HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Clamav-daemon status failed ! (http://www.howtoforge.com/forums/showthread.php?t=60865)

sawa73 8th March 2013 15:46

Clamav-daemon status failed !
 
Hello,

I have a server with debian + ispconfig3, sometimes Clamav-daemon status goes to failed for some reason.
This happened 3 times in 10 months.

I use this server since may 2012, this happened first time in december 2012, then 2 times yesterday.


Code:

root@ksxxxxx:~# /etc/init.d/clamav-daemon status
clamd is not running ... failed!
root@ksxxxxx:~# /etc/init.d/clamav-daemon start
Starting ClamAV daemon: clamd LibClamAV Warning: *******************************            *******************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***  Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.    ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************

http://img15.hostingpics.net/pics/32...stfixSmall.png

florian030 9th March 2013 08:34

Hi,

Quote:

Code:

Starting ClamAV daemon: clamd LibClamAV Warning: *******************************            *******************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***  Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
LibClamAV Warning: ***********************************************************
LibClamAV Warning: ***  This version of the ClamAV engine is outdated.    ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************


Please update the database by running "freshclam" or "freshclam -v". Usually clamd/freshclam updates the database according to Checks in your freshclam.conf.

A few weeks ago there where a lot out trouble with updating clamav.

You can also try to remove the mirrors.dat (/usr/local/share/clamav) before running freshclam.

Which version of clamav are you using? Some mirrors block connections for outdated clients (i.e. <= clamav/0.94)

sawa73 9th March 2013 15:35

Hi,

I can't use freshclam -v command :
Code:

root@ksxxxxx:~# freshclam -v
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

My log file :
Code:

root@ksxxxxx:~# tail /var/log/clamav/freshclam.log
Sat Mar  9 14:37:01 2013 -> WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
Sat Mar  9 14:37:01 2013 -> WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
Sat Mar  9 14:37:01 2013 -> WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
Sat Mar  9 14:37:01 2013 -> WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
Sat Mar  9 14:37:01 2013 -> ERROR: getpatch: Can't download daily-16682.cdiff from database.clamav.net
Sat Mar  9 14:37:01 2013 -> WARNING: Incremental update failed, trying to download daily.cvd
Sat Mar  9 14:37:01 2013 -> ERROR: Can't download daily.cvd from database.clamav.net
Sat Mar  9 14:37:01 2013 -> Giving up on database.clamav.net...
Sat Mar  9 14:37:01 2013 -> Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/support/mirror-problem for possible reasons.
Sat Mar  9 14:37:01 2013 -> --------------------------------------

My network is not down i can reach the clamav host :
Code:

root@ksxxxxx:~# host database.clamav.net
database.clamav.net is an alias for db.local.clamav.net.
db.local.clamav.net is an alias for db.fr.clamav.net.
db.fr.clamav.net has address 193.51.160.14
db.fr.clamav.net has address 193.52.101.131
db.fr.clamav.net has address 195.190.27.134
db.fr.clamav.net has address 91.193.56.105
db.fr.clamav.net has address 193.43.215.41

Content of /etc/clamav/freshclam.conf :
Code:

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
AllowSupplementaryGroups false
PidFile /var/run/clamav/freshclam.pid
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
Bytecode true
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net

I deleted mirror.dat in /var/lib/clamav

my Clamav version is 0.97 :
Code:

root@ksxxxxx:~# freshclam -V
ClamAV 0.97.6/16681/Thu Feb 14 13:55:37 2013

Thank you for your help.

florian030 9th March 2013 15:57

Remove main.cld and run freshclam again.

sawa73 9th March 2013 19:37

I still have the same error messsage after deleted main.cld and mirrors.dat:

Code:

root@ksxxxxx:~# freshclam
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

EDIT : It works, i needed to do /etc/init.d/clamav-freshclam stop

Now i have this message :

Code:

WARNING: getpatch: Can't download daily-16682.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Whitelisting short-term blacklisted mirrors
Retrieving http://database.clamav.net/daily.cvd
Ignoring mirror 193.51.160.14 (has connected too many times with an outdated version)
Ignoring mirror 193.52.101.131 (has connected too many times with an outdated version)
Ignoring mirror 195.190.27.134 (has connected too many times with an outdated version)
Ignoring mirror 193.43.215.41 (has connected too many times with an outdated version)
Ignoring mirror 91.193.56.105 (has connected too many times with an outdated version)
Ignoring mirror 193.51.160.14 (has connected too many times with an outdated version)
Ignoring mirror 193.52.101.131 (has connected too many times with an outdated version)
Ignoring mirror 195.190.27.134 (has connected too many times with an outdated version)
Ignoring mirror 193.43.215.41 (has connected too many times with an outdated version)
Ignoring mirror 91.193.56.105 (has connected too many times with an outdated version)
WARNING: Can't download daily.cvd from database.clamav.net


florian030 10th March 2013 06:59

You should update to latest version (0.97.6 - http://www.clamav.net/lang/en/download/sources/). As i told you above, most mirrors drop connections from outdated clients and i`m not sure if your client can handle the latest database-files.

Usually you can update clamav while freshclam runs. IIRC this was a bug in an older version.

sawa73 10th March 2013 07:43

I deleted daily.cvd, main.cvd and mirror then run freshclam, and restarted amavis and postfix.

It's fixed now, Thank you for your help.

sawa73 13th March 2013 06:26

It worked 2 days, same problem happens again. Clamav stop working.

Code:

root@ksxxxxx:~# /etc/init.d/clamav-daemon status
clamd is not running ... failed!
root@ksxxxxx:~# /etc/init.d/clamav-daemon start
Starting ClamAV daemon: clamd .

I don't have the warning about old database anymore, but clamav goes down for some reason.

florian030 13th March 2013 07:38

Is there anything in your logs why clamd stopped working?

sawa73 13th March 2013 20:37

I found this in my logs :

Code:

Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: mail for [127.0.0.1]:10024 is using up 6569 of 6569 active queue entries
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: you may need to reduce amavis connect and helo timeouts
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: so that Postfix quickly skips unavailable hosts
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: you may need to increase the main.cf minimal_backoff_time and maximal_backoff_time
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: so that Postfix wastes less time on undeliverable mail
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: you may need to increase the master.cf amavis process limit
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: please avoid flushing the whole queue when you have
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: lots of deferred mail, that is bad for performance
Mar 13 20:23:31 ksxxxxx postfix/qmgr[6592]: warning: to turn off these warnings specify: qmgr_clog_warn_time = 0



All times are GMT +2. The time now is 12:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.