Results 1 to 9 of 9

Thread: [SOLVED] Help: Virus Scanner Issues

  1. #1
    Join Date
    Aug 2007
    Location
    Hayward, CA USA
    Posts
    26
    Rep Power
    8

    Default [SOLVED] Help: Virus Scanner Issues

    This is my second post (first one was before we purchased) and now that we are a customer we've been very happy, love zimbra so far. Have had very few problems. However, i am having one now and would really appreciate some help.

    First off, my Zimbra version:

    Release 4.5.6_GA_1044.RHEL4_20070706161941 RHEL4 NETWORK edition

    The issue right now: (from /var/log/maillog)

    Jan 10 09:00:54 mail2 postfix/smtp[11844]: D15576B453A: to=<joseph@americanpolyfoam.com>, relay=127.0.0.1[127.0.0.1], delay=8, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=04885-03, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 53) line 269. (in reply to end of DATA command))
    zmcontrol status shows the following:

    antispam Running
    antivirus Stopped
    zmclamdctl is not running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    snmp Running
    spell Running
    I used zmclamdctl and zmantivirusctl to try and restart the service (i also rebooted the machine as well a few times) with no luck, same stuff seems to come up.

    When i check /opt/zimbra/log/clamd.log i see the following:

    Thu Jan 10 09:03:50 2008 -> +++ Started at Thu Jan 10 09:03:50 2008
    Thu Jan 10 09:03:50 2008 -> clamd daemon 0.90.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Thu Jan 10 09:03:50 2008 -> Log file size limited to 20971520 bytes.
    Thu Jan 10 09:03:50 2008 -> Reading databases from /opt/zimbra/clamav/db
    I thought that it was odd that i didnt see any kind of error, so i scrolled up, the above message repeats (with different times) until i get to the below message:

    SelfCheck: Database modification detected. Forcing reload.
    Wed Jan 9 07:29:33 2008 -> Reading databases from /opt/zimbra/clamav/db
    Wed Jan 9 07:33:01 2008 -> ERROR: reload db failed: Unable to lock database directory (try 1)
    Wed Jan 9 07:41:32 2008 -> Database correctly reloaded (188860 signatures)
    Wed Jan 9 07:41:33 2008 -> Client disconnected
    Wed Jan 9 07:41:33 2008 -> Client disconnected
    Wed Jan 9 07:57:05 2008 -> Pid file removed.
    Wed Jan 9 07:57:05 2008 -> --- Stopped at Wed Jan 9 07:57:05 2008
    Wed Jan 9 08:01:21 2008 -> +++ Started at Wed Jan 9 08:01:21 2008
    Wed Jan 9 08:01:21 2008 -> clamd daemon 0.90.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Wed Jan 9 08:01:21 2008 -> Log file size limited to 20971520 bytes.
    Wed Jan 9 08:01:21 2008 -> Reading databases from /opt/zimbra/clamav/db
    When i log into Zimbra management screen via web, it shows all process working, but there is a red X through the AntiVirus service.

    So where do i go from here? where do i look? what do you guys wanna see.

    Your help is really appreciated. IF this is in the wrong section, let me know.

    Regards,

    ~Steve
    Last edited by cadman; 01-10-2008 at 10:36 AM. Reason: Issue has been solved

  2. #2
    Join Date
    Aug 2007
    Location
    Hayward, CA USA
    Posts
    26
    Rep Power
    8

    Default

    Should i upgrade to the latest 5.0 version?

  3. #3
    Join Date
    Aug 2007
    Location
    Hayward, CA USA
    Posts
    26
    Rep Power
    8

    Default

    This is what i see in /var/log/zimbra.log

    Jan 10 09:22:33 mail2 amavis[4913]: (04913-04) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (1)
    Jan 10 09:22:34 mail2 amavis[4913]: (04913-04) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Jan 10 09:22:40 mail2 amavis[4913]: (04913-04) (!!)ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 53) line 269.
    Jan 10 09:22:40 mail2 amavis[4913]: (04913-04) (!!)WARN: all primary virus scanners failed, considering backups
    Jan 10 09:22:40 mail2 amavis[4913]: (04913-04) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 53) line 269.
    Jan 10 09:22:40 mail2 amavis[4913]: (04913-04) (!)PRESERVING EVIDENCE in /opt/zimbra/amavisd/tmp/amavis-20080110T092233-04913

  4. #4
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    I seem to remember some flakiness with 4.5.6 on Clam. If you're not ready to upgrade to 5.x you should at least go to one of the later 4.5 releases (preferably 4.5.10) as .6 had several issues that caused Tums moments for a number of us

    Cheers,

    Dan

  5. #5
    Join Date
    Aug 2007
    Location
    Hayward, CA USA
    Posts
    26
    Rep Power
    8

    Default

    Quote Originally Posted by dwmtractor View Post
    I seem to remember some flakiness with 4.5.6 on Clam. If you're not ready to upgrade to 5.x you should at least go to one of the later 4.5 releases (preferably 4.5.10) as .6 had several issues that caused Tums moments for a number of us

    Cheers,

    Dan
    Dan,

    I dont mind upgrading if that is more than likely to fix the issue, i do have a few questions tho.

