[ZendTo] Error Message When a User Drops of 6GB file. <<< ClamAV 0.103 bug

Anthony Wilson akwilson at sgul.ac.uk
Wed Jan 27 08:27:59 GMT 2021


Hi Jules

Thank you for the update.

I will attempt to change the version during our ‘At Risk’ period, which is next Tuesday 7am and will update you.

Kind regards

Anthony

From: Jules <Jules at Zend.To>
Sent: 26 January 2021 14:43
To: Anthony Wilson <akwilson at sgul.ac.uk>
Cc: Adam Witney <awitney at sgul.ac.uk>; ZendTo Users <zendto at zend.to>
Subject: Re: Error Message When a User Drops of 6GB file. <<< ClamAV 0.103 bug

Anthony,

I have just hit the same problem on our installation of ZendTo here at Southampton.

I'm cc-ing this to the mailing list as it's going to become a widespread problem.

There's a bug in ClamAV 0.103.
It crashes with a memory allocation failure if you try to scan a file bigger than the available RAM in the server/VM.

ClamAV 0.102 works fine.

You can fetch the 0.102 RPMs from here:
    https://archives.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/c/

Stop the services
    clamd at scan
    clam-freshclam
    clamav-freshclam
Find all the clamAV RPMs you have installed:
    rpm -qa | grep -i clam
Then use "rpm -e" to remote all of them in 1 command. That stops dependency problems.

Then fetch the 0.102 versions from the URL above: you want to install these
    clamav
    clamav-filesystem
    clamav-lib
    clamav-update
    clamd
Do *not* install "clamav-data".

Edit /etc/clamd.d/scan.conf. There's a commented out line mentioning "LocalSocket".
Uncomment that line.

Edit /etc/freshclam.conf. There's a commented out line mentioning "NotifyClamd".
Uncomment that line so it says
NotifyClamd /etc/clamd.conf
and you should find you still have a link in /etc/clamd.conf that points to /etc/clamd.d/scan.conf.


Delete everything in /var/lib/clamav totally. Just leave it as an empty directory.
Run the command
    freshclam
once. Ignore its final complaint about being unable to notify clamd. That's because you can't start clamd until freshclam has fetched the latest virus signatures for you.

Then enable and start the services as follows:
    systemctl enable clamd at scan
    systemctl enable clam-freshclam
    systemctl start clamd at scan

And you should find the problem goes away again.

If you have the time to report this to the ClamAV maintainers, please do. No amount of Googling I did yesterday while fixing this myself, produced anything useful. So I suspect they don't know yet.

Cheers,
Jules.
On Tue 26/01/21 14:24, Anthony Wilson wrote:
Hi Jules

Thank you for your response and apologies for the delay with mine.

I have cc’d the user, who will be able to respond to the console task and file size.

Please see below the space available

“Filesystem                       Size  Used Avail Use% Mounted on
devtmpfs                           3.8G     0  3.8G   0% /dev
tmpfs                                  3.8G     0  3.8G   0% /dev/shm
tmpfs                                  3.8G  377M  3.5G  10% /run
tmpfs                                  3.8G     0  3.8G   0% /sys/fs/cgroup
/dev/mapper/vg_root-lv_root   91G  4.3G   87G   5% /
/dev/mapper/dropoff-vol1     300G  9.3G  291G   4% /var/zendto/dropoffs
/dev/sda1                          1014M  275M  740M  28% /boot
tmpfs                                  777M     0  777M   0% /run/user/0”

Please see the error in the log file similar to the initial issue.

“zendto.log:2021-01-23 19:29:24 172.19.48.98 [ZendTo]: Error: Virus scan of dropped-off files  /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1 for awitney failed with /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1: Can't allocate memory ERROR  ----------- SCAN SUMMARY ----------- Infected files: 0 Total errors: 1 Time: 0.020 sec (0 m 0 s) Start Date: 2021:01:23 19:29:24 End Date:   2021:01:23 19:29:24”

Kind regards

Anthony

From: Jules <Jules at Zend.To><mailto:Jules at Zend.To>
Sent: 19 January 2021 09:47
To: Anthony Wilson <akwilson at sgul.ac.uk><mailto:akwilson at sgul.ac.uk>
Subject: Re: Error Message When a User Drops of 6GB file.

Hi Anthony,

Can you ask him, when he gets these errors, to take a look in the JavaScript console of his web browser and see if anything is reported there? He basically needs to show the developer console (right-clicking anywhere in the page and doing "Inspect Element" is one of the most obvious ways), then click on the "Console" tab and ensure it is showing "All" log entries).

Also, does your zendto.log report anything at this point?
All the output from the virus checker will be logged in there.

As it's a tar.gz file, how big is it when unpacked? Have you got enough space in /var/zendto/incoming (and /var/zendto in general), and /tmp for the virus scanner to unpack the compressed archive? You might be simply running out of temporary disk space that clamd needs.

Hope that helps,
Jules.
On Fri 08/01/21 13:58, Anthony Wilson wrote:
Hi Support

We have a user (Adam) that is receiving a misleading message when dropping of a file (see attached).  However the user has confirmed that the recipient successfully received the files.

The process the user took is shown below
“Hi Anthony Details are 6Gb tar.gz file, unencrypted, being uploaded from an NFS share through a Desktop Windows 10 machine. Uploaded using Edge (not sure the version, but it is the new Chome based one on my SGUL machine) Thanks Adam”

Please can you assist.

Kind regards



Anthony Wilson
Computing Services
St Georges - University of London
Telephone: +44 208 725 5435
email: akwilson at sgul.ac.uk<mailto:akwilson at sgul.ac.uk>
website: http://www.sgul.ac.uk/





Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



The current UK shipping forecast:

Forties, Cromarty, Forth, Tyne: Southwest 4 to 6, becoming variable 3, then

cyclonic 4 to 6 later. Slight or moderate, occasionally rough in Forties.

Rain. Good, occasionally poor.



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM



Jules



--

Julian Field MEng CEng CITP MBCS MIEEE MACM



'Is the Holocaust an aberration, or a reflection of who we really are?'

 - Holocaust Museum, Berlin



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20210127/f09f54cf/attachment-0001.html>


More information about the ZendTo mailing list