1 Topic by vinacc (edited by vinacc 2016-06-12 15:27:01)

  • vinacc
  • Member
  • Offline
  • Registered: 2016-05-04
  • Posts: 37

Topic: Virus scanner connection failure

======== Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.5-1
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

For several days in logwatch statistics I get this warning:

 --------------------- Amavisd-new Begin ------------------------ 

      268   *Warning: Virus scanner connection failure 
      134   Miscellaneous warnings  
 
       67   Total messages scanned ------------------  100.00%
   12.148M  Total bytes scanned                     12,737,832
 ========   ==================================================
 
       67   Passed ----------------------------------  100.00%
       67     Clean passed                             100.00%
 ========   ==================================================
 
       67   Ham -------------------------------------  100.00%
       67     Clean passed                             100.00%
 ========   ==================================================
 
 
 ---------------------- Amavisd-new End -------------------------

What causes the problem and how can I solve it?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Virus scanner connection failure

Any detailed log? Is ClamAV service running?

3 Reply by vinacc

  • vinacc
  • Member
  • Offline
  • Registered: 2016-05-04
  • Posts: 37

Re: Virus scanner connection failure

Jun 12 06:25:18 mail postfix/smtpd[28752]: connect from localhost[127.0.0.1]
Jun 12 06:25:18 mail postfix/smtpd[28752]: D198A60E06: client=localhost[127.0.0.1]
Jun 12 06:25:18 mail postfix/cleanup[28045]: D198A60E06: message-id=<201606120425.u5C4P5nx018981@test.domain.com>
Jun 12 06:25:18 mail postfix/qmgr[4144]: D198A60E06: from=<user+caf_=user=domain.com@gmail.com>, size=7066, nrcpt=1 (queue active)
Jun 12 06:25:18 mail postfix/smtpd[28752]: disconnect from localhost[127.0.0.1]
Jun 12 06:25:18 mail amavis[24397]: (24397-15) Passed CLEAN {RelayedInbound}, [209.85.214.48]:32811 [2.234.171.173] <user+caf_=user=domain.com@gmail.com$
Jun 12 06:25:18 mail postfix/smtp[28050]: 63C5060E0C: to=<user@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=27, delays=0.16/0.01/0.01/26, dsn=2.0.$
Jun 12 06:25:18 mail postfix/qmgr[4144]: 63C5060E0C: removed
Jun 12 06:25:18 mail postfix/pipe[28754]: D198A60E06: to=<user@domain.com>, relay=dovecot, delay=0.11, delays=0.01/0.02/0/0.08, dsn=2.0.0, status=sent (de$
Jun 12 06:25:18 mail postfix/qmgr[4144]: D198A60E06: removed
Jun 12 06:25:20 mail amavis[24082]: (24082-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd$
Jun 12 06:25:20 mail amavis[24082]: (24082-18) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All atte$
Jun 12 06:25:20 mail amavis[24082]: (24082-18) (!)WARN: all primary virus scanners failed, considering backups
Jun 12 06:25:30 mail postfix/smtpd[28752]: connect from localhost[127.0.0.1]
Jun 12 06:25:30 mail postfix/smtpd[28752]: A66CE60E06: client=localhost[127.0.0.1]
Jun 12 06:25:30 mail postfix/cleanup[28045]: A66CE60E06: message-id=<20160612042512.EF47561FF2@mail.domain.com>
Jun 12 06:25:30 mail postfix/qmgr[4144]: A66CE60E06: from=<root@mail.domain.com>, size=6812, nrcpt=1 (queue active)
Jun 12 06:25:30 mail postfix/smtpd[28752]: disconnect from localhost[127.0.0.1]
Jun 12 06:25:30 mail amavis[24082]: (24082-18) Passed CLEAN {RelayedInbound}, [127.0.0.1] <root@mail.domain.com> -> <root@mail.domain.com>, Message-ID: <2016$
Jun 12 06:25:30 mail postfix/cleanup[28045]: AB1FD60E0C: message-id=<20160612042512.EF47561FF2@mail.domain.com>
Jun 12 06:25:30 mail postfix/qmgr[4144]: AB1FD60E0C: from=<root@mail.domain.com>, size=6946, nrcpt=1 (queue active)
Jun 12 06:25:30 mail postfix/local[28763]: A66CE60E06: to=<root@mail.domain.com>, relay=local, delay=0.03, delays=0/0.01/0/0.01, dsn=2.0.0, status=sent (forwa$
Jun 12 06:25:30 mail postfix/qmgr[4144]: A66CE60E06: removed
Jun 12 06:25:30 mail postfix/smtp[28478]: EF47561FF2: to=<root@mail.domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=23, delays=5/0.02/0/18, dsn=2.0.0, st$
Jun 12 06:25:30 mail postfix/qmgr[4144]: EF47561FF2: removed
Jun 12 06:25:30 mail postfix/pipe[28754]: AB1FD60E0C: to=<postmaster@domain.com>, relay=dovecot, delay=0.04, delays=0.01/0/0/0.03, dsn=2.0.0, status=sent (del$
Jun 12 06:25:30 mail postfix/qmgr[4144]: AB1FD60E0C: removed
Jun 12 06:28:12 mail postfix/anvil[28041]: statistics: max connection rate 1/60s for (smtpd:209.85.214.48) at Jun 12 06:24:52
Jun 12 06:28:12 mail postfix/anvil[28041]: statistics: max connection count 1 for (smtpd:209.85.214.48) at Jun 12 06:24:52
Jun 12 06:28:12 mail postfix/anvil[28041]: statistics: max cache size 1 at Jun 12 06:24:52
Jun 12 06:30:29 mail postfix/pickup[27878]: 1D57D60E0C: uid=0 from=<root>
Jun 12 06:30:29 mail postfix/cleanup[28796]: 1D57D60E0C: message-id=<20160612043029.1D57D60E0C@mail.domain.com>
Jun 12 06:30:29 mail postfix/qmgr[4144]: 1D57D60E0C: from=<root@mail.domain.com>, size=431483, nrcpt=1 (queue active)
Jun 12 06:30:29 mail amavis[24397]: (24397-16) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd$
Jun 12 06:30:30 mail amavis[24397]: (24397-16) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd$
Jun 12 06:30:30 mail amavis[24397]: (24397-16) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Jun 12 06:30:36 mail amavis[24397]: (24397-16) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd$
Jun 12 06:30:36 mail amavis[24397]: (24397-16) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All atte$
Jun 12 06:30:36 mail amavis[24397]: (24397-16) (!)WARN: all primary virus scanners failed, considering backups
Jun 12 06:30:54 mail postfix/smtpd[28804]: connect from localhost[127.0.0.1]
Jun 12 06:30:54 mail postfix/smtpd[28804]: AF04560DD1: client=localhost[127.0.0.1]
Jun 12 06:30:54 mail postfix/cleanup[28796]: AF04560DD1: message-id=<20160612043029.1D57D60E0C@mail.domain.com>
Jun 12 06:30:54 mail postfix/qmgr[4144]: AF04560DD1: from=<root@mail.domain.com>, size=431939, nrcpt=1 (queue active)
Jun 12 06:30:54 mail postfix/smtpd[28804]: disconnect from localhost[127.0.0.1]

Yes. ClamAV is running.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Virus scanner connection failure

vinacc wrote:

Jun 12 06:25:20 mail amavis[24082]: (24082-18) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd$

ClamAV is NOT running.

Please run 'freshclam' command first, then try to start ClamAV service.

5 Reply by vinacc (edited by vinacc 2016-06-15 20:56:02)

  • vinacc
  • Member
  • Offline
  • Registered: 2016-05-04
  • Posts: 37

Re: Virus scanner connection failure

root@mail:~# freshclam
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
root@mail:~# service clamav-daemon status
● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
   Active: failed (Result: exit-code) since Wed 2016-06-15 14:48:33 CEST; 28s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           [url]http://www.clamav.net/lang/en/doc/[/url]
  Process: 4453 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE)
 Main PID: 4453 (code=exited, status=1/FAILURE)

Jun 15 14:48:33 mail clamd[4453]: ERROR: Parse error at line 11: Unknown option AllowSupplementaryGroups
Jun 15 14:48:33 mail clamd[4453]: ERROR: Can't open/parse the config file /etc/clamav/clamd.conf
Jun 15 14:48:33 mail systemd[1]: clamav-daemon.service: main process exited, code=exited, status=1/FAILURE
Jun 15 14:48:33 mail systemd[1]: Unit clamav-daemon.service entered failed state.

I commented on the line #AllowSupplementaryGroups true in /etc/clamav/clamd.conf file.

Now clamav started. But correct to comment that line? What happens if I leave commentary?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Virus scanner connection failure

vinacc wrote:

Now clamav started. But correct to comment that line? What happens if I leave commentary?

The parameter 'AllowSupplementaryGroups' is not supported by ClamAV, so you must either remove it or comment out it.