    When upgrading, i am assuming that messages that are currently deferred and stored in the queue will be in the new upgraded system?

    and secondly, when i do a backup, the backup includes the deferred and current queued messages waiting to be sent out?

    Would upgarding to 4.5.10 be a smoother transition than going straight to 5.x?

  6. #6
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    10

    Default

    Quote Originally Posted by cadman View Post
    When upgrading, i am assuming that messages that are currently deferred and stored in the queue will be in the new upgraded system?
    Yes, but that doesn't mean it wouldn't make me nervous! I'd try real hard to break the queue loose first if I could. Have you tried running (as su - zimbra) zmcontrol stop and then zmcontrol start to see if you can get it to wake up?
    Quote Originally Posted by cadman View Post
    and secondly, when i do a backup, the backup includes the deferred and current queued messages waiting to be sent out?
    Yes, if you use any of the open source backup methods they back up the whole of /opt/zimbra which includes your queues.
    Quote Originally Posted by cadman View Post
    Would upgarding to 4.5.10 be a smoother transition than going straight to 5.x?
    Not necessarily from an I.T. perspective, but depending on how dependent your users are on various little environment things, they may find the 4.5.x upgrade more transparent. Also, I THINK the 4.x upgrade may require less downtime than the 5 conversion (others will correct me if I'm wrong on this) and so it might be the quicker fix. Clearly you want to be on 5 eventually, but 4.x may be a faster repair to the current pain.

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Turn off your AV temporarily & the messages will flow - temp solutions are in this thread: http://www.zimbra.com/forums/install...html#post61912

    Make a backup (zmbackup or rsync method) jump to 4.5.10 NE (& enable your AV if it's still disabled).

    Make another backup read the NE release notes & jump to 5.0.0 NE (If you're not comfortable with fixing any certs issues that may crop up you may consider holding for 5.0.1 NE) Certs: http://www.zimbra.com/forums/adminis...-5-0-read.html

    Also RHEL4: 5.0 GA ships an XS compiled version of Scalar::Util in its perl modules for RHEL4. So before that jump as root, read the ~zimbra/.bashrc, and set the PERLLIB and PERL5LIB environment variables to match what the zimbra user does, and then try installing.
    You're setting the perl bits in the root environment similar to what is in the zimbra user's, is, as root, run these at the shell on RHEL4:
    export PERLLIB=/opt/zimbra/zimbramon/lib:/opt/zimbra/zimbramon/lib/i386-linux-thread-multi
    export PERLLIB
    PERL5LIB=$PERLLIB
    export PERL5LIB
    This should tell perl to use the Zimbra perl libraries before using the system perl libraries.
    Last edited by mmorse; 01-10-2008 at 10:43 AM. Reason: commands for the Scalar::Util PERL on RHEL4

  8. #8
    Join Date
    Aug 2007
    Location
    Hayward, CA USA
    Posts
    26
    Rep Power
    8

    Default

    Thanks for the help guys

    I ended up contacting Zimbra Support and they were able to fix the issue for now. My plan is to upgrade soon tho as newer versions have already solved this issue. In case anyone else is still using this older version i will paste into here the email i got from Zimbra support:

    Hello Steve,

    Seems that you were running into the below reported and now fixed bug in ZCS 4.5.7:

    Bug 18511 - clamav performance is poor -- upgrade to clamAV 0.91.1
    Bug 18511 - clamav performance is poor -- upgrade to clamAV 0.91.1

    The reason ClamAV was not starting is because the mta monitor (zmmtaconfig) is not waiting long enough for clamd to start.
    The version of clam in the current release has some performance problems. This has been updated for 4.5.7 as Bug 18511. The workaround at this point is to edit the file /opt/zimbra/libexec/zmmtaconfig to increase the check interval. I have increased this setting from 60s to 240s.

    Regarding your question on moving from your current server to a new server, please read the below article:

    http://www.zimbra.com/blog/archives/...er_server.html

    Regards,

    Angad Bhullar
    Zimbra Network Support
    And lastly, i must say. Zimbra's support on this issue was outstanding! I am very happy with this software and the support system in place.

    thanks again!

  9. #9
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Please refresh this page and see the slight edit above where I've explained what you have to do with the PERL env when you're ready for the 5.0 jump in more detail.

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 06:01 AM
  2. [SOLVED] msg appear to be hanging in the virus scanner
    By rvissers in forum Administrators
    Replies: 5
    Last Post: 09-21-2007, 06:24 AM
  3. Configuring and using DSPAM
    By JoshuaPrismon in forum Administrators
    Replies: 55
    Last Post: 03-02-2007, 08:08 AM
  4. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 03:55 PM
  5. antispam not working?
    By moebis in forum Installation
    Replies: 16
    Last Post: 12-03-2005, 07:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •