Re: clamsmtp : unix socket problem

To: debian-user@lists.debian.org
Cc: Mike Bird <mgb-debian@yosemite.net>
Subject: Re: clamsmtp : unix socket problem
From: hose <subscriptions@bluemaggottowel.com>
Date: Wed, 9 Apr 2008 23:36:26 -0500
Message-id: <[🔎] B2C49FF1-CCCB-4069-B240-C05002A0894B@bluemaggottowel.com>
In-reply-to: <[🔎] 200804091712.39135.mgb-debian@yosemite.net>
References: <[🔎] 637237.82521.qm@web27813.mail.ukl.yahoo.com> <[🔎] 200804091647.38451.mgb-debian@yosemite.net> <[🔎] 6B1BDDB5-61C0-432D-A16A-13C1FC748138@bluemaggottowel.com> <[🔎] 200804091712.39135.mgb-debian@yosemite.net>


On Apr 9, 2008, at 7:12 PM, Mike Bird wrote:

Hose,

I turned on PUA signatures and got 3 seconds - not a significant
difference.

You seem to have a lot more signatures than I.  Here's my clamd.conf
and my /var/lib/clamav.  Any thoughts?

--Mike


# cat /etc/clamav/clamd.conf
#Automatically Generated by clamav-base postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-base
#Please read /usr/share/doc/clamav-base/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
User clamav
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
TemporaryDirectory /tmp
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
MailFollowURLs false
ArchiveBlockMax false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures true
PhishingScanURLs true
PhishingRestrictedScan true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA true
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
# cd /var/lib/clamav
# ls -l *

-rw-r--r-- 1 clamav clamav 124218 2006-08-29 23:51clamav-03676d29ae5d080a

-rw------- 1 clamav clamav   1196 2008-04-09 16:17 mirrors.dat

daily.inc:
total 1240
-rw-r--r-- 1 clamav clamav  17992 2007-04-26 00:59 COPYING
-rw-r--r-- 1 clamav clamav    106 2008-03-21 11:30 daily.cfg
-rw-r--r-- 1 clamav clamav  26014 2008-04-06 14:09 daily.db
-rw-r--r-- 1 clamav clamav   4875 2008-04-07 02:12 daily.fp
-rw-r--r-- 1 clamav clamav   5607 2008-02-26 12:07 daily.ftm
-rw-r--r-- 1 clamav clamav    275 2008-04-07 16:12 daily.hdb
-rw-r--r-- 1 clamav clamav   1224 2008-02-05 08:06 daily.hdu
-rw-r--r-- 1 clamav clamav    629 2008-04-09 10:17 daily.info
-rw-r--r-- 1 clamav clamav 892009 2008-04-09 10:17 daily.mdb
-rw-r--r-- 1 clamav clamav  33422 2008-04-08 03:15 daily.mdu
-rw-r--r-- 1 clamav clamav 227183 2008-04-09 08:17 daily.ndb
-rw-r--r-- 1 clamav clamav   6824 2008-04-06 05:02 daily.ndu
-rw-r--r-- 1 clamav clamav   3218 2008-03-26 16:17 daily.pdb
-rw-r--r-- 1 clamav clamav   1454 2008-02-27 11:08 daily.wdb
-rw-r--r-- 1 clamav clamav   2922 2007-09-03 11:53 daily.zmd

main.inc:
total 27616
-rw-r--r-- 1 clamav clamav    17992 2007-04-10 16:41 COPYING
-rw-r--r-- 1 clamav clamav  4733425 2008-04-06 14:08 main.db
-rw-r--r-- 1 clamav clamav     4815 2008-04-06 14:08 main.fp
-rw-r--r-- 1 clamav clamav   652769 2008-04-06 14:08 main.hdb
-rw-r--r-- 1 clamav clamav      318 2008-04-06 14:08 main.info
-rw-r--r-- 1 clamav clamav  7864180 2008-04-06 14:08 main.mdb
-rw-r--r-- 1 clamav clamav 14934069 2008-04-06 14:08 main.ndb
-rw-r--r-- 1 clamav clamav      217 2007-04-10 16:41 main.zmd

I currently only have 265244 sigs - it went down for some reason frombefore (that line from the log above was from a previous restart, notjust a reloading of the database, but it had the socket creationline). Another difference - we were having issues with .90.2 nothandling freshclam updates very well - since it was considered out ofdate by clamav standards, the mirrors throttled our .diff downloadssignificantly, even when we checked only once a day. Because of that,we turned off ScriptedUpdates, pulled down main.cvd and daily.cvdmanually, restarted, and now freshclam downloads each of those fullyinstead of the diffs. Clearly it's not the most efficient way toupdate, but it mostly works.

In that vein, it looks like ScriptedUpdates branched your main.cvdinto the directory main.inc and daily.cvd into the directorydaily.inc, and uses some kind of different database. Currently ourclamav setup only has the regular databases and no ScriptedUpdatesdirectories:


-rw-r--r-- 1 clamav clamav   499635 2008-04-09 03:36 daily.cvd
-rw-r--r-- 1 clamav clamav 13050207 2008-04-07 03:01 main.cvd
-rw------- 1 clamav clamav      988 2008-04-09 20:03 mirrors.dat

This seems to be the only thing I can think of... but you were runningetch's version before without issue. Doh.


hose

Reply to:

References:
- clamsmtp : unix socket problem
  - From: Stephane Durieux <durieux42@yahoo.fr>
- Re: clamsmtp : unix socket problem
  - From: Mike Bird <mgb-debian@yosemite.net>
- Re: clamsmtp : unix socket problem
  - From: hose <subscriptions@bluemaggottowel.com>
- Re: clamsmtp : unix socket problem
  - From: Mike Bird <mgb-debian@yosemite.net>

Prev by Date: Re: aptitude update "BADSIG" Error (getting silly now)
Next by Date: Re: Pencil.
Previous by thread: Re: clamsmtp : unix socket problem
Next by thread: intel 3945 wireless
Index(es):
- Date
- Thread