From owner-freebsd-questions@FreeBSD.ORG Wed Aug 18 11:25:32 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DB3410656A8 for ; Wed, 18 Aug 2010 11:25:32 +0000 (UTC) (envelope-from paul@ifdnrg.com) Received: from ifdnrg20.ifdnrg.com (outbound.ifdnrg.com [195.66.148.241]) by mx1.freebsd.org (Postfix) with ESMTP id EFDB78FC1F for ; Wed, 18 Aug 2010 11:25:31 +0000 (UTC) Received: from [192.168.1.131] (93-97-172-73.zone5.bethere.co.uk [93.97.172.73]) (authenticated bits=0) by ifdnrg20.ifdnrg.com (8.14.4/8.14.3) with ESMTP id o7IBPUjl067045 for ; Wed, 18 Aug 2010 12:25:30 +0100 (BST) (envelope-from paul@ifdnrg.com) Message-ID: <4C6BC321.5090901@ifdnrg.com> Date: Wed, 18 Aug 2010 12:25:21 +0100 From: Paul Macdonald User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 MIME-Version: 1.0 To: Freebsd questions Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: clamav issues X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Aug 2010 11:25:32 -0000 Hi, I'm having some problems with a clamav install and wondered if anyone had any suggestions. As of a few days ago i noticed mail was getting rejected with 451 retry codes. Checking the milters this appeared to be clamav, and removing this milter fixed the problem. Afterwards, on tryign to fix the issue, i noticed that whilst clamd started ok, it no longer stopped and just endlessly waited for the pid. I suspect this is related, as freshclam also was unable to notifuy clamd of updates. I've rebuilt clamav several times, mainly thinking that the first issue of why it wouldn;t stop was indictaive of it not responding to other requests ( milter , freshclam etc). I've moved the mail scanning onto another box, but would dearly like it to be working on this particular box. Where to start? Suggestions welcomed! -clamd is listening on a local socket only ( changing to tcp only has no effect) - have rebuilt clamav, updated ports, and rebuilt a threaded perl. startup debug is here: ( it looks to start fine, ) Starting clamav_clamd. LibClamAV debug: Initialized 0.96.2 engine LibClamAV debug: Initializing phishcheck module LibClamAV debug: Phishcheck: Compiling regex: ^ *(http|https|ftp:(//)?)?[0-9]{1,3}(\.[0-9]{1,3}){3}[/?:]? *$ LibClamAV debug: Phishcheck module initialized LibClamAV debug: Bytecode initialized in JIT mode LibClamAV debug: Loading databases from /var/db/clamav LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = fad53de5357e9e0fe053afe917f215e6 LibClamAV debug: cli_versig: Decoded signature: fad53de5357e9e0fe053afe917f215e6 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: daily.info loaded LibClamAV debug: in cli_tgzload() LibClamAV debug: daily.cfg loaded LibClamAV debug: daily.ign loaded LibClamAV debug: daily.ign2 loaded LibClamAV debug: Initializing engine->root[0] LibClamAV debug: Initialising AC pattern matcher of root[0] LibClamAV debug: cli_initroots: Initializing BM tables of root[0] LibClamAV debug: Initializing engine->root[1] LibClamAV debug: Initialising AC pattern matcher of root[1] LibClamAV debug: cli_initroots: Initializing BM tables of root[1] LibClamAV debug: Initializing engine->root[2] LibClamAV debug: Initialising AC pattern matcher of root[2] LibClamAV debug: Initializing engine->root[3] LibClamAV debug: Initialising AC pattern matcher of root[3] LibClamAV debug: Initializing engine->root[4] LibClamAV debug: Initialising AC pattern matcher of root[4] LibClamAV debug: Initializing engine->root[5] LibClamAV debug: Initialising AC pattern matcher of root[5] LibClamAV debug: Initializing engine->root[6] LibClamAV debug: Initialising AC pattern matcher of root[6] LibClamAV debug: Initializing engine->root[7] LibClamAV debug: Initialising AC pattern matcher of root[7] LibClamAV debug: Initializing engine->root[8] LibClamAV debug: Initialising AC pattern matcher of root[8] LibClamAV debug: Initializing engine->root[9] LibClamAV debug: Initialising AC pattern matcher of root[9] LibClamAV debug: Loaded 117 filetype definitions LibClamAV debug: daily.ftm loaded LibClamAV debug: daily.db loaded LibClamAV debug: daily.hdb loaded LibClamAV debug: daily.hdu loaded LibClamAV debug: daily.mdb loaded LibClamAV debug: daily.mdu loaded LibClamAV debug: daily.ndb loaded LibClamAV debug: daily.ndu loaded LibClamAV debug: daily.ldb loaded LibClamAV debug: daily.zmd loaded LibClamAV debug: daily.idb loaded LibClamAV debug: daily.fp loaded LibClamAV debug: Loading regex_list LibClamAV debug: daily.pdb loaded LibClamAV debug: Loading regex_list LibClamAV debug: daily.wdb loaded LibClamAV debug: /var/db/clamav/daily.cvd loaded LibClamAV debug: in cli_cvdload() LibClamAV debug: MD5(.tar.gz) = 59b7133605b0857b1a76bfe8b3645ff5 LibClamAV debug: cli_versig: Decoded signature: 59b7133605b0857b1a76bfe8b3645ff5 LibClamAV debug: cli_versig: Digital signature is correct. LibClamAV debug: in cli_tgzload() LibClamAV debug: main.info loaded LibClamAV debug: in cli_tgzload() LibClamAV debug: main.db loaded LibClamAV debug: Ignoring signature Exploit.PDF-552 LibClamAV debug: Ignoring signature Exploit.PDF-6064 LibClamAV debug: Ignoring signature Trojan.Agent-119128 LibClamAV debug: main.hdb loaded LibClamAV debug: Ignoring signature Trojan.Inject-601 LibClamAV debug: Ignoring signature Trojan.Agent-32909 LibClamAV debug: Ignoring signature Trojan.Dropper-16405 LibClamAV debug: Ignoring signature Worm.Downadup-282 LibClamAV debug: Ignoring signature Worm.Downadup-319 LibClamAV debug: Ignoring signature Trojan.Agent-121212 LibClamAV debug: Ignoring signature Trojan.Dropper-20544 LibClamAV debug: main.mdb loaded LibClamAV debug: Ignoring signature HTML.Phishing.Bank-22 LibClamAV debug: Ignoring signature HTML.Phishing.Pay-159 LibClamAV debug: Ignoring signature Worm.Stration.NS LibClamAV debug: Ignoring signature Email.Faketube LibClamAV debug: Ignoring signature Email.Phishing.DblDom-57 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-78 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-89 LibClamAV debug: Ignoring signature Email.Phishing.DblDom-91 LibClamAV debug: Ignoring signature Trojan.VB-3950 LibClamAV debug: Ignoring signature JS.Agent-35 LibClamAV debug: Ignoring signature Worm.Kido-23 LibClamAV debug: Ignoring signature W32.Virut-29 LibClamAV debug: Ignoring signature Exploit.PDF-34 LibClamAV debug: Ignoring signature Trojan.Pakes-2516 LibClamAV debug: main.ndb loaded LibClamAV debug: main.zmd loaded LibClamAV debug: main.fp loaded LibClamAV debug: /var/db/clamav/main.cvd loaded LibClamAV debug: Using filter for trie 0 LibClamAV debug: Matcher[0]: GENERIC: AC sigs: 6134 (reloff: 4, absoff: 0) BM sigs: 30024 (reloff: 15, absoff: 102) maxpatlen 470 LibClamAV debug: Using filter for trie 1 LibClamAV debug: Matcher[1]: PE: AC sigs: 13627 (reloff: 4484, absoff: 0) BM sigs: 47001 (reloff: 43057, absoff: 3944) maxpatlen 468 LibClamAV debug: Matcher[2]: OLE2: AC sigs: 1723 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 176 (ac_only mode) LibClamAV debug: Matcher[3]: HTML: AC sigs: 5828 (reloff: 3, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 461 (ac_only mode) LibClamAV debug: Using filter for trie 4 LibClamAV debug: Matcher[4]: MAIL: AC sigs: 1150 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 255 (ac_only mode) LibClamAV debug: Matcher[5]: GRAPHICS: AC sigs: 26 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 227 (ac_only mode) LibClamAV debug: Matcher[6]: ELF: AC sigs: 24 (reloff: 4, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 304 (ac_only mode) LibClamAV debug: Using filter for trie 7 LibClamAV debug: Matcher[7]: ASCII: AC sigs: 1557 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 467 (ac_only mode) LibClamAV debug: Matcher[8]: NOT USED: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: Matcher[9]: MACH-O: AC sigs: 0 (reloff: 0, absoff: 0) BM sigs: 0 (reloff: 0, absoff: 0) maxpatlen 0 (ac_only mode) LibClamAV debug: MD5 sigs (files): 43630 LibClamAV debug: MD5 sigs (PE sections): 676860 LibClamAV debug: Building regex list LibClamAV debug: Using filter for trie 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Building regex list LibClamAV debug: Using filter for trie 0 LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 LibClamAV debug: Converting hashset to array: 40047 entries LibClamAV debug: hashtab: Freeing hashset, elements: 40047, capacity: 65536 LibClamAV debug: Dynamic engine configuration settings: LibClamAV debug: -------------------------------------- LibClamAV debug: Module PE: On LibClamAV debug: * Submodule PARITE: On LibClamAV debug: * Submodule KRIZ: On LibClamAV debug: * Submodule MAGISTR: On LibClamAV debug: * Submodule POLIPOS: On LibClamAV debug: * Submodule MD5SECT: On LibClamAV debug: * Submodule UPX: On LibClamAV debug: * Submodule FSG: On LibClamAV debug: * Submodule SWIZZOR: On LibClamAV debug: * Submodule PETITE: On LibClamAV debug: * Submodule PESPIN: On LibClamAV debug: * Submodule YC: On LibClamAV debug: * Submodule WWPACK: On LibClamAV debug: * Submodule NSPACK: On LibClamAV debug: * Submodule MEW: On LibClamAV debug: * Submodule UPACK: On LibClamAV debug: * Submodule ASPACK: On LibClamAV debug: Module ELF: On LibClamAV debug: Module MACHO: On LibClamAV debug: Module ARCHIVE: On LibClamAV debug: * Submodule RAR: On LibClamAV debug: * Submodule ZIP: On LibClamAV debug: * Submodule GZIP: On LibClamAV debug: * Submodule BZIP: On LibClamAV debug: * Submodule ARJ: On LibClamAV debug: * Submodule SZDD: On LibClamAV debug: * Submodule CAB: On LibClamAV debug: * Submodule CHM: On LibClamAV debug: * Submodule OLE2: On LibClamAV debug: * Submodule TAR: On LibClamAV debug: * Submodule CPIO: On LibClamAV debug: * Submodule BINHEX: On LibClamAV debug: * Submodule SIS: On LibClamAV debug: * Submodule NSIS: On LibClamAV debug: * Submodule AUTOIT: On LibClamAV debug: * Submodule ISHIELD: On LibClamAV debug: * Submodule 7zip: On LibClamAV debug: Module DOCUMENT: On LibClamAV debug: * Submodule HTML: On LibClamAV debug: * Submodule RTF: On LibClamAV debug: * Submodule PDF: On LibClamAV debug: * Submodule SCRIPT: On LibClamAV debug: * Submodule HTMLSKIPRAW: On LibClamAV debug: * Submodule JSNORM: On LibClamAV debug: Module MAIL: On LibClamAV debug: * Submodule MBOX: On LibClamAV debug: * Submodule TNEF: On LibClamAV debug: Module OTHER: On LibClamAV debug: * Submodule UUENCODED: On LibClamAV debug: * Submodule SCRENC: On LibClamAV debug: * Submodule RIFF: On LibClamAV debug: * Submodule JPEG: On LibClamAV debug: * Submodule CRYPTFF: On LibClamAV debug: * Submodule DLP: On LibClamAV debug: * Submodule MYDOOMLOG: On LibClamAV debug: * Submodule PREFILTERING: On LibClamAV debug: Module PHISHING On LibClamAV debug: * Submodule ENGINE: On LibClamAV debug: * Submodule ENTCONV: On LibClamAV debug: Module BYTECODE On LibClamAV debug: * Submodule INTERPRETER: On LibClamAV debug: * Submodule JIT X86: On LibClamAV debug: * Submodule JIT PPC: On LibClamAV debug: * Submodule JIT ARM: ** Off ** LibClamAV debug: environment detected: LibClamAV debug: check_platform(0x03113636, 0x04040201, 0x01040201) LibClamAV debug: check_platform(0x03 1 1 36 36,0x0 4 04 02 01,0x01 04 02 01) LibClamAV debug: check_platform( OS CPU COM FL DCONF,BE PTR CXX VV.VV.VV, FLG CC VV.VV.VV) LibClamAV debug: Engine version: 0.96.2 LibClamAV debug: Host triple: i386-portbld-freebsd7.1 LibClamAV debug: Host CPU: core2 LibClamAV debug: OS: FreeBSD LibClamAV debug: OS release: 7.1-RELEASE LibClamAV debug: OS version: FreeBSD 7.1-RELEASE #0: Thu Jan 1 14:37:25 UTC 2009 root@lo LibClamAV debug: OS hardware: i386 LibClamAV debug: OS LLVM category: 5 LibClamAV debug: Has JIT compiled: 1 LibClamAV debug: ------------------------------------------------------ LibClamAV debug: Bytecode: mode is 0 LibClamAV debug: Loading trusted bytecode LibClamAV debug: bytecode: Parsed 9 APIcalls, maxapi 74 LibClamAV debug: unknown inst type: 89 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: unknown inst type: 67 LibClamAV debug: Parsed 41 BBs, 176 instructions LibClamAV debug: Parsed 1 functions LibClamAV debug: Bytecode: BC_STARTUP running (builtin) LibClamAV debug: Bytecode: executing in interpeter mode LibClamAV debug: bytecode: registered ctx variable at 0x0 (+0) id 6 LibClamAV debug: bytecode: registered ctx variable at 0x28a53980 (+2) id 2 LibClamAV debug: bytecode: registered ctx variable at 0x28915080 (+256) id 1 LibClamAV debug: bytecode: registered ctx variable at 0x28a53984 (+4) id 5 LibClamAV debug: bytecode: registered ctx variable at 0x28a539a0 (+648) id 4 LibClamAV debug: bytecode: registered ctx variable at 0x28d1f200 (+512) id 7 LibClamAV debug: bytecode debug: startup: bytecode execution in auto mode LibClamAV debug: intepreter bytecode run finished in 35us, after executing 133 opcodes LibClamAV debug: Bytecode: disable status is 0 bytecode JIT: emitted function bc4294967295f0 of 23 bytes at 0x2de60010 bytecode JIT: emitted function bc4294967295f0_wrap of 16 bytes at 0x2de60030 LibClamAV debug: bytecode self test running LibClamAV debug: Bytecode: executing in JIT mode bytecode finished in 112us LibClamAV debug: bytecode self test succeeded LibClamAV debug: Bytecode: 0 bytecode prepared with JIT -- ------------------------- Paul Macdonald IFDNRG Ltd Web and video hosting ------------------------- t: 0131 5548070 m: 07534206249 e: paul@ifdnrg.com w: http://www.ifdnrg.com ------------------------- IFDNRG 40 Maritime Street Edinburgh EH6 6SA -------------------------