[Pkg-clamav-devel] Bug#515798: Bug#515798: clamav: clamdscan fails to connect to clamd

Mikołaj Menke miki at menek.one.pl
Wed Feb 18 22:47:26 UTC 2009


Dnia 18.02.2009 22:57 użytkownik Stephen Gran napisał :
> This one time, at band camp, Mikolaj Menke said:
>> Very often clamdscan fails to connect to clamd giving false sense of
>> security, as nothing is reported, even when the scanned data is infected.
> 
> steve at vancouver:~$ clamdscan bin/
> connect(): Connection refused
> WARNING: Can't connect to clamd.
> 
> I can't reproduce this description of how it works.
> 
>> This also causes other problems for example with exim4, because when it
>> encounters this problem it temporarily rejects the message. I could not
>> find any relevant data neither in the logs nor in the verbose output of
>> clamdscan. The only interesting thing is in exim4's log:
>>
>> 2009-02-17 18:37:49 1LZTtF-0007M6-1a malware acl condition: clamd: \
>> unable to write to socket (Broken pipe)
> 
> Well, that's the opposite of what's described above, surely?  That's
> exim noticing that clamd has gone away and not giving a false sense of
> security?

That's exim saying it has a problem with clamd. Obviously in this case 
there is no false sense of security. But running clamdscan like at the 
bottom of this message might be much worse as nothing is reported.

> I am going to suppose that what this bug report is really about is that
> sometimes clamd is unavailable, and things go wrong, although I can't
> reproduce the first example and the second example looks like everything
> being handled as it should.

Yes, sometimes clamd is unavailable. The second example just shows that 
exim handles clamd's error, but the problem is still there.

> Can you quantify "very often" ? I certainly don't see it that often,
> but if you do, there's probably something we should be chasing down.

How often? Just look below:

miki at menek(23:35:13)~$clamdscan /usr/local/share/eicar/eicar.com
/usr/local/share/eicar/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.023 sec (0 m 0 s)
miki at menek(23:35:28)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:28)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:29)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:29)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:30)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:30)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:30)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:31)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:32)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:32)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:32)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:33)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:33)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:34)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:34)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:34)~$clamdscan /usr/local/share/eicar/eicar.com
miki at menek(23:35:35)~$clamdscan /usr/local/share/eicar/eicar.com
/usr/local/share/eicar/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.012 sec (0 m 0 s)
miki at menek(23:35:35)~$

Thanks for your great job!

-- 
http://miki.menek.one.pl miki at menek.one.pl
Gadu-gadu: 2128279 Mobile: +48607345846





More information about the Pkg-clamav-devel mailing list