Earlier this month I reported a problem in that ClamTK couldn't virus-scan a file. This was cured by following the dev's instructions <quote> If you open up a terminal window and type "ls /var/clamav" (without quotes of course), I'm betting you'll see a variety of files and/or directories in there. If you're up for it, as root type rm /var/clamav/* -rf which will remove all the signatures. Don't worry, you'll get them back in the next step. As root, type freshclam -v And that will download all the necessary signatures again. </quote>
At that point I thought all was well - until I had to reboot, when I found that it hung with a message (from memory) 'self-checking 1800'. Using Interactive boot I discovered that it came from clamd.
I'm guessing that daily.cld main.cld and mirrors.dat are being sought somewhere other than /var/clamav. Maybe a symlink is required? If someone with a working clamd could advise me I'd be most grateful. For now I have had to chkconfig clamd off.
Anne
On Friday 27 June 2008 19:43:06 Anne Wilson wrote:
rm /var/clamav/* -rf which will remove all the signatures. Don't worry, you'll get them back in the next step. As root, type freshclam -v And that will download all the necessary signatures again.
</quote>
At that point I thought all was well - until I had to reboot, when I found that it hung with a message (from memory) 'self-checking 1800'. Using Interactive boot I discovered that it came from clamd.
I'm guessing that daily.cld main.cld and mirrors.dat are being sought somewhere other than /var/clamav. Maybe a symlink is required? If someone with a working clamd could advise me I'd be most grateful. For now I have had to chkconfig clamd off.
Anne
Does the /var/clamav dir still exist ? It is in the clamd rpm. mirrors.dat, daily.cld and main.cld are in /var/clamav
It seems easiest to me to reinstall clamd and clamav.
Regards,
On Friday 27 June 2008 23:35:35 Paul Schoonderwoerd wrote:
On Friday 27 June 2008 19:43:06 Anne Wilson wrote:
rm /var/clamav/* -rf which will remove all the signatures. Don't worry, you'll get them back in the next step. As root, type freshclam -v And that will download all the necessary signatures again.
</quote>
At that point I thought all was well - until I had to reboot, when I found that it hung with a message (from memory) 'self-checking 1800'. Using Interactive boot I discovered that it came from clamd.
I'm guessing that daily.cld main.cld and mirrors.dat are being sought somewhere other than /var/clamav. Maybe a symlink is required? If someone with a working clamd could advise me I'd be most grateful. For now I have had to chkconfig clamd off.
Anne
Does the /var/clamav dir still exist ? It is in the clamd rpm. mirrors.dat, daily.cld and main.cld are in /var/clamav
It seems easiest to me to reinstall clamd and clamav.
It does. The original install was Dag's and worked without a problem. Then came an update which broke ClamTK's operation. With the help of the ClamTK dev that was fixed, but now I have this problem at bootup. What I haven't tried, and will today, is booting with chkconfig off, but then starting clamd from the CLI. If that is problem-free maybe I will need to talk to Dag.
Anne
On Friday 27 June 2008 23:35:35 Paul Schoonderwoerd wrote:
On Friday 27 June 2008 19:43:06 Anne Wilson wrote:
rm /var/clamav/* -rf which will remove all the signatures. Don't worry, you'll get them back in the next step. As root, type freshclam -v And that will download all the necessary signatures again.
</quote>
At that point I thought all was well - until I had to reboot, when I found that it hung with a message (from memory) 'self-checking 1800'. Using Interactive boot I discovered that it came from clamd.
I'm guessing that daily.cld main.cld and mirrors.dat are being sought somewhere other than /var/clamav. Maybe a symlink is required? If someone with a working clamd could advise me I'd be most grateful. For now I have had to chkconfig clamd off.
Anne
Does the /var/clamav dir still exist ? It is in the clamd rpm. mirrors.dat, daily.cld and main.cld are in /var/clamav
It seems easiest to me to reinstall clamd and clamav.
I tried starting clamd from a ssh session and this is what I saw:
service clamd start Starting Clam AntiVirus Daemon: Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 10000. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Detection of broken executables enabled. Mail files support enabled. OLE2 support enabled. PDF support enabled. HTML support enabled. Self checking every 1800 seconds. Socket file removed. Pid file removed. --- Stopped at Sat Jun 28 10:13:34 2008 [ OK ] It appeared to hang at the 'self checking' line, and I left it for several minutes before using Ctrl-C. Is this something I have to let it do to correct things, or is it something that should not be happening? It is the same 'self checking' line that appears to hang bootup.
Anne
AnneWilson wrote:
I tried starting clamd from a ssh session and this is what I saw:
service clamd start Starting Clam AntiVirus Daemon: Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 10000. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Detection of broken executables enabled. Mail files support enabled. OLE2 support enabled. PDF support enabled. HTML support enabled. Self checking every 1800 seconds. Socket file removed. Pid file removed. --- Stopped at Sat Jun 28 10:13:34 2008 [ OK ] It appeared to hang at the 'self checking' line, and I left it for several minutes before using Ctrl-C.
It looks as if it isn't started as a daemon from within your start script (meaning that it doesn't detach and go into the background).
Do you somehow have an uncommented
Foreground
in your /etc/clamd.conf?
Ralph
On Saturday 28 June 2008 13:49:24 Ralph Angenendt wrote:
AnneWilson wrote:
I tried starting clamd from a ssh session and this is what I saw:
service clamd start Starting Clam AntiVirus Daemon: Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 10000. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Detection of broken executables enabled. Mail files support enabled. OLE2 support enabled. PDF support enabled. HTML support enabled. Self checking every 1800 seconds. Socket file removed. Pid file removed. --- Stopped at Sat Jun 28 10:13:34 2008 [ OK ] It appeared to hang at the 'self checking' line, and I left it for several minutes before using Ctrl-C.
It looks as if it isn't started as a daemon from within your start script (meaning that it doesn't detach and go into the background).
Do you somehow have an uncommented
Foreground
in your /etc/clamd.conf?
Got it Ralph! I don't know why it was uncommented, when it had worked previously, but I have fixed that and now it restarts without a problem.
Thanks
Anne
On Saturday 28 June 2008 13:49:24 Ralph Angenendt wrote:
AnneWilson wrote:
I tried starting clamd from a ssh session and this is what I saw:
service clamd start Starting Clam AntiVirus Daemon: Limits: Global size limit set to 104857600 bytes. Limits: File size limit set to 26214400 bytes. Limits: Recursion level limit set to 16. Limits: Files limit set to 10000. Archive support enabled. Algorithmic detection enabled. Portable Executable support enabled. ELF support enabled. Detection of broken executables enabled. Mail files support enabled. OLE2 support enabled. PDF support enabled. HTML support enabled. Self checking every 1800 seconds. Socket file removed. Pid file removed. --- Stopped at Sat Jun 28 10:13:34 2008 [ OK ] It appeared to hang at the 'self checking' line, and I left it for several minutes before using Ctrl-C.
It looks as if it isn't started as a daemon from within your start script (meaning that it doesn't detach and go into the background).
Do you somehow have an uncommented
Foreground
in your /etc/clamd.conf?
One more question, please.
My logs this morning show
/etc/cron.daily/freshclam:
connect(): No such file or directory
It does exist, but it is owned root:root.
-rwxr-xr-x 1 root root 456 Jun 9 19:53 /etc/cron.daily/freshclam
Shouldn't this be owned by clamav? Are there other files I should check for ownership?
Anne
AnneWilson wrote:
One more question, please.
My logs this morning show
/etc/cron.daily/freshclam:
connect(): No such file or directory
It does exist, but it is owned root:root.
-rwxr-xr-x 1 root root 456 Jun 9 19:53 /etc/cron.daily/freshclam
Shouldn't this be owned by clamav? Are there other files I should check for ownership?
No, and this is not the error. What happens when you run freshclam by hand?
Ralph
On Saturday 28 June 2008 19:41:56 Ralph Angenendt wrote:
AnneWilson wrote:
One more question, please.
My logs this morning show
/etc/cron.daily/freshclam:
connect(): No such file or directory
It does exist, but it is owned root:root.
-rwxr-xr-x 1 root root 456 Jun 9 19:53 /etc/cron.daily/freshclam
Shouldn't this be owned by clamav? Are there other files I should check for ownership?
No, and this is not the error. What happens when you run freshclam by hand?
freshclam ClamAV update process started at Sat Jun 28 19:58:20 2008 main.cld is up to date (version: 47, sigs: 312304, f-level: 31, builder: sven) daily.cld is up to date (version: 7583, sigs: 19723, f-level: 31, builder: mcichosz)
I seem to have been getting the daily updates. I've not seen the error message before. Perhaps it's just because clamd was not started at bootup (or at all before freshclam ran), do you think?
Since you found my problem earlier today clamd is running. Perhaps I should wait to see what logwatch tells me in the morning.
Anne
AnneWilson wrote:
I seem to have been getting the daily updates. I've not seen the error message before. Perhaps it's just because clamd was not started at bootup (or at all before freshclam ran), do you think?
Yes. Because freshclam tries to tell clamd that there have been updates, so that clamd reloads the databases. So if clamd wasn't running, freshclam cannot connect to it.
Ralph
On Saturday 28 June 2008 20:38:15 Ralph Angenendt wrote:
AnneWilson wrote:
I seem to have been getting the daily updates. I've not seen the error message before. Perhaps it's just because clamd was not started at bootup (or at all before freshclam ran), do you think?
Yes. Because freshclam tries to tell clamd that there have been updates, so that clamd reloads the databases. So if clamd wasn't running, freshclam cannot connect to it.
Immediately after the update to clamav it wasn't running, but I got a different message then, so I didn't recognise this one. I'll let you know what logwatch says in the morning. Thanks for the help
Anne
On Saturday 28 June 2008 21:30:51 AnneWilson wrote:
On Saturday 28 June 2008 20:38:15 Ralph Angenendt wrote:
AnneWilson wrote:
I seem to have been getting the daily updates. I've not seen the error message before. Perhaps it's just because clamd was not started at bootup (or at all before freshclam ran), do you think?
Yes. Because freshclam tries to tell clamd that there have been updates, so that clamd reloads the databases. So if clamd wasn't running, freshclam cannot connect to it.
Immediately after the update to clamav it wasn't running, but I got a different message then, so I didn't recognise this one. I'll let you know what logwatch says in the morning. Thanks for the help
This morning's report ended with ' Database correctly reloaded (332027 signatures)', so it looks as though the problem is solved. I haven't tested a reboot, but I think it's safe to assume that 'Foreground' was the problem.
Thanks for all the help
Anne
Anne Wilson wrote on Fri, 27 Jun 2008 18:43:06 +0100:
I'm guessing that daily.cld main.cld and mirrors.dat are being sought somewhere other than /var/clamav.
did you test if clamscan works?
Kai
On Saturday 28 June 2008 13:31:14 Kai Schaetzl wrote:
Anne Wilson wrote on Fri, 27 Jun 2008 18:43:06 +0100:
I'm guessing that daily.cld main.cld and mirrors.dat are being sought somewhere other than /var/clamav.
did you test if clamscan works?
As such, no, but as far as I know, ClamTK is just a gui front-end to clamscan, and that works. Ralph found the problem. For some reason 'Foreground' was uncommented.
Anne
-
Anne Wilson -
AnneWilson
-
Kai Schaetzl -
Paul Schoonderwoerd -
Ralph Angenendt