ClamAV connect to /var/run/clamav/clamd.ctl failed and BLocked MTA-BLOCKED

Discussion in 'Installation/Configuration' started by electron79, Apr 6, 2022.

  1. electron79

    electron79 Member

    Hello, this is my mail.log part:

    Code:
    Apr  6 17:45:04 master amavis[4946]: (04946-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:04 master amavis[4945]: (04945-13) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:05 master amavis[4946]: (04946-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:05 master amavis[4946]: (04946-12) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Apr  6 17:45:05 master amavis[4945]: (04945-13) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:05 master amavis[4945]: (04945-13) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)WARN: all primary virus scanners failed, considering backups
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav\nERROR: Can't open file or directory"
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)WARN: all primary virus scanners failed, considering backups
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav\nERROR: Can't open file or directory" at (eval 113) line 951.
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!!)AV: ALL VIRUS SCANNERS FAILED
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav\nERROR: Can't open file or directory"
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav\nERROR: Can't open file or directory" at (eval 113) line 951.
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!!)AV: ALL VIRUS SCANNERS FAILED
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)connect to 127.0.0.1:* failed, attempt #1: Can't connect to socket 127.0.0.1:* using module IO::Socket::IP: Connection refused
    Apr  6 17:45:11 master amavis[4946]: (04946-12) (!)ZEHaeFznR-Vg FWD from <[email protected]> -> <[email protected]>,<[email protected]>,  451 4.5.0 From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=04946-12
    Apr  6 17:45:11 master amavis[4946]: (04946-12) Blocked MTA-BLOCKED {TempFailedInbound}, [127.0.0.1] [209.85.219.175] <[email protected]> -> <[email protected]>,<[email protected]>, Message-ID: <[email protected]om>, mail_id: ZEHaeFznR-Vg, Hits: -0.2, size: 39783, dkim_sd=20210112:gmail.com, 7371 ms
    Apr  6 17:45:11 master postfix/lmtp[6686]: C6A84208D1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=5505, delays=5498/0.01/0.01/7.4, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=04946-12 - Temporary MTA failure on relaying, From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=04946-12 (in reply to end of DATA command))
    Apr  6 17:45:11 master postfix/lmtp[6686]: C6A84208D1: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=5505, delays=5498/0.01/0.01/7.4, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=04946-12 - Temporary MTA failure on relaying, From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=04946-12 (in reply to end of DATA command))
    Apr  6 17:45:11 master amavis[4946]: (04946-13) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)connect to 127.0.0.1:* failed, attempt #1: Can't connect to socket 127.0.0.1:* using module IO::Socket::IP: Connection refused
    Apr  6 17:45:11 master amavis[4945]: (04945-13) (!)tAs2BrSXyaLf FWD from <[email protected]> -> <[email protected]>,<[email protected]>,  451 4.5.0 From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=04945-13
    Apr  6 17:45:11 master amavis[4945]: (04945-13) Blocked MTA-BLOCKED {TempFailedInbound}, [127.0.0.1] [209.85.219.181] <[email protected]> -> <[email protected]>,<[email protected]>, Message-ID: <[email protected]om>, mail_id: tAs2BrSXyaLf, Hits: -0.2, size: 6642, dkim_sd=20210112:gmail.com, 7459 ms
    Apr  6 17:45:11 master postfix/lmtp[6689]: CB07C204CA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3185, delays=3178/0.01/0.01/7.5, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=04945-13 - Temporary MTA failure on relaying, From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=04945-13 (in reply to end of DATA command))
    Apr  6 17:45:11 master postfix/lmtp[6689]: CB07C204CA: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=3185, delays=3178/0.01/0.01/7.5, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 id=04945-13 - Temporary MTA failure on relaying, From MTA() during fwd-connect (All attempts (1) failed connecting to smtp:127.0.0.1:*): id=04945-13 (in reply to end of DATA command))

