說(shuō)明ClamAV 在北京時(shí)間2016年10月22日凌晨提供的病毒庫(kù)更新����,有可能使某些版本 clamd 不能提供掃描服務(wù)及 clamscan 工作模式異常。 根據(jù)Amavisd-new配置�,這現(xiàn)象將導(dǎo)致郵件隊(duì)列堆積。按照以下步驟解決問(wèn)題后��,用戶(hù)已通過(guò)WebMail�����、客戶(hù)端發(fā)送的郵件無(wú)需重新發(fā)送��。 目前可推測(cè)受影響的 程序版本 為 0.97����,病毒庫(kù)日期 為 22日及以后��。 根據(jù)官方對(duì)版本的公告��,0.97版本(引擎程序��,非病毒庫(kù))已不再更新及支持��,所以建議ClamAV使用者均更新到0.98及以后的版本(最新為0.99)��。 相關(guān)報(bào)錯(cuò): - /var/log/clamav/clamd.log
- /var/log/clamav/freshclam.log
- 在重啟 clamd 服務(wù)時(shí)標(biāo)準(zhǔn)錯(cuò)誤輸出
LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.
相關(guān)鏈接: - http://lists./pipermail/clamav-users/2016-October/003542.html (ClamAV作者回復(fù)網(wǎng)友對(duì)此次故障的問(wèn)題��,提醒0.97已終止支持)
- http://lists./pipermail/clamav-announce/2016/000022.html (0.97壽終正寢公告)
- http:///questions/810739/clamav-error-mpool-malloc-attempt-to-allocate-8388608-bytes
- https:///~kawakazu/journal/607032/
- http://www.extmail.org/
檢查當(dāng)前 ClamAV 是否有此次報(bào)告的故障查看操作系統(tǒng)版本# cat /etc/redhat-release
EMOS 1.6 (Community)
如果非 EMOS1.6 x86_64 發(fā)行版本# uname -a
Linux hostname 2.6.32-71.el6.x86_64 #1 SMP Tue Nov 23 06:49:13 CST 2010 x86_64 x86_64 x86_64 GNU/Linux
# 以此確認(rèn) el5/el6, x86/x86_64
查看ClamAV程序/病毒庫(kù)版本# clamd -V
ClamAV 0.97/22412/Sun Oct 23 02:00:00 2016
# 如上����,0.97版本��,2016/10/23的病毒庫(kù)��,即為有出問(wèn)題的程序/病毒庫(kù)的可能組合
查看是否有 clamscan 僵尸進(jìn)程# ps aux |grep clam
clamav 1140 0.9 1.3 440284 109396 ? Rsl May06 2337:04 clamd
clamav 1561 0.0 0.0 30956 1660 ? Ss May06 124:10 /usr/bin/freshclam --daemon
amavis 12087 1.9 0.0 0 0 ? Z Oct23 5:53 [clamscan] <defunct>
amavis 13286 2.3 0.0 0 0 ? Z Oct23 6:01 [clamscan] <defunct>
# ... 此處省略多行僵尸進(jìn)程列表��,數(shù)量視amavisd調(diào)用情況
root 19143 0.0 0.0 9196 1228 ? SN Oct23 0:00 /bin/sh /etc/cron.daily/freshclam
root 19144 0.0 0.0 9080 832 ? SN Oct23 0:00 awk -v progname /etc/cron.daily/freshclam progname {????? print progname ":\n"????? progname="";???? }???? { print; }
clamav 19145 0.0 0.0 31056 1944 ? SN Oct23 0:05 /usr/bin/freshclam --quiet --datadir=/var/clamav --log=/var/log/clamav/freshclam.log --daemon-notify=/etc/clamd.conf
amavis 20108 100 1.2 132232 104636 ? R Oct23 4:05 /usr/bin/clamscan --stdout --no-summary -r --tempdir=/var/spool/vscan/tmp /var/spool/vscan/tmp/amavis-20161023T235849-13588/parts
# 至此已可初步認(rèn)為ClamAV有故障問(wèn)題
查看隊(duì)列有否帶 ClamAV 錯(cuò)誤的返回狀態(tài)# mailq
B891FBC17B4 8877 Sun Oct 23 04:00:01 root@mail.xxx.com
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=13588-07, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of DATA command))
postmaster@xxx.com
續(xù)上���,觀察郵件投遞狀態(tài)# tail -f /var/log/maillog
Oct 24 00:05:18 hostname amavis[13588]: (13588-08) (!)killing process [20108] running ClamAV-clamscan (reason: on reading: timed out)
Oct 24 00:05:19 hostname amavis[13588]: (13588-08) (!)process [20108] running ClamAV-clamscan is still alive, using a bigger hammer
Oct 24 00:05:19 hostname amavis[13588]: (13588-08) (!)run_av (ClamAV-clamscan): collect_results - reading aborted: timed out at /usr/sbin/amavisd line 3313.
Oct 24 00:05:19 hostname amavis[13588]: (13588-08) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan collect_results - reading aborted: timed out at /usr/sbin/amavisd line 3313. at (eval 90) line 594.
Oct 24 00:05:19 hostname amavis[13588]: (13588-08) (!!)TROUBLE in check_mail: virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED
Oct 24 00:05:19 hostname amavis[13588]: (13588-08) (!)PRESERVING EVIDENCE in /var/spool/vscan/tmp/amavis-20161023T235849-13588
Oct 24 00:05:19 hostname postfix/smtp[20080]: 48602BC17CE: to=<xxx@xxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=30199, delays=29809/0.01/0.01/390, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=13588-08, virus_scan FAILED: AV: ALL VIRUS SCANNERS FAILED (in reply to end of DATA command))
至此�����,如上述情況均被發(fā)現(xiàn)�,則確認(rèn)當(dāng)前 ClamAV 發(fā)生故障�����,需要升級(jí)解決
臨時(shí)提供不帶病毒掃描的郵件投遞服務(wù)暫停 Amavisd-new 的 ClamAV 調(diào)用# vim /etc/amavisd.conf
# 注釋如下兩個(gè)配置項(xiàng)
...
156
157 #@av_scanners = (
158 # ['ClamAV-clamd',
159 # \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
160 # qr/\bOK$/, qr/\bFOUND$/,
161 # qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
162 #);
163 #
164 #@av_scanners_backup = (
165 # ['ClamAV-clamscan', 'clamscan',
166 # "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
167 # [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
168 #);
169
...
重啟 Amavisd-new 服務(wù)# /etc/init.d/amavisd restart
Shutting down Mail Virus Scanner (amavisd): Daemon [22260] terminated by SIGTERM
Starting Mail Virus Scanner (amavisd): [ OK ]
刷新隊(duì)列# 刷新隊(duì)列以投遞滯留的郵件�����,臨時(shí)提供郵件投遞服務(wù)
# postqueue -f
解決 ClamAV 故障關(guān)閉所有 ClamAV 相關(guān)的程序# /etc/init.d/clamd stop
Stopping Clam AntiVirus Daemon: Hangup
# killall -15 freshclam
# killall -9 clamscan
# ps aux |grep clam |grep -v grep
# 直至 grep 無(wú)結(jié)果
下載/升級(jí)安裝較新版本的 ClamAV相關(guān)軟件包# rpm -qa |grep clam
clamd-0.97-1.el6.rf.x86_64
clamav-0.97-1.el6.rf.x86_64
clamav-devel-0.97-1.el6.rf.x86_64
clamav-db-0.97-1.el6.rf.x86_6
# 視當(dāng)前安裝的軟件包���,已安裝的����,下載對(duì)應(yīng)較新版本的軟件包
# wget 下載
# el6_x86_64
http://mirror./repofo ... 1.el6.rf.x86_64.rpm
http://mirror./repofo ... 1.el6.rf.x86_64.rpm
http://mirror./repofo ... 1.el6.rf.x86_64.rpm
http://mirror./repofo ... 1.el6.rf.x86_64.rpm
# 如當(dāng)前為 el5 或 x86 系統(tǒng)版本�,修改 URL 路徑中 el6 為 el5, x86_64 為 i386 或 i686
# 如 el5_x86 http://mirror./repoforge/redhat/[el5]/en/[i386]/dag/RPMS/clamav-0.98.4-1.[el5].rf.[i386].rpm
# el5_x86_64 [el5][x86_64][el5][x86_64]
# el6_x86 [el6][i386][el6][i686]
# 升級(jí)安裝
# rpm -Uvh clam*.rpm
# 啟動(dòng) clamd 服務(wù)
# /etc/init.d/clamd restart
Stopping Clam AntiVirus Daemon: [FAILED]
Starting Clam AntiVirus Daemon: [ OK ]
恢復(fù) Amavisd-new 的 ClamAV 調(diào)用# vim /etc/amavisd.conf
# 參考上文撤銷(xiāo)注釋
# /etc/init.d/amavisd restart
Shutting down Mail Virus Scanner (amavisd): Daemon [20823] terminated by SIGTERM
Starting Mail Virus Scanner (amavisd): [ OK ]
檢查/設(shè)置 ClamAV 開(kāi)機(jī)啟動(dòng)# chkconfig --list |grep clamd
# chkconfig clamd on
|
