Atomicorp

Posted: **Tue Jan 27, 2009 6:43 am**

Something seems to have gone very badly wrong with the sanesecurity updates.

All our servers got 0Kb updates overnight for the sanesecurity sigs.

Unfortunately clamav doesn't like 0Kb files, and would not start. Psmon therefore went nuts and sent out a few 10000 emails to me from each system.

Anyway, if you are affected in a similar way, go to /var/clamav and delete all 0Kb files then restart clamd and all will be well.

We need a way to check the updates aren't 0Kb in future though. We can't have this happening again. I'll raise a case in the upport portal as this is ASL related I guess.

Faris.

Posted: **Tue Jan 27, 2009 6:48 am**

OK, I've just checked and there IS a 0Kb test in the update script:

Code: Select all

  # If file is not 0 size, apply it
  test -s $file     && \
        zcat $file > $new && \
        rm -f $file && \
        clamscan --quiet -d $new - < /dev/null

So something else must have happened....I wonder what?

Faris.

Posted: **Tue Jan 27, 2009 10:04 am**

what version are you running? that one might not have the exception in it

Posted: **Tue Jan 27, 2009 12:10 pm**

I'm using the 0.94.2-2.el4.art version

I know there's the 2-3 but I thought it was just the minor bugfix we talked about a couple of days ago so didn't install it.

Faris.

Posted: **Tue Jan 27, 2009 1:06 pm**

That'll teach ya

Posted: **Tue Jan 27, 2009 2:22 pm**

Soooo.., what you mean is that the -3 update would have handled things OK, for sure?

Faris.

Posted: **Tue Jan 27, 2009 4:29 pm**

yeah, it has better exception code in it

Posted: **Tue Jan 27, 2009 6:14 pm**

We are talking about better exception code in the binary, not in the updater, right? The updater hasn't actually changed as far as I can see.

Faris.

Atomicorp

sanesecurity+clamac+freshclam disaster and how to fix

sanesecurity+clamac+freshclam disaster and how to fix