[Pkg-clamav-devel] Bug#515798: clamav: clamdscan fails to connect to clamd

Mikolaj Menke miki at menek.one.pl
Tue Feb 17 18:10:54 UTC 2009


Package: clamav
Version: 0.94.dfsg.2-1
Severity: normal


Very often clamdscan fails to connect to clamd giving false sense of
security, as nothing is reported, even when the scanned data is infected.
This also causes other problems for example with exim4, because when it
encounters this problem it temporarily rejects the message. I could not
find any relevant data neither in the logs nor in the verbose output of
clamdscan. The only interesting thing is in exim4's log:

2009-02-17 18:37:49 1LZTtF-0007M6-1a malware acl condition: clamd: \
unable to write to socket (Broken pipe)

-- Package-specific info:
--- configuration ---
/etc/clamav/clamd.conf: clamd directives
------------------------------
LogFile = "/var/log/clamav/daemon/clamav-daemon.log"
LogFileUnlock = no
LogFileMaxSize = 0
LogTime = yes
LogClean = no
LogVerbose = no
LogSyslog = no
LogFacility = "LOG_LOCAL6"
PidFile = "/var/run/clamav/clamd.pid"
TemporaryDirectory = "/tmp"
ScanPE = yes
ScanELF = yes
DetectBrokenExecutables = no
ScanMail = yes
MailFollowURLs = no
ScanPartialMessages = no
PhishingSignatures = yes
PhishingScanURLs = yes
PhishingAlwaysBlockCloak = no
PhishingAlwaysBlockSSLMismatch = no
HeuristicScanPrecedence = no
DetectPUA = no
ExcludePUA not set
IncludePUA not set
StructuredDataDetection = no
StructuredMinCreditCardCount = 3
StructuredMinSSNCount = 3
StructuredSSNFormatNormal = yes
StructuredSSNFormatStripped = no
AlgorithmicDetection = yes
ScanHTML = yes
ScanOLE2 = yes
ScanPDF = yes
ScanArchive = yes
MaxScanSize = 104857600
MaxFileSize = 26214400
MaxRecursion = 16
MaxFiles = 10000
ArchiveLimitMemoryUsage = no
ArchiveBlockEncrypted = no
DatabaseDirectory = "/var/lib/clamav/"
TCPAddr not set
TCPSocket not set
LocalSocket = "/var/run/clamav/socket"
MaxConnectionQueueLength = 15
StreamMaxLength = 52428800
StreamMinPort = 1024
StreamMaxPort = 2048
MaxThreads = 10
ReadTimeout = 0
IdleTimeout = 30
MaxDirectoryRecursion = 100
ExcludePath not set
FollowDirectorySymlinks = no
FollowFileSymlinks = no
ExitOnOOM = no
Foreground = no
Debug = yes
LeaveTemporaryFiles = no
FixStaleSocket = yes
User = "clamav"
AllowSupplementaryGroups = no
SelfCheck = 3600
VirusEvent = "/bin/echo "Found %v in %f""
ClamukoScanOnAccess not set
ClamukoScanOnOpen not set
ClamukoScanOnClose not set
ClamukoScanOnExec not set
ClamukoIncludePath not set
ClamukoExcludePath not set
ClamukoMaxFileSize = 5242880
DevACOnly not set
DevACDepth not set
*** MailMaxRecursion is DEPRECATED ***
*** ArchiveMaxFileSize is DEPRECATED ***
*** ArchiveMaxRecursion is DEPRECATED ***
*** ArchiveMaxFiles is DEPRECATED ***
*** ArchiveMaxCompressionRatio is DEPRECATED ***
*** ArchiveBlockMax is DEPRECATED ***

/etc/clamav/freshclam.conf: freshclam directives
------------------------------
LogFileMaxSize = 0
LogTime = no
LogVerbose = no
LogSyslog = no
LogFacility = "LOG_LOCAL6"
PidFile = "/var/run/clamav/freshclam.pid"
DatabaseDirectory = "/var/lib/clamav/"
Foreground = no
Debug = no
AllowSupplementaryGroups = no
DatabaseOwner = "clamav"
Checks = 12
UpdateLogFile = "/var/log/clamav/freshclam/freshclam.log"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net"
DatabaseMirror = "database.clamav.net"
MaxAttempts = 5
ScriptedUpdates = yes
CompressLocalDatabase = no
HTTPProxyServer not set
HTTPProxyPort not set
HTTPProxyUsername not set
HTTPProxyPassword not set
HTTPUserAgent not set
NotifyClamd not set
OnUpdateExecute not set
OnErrorExecute not set
OnOutdatedExecute not set
LocalIPAddress not set
ConnectTimeout = 30
ReceiveTimeout = 30
SubmitDetectionStats not set
DetectionStatsCountry not set

Engine and signature databases
------------------------------
Engine version: 0.94.2
Database directory: /var/lib/clamav/
main db: Format: .cld, Version: 50, Build time: Sun Feb 15 22:47:25 2009
daily db: Format: .cld, Version: 8998, Build time: Tue Feb 17 04:40:00 2009

--- data dir ---
razem 50380
-rw-r--r-- 1 clamav clamav  1545016 sie 18  2006 clamav-032d973b5f0f205d
-rw-r--r-- 1 clamav clamav   688805 lip 27  2006 clamav-7a3a9f7d81964488
-rw-r--r-- 1 clamav clamav  3678884 sie 18  2006 clamav-99cd7fbe18752e40
-rw-r--r-- 1 clamav clamav   285256 sie 18  2006 clamav-c361b56158094865
-rw-r--r-- 1 clamav clamav   911872 lut 17 14:27 daily.cld
-rw-r--r-- 1 clamav clamav 44391424 lut 16 00:26 main.cld
-rw------- 1 clamav clamav      624 lut 17 18:24 mirrors.dat

-- System Information:
Debian Release: 5.0
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.18
Locale: LANG=pl_PL, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages clamav depends on:
ii  clamav-freshclam [clam 0.94.dfsg.2-1     anti-virus utility for Unix - viru
ii  libbz2-1.0             1.0.5-1           high-quality block-sorting file co
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libclamav5             0.94.dfsg.2-1     anti-virus utility for Unix - libr
ii  libgmp3c2              2:4.2.2+dfsg-3    Multiprecision arithmetic library
ii  zlib1g                 1:1.2.3.3.dfsg-12 compression library - runtime

Versions of packages clamav recommends:
ii  clamav-base                0.94.dfsg.2-1 anti-virus utility for Unix - base

Versions of packages clamav suggests:
pn  clamav-docs                   <none>     (no description available)
ii  lha                           1.14i-10.3 lzh archiver
ii  unrar                         1:3.8.2-1  Unarchiver for .rar files (non-fre

-- no debconf information





More information about the Pkg-clamav-devel mailing list