eClamAV crashes after a cl_load() error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCAP |
Triaged
|
Medium
|
Unassigned |
Bug Description
Squid 2.4.12 built with 64 bit on Solaris 10 kernel 150401-16 x86_64.
ClamAV 0.98.6 also built with 64 bit.
libecap 0.2.0 built with 64 bit.
ecap_clamav_adapter 0.2.1 also built with 64 bit.
This is production environment used 24x7 over 4 years.
eClamav cannot initialize and crashes Squid repeatedly with following error:
2015/02/26 17:45:40 kid1| Loading Squid module from
'/usr/local/
2015/02/26 17:45:40 kid1| Loading Squid module from
'/usr/local/
2015/02/26 17:45:40 kid1| Squid plugin modules loaded: 2
2015/02/26 17:45:40 kid1| Adaptation support is on
2015/02/26 17:45:40 kid1| Starting eCAP service:
ecap://
2015/02/26 17:45:40 kid1| eClamAV: Initializing ClamAV engine #1.
FATAL: Received Segment Violation...dying.
2015/02/26 17:45:40 kid1| Closing HTTP port [::]:3127
2015/02/26 17:45:40 kid1| Closing HTTP port [::]:3128
2015/02/26 17:45:40 kid1| Closing HTTPS port [::]:3129
2015/02/26 17:45:40 kid1| Stop receiving ICP on [::]:3130
2015/02/26 17:45:40 kid1| assertion failed: icp_v2.cc:780:
"Comm::
Note: core not produced - suid operations disabled die to security reasons.
Squid is compiled with 64 bit, ClamAV compiled with 64 bit, libecap
compiled with 64 bit, clamav ecap adapter compiled with 64 bit.
Squid config fragment related to ecap is:
ecap_enable on
loadable_modules /usr/local/
ecap_service clamav_service_req reqmod_precache uri=ecap:
ecap_service clamav_service_resp respmod_precache uri=ecap:
adaptation_access clamav_service_req allow all
adaptation_access clamav_service_resp allow all
Looks like ok.
All runtime 64-bit libraries is available for linker:
root @ cthulhu /patch # crle -64
Configuration file [version 4]: /var/ld/
Platform: 64-bit LSB AMD64
Default Library Path (ELF):
/lib/64:
Trusted Directories (ELF): /lib/secure/
(system default)
Command line:
crle -64 -c /var/ld/
/lib/64:
Installation prefix for all ecap related modules is /usr/local.
libecap successfully used on this installation with GZip adapter 1.3.0 and works perfectly.
When I comment out ecap_clamav_adapter lines in Squid.conf, all works perfectly.
We plan to replace c-icap + squidclamav AV checking framework with eCAP due to latency issues.
Need to solve problem.
Thank you.
Have you patched ecap_clamav_adapter v0.2.1 to fix bug #1025567? If not, you should (or upgrade to v1.0.0 where the bug is fixed). https:/ /bugs.launchpad .net/ecap/ +bug/1025567
There is also fixed bug #800281. https:/ /bugs.launchpad .net/ecap/ +bug/800281
For a better chance of improving performance, consider eCAP ClamAV v1.0.0, with its support for asynchronous scans.
I am going to mark this bug as a duplicate but please feel free to add more comments if patching does not help. Posting a backtrace would be essential in that case.