SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004162: clamd crash, tcp socket should be monitored - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004162Endian FirewallProxy HTTPpublic2011-09-20 09:302013-04-23 14:17
Reporterluca-endian 
Assigned Toardit-endian 
PrioritynormalSeveritymajorReproducibilityrandom
StatusresolvedResolutionno change required 
PlatformOSOS Version
Product Version2.4.1 
Target VersionFixed in Version 
Summary0004162: clamd crash, tcp socket should be monitored
DescriptionHi Guys,

this happens randomly:

Sep 2 09:19:46 xxx havp[3818]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://www.google.it/ [^])
Sep 2 09:19:47 xxx havp[3824]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:20:45 xxx havp[3813]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:20:45 xxx havp[3811]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl [^])
Sep 2 09:21:06 xxx havp[4051]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:21:06 xxx havp[4034]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://check.sanasecurity.com/ [^])
Sep 2 09:21:06 xxx havp[4034]: 127.0.0.1 POST 200 http://check.sanasecurity.com/ [^] 264+495 SCANERROR Clamd: Could not connect to scanner socket

**POSSIBLE SOLUTION**

We should check the clamd socket with monit, which is pretty easy since monit support the CLAMAV protocol!

root@xxx:/etc/monit.d # cat clamd.conf
 check process clamd with pidfile /var/run/clamav/clamd.pid
   group virus
   start program = "/etc/init.d/clamd start"
   stop program = "/etc/init.d/clamd stop"
   if failed host 127.0.0.1 port 3310 protocol CLAMAV for 5 cycle then restart
   if 5 restarts within 5 cycles then timeout
   depends on clamavd_bin
   mode manual

 check file clamavd_bin with path /usr/sbin/clamd
   group virus
   if failed checksum then unmonitor
   if failed permission 755 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor
   mode manual

This would increase reliability for http proxy and smtp proxy as well!
What you think?
Tagspurple
Attached Files

- Relationships
related to 0003476confirmedpeter-endian Endian Firewall clamd crashed 

-  Notes
(0008426)
ardit-endian (developer)
2013-04-23 14:16

this happens also on 2.5 full up to date, after dedicated tests :D and monitoring the problem is caused *somehow* by the updates, if the updates are weekley happens but if are set to daily doesn't happen anymore.
(0008427)
ardit-endian (developer)
2013-04-23 14:17

set the update to daily for the antivirus and will not happen

- Issue History
Date Modified Username Field Change
2011-09-20 09:30 luca-endian New Issue
2011-09-20 09:36 luca-endian Tag Attached: purple
2011-09-20 09:36 luca-endian Relationship added related to 0003080
2011-09-20 09:36 luca-endian Relationship added related to 0003476
2013-04-23 14:16 ardit-endian Note Added: 0008426
2013-04-23 14:17 ardit-endian Note Added: 0008427
2013-04-23 14:17 ardit-endian Status new => resolved
2013-04-23 14:17 ardit-endian Resolution open => no change required
2013-04-23 14:17 ardit-endian Assigned To => ardit-endian

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker