> amavisd.conf в студию, как вызываете clamav (через сокет? clamd.conf путь сокета какой)
> и как AM.PDP политики настроены. или отключить их. случаем не в
> chroot окружении работает clamd?
точно ответить на Ваши вопросы не могу т.к. первый раз использую amavis и clamd,
clamd работает не через окружение chroot, политики вообще никакие не настраивал, все по дефолту. Если есть ссылки на полезные материалы можете их выложить?
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamd.scan/clamd.sock
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
LocalSocketGroup amavis
# Run as another user (clamd must be started by root for this option to work)
# Default: don’t drop privileges
User clamscan
# Initialize supplementary group access (clamd must be started by root).
# Default: no
AllowSupplementaryGroups yes
# cat /etc/clamd.d/amavisd.conf
# Use system logger.
LogSyslog yes
# Specify the type of syslog messages — please refer to ‘man syslog’
# for facility names.
LogFacility LOG_MAIL
# This option allows you to save a process identifier of the listening
# daemon (main thread).
PidFile /var/run/clamd.amavisd/clamd.pid
# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket yes
# Run as a selected user (clamd must be started by root).
User amavis
Источник
Ошибка в работе ClamAV-clamd Дневник Максим Боголепов
Ошибка в работе ClamAV-clamd
 |
На сервере под управлением FreeBSD 7.2- RELEASE в работе при связке программы антиспама amavisd-new и программы антивируса clamav (версии установленных программ: amavisd-new-2.6.4 и clamav-0.95.3) в логах, которые пишет amavisd-new появляются ошибки… |
Как сделать, чтобы amavisd-new писал отдельный лог, можно прочитать этой моей статье.
Она возникает из-за того что clamav не может получить доступ к папке, куда складываются для него письма на проверку. amavisd-new передает ему этот путь в виде строки, а права на эту папку стоят:
Проблема решается очень просто. Мы добавляем пользователя под которым запускается clamav (обычно clamav) в группу vsan. Для этого открываем под рутом своим редактором файл, где хранятся описания групп:
и добавляем в неё пользователя clamav, т.е.
Если там уже есть пользователи, то добавляем через запятую:
Ошибки должны исчезнуть.
Rating: 4.6/5(5 votes cast)
Источник
CLAMAV не работает
После установки CLAMAV и попытки сканирования я вижу эту ошибку. Как мне это решить? Спасибо
5 ответов
Шаги 1-3 ниже включают команды, запускаемые в терминале. Пожалуйста, прочитайте внимательно, чтобы вы поняли, что вы делаете.
Удалите потенциально плохие установки AV:
Переустановите AV:
Обновление базы данных AV:
Настроить AV & Scan:
В этом примере используется только clamtk
переключить все параметры на вкладке Настройки:
сеть
- переключить прокси и тип http://127.0.0.1
- переключить / повторно выбрать **No Proxy **(чтобы выделить то, что вы ввели выше)
Помощник по обновлению
- переключите опцию ручного обновления и нажмите » Применить» и обратно
- переключите опцию автоматического обновления и нажмите » Применить» и обратно
Теперь вы должны увидеть обновленное количество определений
Сканирование каталога
- выберите каталог, который вы хотите отсканировать. Для сканирования системы я переключил всю систему (не только /root или же /usr )
- Нажмите » Сканировать», и появится окно прогресса.
Финальная нота: ввод фразы —help (без кавычек) следующая команда дает некоторые подсказки. С помощью команд APT вы можете передать опцию -y сказать да, чтобы установить все зависимости для запрошенного пакета.
Это то, что я должен был сделать, чтобы заставить работать clam, возможно, сбой как для clamtk, так и для clamav (проблема с обоими). Надеюсь, это поможет кому-то еще.
Источник
Проблема с почтой
Всем привет, подскажите в чем может быть проблема: Последнее время через несколько дней перестает ходить почта и вылазит такое сообщение : DC823436151 1504 Mon Apr 14 18:56:20 ipydeo@bluecom.fi (host 127.0.0.1[127.0.0.1] said: 451-4.5.0 Error in processing, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0x844d5a0) Too many retries to talk to /var/run/clamd.sock (Can’t connect to UNIX socket /var/run/clamd.sock: 320235320265321202 321202320260320272320276320263320276 321204320260320271320273320260 320270320273320270 320272320260321202320260320273320276320263320260) at (eval 41) line 293. at (eval 41) line 491.; ClamAV-c 451 4.5.0 lamscan av-scanner FAILED: /usr/local/bin/clamscan collect_results — reading aborted: timed out at /usr/local/sbin/amavisd line 2671. at (eval 41) line 491. (in reply to end of DATA command))
Re: Проблема с почтой
у вас антивирус clamd отвалился
или отваливается, смотрите его логи
Re: Проблема с почтой
Вот что в логах, т.е. не может базу откыть из-за чего такое может быть? Reading databases from /var/lib/clamav ERROR: reload db failed: Unable to lock database directory (try 1) ERROR: reload db failed: Unable to lock database directory (try 2) ERROR: reload db failed: Unable to lock database directory (try 3) ERROR: reload db failed: Unable to lock database directory
Re: Проблема с почтой
IMHO, у Вас несколько экземпляров антивируса запущено.
Re: Проблема с почтой
А еще вот такие сообщения выдает. обновится не может из-за чего такое может быть и как проверить сколько экземпляров антивирусника запущено? lamAV update process started at Wed Apr 16 06:04:01 2008 SECURITY WARNING: NO SUPPORT FOR DIGITAL SIGNATURES See the FAQ at http://www.clamav.net/support/faq for an explanation. WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.90.1 Recommended version: 0.93 DON’T PANIC! Read http://www.clamav.net/support/faq main.inc is up to date (version: 46, sigs: 231834, f-level: 26, builder: sven) Downloading daily-6752.cdiff [100%] Downloading daily-6752.cdiff [100%] Ignoring mirror 62.181.41.8 (too often connections with outdated version) ERROR: getpatch: Can’t download daily-6753.cdiff from db.ru.clamav.net Downloading daily-6753.cdiff [100%] Downloading daily-6753.cdiff [100%] ERROR: getpatch: Can’t download daily-6756.cdiff from db.ru.clamav.net nonblock_connect: connect timing out (30 secs) Can’t connect to port 80 of host db.ru.clamav.net (IP: 83.222.14.114) Ignoring mirror 213.219.244.126 (too often connections with outdated version) Trying host db.ru.clamav.net (80.93.48.167). nonblock_connect: connect timing out (30 secs) Can’t connect to port 80 of host db.ru.clamav.net (IP: 80.93.48.167) Trying host db.ru.clamav.net (81.19.68.130). nonblock_connect: connect timing out (30 secs)
Re: Проблема с почтой
И еще подскажите, я проверила может ли у меня за закачивать большие файлы, оказывается что нет : dig @ns1.clamav.net db.us.big.clamav.net. ; > DiG 9.3.2 > @ns1.clamav.net db.us.big.clamav.net. ; (1 server found) ;; global options: printcmd ;; connection timed out; no servers could be reached Подскажите, почему такое можеь быть?
Re: Проблема с почтой
Ув. блондинка, пожалуйста, выбирайте формат сообщения перед отправкой, т.к. читать эту кашу может себе позволить только мазохист.
Источник
Adblock
detector
|
На сервере под управлением FreeBSD 7.2-RELEASE в работе при связке программы антиспама amavisd-new и программы антивируса clamav (версии установленных программ: amavisd-new-2.6.4 и clamav-0.95.3) в логах, которые пишет amavisd-new появляются ошибки… |
Nov 17 10:16:33 mail amavis: (94742-03) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20091117T000104-94742/parts: lstat() failed: Permission denied. ERRORn" Nov 17 10:16:33 mail amavis: (94742-03) (!)ClamAV-clamd av-scanner FAILED: CODE(0x89d8868) unexpected , output="/var/amavis/tmp/amavis-20091117T000104-94742/parts: lstat() failed: Permission denied. ERRORn" at (eval 115) line 594. Nov 17 10:16:33 mail amavis: (94742-03) (!!)WARN: all primary virus scanners failed, considering backups
Как сделать, чтобы amavisd-new писал отдельный лог, можно прочитать этой моей статье.
Она возникает из-за того что clamav не может получить доступ к папке, куда складываются для него письма на проверку. amavisd-new передает ему этот путь в виде строки, а права на эту папку стоят:
# ls -Al /var/ | grep amavis drwxr-x--- 6 vscan vscan 512 16 ноя 10:34 amavis
Проблема решается очень просто. Мы добавляем пользователя под которым запускается clamav (обычно clamav) в группу vsan. Для этого открываем под рутом своим редактором файл, где хранятся описания групп:
# nano -w /etc/group
находим строчку:
vscan:*:110:
и добавляем в неё пользователя clamav, т.е.
vscan:*:110:clamav
Если там уже есть пользователи, то добавляем через запятую:
vscan:*:110:someuser,clamav
Перезапускаем антивирус.
# /usr/local/etc/rc.d/clamav-clamd restart
Ошибки должны исчезнуть.
Удачи!
Topic: [SOLVED] ClamAV scanning for Proxy — Having trouble getting working (Read 12272 times)
I’ve been hitting my head against a wall on trying to implement ICAP for AV scanning…
Here’s the Howto I wrote after getting this all working: http://www.tcptechs.com/opnsense-transparent-caching-filtering-proxy-with-virus-scanning/
Been reading through a few guides… but it’s a little confusing and some parts of the guides out there haven’t worked so have gotten stuck.
Anyway, my end goad is to use CentOS 7 x64 for the ICAP/ClamAV system, and leave SQUID on OPNsense. Problem is most all the guides I’ve found talk about having SQUID with CLAM on the same box. Not sure how that will work with Squid on OPNsense… Also most of the guides have stuff that doesn’t work and some I can figure out and fix some I haven’t been able to yet. Would really like to get this working. I’ll do a full write-up if we get it working, start to finish configuring the Proxy and AV system.
This guide seems to have gotten CLAM working ok: https://www.server-world.info/en/note?os=CentOS_7&p=clamav
This guide talks about setting up squidclamav but I’m not sure if I need to do that???: https://www.server-world.info/en/note?os=CentOS_7&p=squid&f=5
Here’s a guide for setting up C-ICAP server, but I got stuck at the clamav service failing with an error that is not helpful. http://roadzy.blogspot.com/2015/12/setting-up-c-icap-server-using-the-c.html
Anyway, anyone got this AV scanning fully working that would be willing to help me along with the above guides and what I need to follow to make this work? And then what do I need to do in OPNsense?
Thanks!
« Last Edit: March 10, 2017, 07:49:19 pm by kyferez »
Logged
You are probably having an issue with your CentOS 7 firewall. You need to open the port (probably 1344). On CentOS 7, the tool is called firewallctl.
Kind regards
Fabian
Logged
Thanks, but that’s not it, I have the firewall disabled for testing. Also, I haven’t gotten to that part. I can’t get the c-icap service from the guide http://roadzy.blogspot.com/2015/12/setting-up-c-icap-server-using-the-c.html to start.
I get this error:
[root@dev tgadmin]# /etc/rc.d/init.d/c-icap start
Starting c-icap (via systemctl): Job for c-icap.service failed because the control process exited with error code. See "systemctl status c-icap.service" and "journalctl -xe" for details.
[FAILED]
[root@dev tgadmin]# systemctl status c-icap.service
● c-icap.service - SYSV: c-icap is an implementation of an ICAP server.
Loaded: loaded (/etc/rc.d/init.d/c-icap; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Mon 2017-03-06 09:54:59 EST; 8s ago
Docs: man:systemd-sysv-generator(8)
Process: 18897 ExecStart=/etc/rc.d/init.d/c-icap start (code=exited, status=203/EXEC)
Mar 06 09:54:59 dev.tg.local systemd[1]: Starting SYSV: c-icap is an implementation of an ICAP server....
Mar 06 09:54:59 dev.tg.local systemd[1]: c-icap.service: control process exited, code=exited status=203
Mar 06 09:54:59 dev.tg.local systemd[1]: Failed to start SYSV: c-icap is an implementation of an ICAP server..
Mar 06 09:54:59 dev.tg.local systemd[1]: Unit c-icap.service entered failed state.
Mar 06 09:54:59 dev.tg.local systemd[1]: c-icap.service failed.
Also, even if I was able to get that guide to fully work, I don’t yet know what to do to configure OPNsense to send data to it to get it to scan nor how to verify it’s actually scanning and working (though I assume I could download a link to a test virus).
So my questions are:
1) Any idea on my error above?
2) In this guide that talks about setting up squidclamav, do I need to do that since squid is on OPNsesnse?: https://www.server-world.info/en/note?os=CentOS_7&p=squid&f=5
3) How do I configure OPNsense to talk to the AV scanner using ICAP?
« Last Edit: March 07, 2017, 02:30:29 pm by kyferez »
Logged
First of all: Don’t use /etc/init.d on CentOS 7 — you are working on a systemd distribution.
Services are managed via the systemctl command.
1. no, there is no error message. You can debug the output by running «c-icap -N» or «c-icap -N -d 9» on the command line. It should give an error message. Also a log like /var/log/c-icap can help.
2. yes. This is the (old) name of the antivirus module of c-icap. This module has nothing to do with squid except that squid is a possible client for this module.
3.
go to Proxy settings -> Forward Proxy -> ICAP Settings
and enter the two URLs of your service.
Logged
Thank you, I am much further now. However, still some issues. Here’s the OPNsense Proxy log, perhaps I just have the URLs wrong…? I wasn’t real clear on what they should be…
I used these URLs:
Request Modify URL — cap://192.168.1.226:1344/squidclamav
Response Modify URL — icap://192.168.1.226:1344/squidclamav
I have now used just these two guides and deleted the rc.d/init/d/c-icap file from the other guide:
https://www.server-world.info/en/note?os=CentOS_7&p=clamav
https://www.server-world.info/en/note?os=CentOS_7&p=squid&f=5
Logs from OPNsense Proxy:
2017/03/07 11:57:04 kid1| suspending ICAP service for too many failures
2017/03/07 11:56:14 kid1| essential ICAP service is down after an options fetch failure: cap://192.168.1.226:1344/squidclamav [down,!valid]
2017/03/07 11:56:14 kid1| WARNING: Squid got an invalid ICAP OPTIONS response from service cap://192.168.1.226:1344/squidclamav; error: unsupported status code of OPTIONS response
c-icap and clamd@scan are running:
[root@dev log]# systemctl status c-icap
● c-icap.service - c-icap service
Loaded: loaded (/usr/lib/systemd/system/c-icap.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2017-03-07 12:17:14 EST; 4min 20s ago
Process: 22796 ExecStart=/usr/local/bin/c-icap -f /etc/c-icap.conf (code=exited, status=0/SUCCESS)
Main PID: 22797 (c-icap)
CGroup: /system.slice/c-icap.service
├─22797 /usr/local/bin/c-icap -f /etc/c-icap.conf
├─22798 /usr/local/bin/c-icap -f /etc/c-icap.conf
├─22799 /usr/local/bin/c-icap -f /etc/c-icap.conf
└─22800 /usr/local/bin/c-icap -f /etc/c-icap.conf
Mar 07 12:17:14 dev.tg.local systemd[1]: Starting c-icap service...
Mar 07 12:17:14 dev.tg.local systemd[1]: Started c-icap service.
[root@dev log]# systemctl status clamd@scan
● clamd@scan.service - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2017-03-03 23:58:39 EST; 3 days ago
Main PID: 9736 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
└─9736 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --foreground=yes
Mar 07 12:18:01 dev.tg.local clamd[9736]: SelfCheck: Database status OK.
Mar 07 12:18:01 dev.tg.local clamd[9736]: SelfCheck: Database status OK.
[root@dev log]#
icap is listening:
[root@dev log]# netstat -tal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:icap 0.0.0.0:* LISTEN
192.168.1.226 is my IP:
[root@dev log]# ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.226 netmask 255.255.255.0 broadcast 192.168.1.255
Thanks!
« Last Edit: March 07, 2017, 06:27:50 pm by kyferez »
Logged
So I did a trace. We see the server doesn’t like the request and sends a 400… See images.
Logged
can you try «c-icap-client -s squidclamav -f eicar.com» from the host running c-icap?
Bad request sounds like an error inside your ICAP server because the request looks ok.
Is the module correctly lodad?
Logged
Looks like you are onto something:
[root@dev tgadmin]# c-icap-client -s squidclamav -f eicar.com
Error connecting to host '::a00:0:540:0%22032468': Invalid argument
Failed to connect to icap server.....
I get the same error if I just run «c-icap-client»
How do I check if the module is loaded successfully?
Thanks!
« Last Edit: March 07, 2017, 10:04:31 pm by kyferez »
Logged
[root@dev tgadmin]# c-icap-client -s squidclamav -f eicar.com
Error connecting to host '::a00:0:540:0%22032468': Invalid argument
Failed to connect to icap server.....
Your server is using a very strange address (not an IPv4 nor a valid IPv6 address (contains a % character)) — try the option -i 127.0.0.1for testing purposes. Please note also that eicar.com ist the eicar antivirus test file (must exist).
Logged
That gave much better results
[root@dev tgadmin]# c-icap-client -s squidclamav -f eicar.com -i 127.0.0.1
ICAP server:127.0.0.1, ip:127.0.0.1, port:1344
also
[root@dev tgadmin]# c-icap-client -i 127.0.0.1
ICAP server:127.0.0.1, ip:127.0.0.1, port:1344
OPTIONS:
Allow 204: Yes
Preview: 1024
Keep alive: Yes
ICAP HEADERS:
ICAP/1.0 200 OK
Methods: RESPMOD, REQMOD
Service: C-ICAP/0.4.2 server - Echo demo service
ISTag: CI0001-XXXXXXXXX
Transfer-Preview: *
Options-TTL: 3600
Date: Tue, 07 Mar 2017 21:16:43 GMT
Preview: 1024
Allow: 204
X-Include: X-Authenticated-User, X-Authenticated-Groups
Encapsulated: null-body=0
So it’s detecting a weird address. How do I fix that? ifconfig shows proper IPv4 address on the server, I put that in an earlier post. And is that a server problem or a problem with the client program detecting the IP wrong?
« Last Edit: March 07, 2017, 10:19:57 pm by kyferez »
Logged
Looks like your ICAP server is at least doing something.
Can you try icap://your-ip:1344/echo on your proxy?
Logged
I assume you mean in OPNsense? That made no difference.
I then tried changing this in OPNsense:
Request Modify URL — cap://192.168.1.226:1344/squidclamav
Response Modify URL — icap://192.168.1.226:1344/squidclamav
To this (note the i added to the request URL icap):
Request Modify URL — icap://192.168.1.226:1344/squidclamav
Response Modify URL — icap://192.168.1.226:1344/squidclamav
And no more errors… Think I missed a character when copying and pasting the URL 
Just tested and YEAA!!! it is working! 
Thanks you Fabian!!! Complete how-to will be on the way.
Here’s the Howto: http://www.tcptechs.com/opnsense-transparent-caching-filtering-proxy-with-virus-scanning/
EDIT: Updated the HowTo with a bug fix and 10th step.
« Last Edit: March 11, 2017, 06:47:16 pm by kyferez »
Logged
@kyferez thanks for a really good and detailed howto!
Just one suggestion: in your step 3.18:
Once the proxy is working, if you want to block anyone not using the proxy, then add a new firewall rule below the one you created earlier. This rule should be Deny traffic, Source: Interface net, Destination Address: ANY, Dst Port: 80. …
Suggest to change ‘Destination Address: ANY’ to Destination Address: !This Firewall for this and the corresponding port 443 rule
I just locked myself out of the webgui when I was fiddling with icap server memory and couldn’t get the c-icap service to start. The above change ensures that OPNsense does not try forward http(s) requests pointed exactly at OPNsense itself to c-icap. I had to get c-icap running again and responding before I could get into the OPNsense webgui.
Logged
Server:
Code: Select all
Release 8.8.12.GA.3794.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.8.12_P4.
I just updated today from Patch 2 to Patch 4.
Clamd version (from freshclam.log):
Code: Select all
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.4 Recommended version: 0.101.2
Every few days, I keep getting the situation where messages are delivered with «Unchecked» in their subject line.
I can manually restart zimbra with a «zontrol restart» but it comes back every few days.
Today, I decided to take a look at what might be causing this and found this in the log when the zimbra services start
Code: Select all
Jul 30 11:51:30 mail clamd[30211]: TCP: Bound to [127.0.0.1]:3310
Jul 30 11:51:30 mail clamd[30211]: TCP: Setting connection queue length to 200
Jul 30 11:51:30 mail clamd[30211]: LOCAL: Unix socket file /opt/zimbra/data/clamav/clamav.sock
Jul 30 11:51:30 mail clamd[30211]: LOCAL: Setting connection queue length to 200
Jul 30 11:51:30 mail clamd[30211]: daemonize() failed: Cannot allocate memory
Jul 30 11:51:30 mail clamd[30211]: Socket file removed.
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!)connect to /opt/zimbra/data/clamav/clamav.sock failed, attempt #1: Can't connect to a UNIX socket /opt/zimbra/data/clamav/clamav.sock: No such file or directory
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /opt/zimbra/data/clamav/clamav.sock (All attempts (1) failed connecting to /opt/zimbra/data/clamav/clamav.sock) at (eval 148) line 613.n
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!)WARN: all primary virus scanners failed, considering backups
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!!)AV: ALL VIRUS SCANNERS FAILED
When I try to manually check the services, I see the folowing, which doesn’t make any sense.
Code: Select all
zimbra@mail:~/data/clamav$ zmcontrol status
Host mail.myhost.com
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
zimbra@mail:~/data/clamav$ zmantivirusctl stop
Stopping clamd...done.
Stopping freshclam...done.
zimbra@mail:~/data/clamav$ zmantivirusctl start
Starting amavisd-mc...amavisd-mc is already running.
Starting amavisd...amavisd is already running.
Starting clamd...failed.
Starting freshclam...done.
zimbra@mail:~/data/clamav$ zmantivirusctl restart
Stopping amavisd... done.
Stopping amavisd-mc... done.
Starting amavisd-mc...done.
Starting amavisd...done.
Stopping clamd...done.
Starting clamd...failed.
Stopping freshclam...done.
Starting freshclam...done.
zimbra@mail:~/data/clamav$ zmclamdctl status
clamd is running.
zimbra@mail:~/data/clamav$ zmclamdctl stop
Stopping clamd...done.
zimbra@mail:~/data/clamav$ zmclamdctl start
Starting clamd...failed.
zimbra@mail:~/data/clamav$ zmantivirusctl status
antivirus is running
zimbra@mail:~/data/clamav$ zmclamdctl status
clamd is running.
Clamd fails to start, but then when I check it’s status, it is running.
Any idea what’s going on?
I did find that I had some duplicates in /opt/zimbra/data/clamav/db/
Code: Select all
zimbra@mail:~/data/clamav/db$ ls -al
total 479508
drwxr-xr-x 10 zimbra zimbra 4096 Jul 30 12:16 .
drwxrwxr-x 4 zimbra zimbra 4096 Jul 30 12:16 ..
-rw-r----- 1 zimbra zimbra 1013248 Jan 2 2019 bytecode.cld
-rw-r----- 1 zimbra zimbra 207879 Jul 30 11:52 bytecode.cvd
drwxr-x--- 2 zimbra zimbra 4096 May 21 2016 clamav-067d7d74e7db25496b87dbf761186fe1.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 9 2016 clamav-278a82d9b2c3fd7be2d4619e1652882b.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 9 2016 clamav-4d234370c55f3805833208b2e6a4870c.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 9 2016 clamav-4e0ab5775afb14c96bf117438cd53466.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 13 2016 clamav-60e9d3622749eee696cda4a47066900e.tmp
drwxr-x--- 2 zimbra zimbra 4096 May 13 2016 clamav-79abe18ba0ab500e60858078dd42eb79.tmp
drwxr-x--- 2 zimbra zimbra 4096 Jun 1 2016 clamav-97fe75be43aacdf44e1b5a983578b096.tmp
drwxr-x--- 2 zimbra zimbra 4096 May 21 2016 clamav-c4caf97b60239b9a82cc51161cb5398b.tmp
-rw-r----- 1 zimbra zimbra 136675328 Jul 29 20:02 daily.cld
-rw-r----- 1 zimbra zimbra 45067320 Jul 30 11:50 daily.cvd
-rw-r----- 1 zimbra zimbra 307499008 Jul 30 11:50 main.cld
-rw------- 1 zimbra zimbra 2548 Jul 30 12:16 mirrors.dat
I ran the following:
Code: Select all
cd /opt/zimbra/data/clamav/db/
mv *.* /tmp/clamavdbback/
/opt/zimbra/common/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
This cleaned out duplicates and old .tmp files in the db folder that I had and this is the result of what’s there now.
Code: Select all
zimbra@mail:~/data/clamav/db$ ls -al
total 159532
drwxr-xr-x 2 zimbra zimbra 4096 Jul 30 14:16 .
drwxrwxr-x 4 zimbra zimbra 4096 Jul 30 13:18 ..
-rw-r----- 1 zimbra zimbra 207879 Jul 30 12:48 bytecode.cvd
-rw-r----- 1 zimbra zimbra 45067320 Jul 30 12:46 daily.cvd
-rw-r----- 1 zimbra zimbra 117892267 Jul 30 12:46 main.cvd
-rw------- 1 zimbra zimbra 52 Jul 30 14:16 mirrors.dat
I still get the clamd start failures though.
I will wait a few days to see if the unchecked issue comes back.
Any suggestions on what the problems are with the lock file?
Last edited by davidkillingsworth on Tue Jul 30, 2019 11:05 am, edited 1 time in total.
I’m see quite a lot of these errors when a email arrives.
Mar 23 04:30:53 mail amavis[1596]: (01596-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Mar 23 04:30:54 mail amavis[1596]: (01596-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Mar 23 04:30:54 mail amavis[1596]: (01596-04) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Mar 23 04:31:00 mail amavis[1596]: (01596-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Mar 23 04:31:00 mail amavis[1596]: (01596-04) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 136) line 603.n
Mar 23 04:31:00 mail amavis[1596]: (01596-04) (!)WARN: all primary virus scanners failed, considering backups