ISPConfig and Clamassassin

Discussion in 'Developers' Forum' started by till, Mar 4, 2007.

  1. till

    till Super Moderator


    I encounter a strange problem with the ISPConfig 2.2.11 (Thats why I didnt release it yet).

    Sometimes I get a Clamav error 50 which indicates a problem with the antivirus database, in this case clamav creates a directory in /tmp/ with "clamav" plus a random string as name which contains a antivirus database. This directory is owned by the user that received the mail.

    Does anyone else encounter this with either the 2.2.11 beta or 2.2.10 and the clamasassin fix (--mbox removed in clamav option)? Any ideas what may cause this?
  2. edge

    edge HowtoForge Supporter

    Yes, I also have 2 directory's in my /tmp dir. (using ISPconfig 2.2.10 and the clamasassin fix)
    host:/tmp# ls
    One of the dir's does have some stuff in it!
    host:/tmp# cd clamav-24465acfba690eb49a98090fe5bd3f70
    host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# ls
    COPYING  main.db  main.hdb  main.ndb
    I have no clue what's causing this..!
    Last edited: Mar 4, 2007
  3. jnsc

    jnsc rotaredoM

    I also have this directories on a server not using clamasassin. And one is dated from december 2004, so this does not look as something new. But personally I nerver got an error 50.
  4. till

    till Super Moderator

    How old are the directories? Have they been created on the day you updated ISPConfig to 2.2.10 / 2.2.11 or later?
  5. edge

    edge HowtoForge Supporter

    Both directories are from march the 3rd (yesterday) The last ISPconfig update was before that.

    I do not have the directories on my other servers as I do not have email users on it.
  6. Hans

    Hans Moderator

    On my server with ISPConfig 2.2.10 i have also some files provided by ClamAV like these:


    I do not have that files on my testserver with ISPConfig 2.2.11 beta1, as i do not use that server as a mailserver.
  7. till

    till Super Moderator

    I searched a bit in the clamav mailing lists and this seems to be a common problem with the new release. It looks like almost all systems are broken that invoke clamav from different users. They created a patch release 0.90.1 that shall fix some of the issues and additionally a change in freshclam prevents that clamav can access the signature databases because they changed the chmod of the files from 0755 to 0700. I added some patches to ISPConfig and test it now. Lets hope that this fixes the problems :)
  8. till

    till Super Moderator

  9. Hans

    Hans Moderator


    I've downloaded 2.2.11 beta2 on my testing-server with Debian Sarge.
    Everything looks fine.

    After that (i think i trust you a lot) i installed it on one of my production servers.
    (Debian Sarge unofficial 64 bit)

    Everything looks ok, but i have to wait to see if the strange clamav-files within /tmp do not appear again.

    Thanks for your work, i think you did it!
  10. till

    till Super Moderator

    Thats great to hear :)

    By the wy, I enabled logging in freshclam to the mail logfile, if you run a grep for clam or freshclam on the logfile, you should now be able to monitor if the update of the signatures is ok :)
  11. Hans

    Hans Moderator

    That's a nice option.

    I will give that a try as well!

    ((( :)))))
  12. Hans

    Hans Moderator


    After one night, i've checked my /tmp file and no clamav stuff anymore.
    So, that's good.

    Within the my email-header, i can see that the new clamav is functioning:

    X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.90.1/2735/Mon Mar 5 16:23:59 2007

    No problems, so far! :)

Share This Page