VServer mit Debian Lenny - Probleme mit ClamAV

Discussion in 'Server Operation' started by SPeedy8, Jul 28, 2011.

  1. SPeedy8

    SPeedy8 New Member

    HAllo,

    ich habe mir nach Anleitung einen Debian Lenny-Server aufgesetzt, auf dem neben Postfix auch Amavis mit ClamAV und freshclam etc. läuft.

    Der Server läuft im großen und ganzen rund ... nur füllen sich die Mail-Logs überdimensional stark, da mit jeder Email eine Fehlermeldung von ClamAV ausgespuckt wird. Es wird folgender Eintrag in der /var/log/mail.log erstellt:

    "...
    Jul 28 22:04:28 galaxy5 amavis[31819]: (31819-19) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
    Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 88) line 309.
    Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)WARN: all primary virus scanners failed, considering backups
    ..."

    Wenn ich aber in ISPConfig auf "Überwachung -->Übersicht zeigen" gehe, sagt er mir, dass sowohl der Virenscanner wie auch alle anderen Dienst uptodate sind.

    Kann mir einer sagen, woher diese Fehlermeldung kommt? Ich habe auch schon einmal versucht, eine leere Datei mit dem Namen clamd.ctl als auch clamav.log zu erstellen in den in den Fehlermeldungen benannten Pfaden ... aber nix tat sich.

    Nach dem, was ich bislang gelesen habe, scheint der Virenscanner veraltet zu sein. Aber eigentlich ja auch nicht!

    Kann mir jemand helfen?!

    Vielen Dank schon einmal
    Alex
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Ask your question in English, please!
     
  3. SPeedy8

    SPeedy8 New Member

    HAllo,

    I installed an VServer with Debian Lenny with Postfix, Amavis and ClamAV an, freshclam aso.
    For the installation I used a Howto from this forum.

    Normally the Server is working fine ... only the clamAV made problems. With every Email there is written an Error-Log into the /var/log/mail.log .... and this file becomes bigger and bigger. The log is:

    "...
    Jul 28 22:04:28 galaxy5 amavis[31819]: (31819-19) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: 2, retrying (2)
    Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 88) line 309.
    Jul 28 22:04:34 galaxy5 amavis[31819]: (31819-19) (!!)WARN: all primary virus scanners failed, considering backups
    ..."

    The ISPConfig-Controlpanel tells me, that everything is working fine and uptodate, also the virusScanner.

    Can anybody tell me, where the Error-Message comes from and how to stop it? I tryed to create the files clamd.ctl and also clamav.log, but no change.

    Can anybody help me?

    Thanks.

    Greetings from Alex
     
  4. falko

    falko Super Moderator ISPConfig Developer

    Have you tried to restart clamd?
     
  5. SPeedy8

    SPeedy8 New Member

    Yes, I did. I restarted the hole VServer ... but no change. The named files are still missing. I think, it is a problem of ClamAV and not of ISPConfig, but isn't there a solution?

    ALex
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Do you use OpenVZ? If so, what's the output of
    Code:
    cat /proc/user_beancounters
    ?
     
  7. SPeedy8

    SPeedy8 New Member

    Yes, I think so. The ServerArchitecture should be OpenVZ.

    The output of "cat /proc/user_beancounters" is

    "...
    #cat /proc/user_beancounters
    Version: 2.5
    uid resource held maxheld barrier limit failcnt
    9351: kmemsize 11512754 11529611 30720347 30192382 0
    lockedpages 0 0 331 331 28
    privvmpages 94908 94961 1048576 1153434 0
    shmpages 862 862 38400 38400 0
    dummy 0 0 9223372036854775807 9223372036854775807 0
    numproc 97 97 500 500 0
    physpages 59252 59309 0 2147483647 0
    vmguarpages 0 0 524288 2147483647 0
    oomguarpages 59252 59309 524288 2147483647 0
    numtcpsock 31 31 550 550 0
    numflock 18 19 262 288 0
    numpty 1 1 16 16 0
    numsiginfo 0 1 1024 1024 0
    tcpsndbuf 591336 591336 6720000 9408000 0
    tcprcvbuf 507904 507904 6720000 9408000 0
    othersockbuf 305432 305432 5760000 8064000 0
    dgramrcvbuf 0 0 794989 794989 0
    numothersock 196 196 400 400 0
    dcachesize 1424358 1434827 3022848 3113532 0
    numfile 3752 3752 7680 7680 0
    dummy 0 0 0 0 0
    dummy 0 0 0 0 0
    dummy 0 0 0 0 0
    numiptent 72 72 2000 2000 0
    ..."

    At the moment with an server-Uptime of 3 days theres a failedcount of Lockedpages with 28. But the error-message of ClaimAV is also there after a new server-Restart. Especially the missing files are not existent.

    My Server-Parameter are the followings:

    "...
    galaxy5:~# top
    top - 19:43:06 up 3 days, 20:16, 1 user, load average: 0.02, 0.08, 0.04
    Tasks: 73 total, 1 running, 72 sleeping, 0 stopped, 0 zombie
    Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
    Mem: 4194304k total, 379296k used, 3815008k free, 0k buffers
    Swap: 0k total, 0k used, 0k free, 0k cached
    ..."

    Thanks for your help.

    With best regards
    Alexander
     
  8. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    Code:
    ls -la /var/run/clamav/
    ? What's in /etc/clamd.conf?
     
  9. SPeedy8

    SPeedy8 New Member

    Hallo,

    galaxy5:~# ls -la /var/run/clamav
    total 12
    drwxr-xr-x 2 clamav root 4096 2011-07-27 23:27 .
    drwxr-xr-x 13 root root 4096 2011-07-28 22:21 ..
    -rw-rw---- 1 clamav clamav 4 2011-08-01 04:45 freshclam.pid

    There is no file "/etc/clamd.conf", only "/etc/clamav/clamd.conf. And in this file is the following writte:

    Code:
    MaxConnectionQueueLength 15
    LogSyslog false
    LogFacility LOG_LOCAL6
    LogClean false
    LogVerbose false
    PidFile /var/run/clamav/clamd.pid
    DatabaseDirectory /var/lib/clamav
    SelfCheck 3600
    Foreground false
    Debug false
    ScanPE true
    ScanOLE2 true
    ScanHTML true
    DetectBrokenExecutables false
    ExitOnOOM false
    LeaveTemporaryFiles false
    AlgorithmicDetection true
    ScanELF true
    IdleTimeout 30
    PhishingSignatures true
    PhishingScanURLs true
    PhishingAlwaysBlockSSLMismatch false
    PhishingAlwaysBlockCloak false
    DetectPUA false
    ScanPartialMessages false
    HeuristicScanPrecedence false
    StructuredDataDetection false
    CommandReadTimeout 5
    SendBufTimeout 200
    MaxQueue 100
    ExtendedDetectionInfo true
    OLE2BlockMacros false
    StreamMaxLength 25M
    LogFile /var/log/clamav/clamav.log
    LogTime true
    LogFileUnlock false
    LogFileMaxSize 0
    Bytecode true
    BytecodeSecurity TrustSigned
    BytecodeTimeout 60000
    OfficialDatabaseOnly false
    CrossFilesystems true
    
    Greetings
    Alex
     
  10. falko

    falko Super Moderator ISPConfig Developer

    Is clamav-daemon installed?
    Code:
    apt-get install clamav-daemon
     
  11. SPeedy8

    SPeedy8 New Member

    WEll Done ... Thanks for your Answer. I thougt, I installed the clamav deamon, because it was written in my Install Manual.

    Now everything is working well without the permanent error messages.

    With best regards
    Alexander
     

Share This Page