[ZendTo] Error Message When a User Drops of 6GB file. <<< ClamAV 0.103 bug

Jules Jules at Zend.To
Tue Jan 26 14:43:05 GMT 2021


Anthony,

I have just hit the same problem on our installation of ZendTo here at 
Southampton.

I'm cc-ing this to the mailing list as it's going to become a widespread 
problem.

There's a bug in ClamAV 0.103.
It crashes with a memory allocation failure if you try to scan a file 
bigger than the available RAM in the server/VM.

ClamAV 0.102 works fine.

You can fetch the 0.102 RPMs from here:
https://archives.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/c/

Stop the services
     clamd at scan
     clam-freshclam
     clamav-freshclam
Find all the clamAV RPMs you have installed:
     rpm -qa | grep -i clam
Then use "rpm -e" to remote all of them in 1 command. That stops 
dependency problems.

Then fetch the 0.102 versions from the URL above: you want to install these
     clamav
     clamav-filesystem
     clamav-lib
     clamav-update
     clamd
Do *not* install "clamav-data".

Edit /etc/clamd.d/scan.conf. There's a commented out line mentioning 
"LocalSocket".
Uncomment that line.

Edit /etc/freshclam.conf. There's a commented out line mentioning 
"NotifyClamd".
Uncomment that line so it says
NotifyClamd /etc/clamd.conf
and you should find you still have a link in /etc/clamd.conf that points 
to /etc/clamd.d/scan.conf.


Delete everything in /var/lib/clamav totally. Just leave it as an empty 
directory.
Run the command
     freshclam
once. Ignore its final complaint about being unable to notify clamd. 
That's because you can't start clamd until freshclam has fetched the 
latest virus signatures for you.

Then enable and start the services as follows:
     systemctl enable clamd at scan
     systemctl enable clam-freshclam
     systemctl start clamd at scan

And you should find the problem goes away again.

If you have the time to report this to the ClamAV maintainers, please 
do. No amount of Googling I did yesterday while fixing this myself, 
produced anything useful. So I suspect they don't know yet.

Cheers,
Jules.

On Tue 26/01/21 14:24, Anthony Wilson wrote:
>
> Hi Jules
>
> Thank you for your response and apologies for the delay with mine.
>
> I have cc’d the user, who will be able to respond to the console task 
> and file size.
>
> Please see below the space available
>
> “Filesystem                       Size Used Avail Use% Mounted on
>
> devtmpfs                           3.8G 0  3.8G   0% /dev
>
> tmpfs 3.8G     0  3.8G   0% /dev/shm
>
> tmpfs 3.8G  377M  3.5G  10% /run
>
> tmpfs 3.8G     0  3.8G   0% /sys/fs/cgroup
>
> /dev/mapper/vg_root-lv_root   91G  4.3G 87G   5% /
>
> /dev/mapper/dropoff-vol1     300G  9.3G 291G   4% /var/zendto/dropoffs
>
> /dev/sda1                          1014M 275M  740M  28% /boot
>
> tmpfs 777M     0  777M   0% /run/user/0”
>
> Please see the error in the log file similar to the initial issue.
>
> “zendto.log:2021-01-23 19:29:24 172.19.48.98 [ZendTo]: Error: Virus 
> scan of dropped-off files 
> /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1 for awitney 
> failed with /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1: 
> Can't allocate memory ERROR  ----------- SCAN SUMMARY ----------- 
> Infected files: 0 Total errors: 1 Time: 0.020 sec (0 m 0 s) Start 
> Date: 2021:01:23 19:29:24 End Date:   2021:01:23 19:29:24”
>
> Kind regards
>
> Anthony
>
> *From:*Jules <Jules at Zend.To>
> *Sent:* 19 January 2021 09:47
> *To:* Anthony Wilson <akwilson at sgul.ac.uk>
> *Subject:* Re: Error Message When a User Drops of 6GB file.
>
> Hi Anthony,
>
> Can you ask him, when he gets these errors, to take a look in the 
> JavaScript console of his web browser and see if anything is reported 
> there? He basically needs to show the developer console 
> (right-clicking anywhere in the page and doing "Inspect Element" is 
> one of the most obvious ways), then click on the "Console" tab and 
> ensure it is showing "All" log entries).
>
> Also, does your zendto.log report anything at this point?
> All the output from the virus checker will be logged in there.
>
> As it's a tar.gz file, how big is it when unpacked? Have you got 
> enough space in /var/zendto/incoming (and /var/zendto in general), and 
> /tmp for the virus scanner to unpack the compressed archive? You might 
> be simply running out of temporary disk space that clamd needs.
>
> Hope that helps,
> Jules.
>
> On Fri 08/01/21 13:58, Anthony Wilson wrote:
>
>     Hi Support
>
>     We have a user (Adam) that is receiving a misleading message when
>     dropping of a file (see attached). However the user has confirmed
>     that the recipient successfully received the files.
>
>     The process the user took is shown below
>
>     “Hi Anthony Details are 6Gb tar.gz file, unencrypted, being
>     uploaded from an NFS share through a Desktop Windows 10 machine.
>     Uploaded using Edge (not sure the version, but it is the new Chome
>     based one on my SGUL machine) Thanks Adam”
>
>     Please can you assist.
>
>     Kind regards
>
>     Anthony Wilson
>
>     Computing Services
>
>     St Georges - University of London
>
>     Telephone: +44 208 725 5435
>
>     email: akwilson at sgul.ac.uk <mailto:akwilson at sgul.ac.uk>
>
>     website: http://www.sgul.ac.uk/ <http://www.sgul.ac.uk/>
>
>
>
> Jules
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> The current UK shipping forecast:
> Forties, Cromarty, Forth, Tyne: Southwest 4 to 6, becoming variable 3, then
> cyclonic 4 to 6 later. Slight or moderate, occasionally rough in Forties.
> Rain. Good, occasionally poor.
> www.Zend.To  <http://www.Zend.To>
> Twitter: @JulesFM

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'Is the Holocaust an aberration, or a reflection of who we really are?'
  - Holocaust Museum, Berlin

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20210126/61243ccd/attachment-0001.html>


More information about the ZendTo mailing list