[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & clamav-milter,
From: Robert Kudyba <rkudyba () fordham ! edu>
Date: 2019-07-31 15:21:11
Message-ID: CAFHi+KRxTmwKmvCCr-dTOzC0E9M4VwD3pYxchHg16uqRREjiSA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Indeed we do use clamav-unofficial-sigs from
https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/README.md.
And interesting timing just announced a new version:
Version 6.0 (30 July 2019)
On Wed, Jul 31, 2019 at 10:41 AM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:
> If you don't mind my asking – are you using a large number of third party
> databases? Our official databases have grown quite a bit this year – but I
> wouldn't expect anywhere near 5 minutes for load time. On my laptop this
> morning I see around 45 seconds load time for clamd.
>
>
>
> Every now and then it's prudent to groom the database and remove
> problematic signatures, or consolidate them. We do this on occasion, and
> have an ongoing effort to replace hash-based signatures with logical
> signatures that detect more than one file per signature. I wonder if any
> of the unofficial databases have similar efforts to keep the volume and
> quality of signatures in check.
>
>
>
> Regards,
>
> Micah
>
>
>
> *From: *clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of
> Robert Kudyba <rkudyba@fordham.edu>
> *Reply-To: *ClamAV users ML <clamav-users@lists.clamav.net>
> *Date: *Wednesday, July 31, 2019 at 10:29 AM
> *To: *Reio Remma <reio@mrstuudio.ee>, "clamav-users@lists.clamav.net" <
> clamav-users@lists.clamav.net>
> *Subject: *Re: [clamav-users] ***Spam 3.041*** clamd using 100% CPU in
> Fedora 30 with sendmail & clamav-milter, : Probe for slot 1 returned: failed
>
>
>
> Sorry forgot to include the hive in my responses. So increasing the
> timeout value to 900 did work. I didn't time it but it definitely seems
> like 4-5 minutes to finally start. We rebooted and it started fine.
>
>
>
> Should a big report be created? Would this be in Fedora's Bugzilla, or
> Clamav's bug tracker? Are there any other optimization settings?
>
>
>
> On Jul 31, 2019, at 2:47 AM, Reio Remma <reio@mrstuudio.ee> wrote:
>
>
>
> Just curious, did you note how long it actually took to fully load clamd
> afterwards?
>
> It might be worth taking this to CentOS devs, because the signatures
> database keeps growing and clamd loading time with it.
>
> But it's really an issue with older machines like the one I have here. :D
>
> Good luck!
> Reio
>
>
> On 30/07/2019 23:30, Robert Kudyba wrote:
>
> I did but then I also increased from 600 to 900 and that started the
> daemon. Any idea why this wouldn't be considered a bug?
>
>
>
> Thanks for the response.
>
>
>
> On Tue, Jul 30, 2019 at 3:48 PM Reio Remma <reio@mrstuudio.ee> wrote:
>
> Did you do "systemctl daemon-reload" before restarting the service again?
>
> On 30.07.2019 22:23, Robert Kudyba wrote:
>
> No luck:
>
>
>
> systemd[1]: Starting Generic clamav scanner daemon...
> journalctl -xe
> -- Defined-By: systemd
> -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.freedesktop.org_mailman_ \
> listinfo_systemd-2Ddevel&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0 \
> jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=HeyWNpOta-zU4iUgsT6qIc2Inh2JoVpyP8g7tjAJKuc&e=>
>
> --
> -- An ExecStart= process belonging to unit clamd@scan.service has exited.
> --
> -- The process' exit code is 'killed' and its exit status is 15.
> Jul 30 15:20:21 storm.cis.fordham.edu systemd[1]: clamd@scan.service:
> Failed with result 'timeout'.
> -- Subject: Unit failed
> -- Defined-By: systemd
> -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.freedesktop.org_mailman_ \
> listinfo_systemd-2Ddevel&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0 \
> jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=HeyWNpOta-zU4iUgsT6qIc2Inh2JoVpyP8g7tjAJKuc&e=>
>
> --
> -- The unit clamd@scan.service has entered the 'failed' state with result
> 'timeout'.
> Jul 30 15:20:21 storm.cis.fordham.edu systemd[1]: Failed to start Generic
> clamav scanner daemon.
> -- Subject: A start job for unit clamd@scan.service has failed
> -- Defined-By: systemd
> -- Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.freedesktop.org_mailman_ \
> listinfo_systemd-2Ddevel&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0 \
> jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=HeyWNpOta-zU4iUgsT6qIc2Inh2JoVpyP8g7tjAJKuc&e=>
>
> --
> -- A start job for unit clamd@scan.service has finished with a failure.
> --
> -- The job identifier is 331899 and the job result is failed.
>
>
>
> It's as if clamd continues to try to start as running 'top' shows 100% CPU:
>
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
> COMMAND
> 4949 root 20 0 774044 727648 7736 R 93.8 1.5 1:16.88 clamd
>
>
>
> status shows it's still trying to start:
>
> systemctl status clamd@scan.service
> * clamd@scan.service - Generic clamav scanner daemon
> Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled;
> vendor preset: disabled)
> Active: activating (start) since Tue 2019-07-30 15:21:52 EDT; 26s ago
> Docs: man:clamd(8)
> man:clamd.conf(5)
> https://www.clamav.net/documents/
> <www.clamav.net_documents_&d=Dw" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.clamav.net_documents_&d=Dw> \
> MDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry \
> _m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=2whNina19JXLnZkRg0ik9mRMN2az0Rq8MSra-kr4rGo&e=>
> Cntrl PID: 5175 (clamd)
> Tasks: 1 (limit: 4915)
> Memory: 244.0M
> CGroup: /system.slice/system-clamd.slice/clamd@scan.service
> `-5175 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
>
> Jul 30 15:21:52 ourdomain systemd[1]: Starting Generic clamav scanner
> daemon...
>
>
>
> And just to be sure:
>
> cat /lib/systemd/system/clamd@.service
> [Unit]
> Description = clamd scanner (%i) daemon
> Documentation=man:clamd(8) man:clamd.conf(5)
> https://www.clamav.net/documents/
> <www.clamav.net_documents_&d=Dw" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.clamav.net_documents_&d=Dw> \
> MDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry \
> _m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=2whNina19JXLnZkRg0ik9mRMN2az0Rq8MSra-kr4rGo&e=>
> # Check for database existence
> # ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}
> # ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}
> After = syslog.target nss-lookup.target network.target
>
> [Service]
> Type = forking
> ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
> Restart = on-failure
> TimeoutSec=600
>
>
>
> On Tue, Jul 30, 2019 at 3:12 PM Reio Remma via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> I suspect it's might be the same issue I had a few days back.
>
> Check out the thread "Clamd fails to start with daily.cvd".
>
> As suggested by user Axb:
>
> in file clamd.service
> to section:
> [Service]
> add
> TimeoutSec=900
>
> restart clamd service
>
> I personally increased the limit to 300 seconds. :)
>
> I suspect systemd is killing the process because it goes over the timeout
> threshold when loading the signatures.
>
> Good luck!
> Reio
>
>
> On 30.07.2019 21:58, Robert Kudyba wrote:
>
> rpm -qa clamav-milter
> clamav-milter-0.101.2-2.fc30.x86_64
>
> rpm -qa clamd
> clamd-0.101.2-2.fc30.x86_64
>
>
>
> See some logs and statuses below. clamd takes up all of the CPU. clamd
> does appear to start based on the ps command but you can see the status
> shows no running;
>
>
> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
> COMMAND
> 26618 root 20 0 214188 207576 7996 R 99.0 0.4 0:10.76 clamd
>
> Tue Jul 30 14:30:17 2019 -> WARNING: No clamd server appears to be
> available
> Tue Jul 30 14:31:16 2019 -> Failed to establish a connection to clamd
> Tue Jul 30 14:31:16 2019 -> Probe for slot 1 returned: failed
> Tue Jul 30 14:31:16 2019 -> WARNING: No clamd server appears to be
> available
> Tue Jul 30 14:32:15 2019 -> Failed to establish a connection to clamd
> Tue Jul 30 14:32:15 2019 -> Probe for slot 1 returned: failed
> Tue Jul 30 14:32:15 2019 -> WARNING: No clamd server appears to be
> available
>
> ps -auwx|grep clam
> clamav 2538 0.0 0.0 18348 3156 ? Ss Jul29 0:00
> /usr/bin/freshclam -d -c 4
> clamav 24692 0.0 0.0 19852 10044 ? Ss 14:10 0:00
> /usr/lib/systemd/systemd --user
> clamav 24697 0.0 0.0 181296 5200 ? S 14:10 0:00 (sd-pam)
> clamav 24717 0.0 0.0 113064 3312 ? Ss 14:10 0:00 /bin/sh
> -c [ -x /usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash
> /usr/local/sbin/clamav-unofficial-sigs.sh > /dev/null
> clamav 24718 0.0 0.0 113848 3908 ? S 14:10 0:00
> /usr/bin/bash /usr/local/sbin/clamav-unofficial-sigs.sh
> clamilt 26222 0.0 0.0 88488 588 ? Ssl 14:18 0:00
> /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
> root 26227 99.6 0.5 263348 251924 ? Rs 14:18 0:20
> /usr/sbin/clamd -c /etc/clamd.d/scan.conf
> clamav 26360 1.8 0.0 126316 12992 ? S 14:18 0:00
> /usr/bin/wget --no-check-certificate --quiet --connect-timeout=60
> --random-wait --tries=3 --timeout=180
> --output-document=/var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.hdb
> https://www.securiteinfo.com/get/signatures/6651194e2baf9979742029c715d7dd90c94e2535 \
> 5ca57fdf22c81828f6fe7a3fc01bfbee6c9a20efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1/securiteinfo.hdb\
> <www.securiteinfo.com_get_sign" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.securiteinfo.com_get_sign> \
> atures_6651194e2baf9979742029c715d7dd90c94e25355ca57fdf22c81828f6fe7a3fc01bfbee6c9a2 \
> 0efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1_securiteinfo.hdb-255C&d=DwMDaQ&c \
> =aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-ps \
> V3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=1r9FHRsyaDucqFLyd9_yj6gSAcLUUdcJpWaCvwUs0Lk&e=>
>
> systemctl status clamd@scan.service
> * clamd@scan.service - Generic clamav scanner daemon
> Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled;
> vendor preset: disabled)
> Active: inactive (dead) since Mon 2019-07-29 13:24:11 EDT; 24h ago
> Docs: man:clamd(8)
> man:clamd.conf(5)
> https://www.clamav.net/documents/
> <www.clamav.net_documents_&d=Dw" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.clamav.net_documents_&d=Dw> \
> MDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry \
> _m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=hP9lw6TqqvMhxIcjF0PBc9GJj8nl0wNqMlhW1kf4Y7c&e=>
>
> Jul 29 13:24:09 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
> Jul 29 13:24:11 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: clamd@scan.service: Control process exited, code=killed,
> status=15/TERM
> Jul 29 13:24:11 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: clamd@scan.service: Succeeded.
> Jul 29 13:24:11 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: Stopped Generic clamav scanner daemon.
> Jul 30 04:53:06 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
> Jul 30 11:13:50 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
> Jul 30 11:19:10 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
> Jul 30 14:05:05 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
> Jul 30 14:05:07 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
> Jul 30 14:05:08 ourdomain.edu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&c=aqMfXO \
> EvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY& \
> m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=>
> systemd[1]: /usr/lib/systemd/system/clamd@scan.service:1: .include
> directives are deprecated, and support for them will be removed in a future
> version of systemd. Please use drop-in files instead.
>
> systemctl status clamav-milter
> * clamav-milter.service - Milter module for the Clam Antivirus scanner
> Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled;
> vendor preset: disabled)
> Active: active (running) since Mon 2019-07-29 13:23:46 EDT; 24h ago
> Main PID: 4350 (clamav-milter)
> Tasks: 3 (limit: 4915)
> Memory: 2.6M
> CGroup: /system.slice/clamav-milter.service
> `-4350 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
>
> Jul 29 13:23:45 ourserver systemd[1]: Starting Milter module for the Clam
> Antivirus scanner...
> Jul 29 13:23:46 ourserver systemd[1]: Started Milter module for the Clam
> Antivirus scanner.
>
>
>
> Tue Jul 30 14:20:11 2019 -> +++ Started at Tue Jul 30 14:20:11 2019
> Tue Jul 30 14:20:11 2019 -> Received 0 file descriptor(s) from systemd.
> Tue Jul 30 14:20:11 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH:
> x86_64, CPU: x86_64)
> Tue Jul 30 14:20:11 2019 -> Log file size limited to 1048576 bytes.
> Tue Jul 30 14:20:11 2019 -> Reading databases from /var/lib/clamav
> Tue Jul 30 14:20:11 2019 -> Not loading PUA signatures.
> Tue Jul 30 14:20:11 2019 -> Bytecode: Security mode set to "TrustSigned".
>
>
>
> The uncommented directives in /etc/clamd.d/scan.conf are:
>
> LogFile /var/log/clamd.scan
> LogTime yes
> LogSyslog yes
> DatabaseDirectory /var/lib/clamav
>
> TCPSocket 3310
>
> TCPAddr 127.0.0.1
>
>
>
> I had to disable it in sendmail where I had this in sendmail.mc
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__sendmail.mc&d=DwMDaQ&c=aqMfXOEv \
> EJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m= \
> O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=Nm05g7xhCGkbvqrPNmiCxoaZIINskP8j9ub976PYskg&e=>
> :
>
> INPUT_MAIL_FILTER(`clamav-milter', `S=inet:6666@127.0.0.1, F=,
> T=S:4m;R:4m')dnl
>
>
>
> This all starting happening after a reboot. Any ideas what may be wrong?
>
>
>
>
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_listin \
> fo_clamav-2Dusers&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL \
> 4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=rVn_zGl_O1UjiAHNyHtOlyJgwkE_6XcIIFrinsigLkE&e=
>
>
> Help us build a comprehensive ClamAV guide:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clamav-2Dfa \
> q&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4 \
> tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=Z5xmytT3O_xtlixv-lAMnUWMvP7M5cYq39PojDIkiqw&e=
>
>
> www.clamav.net_contact.html-23ml" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.html-23ml> \
> &d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4t \
> OL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=x3t1vc1Z89JplFjhq4wvGudLgjroGnki8Y4Y8Rar19I&e=
>
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Indeed we do use \
clamav-unofficial-sigs from <a \
href="https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/README.md">htt \
ps://github.com/extremeshok/clamav-unofficial-sigs/blob/master/README.md</a>.</div><div \
dir="ltr"><br></div><div>And interesting timing just announced a new version: \
<br>Version 6.0 (30 July 2019)</div></div></div></div><br><div \
class="gmail_quote"><div class="gmail_attr" dir="ltr">On Wed, Jul 31, 2019 at 10:41 \
AM Micah Snyder (micasnyd) via clamav-users <<a \
href="mailto:clamav-users@lists.clamav.net">clamav-users@lists.clamav.net</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div lang="EN-US">
<div class="gmail-m_7595023846120318760WordSection1">
<p class="MsoNormal">If you don't mind my asking – are you using a large number of \
third party databases? Our official databases have grown quite a bit this year – \
but I wouldn't expect anywhere near 5 minutes for load time. On my laptop this \
morning I see around 45 seconds load time for clamd. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Every now and then it's prudent to groom the database and remove \
problematic signatures, or consolidate them. We do this on occasion, and have an \
ongoing effort to replace hash-based signatures with logical signatures that detect \
more than one file per signature. I wonder if any of the unofficial databases have \
similar efforts to keep the volume and quality of signatures in \
check.<u></u><u></u></p> <p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Regards,<u></u><u></u></p>
<p class="MsoNormal">Micah<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<div style="border-width:1pt medium medium;border-style:solid none \
none;border-color:rgb(181,196,223) currentColor currentColor;padding:3pt 0in 0in"> <p \
class="MsoNormal"><b><span style="color:black;font-size:12pt">From: </span></b><span \
style="color:black;font-size:12pt">clamav-users <<a \
href="mailto:clamav-users-bounces@lists.clamav.net" \
target="_blank">clamav-users-bounces@lists.clamav.net</a>> on behalf of Robert \
Kudyba <<a href="mailto:rkudyba@fordham.edu" \
target="_blank">rkudyba@fordham.edu</a>><br> <b>Reply-To: </b>ClamAV users ML \
<<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Date: </b>Wednesday, \
July 31, 2019 at 10:29 AM<br> <b>To: </b>Reio Remma <<a \
href="mailto:reio@mrstuudio.ee" target="_blank">reio@mrstuudio.ee</a>>, "<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>" <<a \
href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>><br> <b>Subject: </b>Re: \
[clamav-users] ***Spam 3.041*** clamd using 100% CPU in Fedora 30 with sendmail & \
clamav-milter, : Probe for slot 1 returned: failed<u></u><u></u></span></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<p class="MsoNormal">Sorry forgot to include the hive in my responses. So increasing \
the timeout value to 900 did work. I didn't time it but it definitely seems like 4-5 \
