[ZendTo] Error Message When a User Drops of 6GB file. <<< ClamAV 0.103 bug
Jules
Jules at Zend.To
Tue Jan 26 14:43:05 GMT 2021
Anthony,
I have just hit the same problem on our installation of ZendTo here at
Southampton.
I'm cc-ing this to the mailing list as it's going to become a widespread
problem.
There's a bug in ClamAV 0.103.
It crashes with a memory allocation failure if you try to scan a file
bigger than the available RAM in the server/VM.
ClamAV 0.102 works fine.
You can fetch the 0.102 RPMs from here:
https://archives.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/c/
Stop the services
clamd at scan
clam-freshclam
clamav-freshclam
Find all the clamAV RPMs you have installed:
rpm -qa | grep -i clam
Then use "rpm -e" to remote all of them in 1 command. That stops
dependency problems.
Then fetch the 0.102 versions from the URL above: you want to install these
clamav
clamav-filesystem
clamav-lib
clamav-update
clamd
Do *not* install "clamav-data".
Edit /etc/clamd.d/scan.conf. There's a commented out line mentioning
"LocalSocket".
Uncomment that line.
Edit /etc/freshclam.conf. There's a commented out line mentioning
"NotifyClamd".
Uncomment that line so it says
NotifyClamd /etc/clamd.conf
and you should find you still have a link in /etc/clamd.conf that points
to /etc/clamd.d/scan.conf.
Delete everything in /var/lib/clamav totally. Just leave it as an empty
directory.
Run the command
freshclam
once. Ignore its final complaint about being unable to notify clamd.
That's because you can't start clamd until freshclam has fetched the
latest virus signatures for you.
Then enable and start the services as follows:
systemctl enable clamd at scan
systemctl enable clam-freshclam
systemctl start clamd at scan
And you should find the problem goes away again.
If you have the time to report this to the ClamAV maintainers, please
do. No amount of Googling I did yesterday while fixing this myself,
produced anything useful. So I suspect they don't know yet.
Cheers,
Jules.
On Tue 26/01/21 14:24, Anthony Wilson wrote:
>
> Hi Jules
>
> Thank you for your response and apologies for the delay with mine.
>
> I have cc’d the user, who will be able to respond to the console task
> and file size.
>
> Please see below the space available
>
> “Filesystem Size Used Avail Use% Mounted on
>
> devtmpfs 3.8G 0 3.8G 0% /dev
>
> tmpfs 3.8G 0 3.8G 0% /dev/shm
>
> tmpfs 3.8G 377M 3.5G 10% /run
>
> tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup
>
> /dev/mapper/vg_root-lv_root 91G 4.3G 87G 5% /
>
> /dev/mapper/dropoff-vol1 300G 9.3G 291G 4% /var/zendto/dropoffs
>
> /dev/sda1 1014M 275M 740M 28% /boot
>
> tmpfs 777M 0 777M 0% /run/user/0”
>
> Please see the error in the log file similar to the initial issue.
>
> “zendto.log:2021-01-23 19:29:24 172.19.48.98 [ZendTo]: Error: Virus
> scan of dropped-off files
> /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1 for awitney
> failed with /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1:
> Can't allocate memory ERROR ----------- SCAN SUMMARY -----------
> Infected files: 0 Total errors: 1 Time: 0.020 sec (0 m 0 s) Start
> Date: 2021:01:23 19:29:24 End Date: 2021:01:23 19:29:24”
>
> Kind regards
>
> Anthony
>
> *From:*Jules <Jules at Zend.To>
> *Sent:* 19 January 2021 09:47
> *To:* Anthony Wilson <akwilson at sgul.ac.uk>
> *Subject:* Re: Error Message When a User Drops of 6GB file.
>
> Hi Anthony,
>
> Can you ask him, when he gets these errors, to take a look in the
> JavaScript console of his web browser and see if anything is reported
> there? He basically needs to show the developer console
> (right-clicking anywhere in the page and doing "Inspect Element" is
> one of the most obvious ways), then click on the "Console" tab and
> ensure it is showing "All" log entries).
>
> Also, does your zendto.log report anything at this point?
> All the output from the virus checker will be logged in there.
>
> As it's a tar.gz file, how big is it when unpacked? Have you got
> enough space in /var/zendto/incoming (and /var/zendto in general), and
> /tmp for the virus scanner to unpack the compressed archive? You might
> be simply running out of temporary disk space that clamd needs.
>
> Hope that helps,
> Jules.
>
> On Fri 08/01/21 13:58, Anthony Wilson wrote:
>
> Hi Support
>
> We have a user (Adam) that is receiving a misleading message when
> dropping of a file (see attached). However the user has confirmed
> that the recipient successfully received the files.
>
> The process the user took is shown below
>
> “Hi Anthony Details are 6Gb tar.gz file, unencrypted, being
> uploaded from an NFS share through a Desktop Windows 10 machine.
> Uploaded using Edge (not sure the version, but it is the new Chome
> based one on my SGUL machine) Thanks Adam”
>
> Please can you assist.
>
> Kind regards
>
> Anthony Wilson
>
> Computing Services
>
> St Georges - University of London
>
> Telephone: +44 208 725 5435
>
> email: akwilson at sgul.ac.uk <mailto:akwilson at sgul.ac.uk>
>
> website: http://www.sgul.ac.uk/ <http://www.sgul.ac.uk/>
>
>
>
> Jules
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
> The current UK shipping forecast:
> Forties, Cromarty, Forth, Tyne: Southwest 4 to 6, becoming variable 3, then
> cyclonic 4 to 6 later. Slight or moderate, occasionally rough in Forties.
> Rain. Good, occasionally poor.
> www.Zend.To <http://www.Zend.To>
> Twitter: @JulesFM
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Is the Holocaust an aberration, or a reflection of who we really are?'
- Holocaust Museum, Berlin
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20210126/61243ccd/attachment-0001.html>
More information about the ZendTo
mailing list