Virus scanner failed

Discussion in 'Server Operation' started by justinsane, Jun 5, 2016.

  1. justinsane

    justinsane New Member

    I just upgraded my Debian Jessie server with ispconfig3.0.5 and now I'm getting the warnings below in Mail Warn Log.
    It appears that clamav updated to 0.99.2
    I was asked if I wanted to keep my existing clamd.conf so I chose Yes.
    The /etc/clamav/clamd.conf.ucf-dist file doesn't have AllowSupplementaryGroups
    And that led me to this:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826406
    Is that what's causing the messages below?
    What should I do other than comment the AllowSupplementaryGroups line?

    Jun 5 17:12:56 s1 amavis[961]: (00961-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Jun 5 17:12:57 s1 amavis[961]: (00961-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Jun 5 17:12:57 s1 amavis[961]: (00961-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
    Jun 5 17:13:03 s1 amavis[961]: (00961-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
    Jun 5 17:13:03 s1 amavis[961]: (00961-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 99) line 613.\n
    Jun 5 17:13:03 s1 amavis[961]: (00961-01) (!)WARN: all primary virus scanners failed, considering backups
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Set AllowSupplementaryGroups to yes and then restart clamav-daemon.
     
  3. commentator

    commentator Member

    I have the same problem.
    Added this again (in the new config this option isn't there):
     
  4. justinsane

    justinsane New Member

    Hi Till,
    It appears that AllowSupplementaryGroups was removed from clamav 0.99.2 and clamav 0.99.2 fails to start if this option is present in /etc/clamav/clamd.conf
    This is not very good clamav upgrade behavior in my opinion but it's not Ispconfig's fault. I think clamav should just issue a warning and ignore AllowSupplementaryGroups
    I commented out the AllowSupplementaryGroups line.
    The server has now been running overnight with no errors as far as I can tell.
    The question I would like to find an answer to is exactly what AllowSupplementaryGroups does or did and whether removing it will cause any future issues with my server.
    Perhaps it is simply not required in clamav 0.99.2 in which case the best answer when doing an upgrade would be to tell clamav to use its new configuration file instead of keeping the old one.
    If you keep the old one with the AllowSupplementaryGroups option in it, clamav fails.
     
    till and webguyz like this.
  5. webguyz

    webguyz Member HowtoForge Supporter

    justinsane,
    Thank you for your post. I just opened a thread with a similar problem and then was doing more searching and found this. Commented out AllowSupplementaryGroups and clamav at least starts. Running this server on Jessie os, my other 2 mail servers running on Wheezy do not seem to have this problem. Are you running Jessie os?

    Update: Never mind. It appears my other 2 Wheezy servers are still running 0.99 and not 0.99.2
     
    Last edited: Jun 6, 2016
  6. justinsane

    justinsane New Member

    Hi, Yes I'm running Jessie. The problem occurs only on Jessie. I also have a Wheezy server. On Wheezy clamav is giving a warning that it's outdated but no upgrade is being offered.
    Let's hope the clamav maintainer does something about this before Wheezy gets the 0.99.2 upgrade.
    This is very poor clamav upgrade behavior in my opinion. Upgrades should not ask whether a config file should be replaced. The person doing the upgrade may not even be the same person who installed the server so how would they know the correct answer?
     
  7. ZeroEnna

    ZeroEnna Member

    @till what do you recommend?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Comment out that line, if you dont get amavis connect errors, then it's fine. The line was originally added there by ClamAV, not ispconfig. Clamav worked fine with amavisd for many years, then ClamAV decided about a year ago to not accept requests from additional users that have correct permissions and group memberships anymore which made it necessary to set this line to yes. And now, a minor ClamAV version later, they decided to fail when the config of their own software contains a line which it required before. I won't call that professional. Removing outdated settings is ok off course, but this should be just a notice in the log to remind the admin to clean up the config file and never be a fatal failure.

    The worst thing is, many users might not have noticed at all that their antivirus fails now or at least it is much slower as amavis will use its fallback to clamscan instead of clamdscan.
     

Share This Page