minutes to finally start. We rebooted and it started fine. <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Should a big report be created? Would this be in Fedora's \
Bugzilla, or Clamav's bug tracker? Are there any other optimization \
settings?<u></u><u></u></p> <div>
<p class="MsoNormal"><br>
<br>
<u></u><u></u></p>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal">On Jul 31, 2019, at 2:47 AM, Reio Remma <<a \
href="mailto:reio@mrstuudio.ee" target="_blank">reio@mrstuudio.ee</a>> \
wrote:<u></u><u></u></p> </div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">Just curious, did you note how long it actually took to fully \
load clamd afterwards?<br> <br>
It might be worth taking this to CentOS devs, because the signatures database keeps \
growing and clamd loading time with it.<br> <br>
But it's really an issue with older machines like the one I have here. :D<br>
<br>
Good luck!<br>
Reio<br>
<br>
<br>
On 30/07/2019 23:30, Robert Kudyba wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal">I did but then I also increased from 600 to 900 and that started \
the daemon. Any idea why this wouldn't be considered a bug? <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Thanks for the response.<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Tue, Jul 30, 2019 at 3:48 PM Reio Remma <<a \
href="mailto:reio@mrstuudio.ee" target="_blank">reio@mrstuudio.ee</a>> \
wrote:<u></u><u></u></p> </div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none \
solid;border-color:currentColor currentColor currentColor \
rgb(204,204,204);padding:0in 0in 0in 6pt;margin-right:0in;margin-left:4.8pt"> <div>
<div>
<p class="MsoNormal">Did you do "systemctl daemon-reload" before restarting \
the service again?<br> <br>
On 30.07.2019 22:23, Robert Kudyba wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal">No luck: <u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"> systemd[1]: Starting Generic clamav scanner daemon...<br>
journalctl -xe<br>
-- Defined-By: systemd<br>
-- Support: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.freede \
sktop.org_mailman_listinfo_systemd-2Ddevel&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0 \
sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK \
2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=HeyWNpOta-zU4iUgsT6qIc2Inh2JoVpyP8g7tjAJKuc&e=" \
target="_blank"> https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a><br>
--<br>
-- An ExecStart= process belonging to unit <a href="mailto:clamd@scan.service" \
target="_blank"> clamd@scan.service</a> has exited.<br>
--<br>
-- The process' exit code is 'killed' and its exit status is 15.<br>
Jul 30 15:20:21 <a href="http://storm.cis.fordham.edu/" \
target="_blank">storm.cis.fordham.edu</a> systemd[1]: <a \
href="mailto:clamd@scan.service" target="_blank">clamd@scan.service</a>: Failed with \
result 'timeout'.<br>
-- Subject: Unit failed<br>
-- Defined-By: systemd<br>
-- Support: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.freede \
sktop.org_mailman_listinfo_systemd-2Ddevel&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0 \
sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK \
2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=HeyWNpOta-zU4iUgsT6qIc2Inh2JoVpyP8g7tjAJKuc&e=" \
target="_blank"> https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a><br>
--<br>
-- The unit <a href="mailto:clamd@scan.service" \
target="_blank">clamd@scan.service</a> has entered the 'failed' state with \
result 'timeout'.<br> Jul 30 15:20:21 <a href="http://storm.cis.fordham.edu/" \
target="_blank">storm.cis.fordham.edu</a> systemd[1]: Failed to start Generic clamav \
scanner daemon.<br>
-- Subject: A start job for unit <a href="mailto:clamd@scan.service" target="_blank">
clamd@scan.service</a> has failed<br>
-- Defined-By: systemd<br>
-- Support: <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.freede \
sktop.org_mailman_listinfo_systemd-2Ddevel&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0 \
sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK \
2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=HeyWNpOta-zU4iUgsT6qIc2Inh2JoVpyP8g7tjAJKuc&e=" \
target="_blank"> https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a><br>
--<br>
-- A start job for unit <a href="mailto:clamd@scan.service" \
target="_blank">clamd@scan.service</a> has finished with a \
failure.<br>
--<br>
-- The job identifier is 331899 and the job result is failed.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">It's as if clamd continues to try to start as running \
'top' shows 100% CPU:<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"> PID USER PR NI VIRT RES SHR S %CPU \
%MEM TIME+ COMMAND<br> 4949 root 20 0 774044 727648 7736 R \
93.8 1.5 1:16.88 clamd<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">status shows it's still trying to start:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> systemctl status <a href="mailto:clamd@scan.service" \
target="_blank"> clamd@scan.service</a><br>
* <a href="mailto:clamd@scan.service" target="_blank">clamd@scan.service</a> - \
Generic clamav scanner daemon<br> Loaded: loaded (/<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>; enabled; vendor \
preset: disabled)<br>
Active: activating (start) since Tue 2019-07-30 15:21:52 EDT; 26s ago<br>
Docs: man:clamd(8)<br>
man:clamd.conf(5)<br>
<a href="www.cla" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cla> \
mav.net_documents_&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM& \
r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=2whNina19JXLnZkRg0ik9mRMN2az0Rq8MSra-kr4rGo&e=" \
target="_blank">https://www.clamav.net/documents/</a><br> Cntrl PID: 5175 (clamd)<br>
Tasks: 1 (limit: 4915)<br>
Memory: 244.0M<br>
CGroup: /<a href="mailto:system.slice/system-clamd.slice/clamd@scan.service" \
target="_blank">system.slice/system-clamd.slice/clamd@scan.service</a><br> `-5175 \
/usr/sbin/clamd -c /etc/clamd.d/scan.conf<br> <br>
Jul 30 15:21:52 ourdomain systemd[1]: Starting Generic clamav scanner \
daemon...<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">And just to be sure:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">cat /lib/systemd/system/clamd@.service<br>
[Unit]<br>
Description = clamd scanner (%i) daemon<br>
Documentation=man:clamd(8) man:clamd.conf(5) <a \
href="www.clamav.net_documents_&a" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.clamav.net_documents_&a> \
mp;d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVt \
R3lLNo4tOL1ry_m7-psV3GejY&m=qdbDc4JHdK2uYYGA7aB9lPX-XVVvrrkt2cBbMiopJX4&s=2whNina19JXLnZkRg0ik9mRMN2az0Rq8MSra-kr4rGo&e=" \
target="_blank"> https://www.clamav.net/documents/</a><br>
# Check for database existence<br>
# ConditionPathExistsGlob=@DBDIR@/main.{c[vl]d,inc}<br>
# ConditionPathExistsGlob=@DBDIR@/daily.{c[vl]d,inc}<br>
After = syslog.target nss-lookup.target network.target<br>
<br>
[Service]<br>
Type = forking<br>
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf<br>
Restart = on-failure<br>
TimeoutSec=600<u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Tue, Jul 30, 2019 at 3:12 PM Reio Remma via clamav-users \
<<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a>> wrote:<u></u><u></u></p> </div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none \
solid;border-color:currentColor currentColor currentColor \
rgb(204,204,204);padding:0in 0in 0in 6pt;margin-right:0in;margin-left:4.8pt"> <div>
<div>
<p class="MsoNormal">I suspect it's might be the same issue I had a few days \
back.<br> <br>
Check out the thread "Clamd fails to start with daily.cvd".<br>
<br>
As suggested by user Axb: <br>
<br>
in file clamd.service <br>
to section: <br>
[Service] <br>
add <br>
TimeoutSec=900 <br>
<br>
restart clamd service <br>
<br>
I personally increased the limit to 300 seconds. :)<br>
<br>
I suspect systemd is killing the process because it goes over the timeout threshold \
when loading the signatures.<br> <br>
Good luck!<br>
Reio<br>
<br>
<br>
On 30.07.2019 21:58, Robert Kudyba wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<div>
<p class="MsoNormal">rpm -qa clamav-milter<br>
clamav-milter-0.101.2-2.fc30.x86_64<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">rpm -qa clamd<br>
clamd-0.101.2-2.fc30.x86_64<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">See some logs and statuses below. clamd takes up all of the CPU. \
clamd does appear to start based on the ps command but you can see the status shows \
no running;<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><br>
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ \
COMMAND<br> 26618 root 20 0 214188 207576 7996 R 99.0 0.4 \
0:10.76 clamd<br> <br>
Tue Jul 30 14:30:17 2019 -> WARNING: No clamd server appears to be available<br>
Tue Jul 30 14:31:16 2019 -> Failed to establish a connection to clamd<br>
Tue Jul 30 14:31:16 2019 -> Probe for slot 1 returned: failed<br>
Tue Jul 30 14:31:16 2019 -> WARNING: No clamd server appears to be available<br>
Tue Jul 30 14:32:15 2019 -> Failed to establish a connection to clamd<br>
Tue Jul 30 14:32:15 2019 -> Probe for slot 1 returned: failed<br>
Tue Jul 30 14:32:15 2019 -> WARNING: No clamd server appears to be available<br>
<br>
ps -auwx|grep clam<br>
clamav 2538 0.0 0.0 18348 3156 ? Ss Jul29 0:00 \
/usr/bin/freshclam -d -c 4<br> clamav 24692 0.0 0.0 19852 10044 ? \
Ss 14:10 0:00 /usr/lib/systemd/systemd --user<br> clamav 24697 0.0 0.0 \
181296 5200 ? S 14:10 0:00 (sd-pam)<br> clamav 24717 0.0 \
0.0 113064 3312 ? Ss 14:10 0:00 /bin/sh -c [ -x \
/usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash \
/usr/local/sbin/clamav-unofficial-sigs.sh > /dev/null<br> clamav 24718 0.0 \
0.0 113848 3908 ? S 14:10 0:00 /usr/bin/bash \
/usr/local/sbin/clamav-unofficial-sigs.sh<br> clamilt 26222 0.0 0.0 88488 \
588 ? Ssl 14:18 0:00 /usr/sbin/clamav-milter -c \
/etc/mail/clamav-milter.conf<br> root 26227 99.6 0.5 263348 251924 ? \
Rs 14:18 0:20 /usr/sbin/clamd -c /etc/clamd.d/scan.conf<br> clamav 26360 \
1.8 0.0 126316 12992 ? S 14:18 0:00 /usr/bin/wget \
--no-check-certificate --quiet --connect-timeout=60 --random-wait --tries=3 \
--timeout=180 --output-document=/var/lib/clamav-unofficial-sigs/dbs-si/securiteinfo.hdb
<a href="www.securiteinfo.com_ge" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.securiteinfo.com_ge> \
t_signatures_6651194e2baf9979742029c715d7dd90c94e25355ca57fdf22c81828f6fe7a3fc01bfbee6 \
c9a20efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1_securiteinfo.hdb-255C&d=Dw \
MDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4 \
tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=1r9FHRsyaDucqFLyd9_yj6gSAcLUUdcJpWaCvwUs0Lk&e=" \
target="_blank"> https://www.securiteinfo.com/get/signatures/6651194e2baf9979742029c71 \
5d7dd90c94e25355ca57fdf22c81828f6fe7a3fc01bfbee6c9a20efa17559c52a04cc4aab1cbe6810596bb16afae8518a9400d1/securiteinfo.hdb\</a><br>
<br>
systemctl status <a href="mailto:clamd@scan.service" \
target="_blank">clamd@scan.service</a><br>
* <a href="mailto:clamd@scan.service" target="_blank">clamd@scan.service</a> - \
Generic clamav scanner daemon<br> Loaded: loaded (/<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>; enabled; vendor \
preset: disabled)<br>
Active: inactive (dead) since Mon 2019-07-29 13:24:11 EDT; 24h ago<br>
Docs: man:clamd(8)<br>
man:clamd.conf(5)<br>
<a href="www.cla" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cla> \
mav.net_documents_&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM& \
r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=hP9lw6TqqvMhxIcjF0PBc9GJj8nl0wNqMlhW1kf4Y7c&e=" \
target="_blank">https://www.clamav.net/documents/</a><br> <br>
Jul 29 13:24:09 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
Jul 29 13:24:11 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: <a href="mailto:clamd@scan.service" \
target="_blank"> clamd@scan.service</a>: Control process exited, code=killed, \
status=15/TERM<br> Jul 29 13:24:11 <a \
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&a \
mp;c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry \
_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: <a href="mailto:clamd@scan.service" \
target="_blank"> clamd@scan.service</a>: Succeeded.<br>
Jul 29 13:24:11 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: Stopped Generic clamav scanner \
daemon.<br> Jul 30 04:53:06 <a \
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain.edu&d=DwMDaQ&a \
mp;c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry \
_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
Jul 30 11:13:50 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
Jul 30 11:19:10 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
Jul 30 14:05:05 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
Jul 30 14:05:07 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
Jul 30 14:05:08 <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__ourdomain \
.edu&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4 \
iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=6m-MquKuRi80BkM8EQ7xbHz37fXGqKYU2rpZtozbpfo&e=" \
target="_blank"> ourdomain.edu</a> systemd[1]: /<a \
href="mailto:usr/lib/systemd/system/clamd@scan.service" \
target="_blank">usr/lib/systemd/system/clamd@scan.service</a>:1: .include directives \
are deprecated, and support for them will be removed in a future version of systemd. \
Please use drop-in files instead.<br>
<br>
systemctl status clamav-milter<br>
* clamav-milter.service - Milter module for the Clam Antivirus scanner<br>
Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled; vendor \
preset: disabled)<br>
Active: active (running) since Mon 2019-07-29 13:23:46 EDT; 24h ago<br>
Main PID: 4350 (clamav-milter)<br>
Tasks: 3 (limit: 4915)<br>
Memory: 2.6M<br>
CGroup: /system.slice/clamav-milter.service<br>
`-4350 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf<br>
<br>
Jul 29 13:23:45 ourserver systemd[1]: Starting Milter module for the Clam Antivirus \
scanner...<br> Jul 29 13:23:46 ourserver systemd[1]: Started Milter module for \
the Clam Antivirus scanner.<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Tue Jul 30 14:20:11 2019 -> +++ Started at Tue Jul 30 \
14:20:11 2019<br> Tue Jul 30 14:20:11 2019 -> Received 0 file descriptor(s) from \
systemd.<br> Tue Jul 30 14:20:11 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, \
ARCH: x86_64, CPU: x86_64)<br> Tue Jul 30 14:20:11 2019 -> Log file size limited \
to 1048576 bytes.<br> Tue Jul 30 14:20:11 2019 -> Reading databases from \
/var/lib/clamav<br> Tue Jul 30 14:20:11 2019 -> Not loading PUA signatures.<br>
Tue Jul 30 14:20:11 2019 -> Bytecode: Security mode set to \
"TrustSigned".<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The uncommented directives in /etc/clamd.d/scan.conf \
are:<u></u><u></u></p> </div>
<div>
<p class="MsoNormal">LogFile /var/log/clamd.scan<br>
LogTime yes<br>
LogSyslog yes<br>
DatabaseDirectory /var/lib/clamav<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">TCPSocket 3310<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">TCPAddr 127.0.0.1<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I had to disable it in sendmail where I had this in <a \
href="https://urldefense.proofpoint.com/v2/url?u=http-3A__sendmail.mc&d=DwMDaQ& \
;c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m \
7-psV3GejY&m=O-HFjqRKx8lUg5kjTbP_aR07F4djoMOoFcS0SywdWWk&s=Nm05g7xhCGkbvqrPNmiCxoaZIINskP8j9ub976PYskg&e=" \
target="_blank"> sendmail.mc</a>:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">INPUT_MAIL_FILTER(`clamav-milter', `S=<a \
href="mailto:inet%3A6666@127.0.0.1" target="_blank">inet:6666@127.0.0.1</a>, F=, \
T=S:4m;R:4m')dnl<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This all starting happening after a reboot. Any ideas what may \
be wrong?<u></u><u></u></p> </div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
<br>
_______________________________________________<br>
<br>
clamav-users mailing list<br>
<a href="mailto:clamav-users@lists.clamav.net" \
target="_blank">clamav-users@lists.clamav.net</a><br> <a \
href="https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.clamav.net_mailman_li \
stinfo_clamav-2Dusers&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&a \
mp;r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=rVn_zGl_O1UjiAHNyHtOlyJgwkE_6XcIIFrinsigLkE&e=" \
target="_blank" rel="noreferrer">https://urldefense.proofpoint.com/v2/url?u=https-3A__ \
lists.clamav.net_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=aqMfXOEvEJQh2iQMCb \
7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9 \
heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=rVn_zGl_O1UjiAHNyHtOlyJgwkE_6XcIIFrinsigLkE&e=</a> \
<br> <br>
<br>
Help us build a comprehensive ClamAV guide:<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_vrtadmin_clam \
av-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0s \
L4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=Z5xmytT3O_xtlixv-lAMnUWMvP7M5cYq39PojDIkiqw&e=" \
target="_blank" rel="noreferrer">https://urldefense.proofpoint.com/v2/url?u=https-3A__ \
github.com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqAD \
c2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo \
2B3wZCj1T26xVbRo-mWUFAQ&s=Z5xmytT3O_xtlixv-lAMnUWMvP7M5cYq39PojDIkiqw&e=</a> \
<br> <br>
<a href="www.clamav.net_contact.ht" rel="nofollow">https://urldefense.proofpoint.com/v2/url?u=http-3A__www.clamav.net_contact.ht> \
ml-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL \
4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2B3wZCj1T26xVbRo-mWUFAQ&s=x3t1vc1Z89JplFjhq4wvGudLgjroGnki8Y4Y8Rar19I&e=" \
target="_blank" rel="noreferrer">https://urldefense.proofpoint.com/v2/url?u=http-3A__w \
ww.clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc \
2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=04c9heKZPbuf9_CC1Vlo2 \
B3wZCj1T26xVbRo-mWUFAQ&s=x3t1vc1Z89JplFjhq4wvGudLgjroGnki8Y4Y8Rar19I&e=</a> \
<br> </blockquote></div>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic