SOLVED clamd filling /tmp directory

[Havri]

Hello,

There seems to be a problem with clamd on some of our servers. Our /tmp directories keep getting filled by the clamd file descriptors. There seem to be multiple bug reports on clamav's bugzilla:

Bug 12014 – New definitions create too many open files on /tmp


Currently I am trying to find a permanent solution, but other than restarting clamd, I haven't found anything:

/usr/local/cpanel/scripts/restartsrv_clamd

Is this happening to anyone else? Does anyone have a recommendation or some pointers?

Thank you.

 

[cPanelMichael]

Hello @Havri,

Here's the response from ClamAV on that bug report:

Thanks for the report. The new signature that triggered the bug has been removed in the latest daily signature update. Please run freshclam again to update, and things should be back to normal. The bug itself has been fixed in our development branch towards the next release (0.100.0), and we will ensure this fix also makes it into the next 0.99.4 patch release.

Thus, to solve the issue permanently, simply run the following commands:

/usr/local/cpanel/3rdparty/bin/freshclam
/usr/local/cpanel/scripts/restartsrv clamd

Thank you.

 

[Havri]

Hello,

I already ran those command to try to update the clamav version, but they didn't work. I tried again:

root@server1 [/tmp]# /usr/local/cpanel/3rdparty/bin/freshclam
ClamAV update process started at Sat Jan 27 03:09:51 2018
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.2 Recommended version: 0.99.3
DON'T PANIC! Read http://www.clamav.net/documents/upgrading-clamav
main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
daily.cld is up to date (version: 24258, sigs: 1836466, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 319, sigs: 75, f-level: 63, builder: neo)

root@server1 [/tmp]# /usr/local/cpanel/scripts/restartsrv clamd
Waiting for “clamd” to restart ………waiting for “clamd” to initialize ………finished.

Service Status
    clamd (/usr/local/cpanel/3rdparty/bin/clamd) is running as root with PID 1017519 (pidfile+/proc check method).

clamd restarted successfully.

I didn't see any clamav version changed:

root@server1 [/tmp]# rpm -qa | grep clam
alt-php53-clamav-0.15.8-3.el6.x86_64
clamav-0.99.2-1.el6.x86_64
alt-php54-clamav-0.15.8-3.el6.x86_64
clamav-db-0.99.2-1.el6.x86_64
alt-php55-clamav-0.15.8-3.el6.x86_64
cpanel-clamav-virusdefs-0.99.2-2.cp1164.x86_64
cpanel-clamav-0.99.2-2.cp1164.x86_64

Is there something that I'm missing?

UPDATE: Nevermind. I reread your reply and saw that it actually depends on the new signature and not on the clamav version. My bad...

Thank you.