clamav taking extremely long time to load database

Bug #691414 reported by Kees Cook on 2010-12-17
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Undecided
Unassigned
Lucid
High
Scott Kitterman
Maverick
High
Scott Kitterman

Bug Description

Binary package hint: clamav

# apt-cache policy clamav-daemon
clamav-daemon:
  Installed: 0.96.3+dfsg-2ubuntu1.0.10.04.2
  Candidate: 0.96.3+dfsg-2ubuntu1.0.10.04.2

Since the security update of clamav, the daemon takes multiple minutes to load its virus database, and is causing random timeouts for users of the unix socket (in my case, mimedefang), triggering repeated 400-series email temp-fails each time freshclam issues a reload request.

strace just shows it slowly allocating memory and not doing much else.

Logs don't seem to help:
Thu Dec 16 20:58:34 2010 -> +++ Started at Thu Dec 16 20:58:34 2010
Thu Dec 16 20:58:34 2010 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Thu Dec 16 20:58:34 2010 -> Log file size limit disabled.
Thu Dec 16 20:58:34 2010 -> Reading databases from /var/lib/clamav/
Thu Dec 16 20:58:34 2010 -> Not loading PUA signatures.
Thu Dec 16 20:58:38 2010 -> Loaded 856324 signatures.

But minutes later, it's still spinning at 100% CPU and non-responsive on its socket.

Here's the backtrace while its stuck:

(gdb) bt
#0 __find<__gnu_cxx::__normal_iterator<llvm::BasicBlock* const*, std::vector<llvm::BasicBlock*, std::allocator<llvm::BasicBlock*> > >, llvm::BasicBlock const*> (this=0x1a9f300, L=0x1466740, ExitingBlock=<value optimized out>) at /usr/include/c++/4.4/bits/stl_algo.h:186
#1 find<__gnu_cxx::__normal_iterator<llvm::BasicBlock* const*, std::vector<llvm::BasicBlock*, std::allocator<llvm::BasicBlock*> > >, llvm::BasicBlock const*> (this=0x1a9f300, L=0x1466740, ExitingBlock=<value optimized out>) at /usr/include/c++/4.4/bits/stl_algo.h:4224
#2 llvm::LoopBase<llvm::BasicBlock, llvm::Loop>::contains (this=0x1a9f300, L=0x1466740, ExitingBlock=<value optimized out>)
    at ./llvm/include/llvm/Analysis/LoopInfo.h:108
#3 llvm::ScalarEvolution::ComputeBackedgeTakenCountFromExit (this=0x1a9f300, L=0x1466740, ExitingBlock=<value optimized out>)
    at llvm/lib/Analysis/ScalarEvolution.cpp:3612
#4 0x00007f6591bad79f in llvm::ScalarEvolution::ComputeBackedgeTakenCount (this=0x1a9f300, L=0x1466740)
    at llvm/lib/Analysis/ScalarEvolution.cpp:3542
#5 0x00007f6591badaa5 in llvm::ScalarEvolution::getBackedgeTakenInfo (this=0x1a9f300, L=0x1466740) at llvm/lib/Analysis/ScalarEvolution.cpp:3415
#6 0x00007f6591badfa9 in llvm::ScalarEvolution::getMaxBackedgeTakenCount (this=0x299a6e0, L=0x7) at llvm/lib/Analysis/ScalarEvolution.cpp:3390
#7 0x00007f6591966040 in loopNeedsTimeoutCheck (this=<value optimized out>, F=<value optimized out>) at bytecode2llvm.cpp:363
#8 runOnFunction (this=<value optimized out>, F=<value optimized out>) at bytecode2llvm.cpp:435
#9 0x00007f6591ab8166 in llvm::FPPassManager::runOnFunction (this=0x11a6ae0, F=...) at llvm/lib/VMCore/PassManager.cpp:1350
#10 0x00007f6591ab827b in llvm::FPPassManager::runOnModule (this=0x11a6ae0, M=...) at llvm/lib/VMCore/PassManager.cpp:1371
#11 0x00007f6591ab7d0b in llvm::MPPassManager::runOnModule (this=0x11cdab0, M=...) at llvm/lib/VMCore/PassManager.cpp:1424
#12 0x00007f6591ab7e99 in llvm::PassManagerImpl::run (this=0x11a1dc0, M=...) at llvm/lib/VMCore/PassManager.cpp:1506
#13 0x00007f659196dcff in generate (this=0x7fffe4746540) at bytecode2llvm.cpp:1411
#14 0x00007f659196f85b in cli_bytecode_prepare_jit (bcs=<value optimized out>) at bytecode2llvm.cpp:1826
#15 0x00007f659194bec1 in cli_bytecode_prepare2 (engine=0x10fdb60, bcs=0x10fdc50, dconfmask=7) at bytecode.c:2353
#16 0x00007f65918d0310 in cl_engine_compile (engine=0x10fdb60) at readdb.c:3112
#17 0x0000000000407cfc in main (argc=<value optimized out>, argv=<value optimized out>) at clamd.c:495

TEST CASE: Install new packages and observe improved startup times. Since this update is a micro-version update and not a targeted patch for just the problem, when testing be alert for other issues/regressions.

Kees Cook (kees) on 2010-12-17
description: updated
description: updated

What architecture is this? I don't see this on i386. Also what's the exact CPU?

I don't think the security patches would have affected this.

Can you replicate this with the newer clamav in backports?

gagatiello (gabriel-enigma) wrote :

I have the same problem affecting 5 servers. It´s very critical.

This is from one of my servers:

cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 2
model name : Intel(R) Pentium(R) 4 CPU 2.40GHz
stepping : 7
cpu MHz : 2412.440
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe up pebs bts cid xtpr
bogomips : 4824.88
clflush size : 64
cache_alignment : 128
address sizes : 36 bits physical, 32 bits virtual
power management:

gagatiello (gabriel-enigma) wrote :

The problem is solved using the clamav backports pkg (0.96.5+dfsg-1ubuntu1~lucid1)!

regards!

tags: added: regression-update

I'm not sure this is a regression from lucid release. In any case, I'm
preparing a 0.96.5 upload to -proposed to deal with this.

Scott Kitterman (kitterman) wrote :

This is fixed in Natty.

Changed in clamav (Ubuntu):
status: New → Fix Released
Changed in clamav (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Scott Kitterman (kitterman)
milestone: none → ubuntu-10.04.2
Changed in clamav (Ubuntu Maverick):
status: New → Confirmed
importance: Undecided → High
assignee: nobody → Scott Kitterman (kitterman)
milestone: none → maverick-updates
Scott Kitterman (kitterman) wrote :

Maverick has the same clamav as lucid-updates, so it will affect that too.

description: updated
Scott Kitterman (kitterman) wrote :

Uploaded for lucid and maverick proposed. Waiting for ubuntu-sru to review/accept.

Martin Pitt (pitti) wrote :

Scott,

the lucid update changes the libltdl-dev build dependency to libltdl3-dev. However, that only exists in dapper and hardy. It shuold work because of the Provides:, but nevertheless this change seems backwards to me.

Changed in clamav (Ubuntu Lucid):
status: Confirmed → Fix Committed
tags: added: verification-needed

Accepted clamav into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Martin Pitt (pitti) wrote :

Accepted clamav into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in clamav (Ubuntu Maverick):
status: Confirmed → Fix Committed
Imre Gergely (cemc) wrote :

Is there a clear TEST CASE for this so I can test it?

If it takes less than a minute to start, I think it's a win. You could compare startup times, but since upstream disabled some of the bytecode checks for 0.96.3, I'm not sure how much difference there is currently. It may be that now this is manifested by checks not run and I don't know how to verify that.

Imre Gergely (cemc) wrote :

On 12/21/2010 12:35 PM, Török Edwin wrote:

> You need to test with an older bytecode.cvd, because the latest one has
> a workaround (0.96.3 loads it fast now because it doesn't load the new
> bytecodes at all).
>
> Attached bytecode.cvd version 103 for you to test.
> ClamAV 0.96.3 takes 2.5 minutes to load it on my box (probably much more
> on slower ones):
> $ time clamscan --quiet -dbytecode.cvd /dev/null
>
> real 2m32.461s
> user 2m32.287s
> sys 0m0.117s
>
> ClamAV 0.96.4 and 0.96.5 takes less than a second to load same CVD.
> $ time clamscan --quiet -dbytecode.cvd /dev/null
>
> real 0m0.591s
> user 0m0.500s
> sys 0m0.040s

Indeed. I've tested it like you suggested, with your bytecode.cvd, and I
did get the long startup times on both Maverick and Lucid, two separate
machines:

gimre@ximi:~/Desktop$ time clamscan --quiet -dbytecode.cvd /tmp
LibClamAV Warning:
***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated.
    ***
LibClamAV Warning: *** DON'T PANIC! Read
http://www.clamav.net/support/faq ***
LibClamAV Warning:
***********************************************************

real 3m20.331s
user 3m20.080s
sys 0m0.190s

After upgrading to -proposed, the problem got resolved:

gimre@ximi:~/Desktop$ time clamscan --quiet -dbytecode.cvd /tmp

real 0m0.578s
user 0m0.550s
sys 0m0.020s

gimre@ximi:~/Desktop$ apt-cache policy clamav
clamav:
   Installed: 0.96.5+dfsg-1ubuntu1.10.10.1
   Candidate: 0.96.5+dfsg-1ubuntu1.10.10.1
   Version table:
  *** 0.96.5+dfsg-1ubuntu1.10.10.1 0
         500 http://ro.archive.ubuntu.com/ubuntu/ maverick-proposed/main
amd64 Packages
         100 /var/lib/dpkg/status
      0.96.3+dfsg-2ubuntu1.2 0
         500 http://ro.archive.ubuntu.com/ubuntu/ maverick-updates/main
amd64 Packages
         500 http://security.ubuntu.com/ubuntu/ maverick-security/main
amd64 Packages
      0.96.3+dfsg-2ubuntu1 0
         500 http://ro.archive.ubuntu.com/ubuntu/ maverick/main amd64
Packages

And on Lucid:

gimre@voy:~/Desktop$ time clamscan --quiet -dbytecode.cvd /tmp

real 0m0.561s
user 0m0.540s
sys 0m0.020s

gimre@voy:~/Desktop$ apt-cache policy clamav
clamav:
   Installed: 0.96.5+dfsg-1ubuntu1.10.04.1
   Candidate: 0.96.5+dfsg-1ubuntu1.10.04.1
   Version table:
  *** 0.96.5+dfsg-1ubuntu1.10.04.1 0
         500 http://archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
         100 /var/lib/dpkg/status
      0.96.3+dfsg-2ubuntu1.0.10.04.2 0
         500 http://ro.archive.ubuntu.com/ubuntu/ lucid-updates/main
Packages
         500 http://ro.archive.ubuntu.com/ubuntu/ lucid-security/main
Packages
      0.96+dfsg-2ubuntu1 0
         500 http://ro.archive.ubuntu.com/ubuntu/ lucid/main Packages

Confirmed that -proposed packages fix the bug.

--
Imre Gergely
Yahoo!: gergelyimre | ICQ#: 101510959
MSN: gergely_imre | GoogleTalk: gergelyimre
gpg --keyserver subkeys.pgp.net --recv-keys 0x34525305

tags: added: verification-done
removed: verification-needed
Kees Cook (kees) wrote :

I can confirm as well, the long load times are gone and I'm able to scan incoming email again. Thanks!

Launchpad Janitor (janitor) wrote :
Download full text (3.8 KiB)

This bug was fixed in the package clamav - 0.96.5+dfsg-1ubuntu1.10.04.1

---------------
clamav (0.96.5+dfsg-1ubuntu1.10.04.1) lucid-proposed; urgency=low

  * Microversion update for Lucid (LP: #691414)
    - Improved database login times
    - Expanded use of new bytecode signatures
    - Other bugfixes/improvements

clamav (0.96.5+dfsg-1ubuntu2) natty; urgency=low

  * Cherry pick 1d99d54d9d5794af0bc7308389e68cf1cc90f4b8 from Debian
    pkg-clamav git to remove leftover temp files from /etc/cron.d/
    clamav-freshclam since cron will consider them valid and use them

clamav (0.96.5+dfsg-1ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes

clamav (0.96.5+dfsg-1) unstable; urgency=low

  [ Alberto WU ]
  * New upstream release
    - Fix JIT-related crashes on VIA (closes: #604621).
    - New option DatabaseCustomURL for freshclam
    - New option OLE2BlockMacros for clamd

  [ Michael Tautschnig ]
  * Forcibly remove files in purge even if ucf is not available (anymore) -
    thanks piuparts.
  * Change StreamMaxLength default to 25Mb, also update user configurations
    still using 0 as value (closes: #602840).

clamav (0.96.4+dfsg-1ubuntu2) natty; urgency=low

  * Backport security fixes from 0.96.5:
    - Git commits 019f1955194360600ecf0644959ceca6734c2d7b and
      1f3db7f074995bd4e1d0183b2db8b1c472d2f41b

clamav (0.96.4+dfsg-1ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes
  * Cherry pick 89e80e83a8c256e15821b6558b5ed7fc9e65f4b5 from upstream git to
    fix CPU detection for LLVM JIT - JIT will now be correctly enabled on
    Pentium IV - fixes FTBFS due to test failures

clamav (0.96.4+dfsg-1) unstable; urgency=low

  [ Alberto WU ]
  * New upstream release
    - Fix 'Unknown error code ERROR' (closes: #599372).
    - Disable the JIT on K6-2 (closes: #600088).
    - Fix parsing of malformed pdf files (closes: #599908).

  [ Michael Tautschnig ]
  * Debconf translation updates
    - Czech (closes: #600098)
    - Vietnamese (closes: #601538)
  * Add additional check for milter socket in status command of milter init
    script (thanks Chris Moules for proposing a patch, closes: #600908).

clamav (0.96.4+dfsg-1~volatile1ubuntu2) natty; urgency=low

  * Cherry pick 89e80e83a8c256e15821b6558b5ed7fc9e65f4b5 from upstream git to
    fix CPU detection for LLVM JIT - JIT will now be correctly enabled on
    Pentium IV - fixes FTBFS due to test failures

clamav (0.96.4+dfsg-1~volatile1ubuntu1) natty; urgency=low

  * Merge from Debian Volatile. Remaining Ubuntu changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes
  * ...

Read more...

Changed in clamav (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.8 KiB)

This bug was fixed in the package clamav - 0.96.5+dfsg-1ubuntu1.10.10.1

---------------
clamav (0.96.5+dfsg-1ubuntu1.10.10.1) maverick-proposed; urgency=low

  * Microversion update for Maverick (LP: #691414)
    - Improved database login times
    - Expanded use of new bytecode signatures
    - Other bugfixes/improvements

clamav (0.96.5+dfsg-1ubuntu2) natty; urgency=low

  * Cherry pick 1d99d54d9d5794af0bc7308389e68cf1cc90f4b8 from Debian
    pkg-clamav git to remove leftover temp files from /etc/cron.d/
    clamav-freshclam since cron will consider them valid and use them

clamav (0.96.5+dfsg-1ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes

clamav (0.96.5+dfsg-1) unstable; urgency=low

  [ Alberto WU ]
  * New upstream release
    - Fix JIT-related crashes on VIA (closes: #604621).
    - New option DatabaseCustomURL for freshclam
    - New option OLE2BlockMacros for clamd

  [ Michael Tautschnig ]
  * Forcibly remove files in purge even if ucf is not available (anymore) -
    thanks piuparts.
  * Change StreamMaxLength default to 25Mb, also update user configurations
    still using 0 as value (closes: #602840).

clamav (0.96.4+dfsg-1ubuntu2) natty; urgency=low

  * Backport security fixes from 0.96.5:
    - Git commits 019f1955194360600ecf0644959ceca6734c2d7b and
      1f3db7f074995bd4e1d0183b2db8b1c472d2f41b

clamav (0.96.4+dfsg-1ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script changes
  * Cherry pick 89e80e83a8c256e15821b6558b5ed7fc9e65f4b5 from upstream git to
    fix CPU detection for LLVM JIT - JIT will now be correctly enabled on
    Pentium IV - fixes FTBFS due to test failures

clamav (0.96.4+dfsg-1) unstable; urgency=low

  [ Alberto WU ]
  * New upstream release
    - Fix 'Unknown error code ERROR' (closes: #599372).
    - Disable the JIT on K6-2 (closes: #600088).
    - Fix parsing of malformed pdf files (closes: #599908).

  [ Michael Tautschnig ]
  * Debconf translation updates
    - Czech (closes: #600098)
    - Vietnamese (closes: #601538)
  * Add additional check for milter socket in status command of milter init
    script (thanks Chris Moules for proposing a patch, closes: #600908).

clamav (0.96.4+dfsg-1~volatile1ubuntu2) natty; urgency=low

  * Cherry pick 89e80e83a8c256e15821b6558b5ed7fc9e65f4b5 from upstream git to
    fix CPU detection for LLVM JIT - JIT will now be correctly enabled on
    Pentium IV - fixes FTBFS due to test failures

clamav (0.96.4+dfsg-1~volatile1ubuntu1) natty; urgency=low

  * Merge from Debian Volatile. Remaining Ubuntu changes:
    - Drop initial signature definitions from clamav-base
    - Drop build-dep on electric-fence (in Universe)
    - Add apparmor profiles for clamd and freshclam along with maintainer
      script change...

Read more...

Changed in clamav (Ubuntu Maverick):
status: Fix Committed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers