Community Discussions and Support
clamd v0.97.7 stops after the first incommig call

I guess that this has the same effect as the debug switch in the clamd config file and I already tried that. Did not result in any more useful information...

Konrad

<p>I guess that this has the same effect as the debug switch in the clamd config file and I already tried that. Did not result in any more useful information...</p><p>Konrad </p>

Hi All,


I'm using ClamAV together with Mercury on a Windows

XP box and v 0.95 works great so far. Now I wanted to upgrade to

0.97.7 but I can't get it working. If I start clamd manually in a

shell, I can see that it is coming up "normal" and the process is

visible in the task manager. The first mail is scanned OK and if it

contains a virus attachment, clamd detects it. So far, so good. But

from that moment on, it stops working and every next call is not

processed anymore. No idea what is going on... I tried to activate

logs but the log does not say much. Is there is way to increase the

log level to get more information?


I tried something else:


I started clamd in one shell window and opened another shell to

connect with telnet and 127.0.0.1 3310 and it gets connected.

Pressing any key, I get UNKNOWN COMMAND and telnet exits. If I

repeat this test, I can key in as much as I like, the UNKNOWN

COMMAND error message does not appear anymore and telnet keeps

running. If I do this with the OK working 0.95 installation, I get

UNKNOWN COMMAND every time and telnet always exits after that.


I think it is something specific to this windows machine because the

telnet test shows the v0.95 behavior on every other machine I tested

with.


Log output:


<small><small>Sat Mar 16 23:12:35 2013 -&gt; +++ Started at Sat Mar </small></small>

16 23:12:35 2013

Sat Mar 16 23:12:35 2013 -> clamd daemon 0.97.7 (OS: win32,

ARCH: i386, CPU: i386)

Sat Mar 16 23:12:35 2013 -> Log file size limited to 1048576

bytes.

Sat Mar 16 23:12:35 2013 -> Reading databases from

c:\Programme\Tools\ClamAV_0.97.7\data

Sat Mar 16 23:12:35 2013 -> Not loading PUA signatures.

Sat Mar 16 23:12:35 2013 -> Bytecode: Security mode set to

"TrustSigned".

Sat Mar 16 23:12:42 2013 -> Loaded 2005376 signatures.

Sat Mar 16 23:12:43 2013 -> TCP: Bound to address 127.0.0.1

on port 3310

Sat Mar 16 23:12:43 2013 -> TCP: Setting connection queue

length to 200

Sat Mar 16 23:12:43 2013 -> Limits: Global size limit set to

104857600 bytes.

Sat Mar 16 23:12:43 2013 -> Limits: File size limit set to

26214400 bytes.

Sat Mar 16 23:12:43 2013 -> Limits: Recursion level limit set

to 16.

Sat Mar 16 23:12:43 2013 -> Limits: Files limit set to 10000.

Sat Mar 16 23:12:43 2013 -> Archive support enabled.

Sat Mar 16 23:12:43 2013 -> Algorithmic detection enabled.

Sat Mar 16 23:12:43 2013 -> Portable Executable support

enabled.

Sat Mar 16 23:12:43 2013 -> ELF support enabled.

Sat Mar 16 23:12:43 2013 -> Detection of broken executables

enabled.

Sat Mar 16 23:12:43 2013 -> Mail files support enabled.

Sat Mar 16 23:12:43 2013 -> OLE2 support enabled.

Sat Mar 16 23:12:43 2013 -> PDF support enabled.

Sat Mar 16 23:12:43 2013 -> HTML support enabled.

Sat Mar 16 23:12:43 2013 -> Self checking every 600 seconds.

Sat Mar 16 23:12:43 2013 -> Listening daemon: PID: 532

Sat Mar 16 23:12:43 2013 -> MaxQueue set to: 100

Sat Mar 16 23:13:24 2013 -> instream(127.0.0.1@27033):

Exploit.Fnstenv_mov-1 FOUND


Any idea what this could be or how I can track this down?


btw: Turning off Windows Firewall does not make any difference.


Thanks a lot!


Konrad

&lt;div class=&quot;moz-text-html&quot; lang=&quot;x-western&quot;&gt; Hi All, I&#039;m using ClamAV together with Mercury on a Windows XP box and v 0.95 works great so far. Now I wanted to upgrade to 0.97.7 but I can&#039;t get it working. If I start clamd manually in a shell, I can see that it is coming up &quot;normal&quot; and the process is visible in the task manager. The first mail is scanned OK and if it contains a virus attachment, clamd detects it. So far, so good. But from that moment on, it stops working and every next call is not processed anymore. No idea what is going on... I tried to activate logs but the log does not say much. Is there is way to increase the log level to get more information? I tried something else: I started clamd in one shell window and opened another shell to connect with telnet and 127.0.0.1 3310 and it gets connected. Pressing any key, I get UNKNOWN COMMAND and telnet exits. If I repeat this test, I can key in as much as I like, the UNKNOWN COMMAND error message does not appear anymore and telnet keeps running. If I do this with the OK working 0.95 installation, I get UNKNOWN COMMAND every time and telnet always exits after that. I think it is something specific to this windows machine because the telnet test shows the v0.95 behavior on every other machine I tested with. Log output: &lt;small&gt;&lt;small&gt;Sat Mar 16 23:12:35 2013 -&amp;gt; +++ Started at Sat Mar 16 23:12:35 2013 Sat Mar 16 23:12:35 2013 -&amp;gt; clamd daemon 0.97.7 (OS: win32, ARCH: i386, CPU: i386) Sat Mar 16 23:12:35 2013 -&amp;gt; Log file size limited to 1048576 bytes. Sat Mar 16 23:12:35 2013 -&amp;gt; Reading databases from c:\Programme\Tools\ClamAV_0.97.7\data Sat Mar 16 23:12:35 2013 -&amp;gt; Not loading PUA signatures. Sat Mar 16 23:12:35 2013 -&amp;gt; Bytecode: Security mode set to &quot;TrustSigned&quot;. Sat Mar 16 23:12:42 2013 -&amp;gt; Loaded 2005376 signatures. Sat Mar 16 23:12:43 2013 -&amp;gt; TCP: Bound to address 127.0.0.1 on port 3310 Sat Mar 16 23:12:43 2013 -&amp;gt; TCP: Setting connection queue length to 200 Sat Mar 16 23:12:43 2013 -&amp;gt; Limits: Global size limit set to 104857600 bytes. Sat Mar 16 23:12:43 2013 -&amp;gt; Limits: File size limit set to 26214400 bytes. Sat Mar 16 23:12:43 2013 -&amp;gt; Limits: Recursion level limit set to 16. Sat Mar 16 23:12:43 2013 -&amp;gt; Limits: Files limit set to 10000. Sat Mar 16 23:12:43 2013 -&amp;gt; Archive support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; Algorithmic detection enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; Portable Executable support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; ELF support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; Detection of broken executables enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; Mail files support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; OLE2 support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; PDF support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; HTML support enabled. Sat Mar 16 23:12:43 2013 -&amp;gt; Self checking every 600 seconds. Sat Mar 16 23:12:43 2013 -&amp;gt; Listening daemon: PID: 532 Sat Mar 16 23:12:43 2013 -&amp;gt; MaxQueue set to: 100 Sat Mar 16 23:13:24 2013 -&amp;gt; instream(127.0.0.1@27033): Exploit.Fnstenv_mov-1 FOUND&lt;/small&gt;&lt;/small&gt; Any idea what this could be or how I can track this down? btw: Turning off Windows Firewall does not make any difference. Thanks a lot! Konrad &lt;/div&gt;

I am using ClamAV with Mercury at the office and am pretty sure it is v0.97.  Problem is I won't be there until Monday so can't look at the configuration.  I know that I am having ClamWall start ClamD but I don't remember the exact settings.  You might look into that though.   Also, did you use the same .conf files from the previous install.  If not, try them if they are still available or do a line by line comparison with the current ones to see if something is different that might be causing a problem.

 

 

&lt;p&gt;I am using ClamAV with Mercury at the office and am pretty sure it is v0.97.&amp;nbsp; Problem is I won&#039;t be there until Monday so can&#039;t look at the configuration.&amp;nbsp; I know that I am having ClamWall start ClamD but I don&#039;t remember the exact settings.&amp;nbsp; You might look into that though. &amp;nbsp; Also, did you use the same .conf files from the previous install.&amp;nbsp; If not, try them if they are still available or do a line by line comparison with the current ones to see if something is different that might be causing a problem.&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

I already compared the conf files line by line and there is not much difference except some new options which have not been there in 0.95. I also tried the option that ClamWall controls clamd but it does not work either. clamd is started (I can see it in the task manager) but soon after it disappears and in the clamwall log I can see a message "clamd is not responding". That is why I try the other option to manually start clamd hoping that I would get more information about what is going on.

Konrad

&lt;p&gt;I already compared the conf files line by line and there is not much difference except some new options which have not been there in 0.95. I also tried the option that ClamWall controls clamd but it does not work either. clamd is started (I can see it in the task manager) but soon after it disappears and in the clamwall log I can see a message &quot;clamd is not responding&quot;. That is why I try the other option to manually start clamd hoping that I would get more information about what is going on.&lt;/p&gt;&lt;p&gt;Konrad &lt;/p&gt;

I just tried the same installation + config on another sever and it works perfect even with clamwall (using the IP of the new server instead of 127.0.0.1). So it has to be something specific to that server and not to the config?! Any ideas?

 

Konrad

&lt;p&gt;I just tried the same installation + config on another sever and it works perfect even with clamwall (using the IP of the new server instead of 127.0.0.1). So it has to be something specific to that server and not to the config?! Any ideas?&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;Konrad &lt;/p&gt;

Not sure I can help.  I saw your posting on the Clamav list, but 0.97.7 is still so new I haven't got it into production yet.

How are integrating it into Mercury - standalone or controlled by Clamwall?

&lt;P&gt;Not sure I can help.&amp;nbsp; I saw your posting on the Clamav list, but 0.97.7 is still so new I haven&#039;t got it into production yet.&lt;/P&gt; &lt;P&gt;How are integrating it into Mercury - standalone or controlled by Clamwall?&lt;/P&gt;

Hi,

I tried almost everything now (standalone,  controlled by

clamwall, telnet tests without clamwall...) and nothing works on this

specific win xb sp3 box (vmware image) . It works great on all other

machines. At the moment I'm out of ideas and I'm back to 0.95. I

remember that I tried 0.97.0 some time ago and it did not work either.

Konrad
&lt;p&gt;Hi,&lt;/p&gt;&lt;p&gt;I tried almost everything now (standalone,&amp;nbsp; controlled by clamwall, telnet tests without clamwall...) and nothing works on this specific win xb sp3 box (vmware image) . It works great on all other machines. At the moment I&#039;m out of ideas and I&#039;m back to 0.95. I remember that I tried 0.97.0 some time ago and it did not work either.&lt;/p&gt;Konrad

I have run all .97 version up to .97.6.  Haven't made the changed to .97.7 but you mentioned failure with all .97x so I l looked through my notes to see if I made any regarding v.97.  Not sure if it will help but here's what I found.  Note:  My downloads come from Sourceforge, my ClamAV resides in C:\CLAMAV

How to upgrade ClamAV from an .msi file download:

- Shut down Mercury

- Run the .msi file and install to C:\CLAMAV\MSI then copy the appropriate .dll and .exe files to C:\CLAMAV.

- Compare the .conf in \MSI to the one in \CLAMAV to determine if dramatic changes exist that require replacing the existing .conf files with the newly installed ones.

- Restart Mercury

- Use task manager to verify clamd is running, watch for freshclam to activate

- Check logs for problems

- Uninstall ClamAV via Add/Remove Programs


&lt;p&gt;I have run all .97 version up to .97.6.&amp;nbsp; Haven&#039;t made the changed to .97.7 but you mentioned failure with all .97x so I l looked through my notes to see if I made any regarding v.97.&amp;nbsp; Not sure if it will help but here&#039;s what I found.&amp;nbsp; Note:&amp;nbsp; My downloads come from Sourceforge, my ClamAV resides in C:\CLAMAV &lt;/p&gt;&lt;p&gt;How to upgrade ClamAV from an .msi file download:&lt;/p&gt;&lt;p&gt;- Shut down Mercury&lt;/p&gt;&lt;p&gt;- Run the .msi file and install to C:\CLAMAV\MSI then copy the appropriate .dll and .exe files to C:\CLAMAV. &lt;/p&gt;&lt;p&gt;- Compare the .conf in \MSI to the one in \CLAMAV to determine if dramatic changes exist that require replacing the existing .conf files with the newly installed ones.&lt;/p&gt;&lt;p&gt;- Restart Mercury&lt;/p&gt;&lt;p&gt;- Use task manager to verify clamd is running, watch for freshclam to activate&lt;/p&gt;&lt;p&gt;- Check logs for problems&lt;/p&gt;&lt;p&gt;- Uninstall ClamAV via Add/Remove Programs &lt;/p&gt;&lt;p&gt; &lt;/p&gt;

Konrad,

I have v97.7 working here, Mercury 4.74 on an XP SP3 box.  On thing I noticed is that sometime along the way I placed the .dll files the come in the \Win\System directory of the installer into the C:\CLAMAV folder.  Don't know whether this has anything to do with anything but it is something I noticed while doing the upgrade.  Also discovered msiexec.exe for extracting .msi files.  Much easier than going through the install routine since I only care about the clamd & freshclam parts anyway.

 

&lt;p&gt;Konrad,&lt;/p&gt;&lt;p&gt;I have v97.7 working here, Mercury 4.74 on an XP SP3 box.&amp;nbsp; On thing I noticed is that sometime along the way I placed the .dll files the come in the \Win\System directory of the installer into the C:\CLAMAV folder.&amp;nbsp; Don&#039;t know whether this has anything to do with anything but it is something I noticed while doing the upgrade.&amp;nbsp; Also discovered msiexec.exe for extracting .msi files.&amp;nbsp; Much easier than going through the install routine since I only care about the clamd &amp;amp; freshclam parts anyway. &lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

Thx a lot for your input. Basically I installed and configured it very similar to what you described and the fact that the very same installation works on every other machine I tested with shows me that it must have to do with this one windows installation. However, I'm have no idea how to proceed. I guess I will just stick with the 0.95 installation.

Konrad

&lt;p&gt;Thx a lot for your input. Basically I installed and configured it very similar to what you described and the fact that the very same installation works on every other machine I tested with shows me that it must have to do with this one windows installation. However, I&#039;m have no idea how to proceed. I guess I will just stick with the 0.95 installation.&lt;/p&gt;&lt;p&gt;Konrad &lt;/p&gt;

[quote user="Konrad Hammerer"]

Thx a lot for your input. Basically I installed and configured it very similar to what you described and the fact that the very same installation works on every other machine I tested with shows me that it must have to do with this one windows installation. However, I'm have no idea how to proceed. I guess I will just stick with the 0.95 installation.[/quote]

The "other machines" - are they VMWare images too?  If not it may well be that vmware has some issues with the process.  (I use Virtualbox but haven't tried running Clamav on it yet.)

[quote user=&quot;Konrad Hammerer&quot;] &lt;P&gt;Thx a lot for your input. Basically I installed and configured it very similar to what you described and the fact that the very same installation works on every other machine I tested with shows me that it must have to do with this one windows installation. However, I&#039;m have no idea how to proceed. I guess I will just stick with the 0.95 installation.[/quote]&lt;/P&gt; &lt;P&gt;The &quot;other machines&quot; - are they VMWare images too?&amp;nbsp; If not it may well be that vmware has some issues with the process.&amp;nbsp; (I use Virtualbox but haven&#039;t tried running Clamav on it yet.)&lt;/P&gt;

Some of them, so in principle it is working. But: In the meantime I found another machine (also a vmware image) where it is not working. Still no clue what they have in common and what could cause clamav to stop working...

Konrad

&lt;p&gt;Some of them, so in principle it is working. But: In the meantime I found another machine (also a vmware image) where it is not working. Still no clue what they have in common and what could cause clamav to stop working...&lt;/p&gt;&lt;p&gt;Konrad &lt;/p&gt;

[quote user="Konrad Hammerer"]

Some of them, so in principle it is working. But: In the meantime I found another machine (also a vmware image) where it is not working. Still no clue what they have in common and what could cause clamav to stop working...

Konrad

[/quote]

You could try starting clamd in debug mode (--debug) to get more detail.

[quote user=&quot;Konrad Hammerer&quot;] &lt;P&gt;Some of them, so in principle it is working. But: In the meantime I found another machine (also a vmware image) where it is not working. Still no clue what they have in common and what could cause clamav to stop working...&lt;/P&gt; &lt;P&gt;Konrad &lt;/P&gt; &lt;P&gt;[/quote]&lt;/P&gt; &lt;P&gt;You could try starting clamd in debug mode (--debug) to get more detail.&lt;/P&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft