1 Topic by maxleonca

  • maxleonca
  • Member
  • Offline
  • Registered: 2013-04-08
  • Posts: 19

Topic: Clam AV failing, too many connections...

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version:  Ubuntu 14.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
Aug 28 15:30:29 mail postfix/smtpd[11792]: connect from bay004-omc1s10.hotmail.com[65.54.190.21]
Aug 28 15:30:30 mail postfix/smtpd[11792]: 4577C120044: client=bay004-omc1s10.hotmail.com[65.54.190.21]
Aug 28 15:30:31 mail postfix/cleanup[11799]: 4577C120044: message-id=<BAY178-W282FE28189E75436BEC886B46E0@phx.gbl>
Aug 28 15:30:31 mail postfix/qmgr[2185]: 4577C120044: from=<cartas@hotmail.com>, size=1621, nrcpt=1 (queue active)
Aug 28 15:30:31 mail postfix/smtpd[11792]: disconnect from bay004-omc1s10.hotmail.com[65.54.190.21]
Aug 28 15:30:31 mail amavis[6792]: (06792-06) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Aug 28 15:30:32 mail amavis[6792]: (06792-06) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Aug 28 15:30:32 mail amavis[6792]: (06792-06) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Aug 28 15:30:38 mail amavis[6792]: (06792-06) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Aug 28 15:30:38 mail amavis[6792]: (06792-06) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 140) line 603.\n
Aug 28 15:30:38 mail amavis[6792]: (06792-06) (!)WARN: all primary virus scanners failed, considering backups
Aug 28 15:30:43 mail amavis[6792]: (06792-06) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan KILLED, signal 9 (0009) at (eval 140) line 899.
Aug 28 15:30:43 mail amavis[6792]: (06792-06) (!!)AV: ALL VIRUS SCANNERS FAILED
Aug 28 15:30:44 mail postfix/smtpd[11809]: connect from mail.example.com[127.0.0.1]
Aug 28 15:30:44 mail postfix/smtpd[11809]: 601AE1200A7: client=mail.example.com[127.0.0.1]
Aug 28 15:30:44 mail postfix/cleanup[11799]: 601AE1200A7: message-id=<BAY178-W282FE28189E75436BEC886B46E0@phx.gbl>
Aug 28 15:30:44 mail postfix/qmgr[2185]: 601AE1200A7: from=<cartas@hotmail.com>, size=2100, nrcpt=1 (queue active)
Aug 28 15:30:44 mail postfix/smtpd[11809]: disconnect from mail.example.com[127.0.0.1]
Aug 28 15:30:44 mail amavis[6792]: (06792-06) Passed UNCHECKED {RelayedInternal}, MYUSERS LOCAL [65.54.190.21]:60212 [65.54.190.61] <cartas@hotmail.com> -> <ejohnson@example.com>, Queue-ID: 4577C120044, Message-ID: <BAY178-W282FE28189E75436BEC886B46E0@phx.gbl>, mail_id: xs6E2Fjp1KVU, Hits: -1.446, size: 1621, queued_as: 601AE1200A7, 12882 ms
Aug 28 15:30:44 mail postfix/smtp[11806]: 4577C120044: to=<ejohnson@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=14, delays=1.4/0.01/0.02/13, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 601AE1200A7)
Aug 28 15:30:44 mail postfix/qmgr[2185]: 4577C120044: removed
Aug 28 15:30:44 mail postfix/pipe[11810]: 601AE1200A7: to=<ejohnson@example.com>, relay=dovecot, delay=0.14, delays=0.01/0.02/0/0.11, dsn=2.0.0, status=sent (delivered via dovecot service)
Aug 28 15:30:44 mail postfix/qmgr[2185]: 601AE1200A7: removed
====

The clamd.conf is:
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
ScanOnAccess false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 10
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
StatsEnabled false
StatsPEDisabled true
StatsHostID auto
StatsTimeout 10
StreamMaxLength 25M
#LogFile /var/log/clamav/clamav.log
LogTime true
#LogFileUnlock false
#LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true

The clamav.log is clean


Any ideas?

Thank you.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by rizim

  • rizim
  • Member
  • Offline
  • Registered: 2015-08-27
  • Posts: 9

Re: Clam AV failing, too many connections...

Is clamav running?
Try to restart it - /etc/init.d/clamav-daemon restart

3 Reply by maxleonca

  • maxleonca
  • Member
  • Offline
  • Registered: 2013-04-08
  • Posts: 19

Re: Clam AV failing, too many connections...

Nevermind, I got to the root problem, lack of RAM.

Thank you.

And as usual, iRedMail rocks.