« WordPress security tip | Main | Clamping down on spam »
June 10, 2006
freshclam: "Problem with internal logger"
Yesterday I received notification that an hourly freshclam update had failed on my Red Hat Enterprise Linux box. Overnight I continued to receive hourly notifications, each saying the following:
/etc/cron.hourly/freshclam:
ERROR: Problem with internal logger.
I found the explanation here: that there was a hung freshclam process lingering on the system.
The solution? Kill the process and run freshclam manually (slightly edited to shorten long lines):
$ ps auxww | grep fresh root 13372 0.0 0.0 2132 880 ? S Jun09 0:00 /bin/sh /etc/cron.hourly/freshclam clamav 13373 0.0 0.0 2424 896 ? S Jun09 0:00 /usr/local/bin/freshclam --quiet root 13374 0.0 0.0 1948 596 ? S Jun09 0:00 awk -v progname=/etc/cron.hourly/freshclam obfuscat 23287 0.0 0.0 4772 676 pts/0 S 08:14 0:00 grep fresh $ sudo kill 13372 $ ps auxww | grep fresh clamav 13373 0.0 0.0 2424 896 ? S Jun09 0:00 /usr/local/bin/freshclam --quiet root 13374 0.0 0.0 1948 596 ? S Jun09 0:00 awk -v progname=/etc/cron.hourly/freshclam obfuscat 23299 0.0 0.0 4752 672 pts/0 S 08:15 0:00 grep fresh $ sudo kill 13373 $ ps auxww | grep fresh obfuscat 23306 0.0 0.0 4752 672 pts/0 S 08:15 0:00 grep fresh $ sudo /usr/local/bin/freshclam ClamAV update process started at Sat Jun 10 08:15:34 2006 Downloading main.cvd [*] main.cvd updated (version: 39, sigs: 58116, f-level: 8, builder: tkojm) Downloading daily.cvd [*] daily.cvd updated (version: 1524, sigs: 903, f-level: 8, builder: tkojm) Database updated (59019 signatures) from db.us.clamav.net (IP: 63.236.138.5) Clamd successfully notified about the update.
This is what I saw in the /var/log/freshclam.log file; firstly, the last successful update:
-------------------------------------- ClamAV update process started at Fri Jun 9 15:01:01 2006 main.cvd is up to date (version: 38, sigs: 51206, f-level: 7, builder: tkojm) daily.cvd is up to date (version: 1523, sigs: 7866, f-level: 8, builder: sven)
Then problems accessing the mirrors:
-------------------------------------- ClamAV update process started at Fri Jun 9 16:01:01 2006 ERROR: Mirrors are not fully synchronized. Please try again later. Trying again in 5 secs... ClamAV update process started at Fri Jun 9 16:02:12 2006 ERROR: Mirrors are not fully synchronized. Please try again later. Trying again in 5 secs... ClamAV update process started at Fri Jun 9 16:03:08 2006 ERROR: Error while reading database from db.us.clamav.net ERROR: Can't download main.cvd from db.us.clamav.net (IP: 216.24.174.245) Giving up on db.us.clamav.net... ClamAV update process started at Fri Jun 9 16:12:41 2006 ERROR: Mirrors are not fully synchronized. Please try again later. Trying again in 5 secs... ClamAV update process started at Fri Jun 9 16:13:36 2006 ERROR: Verification: Broken or not a CVD file Trying again in 5 secs... ClamAV update process started at Fri Jun 9 16:13:44 2006 ERROR: Error while reading database from database.clamav.net ERROR: Can't download main.cvd from database.clamav.net (IP: 63.166.28.8) Giving up on database.clamav.net... ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working. ERROR: Update failed. Your network may be down or none of the mirrors listed in freshclam.conf is working.
And on the next hourly run, the hung process:
-------------------------------------- ClamAV update process started at Fri Jun 9 17:01:01 2006
Finally, the manual update performed after killing the hung process:
-------------------------------------- ClamAV update process started at Sat Jun 10 08:15:34 2006 main.cvd updated (version: 39, sigs: 58116, f-level: 8, builder: tkojm) daily.cvd updated (version: 1524, sigs: 903, f-level: 8, builder: tkojm) Database updated (59019 signatures) from db.us.clamav.net (IP: 63.236.138.5) Clamd successfully notified about the update.
Posted by wincent at June 10, 2006 03:25 PM
