[ZendTo] Error Message When a User Drops of 6GB file. <<< ClamAV 0.103 bug
Anthony Wilson
akwilson at sgul.ac.uk
Wed Jan 27 08:27:59 GMT 2021
Hi Jules
Thank you for the update.
I will attempt to change the version during our ‘At Risk’ period, which is next Tuesday 7am and will update you.
Kind regards
Anthony
From: Jules <Jules at Zend.To>
Sent: 26 January 2021 14:43
To: Anthony Wilson <akwilson at sgul.ac.uk>
Cc: Adam Witney <awitney at sgul.ac.uk>; ZendTo Users <zendto at zend.to>
Subject: Re: Error Message When a User Drops of 6GB file. <<< ClamAV 0.103 bug
Anthony,
I have just hit the same problem on our installation of ZendTo here at Southampton.
I'm cc-ing this to the mailing list as it's going to become a widespread problem.
There's a bug in ClamAV 0.103.
It crashes with a memory allocation failure if you try to scan a file bigger than the available RAM in the server/VM.
ClamAV 0.102 works fine.
You can fetch the 0.102 RPMs from here:
https://archives.fedoraproject.org/pub/archive/epel/7/x86_64/Packages/c/
Stop the services
clamd at scan
clam-freshclam
clamav-freshclam
Find all the clamAV RPMs you have installed:
rpm -qa | grep -i clam
Then use "rpm -e" to remote all of them in 1 command. That stops dependency problems.
Then fetch the 0.102 versions from the URL above: you want to install these
clamav
clamav-filesystem
clamav-lib
clamav-update
clamd
Do *not* install "clamav-data".
Edit /etc/clamd.d/scan.conf. There's a commented out line mentioning "LocalSocket".
Uncomment that line.
Edit /etc/freshclam.conf. There's a commented out line mentioning "NotifyClamd".
Uncomment that line so it says
NotifyClamd /etc/clamd.conf
and you should find you still have a link in /etc/clamd.conf that points to /etc/clamd.d/scan.conf.
Delete everything in /var/lib/clamav totally. Just leave it as an empty directory.
Run the command
freshclam
once. Ignore its final complaint about being unable to notify clamd. That's because you can't start clamd until freshclam has fetched the latest virus signatures for you.
Then enable and start the services as follows:
systemctl enable clamd at scan
systemctl enable clam-freshclam
systemctl start clamd at scan
And you should find the problem goes away again.
If you have the time to report this to the ClamAV maintainers, please do. No amount of Googling I did yesterday while fixing this myself, produced anything useful. So I suspect they don't know yet.
Cheers,
Jules.
On Tue 26/01/21 14:24, Anthony Wilson wrote:
Hi Jules
Thank you for your response and apologies for the delay with mine.
I have cc’d the user, who will be able to respond to the console task and file size.
Please see below the space available
“Filesystem Size Used Avail Use% Mounted on
devtmpfs 3.8G 0 3.8G 0% /dev
tmpfs 3.8G 0 3.8G 0% /dev/shm
tmpfs 3.8G 377M 3.5G 10% /run
tmpfs 3.8G 0 3.8G 0% /sys/fs/cgroup
/dev/mapper/vg_root-lv_root 91G 4.3G 87G 5% /
/dev/mapper/dropoff-vol1 300G 9.3G 291G 4% /var/zendto/dropoffs
/dev/sda1 1014M 275M 740M 28% /boot
tmpfs 777M 0 777M 0% /run/user/0”
Please see the error in the log file similar to the initial issue.
“zendto.log:2021-01-23 19:29:24 172.19.48.98 [ZendTo]: Error: Virus scan of dropped-off files /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1 for awitney failed with /var/zendto/incoming/eYzXdXMzGPtngj8o52brEmKoPjnF8e3d.1: Can't allocate memory ERROR ----------- SCAN SUMMARY ----------- Infected files: 0 Total errors: 1 Time: 0.020 sec (0 m 0 s) Start Date: 2021:01:23 19:29:24 End Date: 2021:01:23 19:29:24”
Kind regards
Anthony
From: Jules <Jules at Zend.To><mailto:Jules at Zend.To>
Sent: 19 January 2021 09:47
To: Anthony Wilson <akwilson at sgul.ac.uk><mailto:akwilson at sgul.ac.uk>
Subject: Re: Error Message When a User Drops of 6GB file.
Hi Anthony,
Can you ask him, when he gets these errors, to take a look in the JavaScript console of his web browser and see if anything is reported there? He basically needs to show the developer console (right-clicking anywhere in the page and doing "Inspect Element" is one of the most obvious ways), then click on the "Console" tab and ensure it is showing "All" log entries).
Also, does your zendto.log report anything at this point?
All the output from the virus checker will be logged in there.
As it's a tar.gz file, how big is it when unpacked? Have you got enough space in /var/zendto/incoming (and /var/zendto in general), and /tmp for the virus scanner to unpack the compressed archive? You might be simply running out of temporary disk space that clamd needs.
Hope that helps,
Jules.
On Fri 08/01/21 13:58, Anthony Wilson wrote:
Hi Support
We have a user (Adam) that is receiving a misleading message when dropping of a file (see attached). However the user has confirmed that the recipient successfully received the files.
The process the user took is shown below
“Hi Anthony Details are 6Gb tar.gz file, unencrypted, being uploaded from an NFS share through a Desktop Windows 10 machine. Uploaded using Edge (not sure the version, but it is the new Chome based one on my SGUL machine) Thanks Adam”
Please can you assist.
Kind regards
Anthony Wilson
Computing Services
St Georges - University of London
Telephone: +44 208 725 5435
email: akwilson at sgul.ac.uk<mailto:akwilson at sgul.ac.uk>
website: http://www.sgul.ac.uk/
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
The current UK shipping forecast:
Forties, Cromarty, Forth, Tyne: Southwest 4 to 6, becoming variable 3, then
cyclonic 4 to 6 later. Slight or moderate, occasionally rough in Forties.
Rain. Good, occasionally poor.
www.Zend.To<http://www.Zend.To>
Twitter: @JulesFM
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Is the Holocaust an aberration, or a reflection of who we really are?'
- Holocaust Museum, Berlin
www.Zend.To<http://www.Zend.To>
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20210127/f09f54cf/attachment-0001.html>
More information about the ZendTo
mailing list