ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
LibClamAV Error: fmap: cannot map file descriptor
jimbobmcgee


Joined: 29 Dec 2009
Posts: 5
Reply with quote
As well as running from the Clamwin system tray icon, I also run both freshclam.exe and clamscan.exe via Windows Task Scheduler (in lieu of a proper Windows service). This allows me to run filesystem virus scans without being logged in, and has been in place/working as expected since November 2015.

However, as of 12 September 2016, these clamscan.exe calls have been failing with exit code 2. When looking at the logs for those days, I can see the following entry:

Code:
----------- SCAN SUMMARY -----------
Known viruses: 4822539
Engine version: 0.98.7
Scanned directories: 36862
Scanned files: 168648
Infected files: 0
Total errors: 1
Data scanned: 23568.17 MB
Data read: 25460.00 MB (ratio 0.93:1)
Time: 4276.621 sec (71 m 16 s)

{some Permission denied warnings, removed for brevity}

LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed


I have upgraded from 0.98.7 to 0.99.1 since then, but the errors remain. In fact, they have steadily increased to date, where now I get six of these in a single run:

Code:
----------- SCAN SUMMARY -----------
Known viruses: 4839852
Engine version: 0.99.1
Scanned directories: 37226
Scanned files: 170965
Infected files: 0
Total errors: 6
Data scanned: 25333.73 MB
Data read: 49649.75 MB (ratio 0.51:1)
Time: 4890.255 sec (81 m 30 s)

{some Permission denied warnings, removed for brevity}

LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed


I'm running on a Windows Server 2012 R2 ESXi 6.0 VM, with 1 x 4-vCore CPU and 8GB RAM, and calling from a batch file which builds up the clamscan.exe parameters as needed. The original parameters were deduced by running a manual scan with the settings I needed from within ClamTray.exe and inspecting the Command line column of Task Manager, e.g.:

Code:
%CLAMSCAN% ^
  --stdout ^
  --quiet ^
  --tempdir %TEMP% ^
  --database=%CLAM_DB% ^
  --log=%LOG_FILE% ^
  --keep-mbox ^
  --infected ^
  --max-files=500 ^
  --max-scansize=150M ^
  --max-recursion=50 ^
  --max-filesize=100M ^
  --recursive ^
  --exclude="\\pagefile\.sys$" ^
  --exclude="[^\]*\.mdf$" ^
  --exclude="[^\]*\.ndf$" ^
  --exclude="[^\]*\.ldf$" ^
  --kill ^
  %DRIVES% ^
  > %SPOOL% 2>&1


The batch file runs freshclam.exe before clamscan.exe, which downloaded daily-22204.cdiff and daily-22205.cdiff on the day the issue started, and is now up to daily-22248.cdiff. I have also tried completely reinstalling ClamWin and downloading the database from scratch.

I Googled the error message, which led me to the fmap.c souce file, and I tried looking there for clues. I think it means that the MapViewOfFile function returned NULL or 0, but I'm not much of a C developer, so can't follow the trail well enough to make a concrete determination as to why.

What is causing these issues?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4171
Location: USA
Reply with quote
There have been no changes to ClamWin for several months now. I suspect that the error may be due to some recent virus signature(s) from Clam AV that ClamWin is unable to process when scanning the file(s) in question. There have been lots of changes from Clam AV that have not been incorporated into ClamWin since version 0.95. One obvious change is that use of the command line in ClamWin has been limited.

I think this is something you will have to live with, and I suggest that you whitelist the file(s) involved. In addition, you should be running another antivirus--a resident real-time, on access AV, and use ClamWin as a backup on-demand scanner.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 559
Location: **UNKNOWN**
Reply with quote
You could try a complete uninstall (remove any leftovers, too) and reinstall ClamWin and see if that helps.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4171
Location: USA
Reply with quote
A Google search tells me that "fmap allocation failed" is sometimes a Clam AV message on a system with not a lot of memory. You might try to see what other software is running along with the ClamWin scan. If something does take a lot of memory, disable it via taskmanager and see if that helps the ClamWin scan.

Regards,
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 559
Location: **UNKNOWN**
Reply with quote
ClamAV is also big on memory/CPU because it does not run as a service on Windows. Some time ago, I submitted to the development team a way for them to run it as a service and I was told they will look into it and they would try and get it working. Unfortunately, I was also told that the details I sent them only shows them how to make Windows detect it as a service and it didn't show them anything on how to optimize the code to do this, so they need to do some investigation. I doubt we will see this by .99.3, but I am hoping we can see this by the time 1.0 is released.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4171
Location: USA
Reply with quote
RRK: I hope Clam can do it. We would have to jump through some hoops to do it via ClamWin and the Clam AV library.

Regards,
View user's profileSend private message
jimbobmcgee


Joined: 29 Dec 2009
Posts: 5
Reply with quote
GuitarBob wrote:
I think this is something you will have to live with, and I suggest that you whitelist the file(s) involved.

I would, but I can't see where in the summary/log/stdout/stderr it reports the file that is causing the issue. With other warnings/errors, the file is reported, but with this error I am only getting the LibClamAV Error string. I would guess that it would either be larger files but I'd thought --max-filesize or --max-scansize would take care of that. Perhaps some in-use file, but I thought that logged a warning, rather than a LibClamAV error.

GuitarBob wrote:
A Google search tells me that "fmap allocation failed" is sometimes a Clam AV message on a system with not a lot of memory. You might try to see what other software is running along with the ClamWin scan.

I've got an 8GB VM, which I appreciate isn't a lot by today's standards, but is more than enough for the tasks I need to run. The other software is the stuff required to do the work the VM is supposed to do, which is more important than the virus scanner and is not memory-intensive. It's a single-use, offline system, not your average desktop. The monitoring statistics (if they are to be believed) show a small fluctuation at the time the Clamscan is running, but the system trucks along at 20-30% usage overall, all day, every day.

ROCKNROLLKID wrote:
You could try a complete uninstall (remove any leftovers, too) and reinstall ClamWin and see if that helps.

I certainly attempted that, and cleaned up everything I could see, but it made no appreciable difference.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4171
Location: USA
Reply with quote
On my computer, there is a scan log at C:\ProgramData\.clamwin\log on my Windows 8.1 system. I am also using Clam Sentinel, so I'm not sure if this is a ClamWin log or a Clam Sentinel log. I just did a ClamWin scan and the scan is listed there, so I think it is ClamWin. Anyway, run the scan that causes the problem, and see if the log has any detail describing your problem that can identify the file involved.

Regards,
View user's profileSend private message
jimbobmcgee


Joined: 29 Dec 2009
Posts: 5
Reply with quote
These error messages are not shown in the ClamWin.log file, they are shown in the standard output/error of the clamscan.exe command, which I also capture as part of my batch run.

For instance, the log file might contain:

Code:
WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\V01.log: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\ntuser.dat.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Users\Administrator\ntuser.dat.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\catroot2\edb.log: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\BBI: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\BBI.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\DEFAULT: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\DEFAULT.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\DEFAULT: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SAM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SECURITY: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\RegBack\SYSTEM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SAM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SAM.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SAM.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SECURITY: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SECURITY.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SECURITY.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SOFTWARE: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SOFTWARE.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SYSTEM: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SYSTEM.LOG1: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\config\SYSTEM.LOG2: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\Sum\Current.mdb: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\Sum\Svc.log: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Permission denied
WARNING: Can't open file \\?\C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 4853705
Engine version: 0.99.1
Scanned directories: 37229
Scanned files: 171239
Infected files: 0
Total errors: 6
Data scanned: 25508.36 MB
Data read: 49716.59 MB (ratio 0.51:1)
Time: 4786.104 sec (79 m 46 s)


...but the program output for the same run would instead read:

Code:
C:\Documents and Settings\*: Permission denied
\\?\C:\InfraSupport\InstallBase\Sysinternals\Procmon.exe: [Win.Malware.Agent760794484/CRDF-1] FALSE POSITIVE FOUND
C:\ProgramData\Application Data\*: Permission denied
C:\ProgramData\Desktop\*: Permission denied
C:\ProgramData\Documents\*: Permission denied
C:\ProgramData\Start Menu\*: Permission denied
C:\ProgramData\Templates\*: Permission denied
C:\Users\Administrator\AppData\Local\Application Data\*: Permission denied
C:\Users\Administrator\AppData\Local\History\*: Permission denied
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\*: Permission denied
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\*: Permission denied
C:\Users\Administrator\AppData\Local\Temporary Internet Files\*: Permission denied
C:\Users\Administrator\Application Data\*: Permission denied
C:\Users\Administrator\Cookies\*: Permission denied
C:\Users\Administrator\Documents\My Music\*: Permission denied
C:\Users\Administrator\Documents\My Pictures\*: Permission denied
C:\Users\Administrator\Documents\My Videos\*: Permission denied
C:\Users\Administrator\Local Settings\*: Permission denied
C:\Users\Administrator\My Documents\*: Permission denied
C:\Users\Administrator\NetHood\*: Permission denied
C:\Users\Administrator\PrintHood\*: Permission denied
C:\Users\Administrator\Recent\*: Permission denied
C:\Users\Administrator\SendTo\*: Permission denied
C:\Users\Administrator\Start Menu\*: Permission denied
C:\Users\Administrator\Templates\*: Permission denied
C:\Users\All Users\Application Data\*: Permission denied
C:\Users\All Users\Desktop\*: Permission denied
C:\Users\All Users\Documents\*: Permission denied
C:\Users\All Users\Start Menu\*: Permission denied
C:\Users\All Users\Templates\*: Permission denied
C:\Users\Default\AppData\Local\Application Data\*: Permission denied
C:\Users\Default\AppData\Local\History\*: Permission denied
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\*: Permission denied
C:\Users\Default\AppData\Local\Temporary Internet Files\*: Permission denied
C:\Users\Default\Application Data\*: Permission denied
C:\Users\Default\Cookies\*: Permission denied
C:\Users\Default\Documents\My Music\*: Permission denied
C:\Users\Default\Documents\My Pictures\*: Permission denied
C:\Users\Default\Documents\My Videos\*: Permission denied
C:\Users\Default\Local Settings\*: Permission denied
C:\Users\Default\My Documents\*: Permission denied
C:\Users\Default\NetHood\*: Permission denied
C:\Users\Default\PrintHood\*: Permission denied
C:\Users\Default\Recent\*: Permission denied
C:\Users\Default\SendTo\*: Permission denied
C:\Users\Default\Start Menu\*: Permission denied
C:\Users\Default\Templates\*: Permission denied
C:\Users\Default User\*: Permission denied
C:\Users\Public\Documents\My Music\*: Permission denied
C:\Users\Public\Documents\My Pictures\*: Permission denied
C:\Users\Public\Documents\My Videos\*: Permission denied
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\*: Permission denied
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed
LibClamAV Error: fmap: cannot map file descriptor 4
LibClamAV Error: CRITICAL: fmap() failed


Now, most of those 'Permission denied' errors are understandable, as the files will either be in use, or they are secured away, or they are junctions points (NTFS reparse points), or some combination of those issues; so I am not worried about them -- in fact, I've also been trying to exclude them with --exclude-dir without much success (but that's a question for another day).

However, the program output and the ClamWin.log file are subtly different. The log file does not include the fmap errors, but the program output does not include the name of the file that triggered each fmap error. Now, that could be some combination of the --quiet and --infected switches, but I don't want to log every file that ClamWin touches, just the infected files and any warnings/errors.

If the process responsible for emitting the fmap error to stdout/stderr could also include the filename, that might be a start for dealing with it using an --exclude option.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4171
Location: USA
Reply with quote
Those error messages are probably from the Clam AV code. The ClamWin program does very little except use the Clam AV library. Also, starting with version .95, use of the command line has been deprecated in ClamWin.

Regards,
View user's profileSend private message
LibClamAV Error: fmap: cannot map file descriptor
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic