I've been having problems with the clamd socket staying put on a Centos 3 box. The socket will sporadically become a directory, clamd will fail and I will have to reinstall. When you try to restart it tells me this:
If I reinstall it (sometimes) comes right back up. Sometimes I have to remove all clam related files from /tmp before it will come back.
Updated:
Just failed again, creating directory in tmp (named "clamav-" followed by random string of chars) containing main.db and info. It did restart on its own this time. But I have no idea as tot he cause, I've not changed a thing in set up at all.. could this be due to ver .93 and the past incompatabilities? TIA
We have not seen this before. Make sure that you're not running out of disk space for the /tmp/ partition and that the permissions of the /tmp/ directory are 1777. Could be that you ave a corrupt /tmp/ partition.
Yes, it's strange. I made sure of both of those criteria before posting. Dir was set to 1777 and it hovers around 25% according to df over the last few days. I switched back to clamav in MS settings to try "something" and that worked well over the last few days. But higher load averages are forcing me to move back to clamd. I may uninstall and reinstall anew if it fails too often in the coming days...
Well, since posting above it failed three more times, so I decided to monitor what was happening a little more closely (debug). In the clamd.log file I see this at the point of failure:
Thu May 29 10:52:01 2008 -> No stats for Database check - forcing reload
Thu May 29 10:52:01 2008 -> Reading databases from /usr/local/share/clamav
Thu May 29 10:52:04 2008 -> ERROR: reload db failed: CVD extraction failure
Thu May 29 10:52:04 2008 -> Terminating because of a fatal error.
Thu May 29 10:52:13 2008 -> Shutting down the main socket.
Thu May 29 10:52:13 2008 -> Closing the main socket.
Thu May 29 10:52:13 2008 -> Socket file removed.
Thu May 29 10:52:13 2008 -> --- Stopped at Thu May 29 10:52:13 2008
Thus, solving the mystery of why the socket disappears. I'm still not sure why extraction is failing. My tmp directory isn't even half full. I've removed all the db's and started over and will report back if/when I see another failure.
UPDATE: I've uninstalled clamav by changing virus scanning to 'none' in MS and then stopping and removing all traces of clamav from the system. I then reinstalled clamav and forced a reinstall of MS to be sure the two meshed with no problems. It seems to be working fine now. No crashes or problems since the reinstall.
Sat Jun 7 10:48:28 2008 -> No stats for Database check - forcing reload
Sat Jun 7 10:48:28 2008 -> Reading databases from /usr/local/share/clamav
Sat Jun 7 10:48:30 2008 -> ERROR: reload db failed: CVD extraction failure
Sat Jun 7 10:48:30 2008 -> Terminating because of a fatal error.
Sat Jun 7 10:48:30 2008 -> ERROR: Command: readsock() failed.
Sat Jun 7 10:48:31 2008 -> Socket file removed.
Sat Jun 7 10:48:31 2008 -> --- Stopped at Sat Jun 7 10:48:31 2008
At that time, it was simply scanning a batch containing 1 small message:
Jun 7 10:48:26 box1 MailScanner[31269]: New Batch: Scanning 1 messages, 1941 bytes
Jun 7 10:48:27 box1 MailScanner[31269]: Spam Checks: Found 1 spam messages
Jun 7 10:48:28 box1 MailScanner[31269]: Virus and Content Scanning: Starting
The only real issue I can think of is that even though /tmp is only 19% full at the time of the update, perhaps it's just too small for the extraction. Since it's a virtual drive I think I will wait until off peak hours and recreate a bigger one for them later. Hopefully that will lick the problem. I will report back what I find.
Last night I increased /tmp from 256MB to 1GB on that box. In the last 5 hours clamd has not failed and the problem seems solved. I do see it removing stale socket in the log, something I've never seen before, but that option is turned on.
So it does look like that was the issue and not a set up or install problem. /tmp hovered around 19%, so that means 48MB used - leaving over 200MB free. I guess clamd needs more than that to extract a new database.
how did you add more space to the /tmp directory? my system is doing the same thing with clamav and my tmp/ directory is completey full. I currently have 485mb of 485mb used. If you have any idea how to do this, let me know. Thanks
I used mke2fs to create a filesystem from an empty file on that centos system, IIRC. I stopped all services that write to/read from tmp, copy contents to a temp dir in root, unmount then remove and recreate the the filesystem, then remount as tmp. Not sure you can do it if your system is not set up this way though. Check /etc/fstab to see how your tmp directory is mounted (assuming centos os here).
