Results 1 to 4 of 4

Thread: [SOLVED] Problems with Antivirus subsystem

  1. #1
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default [SOLVED] Problems with Antivirus subsystem

    Over the last 3 weeks our Zimbra server has stopped processing mail twice. This is an unheard of situation for our server. What I am finding is that the Antivirus system is shutting down. There is nothing in any of the logs describing any problems with it, but looking in the Admin console you can see the email backup in the deferred category and the reason for deferral being given is that it is unable to establish a connection with the A/V subsystem. I can run zmclamdctl start and then requeue the deferred mail, but it throws a wrench in the overnight reporting that gets mailed out. As this problem is newly occurring just wondering what is going on that would cause it and what remedies are available? Is is possible to disable the A/V subsystem? It is rather redundant as I have an A/V gateway ahead of the the Zimbra server. I'd rather fix the issue though.

  2. #2
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Quote Originally Posted by vavai View Post
    Hi tgx,


    AV would be possible to refuse the connection because the ClamaV engine was too old and need an upgrade. If you checked out your logs, it should be warning about the upgrade message. I'm experience with this on some old Zimbra installation.
    Yes. However, I would expect it to fail consistently. Not run for two weeks after being restarted and then spontaneously die.

    **UPDATE** I have found something of interest in the clamd.log.

    This is the moment that the service failed to start after shutting down for backup.

    LibClamAV Error: cli_load(): Can't open file /opt/zimbra/data/clamav/db/main.cvd
    ERROR: Unable to open file or directory

    However, running zmclamdctl start manually, 8 hours later and it came up fine.

    **MORE INFO** There is no file called main.cvd in /opt/zimbra/data/clamav/db. There IS a file called main.cld.
    Is there a typo in a script somewhere?

    Going to look at upgrading ClamAV.

    **Upgraded to ClamAV 0.95.3 using Wiki instructions. Will monitor for results.**
    Last edited by tgx; 12-31-2009 at 01:18 PM.

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by tgx View Post
    **MORE INFO** There is no file called main.cvd in /opt/zimbra/data/clamav/db. There IS a file called main.cld.
    It should be there but you chould be able to recover by doing this: http://www.zimbra.com/forums/163985-post2.html

    Mind you, this might be more appropriate: Bug 41070 – zmclamdctl incorrectly recreates main.cvd
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    Join Date
    Mar 2006
    Posts
    300
    Rep Power
    9

    Default

    Quote Originally Posted by phoenix View Post
    It should be there but you chould be able to recover by doing this: http://www.zimbra.com/forums/163985-post2.html

    Mind you, this might be more appropriate: Bug 41070 – zmclamdctl incorrectly recreates main.cvd
    I don't see much similarity in those. In my case the script is complaining .cvd doesn't exist. Odd that it has only recently begun doing this on a server that's been running since '07. I do note that ClamAV is going to stop supporting pre-0.95 versions in April of 2010 so it only made sense to upgrade. Maybe it will solve the issue.

    FWIW, the .cvd files are found under /opt/zimbra/clamav-your.version.here.
    zmclamdctl looks like it is supposed to copy the files to /opt/zimbra/clamav/db, but doesn't seem to be doing it (or is doing it and then being cleared out by another process).

    After shutting down clamd using zmclamdctl, rerunning freshclam and running zmclamdctl start I now have a daily.cvd in /opt/zimbra/data/clamav/db/ but still no main.cvd.

    I stopped the AV service manually copied main.cvd.init to /opt/zimbra/clamav/db renamed it to main.cvd, changed the file perms to match the other files in the directory and restarted the service. I had two new directories under /db labelled clamav-(insertlongalphanumberstringhere), which after a time disappeared along with the newly inserted main.cvd, so I assume therefore that the file is dynamically created by some other mechanism. I'm going to assume it is working correctly at this point. Will have to monitor.
    Last edited by tgx; 12-31-2009 at 02:05 PM. Reason: improve accuracy of text

Similar Threads

  1. Replies: 5
    Last Post: 05-28-2009, 12:53 AM
  2. AntiVirus unable to connect to localhost
    By net4home in forum Administrators
    Replies: 15
    Last Post: 07-25-2007, 05:55 PM
  3. AntiVirus won't run - error accessing mail queues
    By mrambo3501 in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 08:45 AM
  4. Post instsallation problems
    By Assaf in forum Installation
    Replies: 14
    Last Post: 01-29-2007, 10:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •