Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 29th July 2011, 00:00
SPeedy8 SPeedy8 is offline
Junior Member
 
Join Date: Jul 2011
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default VServer mit Debian Lenny - Probleme mit ClamAV

HAllo,

ich habe mir nach Anleitung einen Debian Lenny-Server aufgesetzt, auf dem neben Postfix auch Amavis mit ClamAV und freshclam etc. läuft.

Der Server läuft im großen und ganzen rund ... nur füllen sich die Mail-Logs überdimensional stark, da mit jeder Email eine Fehlermeldung von ClamAV ausgespuckt wird. Es wird folgender Eintrag in der /var/log/mail.log erstellt:

"...
Jul 28 22:04:28 galaxy5 amavis[31819]: (31819-19) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 88) line 309.
Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)WARN: all primary virus scanners failed, considering backups
..."

Wenn ich aber in ISPConfig auf "Überwachung -->Übersicht zeigen" gehe, sagt er mir, dass sowohl der Virenscanner wie auch alle anderen Dienst uptodate sind.

Kann mir einer sagen, woher diese Fehlermeldung kommt? Ich habe auch schon einmal versucht, eine leere Datei mit dem Namen clamd.ctl als auch clamav.log zu erstellen in den in den Fehlermeldungen benannten Pfaden ... aber nix tat sich.

Nach dem, was ich bislang gelesen habe, scheint der Virenscanner veraltet zu sein. Aber eigentlich ja auch nicht!

Kann mir jemand helfen?!

Vielen Dank schon einmal
Alex
Reply With Quote
Sponsored Links
  #2  
Old 29th July 2011, 12:59
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Ask your question in English, please!
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 29th July 2011, 20:21
SPeedy8 SPeedy8 is offline
Junior Member
 
Join Date: Jul 2011
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

HAllo,

I installed an VServer with Debian Lenny with Postfix, Amavis and ClamAV an, freshclam aso.
For the installation I used a Howto from this forum.

Normally the Server is working fine ... only the clamAV made problems. With every Email there is written an Error-Log into the /var/log/mail.log .... and this file becomes bigger and bigger. The log is:

"...
Jul 28 22:04:28 galaxy5 amavis[31819]: (31819-19) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 88) line 309.
Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)WARN: all primary virus scanners failed, considering backups
..."

The ISPConfig-Controlpanel tells me, that everything is working fine and uptodate, also the virusScanner.

Can anybody tell me, where the Error-Message comes from and how to stop it? I tryed to create the files clamd.ctl and also clamav.log, but no change.

Can anybody help me?

Thanks.

Greetings from Alex
Reply With Quote
  #4  
Old 30th July 2011, 13:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Have you tried to restart clamd?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 31st July 2011, 00:08
SPeedy8 SPeedy8 is offline
Junior Member
 
Join Date: Jul 2011
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, I did. I restarted the hole VServer ... but no change. The named files are still missing. I think, it is a problem of ClamAV and not of ISPConfig, but isn't there a solution?

ALex
Reply With Quote
  #6  
Old 31st July 2011, 13:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Do you use OpenVZ? If so, what's the output of
Code:
cat /proc/user_beancounters
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 31st July 2011, 20:49
SPeedy8 SPeedy8 is offline
Junior Member
 
Join Date: Jul 2011
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, I think so. The ServerArchitecture should be OpenVZ.

The output of "cat /proc/user_beancounters" is

"...
#cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
9351: kmemsize 11512754 11529611 30720347 30192382 0
lockedpages 0 0 331 331 28
privvmpages 94908 94961 1048576 1153434 0
shmpages 862 862 38400 38400 0
dummy 0 0 9223372036854775807 9223372036854775807 0
numproc 97 97 500 500 0
physpages 59252 59309 0 2147483647 0
vmguarpages 0 0 524288 2147483647 0
oomguarpages 59252 59309 524288 2147483647 0
numtcpsock 31 31 550 550 0
numflock 18 19 262 288 0
numpty 1 1 16 16 0
numsiginfo 0 1 1024 1024 0
tcpsndbuf 591336 591336 6720000 9408000 0
tcprcvbuf 507904 507904 6720000 9408000 0
othersockbuf 305432 305432 5760000 8064000 0
dgramrcvbuf 0 0 794989 794989 0
numothersock 196 196 400 400 0
dcachesize 1424358 1434827 3022848 3113532 0
numfile 3752 3752 7680 7680 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 72 72 2000 2000 0
..."

At the moment with an server-Uptime of 3 days theres a failedcount of Lockedpages with 28. But the error-message of ClaimAV is also there after a new server-Restart. Especially the missing files are not existent.

My Server-Parameter are the followings:

"...
galaxy5:~# top
top - 19:43:06 up 3 days, 20:16, 1 user, load average: 0.02, 0.08, 0.04
Tasks: 73 total, 1 running, 72 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 4194304k total, 379296k used, 3815008k free, 0k buffers
Swap: 0k total, 0k used, 0k free, 0k cached
..."

Thanks for your help.

With best regards
Alexander
Reply With Quote
  #8  
Old 1st August 2011, 10:53
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

What's the output of
Code:
ls -la /var/run/clamav/
? What's in /etc/clamd.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 1st August 2011, 22:58
SPeedy8 SPeedy8 is offline
Junior Member
 
Join Date: Jul 2011
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hallo,

Quote:
Originally Posted by falko View Post
What's the output of
Code:
ls -la /var/run/clamav/
?
galaxy5:~# ls -la /var/run/clamav
total 12
drwxr-xr-x 2 clamav root 4096 2011-07-27 23:27 .
drwxr-xr-x 13 root root 4096 2011-07-28 22:21 ..
-rw-rw---- 1 clamav clamav 4 2011-08-01 04:45 freshclam.pid

Quote:
What's in /etc/clamd.conf?
There is no file "/etc/clamd.conf", only "/etc/clamav/clamd.conf. And in this file is the following writte:

Code:
MaxConnectionQueueLength 15
LogSyslog false
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
Foreground false
Debug false
ScanPE true
ScanOLE2 true
ScanHTML true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OfficialDatabaseOnly false
CrossFilesystems true
Greetings
Alex
Reply With Quote
  #10  
Old 2nd August 2011, 11:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
 
Default

Is clamav-daemon installed?
Code:
apt-get install clamav-daemon
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Installation just stops, and dies. cosmicsafari Installation/Configuration 3 19th July 2011 11:24
[debian 5 + ispconfig 3] Unable to send mail tanakskool HOWTO-Related Questions 6 4th November 2009 19:20
Howto upgrade from Debian 4 (Etch) to Debian 5 (Lenny) Hans Tips/Tricks/Mods 2 2nd December 2008 00:40
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 01:57
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 01:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.