AV timeout?

Michael Scheidell michael.scheidell at secnap.com
Wed Jun 29 15:26:22 CEST 2011 

On 6/29/11 3:36 AM, Ralf Hildebrandt wrote:
>> but, if clamav hung on the primary (like it has done twice since
>> >  upgrading to 0.97.1),
> Ah, it's happening to you as well? Happened here twice or three times
> already:(
>
>> >  amavisd just seems to sit there till I totally kill clamd with a
>> >  sigsegv.
> Yeah, same here.
>
freebsd? amd64?  what version of Freebsd?

I posted to clamav list, and they gave me a POSSIBLE 'fat finger' that 
might be causing it.

I am going to try this below and see if it helps.

clamav also asked, that once it hangs, can we use this to generate a 
core file:

If you still have one of those hung 0.97.1 (or come across in the future) can you run
$ gcore<pid>

This should generate a core file of the hung process that can be investigated later
(as long as you still have the coresponding clamd and libclamav binaries too).



Best regards,



-------- Original Message --------
Subject: 	Re: [clamav-users] 0.97.1 rumor pile? bad safebrowsing update 
file?
Date: 	Tue, 28 Jun 2011 22:23:20 +0300
From: 	Török Edwin <edwin at clamav.net>
Reply-To: 	ClamAV users ML <clamav-users at lists.clamav.net>
To: 	<clamav-users at lists.clamav.net>



On 06/28/2011 10:01 PM, Michael Scheidell wrote:
>
>
>  On 6/28/11 2:49 PM, Török Edwin wrote:
>>  If you still have one of those hung 0.97.1 (or come across in the future) can you run
>>  $ gcore<pid>
>>
>>  This should generate a core file of the hung process that can be investigated later
>>  (as long as you still have the coresponding clamd and libclamav binaries too).
>>
>>  Best regards,
>>  --Edwin
>
>  yes, but darn clients start whining when they can't get their facebook invites immediately :-)
>
>  trying to reproduce in lab with daily and safebrowsing files, also, trying with the emails that made it hang.
>
>  left some backup systems still running 0.97.1 in the field.. if a backup system fails, we can leave it hung till we figure out what happened.
>
>  so, WHAT that might affect threading did you change from 0.97 to 0.97.1?  also, this affected boxes running TCP socket, as well as running unix sock.
>
>  and, only on amd64 boxes.. all the i386/32bix boxes are fine.
>
>

Maybe this one:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=bbfe830c935837cfc357541cb307a7b863394abb;hp=d9ff9e65080d7c70de722e174d365d3b2cb312d3

But it survived a full regression test here (Linux/amd64).

Will go through the code again tomorrow and see if I can make it deadlock.

Best regards,
--Edwin



-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator


______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20110629/3451663f/attachment.html>

More information about the amavis-users mailing list