Clam Dumping

Bill Campbell linux-sxs at celestial.com
Fri May 30 15:26:49 PDT 2008


On Fri, May 30, 2008, Matthew Carpenter wrote:
>Hey all,
>
>I have one machine that just continually crashes ClamAV.  I'm running the 
>clamd daemon in conjunction with Amavis and Postfix for mail-filtering.
>
>All I get from amavis is messages that clamd is dead:

I think you posted something on this recently, and I replied to
that at the time.

We run the current version, clamav-0.93, on a fairly large number
of systems, and I don't see any significant pattern of failures.
We have scripts that run every fifteen minutes that check various
services to see if they are running, and restart any that aren't.

Typically when clamav dies, it is at a period of maximum load,
usually around midnight when our daily system maintenance starts
which includes full security monitoring and intrustion detection
which examines much of the system in detail.

I have seen problems with clamav built on Intel boxes getting an
illegal instruction on AMD and vice versa.  This isn't normally a
problem on our systems as we build packages from source on all
boxes during software updates, but I have seen it when doing
binary installs of packages on new systems.

It is also possible to start multiple copies of clamd, as it does
not create a PID file until it has completed reading all of its
database files, which can take several minutes.  Monitor programs
that check for the existence of a PID file may well start extra
clamd processes.  Fixing this in the clamd source has been on my
to-do list for quite a while, but so far I haven't had an
adequate supply of round tuits.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

Property must be secured, or liberty cannot exist. -- John Adams



More information about the Linux-users mailing list