From: "Massimo S." <ecs-isp@2rosenthals.com>
Reply-To: ml@ecomstation.it
Subject: Re: [eCS-ISP] clamscan issue - directories with a lot of files
To: eCS ISP Mailing List <ecs-isp@2rosenthals.com>
References: <list-10470686@2rosenthals.com> <list-11200164@2rosenthals.com>
 <list-11202273@2rosenthals.com>
Organization: Massimo S.
Message-ID: <6d4f3078-6bb2-2ae9-86d8-82c73d31ac76@ecomstation.it>
Date: Fri, 1 Nov 2024 12:05:54 +0100
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; it-IT; rv:1.7.13) Gecko/20060424
 Thunderbird/1.0.8 Mnenhy/0.7.4.0
MIME-Version: 1.0
In-Reply-To: <list-11202273@2rosenthals.com>
Content-Type: text/plain; charset=iso-8859-15; format=flowed
Content-Language: it-IT
Content-Transfer-Encoding: 8bit



Il 01/11/2024 10:56, Massimo S. ha scritto:
> 
> 
> Il 30/10/2024 13:50, Massimo S. ha scritto:
>>
>>
>> Il 03/08/2024 23:40, Steven Levine ha scritto:
>>> In <list-10412754@2rosenthals.com>, on 07/30/24
>>>     at 10:33 AM, "Massimo S." <ecs-isp@2rosenthals.com> said:
>>>
>>> Hi Massimo,
>>>
>>>>> unfortunately no
>>>>> X:/weasel/MailRoot/mydomain.com/info/OA82H9.MSG: Can't read file ERROR
>>>>> maybe it give this error when clamscan have to scan a big directory
>>>
>>>> clamscan still have the issue that show "Can't read file ERROR" in
>>>> directories with a number of files
>>>
>>>> how can i help?
>>>
>>> This error message is generic in the sense that it can be generated at
>>> several places in the code.
>>>
>>> The next time it happens, run clamscan and add the
>>>
>>>      --debug                              Enable libclamav's debug messages
>>>
>>> option to the command line.  The extra output might allow us to figure out
>>> which specific read operation is failing.
>>>
>>> Steven
>>
>>
>> Hi,
>>
>> damn, i just deleted a debug.txt output for mistake.. :-(
>>
>> anyway it was a 4GB file, i don't have it in the bkups,
>> maybe ZIP is not able to add a so large file
>>
>> i will try to generate it again
>>
>> and i guess that the issue of "Can't read file ERROR"
>> is not related to a directory with a lot of files inside
>> since it appears allmost the times in "big dirs", but
>> it may happens that clamscan keep on working again in the same dir
>> e.g. in this case:
>>
>> X:/weasel/MailRoot/mydomain.com/myemail/OLAYI6.MSG: Can't read file ERROR
>> X:/weasel/MailRoot/mydomain.com/myemail/OLAZFS.MSG: Can't read file ERROR
>> X:/weasel/MailRoot/mydomain.com/myemail/OLB25S.MSG: Can't read file ERROR
>> X:/weasel/MailRoot/mydomain.com/myemail/OLB3TA.MSG: Can't read file ERROR
>> X:/weasel/MailRoot/mydomain.com/myemail/OLB5K9.MSG: Can't read file ERROR
>> X:/weasel/MailRoot/mydomain.com/myemail/ORWBT5.MSG: Heuristics.Phishing.Email.SpoofedDomain FOUND
>> X:/weasel/MailRoot/mydomain.com/myemail/ORWBT5.MSG: moved to 'X:/quarantine/ORWBT5.MSG'
>> X:/weasel/MailRoot/mydomain.com/myemail/OS0VTD.MSG: Sanesecurity.Phishing.Fake.Coin.29146.UNOFFICIAL FOUND
>> X:/weasel/MailRoot/mydomain.com/myemail/OS0VTD.MSG: moved to 'X:/quarantine/OS0VTD.MSG'
>>
>> massimo
> 
> i'm able to reproduce the debug output
> uncompressed it's 5,6GB..  doh  :-)
> compressed is 2,6GB
> 
> i can put it on an ftp
> let me know
> 
> thanks
> 
> massimo

when it show the errors i see a lot of these in the output on the screen:

LibClamAV Error: fmap_readpage: pread error: Not enough memory


the VM has 4GB ram assigned (i know /2 see only about 3,3GB) and vaddresslimit is 3072

massimo