.net
>>> > > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> > >
>>> > >
>>> > > Help us build a comprehensive ClamAV guide:
>>> > > https://github.com/vrtadmin/clamav-faq
>>> > >
>>> > > http://www.clamav.net/contact.html#ml
>>> > >
>>> > _______________________________________________
>>> > clamav-users mailing list
>>> > clamav-users@lists.clamav.net
>>> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>> >
>>> >
>>> > Help us build a comprehensive ClamAV guide:
>>> > https://github.com/vrtadmin/clamav-faq
>>> >
>>> > http://www.clamav.net/contact.html#ml
>>> >
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>>
>>
>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic