1 (edited by lymkin 2016-07-20 01:00:49)

Topic: Clamav no longer working

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
============ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.4
- Linux/BSD distribution name and version: Ubuntu 14.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:  /var/log/mail.log
====

I get this in my mail logs

Jul 19 11:14:35 www amavis[1595]: (01595-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 19 11:14:36 www amavis[1595]: (01595-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 19 11:14:36 www amavis[1595]: (01595-07) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Jul 19 11:14:42 www amavis[1595]: (01595-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 19 11:14:42 www amavis[1595]: (01595-07) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to$
Jul 19 11:14:42 www amavis[1595]: (01595-07) (!)WARN: all primary virus scanners failed, considering backups

Here is other output from what I have tried

root@www:# sudo /etc/init.d/clamav-daemon restart
* Stopping ClamAV daemon clamd                                                                  [ OK ]
* Starting ClamAV daemon clamd                                                                    [fail]

root@www:# ps -ef |grep clam
clamav    1719     1  0 10:33 ?        00:00:06 /usr/bin/freshclam -d --quiet
root      7076  2301  0 11:56 pts/0    00:00:00 grep --color=auto clam

There is no content in the /var/log/clamav/clamav.log file.

Any ideas??

Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Clamav no longer working

*) Any related log in /var/log/syslog?
*) What's the terminal output while starting clamd manually?

clamd -c /etc/clamav/clamd.conf
clamd -c /etc/clamav/clamd.conf --debug

3

Re: Clamav no longer working

ZhangHuangbin wrote:

*) Any related log in /var/log/syslog?
*) What's the terminal output while starting clamd manually?

clamd -c /etc/clamav/clamd.conf
clamd -c /etc/clamav/clamd.conf --debug

Here is what I see in /var/log/syslog:

Jul 20 08:36:51 www amavis[11417]: (11417-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 20 08:36:52 www amavis[11417]: (11417-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 20 08:36:52 www amavis[11417]: (11417-04) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Jul 20 08:36:55 www amavis[10217]: (10217-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 20 08:36:55 www amavis[10217]: (10217-07) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run$
Jul 20 08:36:55 www amavis[10217]: (10217-07) (!)WARN: all primary virus scanners failed, considering backups
Jul 20 08:36:56 www postfix/smtpd[11826]: disconnect from dmailer93146198.dmx1.bfi0.com[93.191.146.198]
Jul 20 08:36:58 www amavis[11417]: (11417-04) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
Jul 20 08:36:58 www amavis[11417]: (11417-04) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run$
Jul 20 08:36:58 www amavis[11417]: (11417-04) (!)WARN: all primary virus scanners failed, considering backups
Jul 20 08:37:05 www amavis[11417]: (11417-04) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="WARNING: Ignoring deprecated option --disable-summary\nLibClamAV Error: mpool_malloc()$
Jul 20 08:37:05 www amavis[11417]: (11417-04) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="WARNING: Ignoring deprecated option --disable-summary\nLibClamAV Er$
Jul 20 08:37:05 www amavis[11417]: (11417-04) (!)... 140) line 899.
Jul 20 08:37:05 www amavis[11417]: (11417-04) (!!)AV: ALL VIRUS SCANNERS FAILED
Jul 20 08:37:05 www amavis[10217]: (10217-07) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="WARNING: Ignoring deprecated option --disable-summary\nLibClamAV Error: mpool_malloc()$
Jul 20 08:37:05 www amavis[10217]: (10217-07) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="WARNING: Ignoring deprecated option --disable-summary\nLibClamAV Er$
Jul 20 08:37:05 www amavis[10217]: (10217-07) (!!)AV: ALL VIRUS SCANNERS FAILED

I know there is no clamd.ctl file as well.

The other 2 commands give me the following:
root@www:/# clamd -c /etc/clamav/clamd.conf
ERROR: initgroups() failed.
root@www:/# clamd -c /etc/clamav/clamd.conf --debug
ERROR: initgroups() failed.

Thanks for helping.

4

Re: Clamav no longer working

I think I found my own problem after looking closer at the syslog I posted.  I saw "Error: mpool_malloc()$" in the log, then I remembered reading somewhere that iredmail needs 2Gb of memory to be fully functional.

That said, I spun up a new server with 2Gb of memory instead of 1Gb.  Created a new volume from a snapshot to restore the same content on my prod server.  Viola!  Clamd is up and running.  What is weird is it has been up and running fine for months with 1Gb memory.

The pain point is I have no control over IP's, so I will have to change DNS and everything since I will get a new public ip. sad

On a side note, can I upgrade iRedMail 0.9.4 straight to 0.9.5-1?

Thanks!

5

Re: Clamav no longer working

I had same issue as you after update of debian OS. ClamAV daemon cannot read own configuration file, because parameter "AllowSupplementaryGroups" is not supported. Problem is described here https://bugs.debian.org/cgi-bin/bugrepo … ug=826406.

Commenting out the /etc/clamav/clamd.conf line with "AllowSupplementaryGroups true" and restarting service worked.

6

Re: Clamav no longer working

oderberg wrote:

I had same issue as you after update of debian OS. ClamAV daemon cannot read own configuration file, because parameter "AllowSupplementaryGroups" is not supported. Problem is described here https://bugs.debian.org/cgi-bin/bugrepo … ug=826406.

Commenting out the /etc/clamav/clamd.conf line with "AllowSupplementaryGroups true" and restarting service worked.

I think this is a debian only issues as I had already tried this with no luck.

7

Re: Clamav no longer working

lymkin wrote:

root@www:/# clamd -c /etc/clamav/clamd.conf --debug
ERROR: initgroups() failed.

What's the daemon group name defined in clamd.conf? Does this group exist on your server?