    Note: Servre on AWS C2
    OS = GNU/LInux Debian 10 x64
    ISPConfig 3.2
     
    Last edited by a moderator: Apr 7, 2022
  2. electron79

    electron79 Member

    ///////////////////////////////////////
    My /etc/postfix/master.cf file:
    ///////////////////////////////////////
    Code:
    smtp      inet  n       -       y       -       -       smtpd
    #smtp      inet  n       -       y       -       1       postscreen
    #smtpd     pass  -       -       y       -       -       smtpd
    #dnsblog   unix  -       -       y       -       0       dnsblog
    #tlsproxy  unix  -       -       y       -       0       tlsproxy
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_tls_auth_only=yes
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    #  -o smtpd_reject_unlisted_recipient=no
    #  -o smtpd_client_restrictions=$mua_client_restrictions
    #  -o smtpd_helo_restrictions=$mua_helo_restrictions
    #  -o smtpd_sender_restrictions=$mua_sender_restrictions
    #  -o smtpd_recipient_restrictions=
    #  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
    #  -o milter_macro_daemon_name=ORIGINATING
    #628       inet  n       -       y       -       -       qmqpd
    pickup    unix  n       -       y       60      1       pickup
    cleanup   unix  n       -       y       -       0       cleanup
    qmgr      unix  n       -       n       300     1       qmgr
    #qmgr     unix  n       -       n       300     1       oqmgr
    tlsmgr    unix  -       -       y       1000?   1       tlsmgr
    rewrite   unix  -       -       y       -       -       trivial-rewrite
    bounce    unix  -       -       y       -       0       bounce
    defer     unix  -       -       y       -       0       bounce
    trace     unix  -       -       y       -       0       bounce
    verify    unix  -       -       y       -       1       verify
    flush     unix  n       -       y       1000?   0       flush
    proxymap  unix  -       -       n       -       -       proxymap
    proxywrite unix -       -       n       -       1       proxymap
    smtp      unix  -       -       y       -       -       smtp
    relay     unix  -       -       y       -       -       smtp
            -o syslog_name=postfix/$service_name
    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq     unix  n       -       y       -       -       showq
    error     unix  -       -       y       -       -       error
    retry     unix  -       -       y       -       -       error
    discard   unix  -       -       y       -       -       discard
    local     unix  -       n       n       -       -       local
    virtual   unix  -       n       n       -       -       virtual
    lmtp      unix  -       -       y       -       -       lmtp
    anvil     unix  -       -       y       -       1       anvil
    scache    unix  -       -       y       -       1       scache
    postlog   unix-dgram n  -       n       -       1       postlogd
    #
    ////////////////////////////////////////


    ////////////////////////////////////////
    my /etc/postfix/main.cf file:
    ///////////////////////////////////////
    Code:
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = /usr/share/doc/postfix
    
    # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
    # fresh installs.
    compatibility_level = 2
    
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    myhostname = master.coerco.com.ni
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination = master.coerco.com.ni, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8 [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains = proxy:mysql:/etc/postfix/mysql-virtual_alias_domains.cf
    virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = proxy:mysql:/etc/postfix/mysql-virtual_uids.cf
    virtual_gid_maps = proxy:mysql:/etc/postfix/mysql-virtual_gids.cf
    sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_restriction_classes = greylisting
    greylisting = check_policy_service inet:127.0.0.1:10023
    smtpd_recipient_restrictions = permit_mynetworks, reject_unknown_recipient_domain, reject_unlisted_recipient, check_recipient_access proxy:mysql:/etc/postfix/mysql-verify_recipients.cf, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination, check_recipient_access proxy:mysql:/etc/postfix/mysql-virtual_recipient.cf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, check_policy_service unix:private/quota-status
    smtpd_tls_security_level = may
    transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    relay_domains = proxy:mysql:/etc/postfix/mysql-virtual_relaydomains.cf
    relay_recipient_maps = proxy:mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
    smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $virtual_uid_maps $virtual_gid_maps $smtpd_client_restrictions $smtpd_sender_restrictions $smtpd_recipient_restrictions $smtp_sasl_password_maps $sender_dependent_relayhost_maps
    smtpd_helo_required = yes
    smtpd_helo_restrictions = permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo, reject_unknown_helo_hostname, permit
    smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks, check_sender_access proxy:mysql:/etc/postfix/mysql-virtual_sender.cf,  permit_sasl_authenticated, reject_non_fqdn_sender, reject_unlisted_sender, check_sender_access regexp:/etc/postfix/tag_as_foreign.re
    smtpd_reject_unlisted_sender = no
    smtpd_client_restrictions = check_client_access proxy:mysql:/etc/postfix/mysql-virtual_client.cf, permit_inet_interfaces, permit_mynetworks, permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org, reject_unauth_pipelining, permit
    smtpd_etrn_restrictions = permit_mynetworks, reject
    smtpd_data_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_multi_recipient_bounce, permit
    smtpd_client_message_rate_limit = 100
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = lmtp:unix:private/dovecot-lmtp
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    owner_request_special = no
    smtp_tls_security_level = dane
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3
    smtp_tls_protocols = !SSLv2,!SSLv3
    smtpd_tls_exclude_ciphers = RC4, aNULL
    smtp_tls_exclude_ciphers = RC4, aNULL
    smtpd_tls_mandatory_ciphers = medium
    tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA
    tls_preempt_cipherlist = yes
    address_verify_negative_refresh_time = 60s
    enable_original_recipient = no
    sender_dependent_relayhost_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayhost.cf
    smtp_sasl_password_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender-relayauth.cf, texthash:/etc/postfix/sasl_passwd
    smtp_sender_dependent_authentication = yes
    smtp_sasl_auth_enable = yes
    smtp_sasl_security_options = noanonymous, noplaintext
    smtp_sasl_tls_security_options = noanonymous
    authorized_flush_users =
    authorized_mailq_users = nagios, icinga
    smtpd_forbidden_commands = CONNECT,GET,POST,USER,PASS
    address_verify_sender_ttl = 15686s
    smtp_dns_support_level = dnssec
    address_verify_virtual_transport = smtp:[127.0.0.1]:10025
    address_verify_transport_maps = static:smtp:[127.0.0.1]:10025
    receive_override_options = no_address_mappings
    content_filter = lmtp:[127.0.0.1]:10024
    message_size_limit = 15728640
    ////////////////////////////////////////

    ///////////////////////////////////////
    netstat -punta:
    ///////////////////////////////////////
    Code:
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
    tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      4927/amavisd-new (m
    tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      4927/amavisd-new (m
    tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      3503/master        
    tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      705/memcached      
    tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      749/dovecot        
    tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      749/dovecot        
    tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      3503/master        
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1101/pure-ftpd (SER
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      767/sshd          
    tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      3503/master        
    tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      749/dovecot        
    tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      749/dovecot        
    tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      970/postgrey --pidf
    tcp        0      0 172.31.32.157:995       186.1.30.243:34825      ESTABLISHED 22514/dovecot/pop3-
    tcp        0      0 127.0.0.1:52356         127.0.0.1:3306          ESTABLISHED 20179/amavisd-new (
    tcp        0      0 127.0.0.1:52352         127.0.0.1:3306          ESTABLISHED 19711/amavisd-new (
    tcp        0    232 172.31.32.157:22        143.202.253.50:65312    ESTABLISHED 21838/sshd: admin [

    ////////////////////////////
    my /etc/hosts file:
    ///////////////////////////
    127.0.0.1 localhost
    127.0.1.1 master.coerco.com.ni master
    172.31.32.157 master.coerco.com.ni master


    //////////////////////////////////
    My /etc/hostname file:
    /////////////////////////////////
    master


    Machine on AWS EC2:
    4Core / 4GB RAM / HDD-100GB
    OS = Debian 10 x64

    Thank you for your help.
     
    Last edited by a moderator: Apr 7, 2022
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

  4. electron79

    electron79 Member

    Code:
     amavis.service - LSB: Starts amavisd-new mailfilter
       Loaded: loaded (/etc/init.d/amavis; generated)
       Active: active (running) since Wed 2022-04-06 23:24:39 UTC; 14min ago
         Docs: man:systemd-sysv-generator(8)
      Process: 724 ExecStart=/etc/init.d/amavis start (code=exited, status=0/SUCCESS)
        Tasks: 3 (limit: 4590)
       Memory: 190.8M
       CGroup: /system.slice/amavis.service
               ├─1206 /usr/sbin/amavisd-new (master)
               ├─1217 /usr/sbin/amavisd-new (ch1-avail)
               └─1218 /usr/sbin/amavisd-new (virgin child)
    
    Apr 06 23:24:39 master amavis[1206]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
    Apr 06 23:37:01 master amavis[1217]: (01217-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr 06 23:37:02 master amavis[1217]: (01217-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr 06 23:37:02 master amavis[1217]: (01217-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Apr 06 23:37:08 master amavis[1217]: (01217-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr 06 23:37:08 master amavis[1217]: (01217-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd
    Apr 06 23:37:08 master amavis[1217]: (01217-01) (!)WARN: all primary virus scanners failed, considering backups
    Apr 06 23:37:29 master amavis[1217]: (01217-01) (!)connect to 127.0.0.1:* failed, attempt #1: Can't connect to socket 127.0.0.1:* using module IO::Socket::IP: Connection refused
    Apr 06 23:37:29 master amavis[1217]: (01217-01) (!)picE2GNjkezM FWD from <[email protected]> -> <[email protected]>,  451 4.5.0 From MTA() during fwd-connect (All attempts (1) failed connecting t
    Apr 06 23:37:29 master amavis[1217]: (01217-01) Blocked MTA-BLOCKED {TempFailedInbound}, [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]
    
    Thanks Th0m.
     
  5. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    and the output of
    Code:
    systemctl status clamav-daemon
     
    electron79 likes this.
  6. electron79

    electron79 Member

    Code:
    ● clamav-daemon.service - LSB: ClamAV daemon
       Loaded: loaded (/etc/init.d/clamav-daemon; generated)
      Drop-In: /etc/systemd/system/clamav-daemon.service.d
               └─extend.conf
       Active: active (exited) since Wed 2022-04-06 23:24:36 UTC; 18h ago
         Docs: man:systemd-sysv-generator(8)
      Process: 710 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS)
      Process: 730 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
      Process: 734 ExecStart=/etc/init.d/clamav-daemon start (code=exited, status=0/SUCCESS)
    
    Apr 06 23:24:36 master systemd[1]: Starting LSB: ClamAV daemon...
    Apr 06 23:24:36 master systemd[1]: Started LSB: ClamAV daemon.
    
    Thanks Th0m ...
     
  7. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    See logs for info on why clamav has exited.
    Then try systemctl start clamav-daemon and see logs on what happens.
     
  8. electron79

    electron79 Member

    Code:
    Apr  7 20:39:48 master amavis[12407]: (12407-08) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  7 20:39:48 master amavis[13077]: (13077-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  7 20:39:49 master amavis[12407]: (12407-08) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  7 20:39:49 master amavis[12407]: (12407-08) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Apr  7 20:39:49 master amavis[13077]: (13077-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  7 20:39:49 master amavis[13077]: (13077-07) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Apr  7 20:39:55 master amavis[12407]: (12407-08) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  7 20:39:55 master amavis[12407]: (12407-08) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n
    Apr  7 20:39:55 master amavis[12407]: (12407-08) (!)WARN: all primary virus scanners failed, considering backups
    Apr  7 20:39:55 master amavis[13077]: (13077-07) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Apr  7 20:39:55 master amavis[13077]: (13077-07) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 113) line 659.\n
    Apr  7 20:39:55 master amavis[13077]: (13077-07) (!)WARN: all primary virus scanners failed, considering backups
    Apr  7 20:40:01 master CRON[16817]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Apr  7 20:40:01 master CRON[16818]: (getmail) CMD (/usr/local/bin/run-getmail.sh > /dev/null 2>> /dev/null)
    Apr  7 20:40:01 master CRON[16823]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
    Apr  7 20:40:02 master pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
    Apr  7 20:40:02 master pure-ftpd: ([email protected]) [INFO] Logout.
    Apr  7 20:40:02 master postfix/smtpd[16758]: connect from localhost[127.0.0.1]
    Apr  7 20:40:02 master postfix/smtpd[16758]: lost connection after CONNECT from localhost[127.0.0.1]
    Apr  7 20:40:02 master postfix/smtpd[16758]: disconnect from localhost[127.0.0.1] commands=0/0
    Apr  7 20:40:02 master dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<xiNzexbcmLx/AAAB>
    Apr  7 20:40:02 master dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<LyZzexbcXOt/AAAB>
    
    This is /var/log/syslog !! and when i run command " systemctl start clamav-daemon " nothing happens...
    Status:

    Code:
    ● clamav-daemon.service - LSB: ClamAV daemon
       Loaded: loaded (/etc/init.d/clamav-daemon; generated)
      Drop-In: /etc/systemd/system/clamav-daemon.service.d
               └─extend.conf
       Active: active (exited) since Thu 2022-04-07 20:39:41 UTC; 4min 53s ago
         Docs: man:systemd-sysv-generator(8)
      Process: 16773 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=1/FAILURE)
      Process: 16781 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
      Process: 16784 ExecStart=/etc/init.d/clamav-daemon start (code=exited, status=0/SUCCESS)
    
    Apr 07 20:39:41 master systemd[1]: Starting LSB: ClamAV daemon...
    Apr 07 20:39:41 master mkdir[16773]: /bin/mkdir: cannot create directory ‘/run/clamav’: File exists
    Apr 07 20:39:41 master systemd[1]: Started LSB: ClamAV daemon.
    Thank for you help!!
     
  9. electron79

    electron79 Member

    It is correct?:

    Code:
    /var/run# ls -lsh
    
    0 drwxr-xr-x  2 root     root       80 Apr  6 23:24 blkid
       0 drwxr-xr-x  2 clamav   root       60 Apr  6 23:24 clamav
       0 drwxr-xr-x  2 root     root      260 Apr  6 23:24 cloud-init
    
    
     
  10. electron79

    electron79 Member

    I remove amavisd-new and change on GUI -> System/Server Config/ Mail:

    From Content Filter: Amavisd to Rspamd

    Now I got an email and it is ready, but I don't know how to configure Rspamd?

    Note: With AWS it is necessary to submit a form to open port 25/tcp for outgoing traffic.
     
  11. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    See https://www.howtoforge.com/replacing-amavisd-with-rspamd-in-ispconfig/
     
  12. electron79

    electron79 Member

    Thanks Th0m.

    In this time, the mail server ispconfig 3, is ready.

    Thanks to all.
     

Share This Page