On a proxy server and on a mail server with clamav (0.98 and 0.98.1), the freshclam daemon occasionally dies after logrotate. On some other machines with the same setup this doesn't happen - although there are not so busy. Pids at /run/clamav/{clamd,freshclam}.pid exist, but only clamd is running, freshclam is dead. There are no warnings in dmesg that thery were killed because pax or whatever. Last words from freshclam in /var/log/freshclam.log were: ClamAV update process started at Sun Feb 9 03:10:02 2014 main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Normally it should look like this: ClamAV update process started at Sat Feb 8 03:10:02 2014 main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo) Downloading daily-18452.cdiff [100%] daily.cld updated (version: 18452, sigs: 690750, f-level: 63, builder: neo) bytecode.cld is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard) Database updated (3115018 signatures) from database.clamav.net (IP: 198.148.78.4) Clamd successfully notified about the update. Marcin reported (https://bugs.gentoo.org/show_bug.cgi?id=498334) that clamav cannot be stopped after running for several days/weeks, thus I tried to modify /etc/logrotate.d/clamav to: /var/log/clamav/freshclam.log { daily rotate 30 This didn't help. I also tried to send SIGHUP to freshclam multiple times, it survived. Portage 2.2.7 (hardened/linux/amd64, gcc-4.7.3, glibc-2.17, 3.10.1-hardened-r1 x86_64) ================================================================= System uname: Linux-3.10.1-hardened-r1-x86_64-Intel-R-_Xeon-R-_CPU_X5680_@_3.33GHz-with-gentoo-2.2 KiB Mem: 6112480 total, 349068 free KiB Swap: 0 total, 0 free Timestamp of tree: Mon, 03 Feb 2014 05:45:01 +0000 ld GNU ld (GNU Binutils) 2.23.2 app-shells/bash: 4.2_p45 dev-lang/python: 2.7.5-r3, 3.3.2-r2 dev-util/pkgconfig: 0.28 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.12.4 sys-apps/sandbox: 2.6-r1 sys-devel/autoconf: 2.69 sys-devel/automake: 1.11.6, 1.12.6, 1.13.4 sys-devel/binutils: 2.23.2 sys-devel/gcc: 4.7.3-r1 sys-devel/gcc-config: 1.7.3 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.9 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-mtune=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/dansguardian/languages /usr/share/gnupg/qualified.txt /var/bind" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-mtune=native -O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://tux.rainside.sk/gentoo/ http://gentoo.wheel.sk/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" USE="acl amd64 berkdb bzip2 cli cracklib crypt cxx dri gdbm hardened iconv justify mmx modules multilib ncurses nls nptl openmp pam pax_kernel pcre readline session sse sse2 ssl tcpd unicode urandom xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authz_host dir mime log_config log_forensic alias actions status info rewrite auth_digest authn_file authn_core authz_user authz_core unixd socache_shmcb" APACHE2_MPMS="event" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" RUBY_TARGETS="ruby19 ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
not sure why this went to net-mail but channging to antivirus. could you test the newer versions too if possible? (I just commited 0.98.4)
Upgrading to 0.98.4 didn't help.
is this still an issue with the current versions?
Yes, it still happens. Monit with automatic restart comes to the rescue.
please let me know if you still have a problem with current versions
Yes, it still happens from time to time. It's pretty random.
