Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: [SOLVED] Clamav problem ? What's happening ?

  1. #1
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default [SOLVED] Clamav problem ? What's happening ?

    Hi,
    i already installed 2 or 3 times zimbra open source, with no problems, but this time i'm suffering this weird problem.

    I'm running zcs-4.5.5_GA_838.UBUNTU6 and i tried to manually upgrade CLAMD from 0.90.2 to 0.90.3 but the problem still persists before and after the upgrade.

    It seems that che CLAMD daemon freezes reading the databases.

    In /opt/zimbra/log/clamd.log i'm getting these messages every 2 minutes

    Code:
    Mon Jun  4 19:35:33 2007 -> +++ Started at Mon Jun  4 19:35:33 2007
    Mon Jun  4 19:35:33 2007 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Mon Jun  4 19:35:33 2007 -> Log file size limited to 20971520 bytes.
    Mon Jun  4 19:35:33 2007 -> Reading databases from /opt/zimbra/clamav/db
    Mon Jun  4 19:37:12 2007 -> +++ Started at Mon Jun  4 19:37:12 2007
    Mon Jun  4 19:37:12 2007 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Mon Jun  4 19:37:12 2007 -> Log file size limited to 20971520 bytes.
    Mon Jun  4 19:37:12 2007 -> Reading databases from /opt/zimbra/clamav/db
    Mon Jun  4 19:38:59 2007 -> +++ Started at Mon Jun  4 19:38:59 2007
    Mon Jun  4 19:38:59 2007 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Mon Jun  4 19:38:59 2007 -> Log file size limited to 20971520 bytes.
    Mon Jun  4 19:38:59 2007 -> Reading databases from /opt/zimbra/clamav/db
    When i receive e-mail, amavisd says that clamd is not responding.
    So, it seems to me that CLAMD is crashing while reading databases, and never starts ("zmcontrol status" says that antivirus is stopped). But i can't see any errors in the various log files.

    I tried to "rm *" the directory "/opt/zimbra/clamav/db" and the freshclean downloaded the new db, but i still got this weird freeze.

    Also, i checked with "ls -la" the /opt/zimbra/clamav/db directory, and this is the output

    Code:
    drwxr-xr-x 2 zimbra zimbra    4096 Jun  4 19:43 .
    drwxr-xr-x 9 zimbra zimbra    4096 Jun  4 17:45 ..
    -rwxrwxr-- 1 zimbra zimbra       0 Jun  4 19:43 .dbLock
    -rw-r--r-- 1 zimbra zimbra  608128 Jun  4 19:12 daily.cvd
    -rw-r--r-- 1 zimbra zimbra 9351789 Jun  4 19:11 main.cvd
    -rw------- 1 zimbra zimbra      52 Jun  4 19:43 mirrors.dat
    What can i do now?


    Thank you i.a.

    aNt1X

  2. #2
    Join Date
    May 2007
    Location
    San Mateo
    Posts
    68
    Rep Power
    8

    Default

    Manually upgraded a component of Zimbra? Did you take a backup before you tried to upgrade? If you did then you may be able to find what went wrong.

    Since nobody from Zimbra has answered have:
    1. Checked the size of log,
    2. Checked the owner, group and permissions of the ClamAV subsystem,
    3. Checked the ClamAV config files?

    I gather you stopped and restarted processes rather than just overwriting the existing files.

    I'd have waited for an update from Zimbra to ensure compatibility between components to try an avoid this sort of problem as it may something outside of CalmAV. Something similar to Zimbra expecting a specific version of CalmAV in the processing and you've changed the string being returned due to the upgrade.

  3. #3
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default

    Let me explain.

    I had this problem BEFORE the component upgrade, and spent few hours trying to understand what was happening, without success.
    So i decided to try to upgrade that component. Didn't mind for backups, because that was a fresh install on a fresh ubuntu 6.06 LTS machine, with only few test accounts created.

    Log size, owner/group/permissions and clamav should be ok because it is a fresh install, and I did just few days ago a fresh install following the same identical howto (from howtoforge), without problems.

    Now i've formatted and repeated the installation, let's see if the problem persists

    Bye.

  4. #4
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default

    still got the problem...
    fresh install, on a fresh ubuntu 6.06 install, and zmcontrol status says that antivirus is stopped.

    what can i do ?

    sill got these messages every few minutes

    Code:
    Jun  5 00:26:34 mailserver clamd[20416]: clamd daemon 0.90.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Jun  5 00:26:34 mailserver clamd[20416]: Log file size limited to 20971520 bytes.
    Jun  5 00:26:34 mailserver clamd[20416]: Reading databases from /opt/zimbra/clamav/db
    this is the output of a ps

    Code:
    zimbra@mailserver:~$ ps -ax | grep clamd
    Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
    20416 ?        Rs     1:01 /opt/zimbra/clamav/sbin/clamd --config-file /opt/zimbra/conf/clamd.conf
    20443 pts/0    S+     0:00 grep clamd
    so the process is running, but i can't understand what's happening.
    if a mail arrives, i got these messages in zimbra.log

    Code:
    Jun  5 00:30:02 mailserver amavis[4348]: (04348-01) Checking: DkmOYJDUMtQR [80.247.70.64] <##########> -> <########>
    Jun  5 00:30:03 mailserver amavis[4348]: (04348-01) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (1)
    Jun  5 00:30:04 mailserver amavis[4348]: (04348-01) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
    Jun  5 00:30:07 mailserver zimbramon[20838]: 20838:info: 2007-06-05 00:30:06, QUEUE: 4 1
    Jun  5 00:30:07 mailserver CRON[20833]: (pam_unix) session closed for user zimbra
    Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!!)ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 45) line 269.
    Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!!)WARN: all primary virus scanners failed, considering backups
    Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 45) line 269.
    Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!)PRESERVING EVIDENCE in /opt/zimbra/amavisd/tmp/amavis-20070605T003000-04348
    Jun  5 00:30:10 mailserver postfix/smtp[20822]: BC0F613B6F7: to=<##############>, relay=127.0.0.1[127.0.0.1], delay=13, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=04348-01, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 45) line 269. (in reply to end of DATA command))
    zimbra@mailserver:~$
    Last edited by aNt1X; 06-04-2007 at 04:41 PM.

  5. #5
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default

    I attached the clamd.conf file.

    As you can see, the clamd.log file is very small (fresh install)

    Code:
    root@mailserver:~# ls -la /opt/zimbra/log/cla*
    -rw-r--r-- 1 zimbra zimbra 21087 2007-06-05 00:34 /opt/zimbra/log/clamd.log
    and here are the privs in the clamav directory and subdirectories

    Code:
    root@mailserver:~# ls -la /opt/zimbra/clamav/*
    /opt/zimbra/clamav/bin:
    total 552
    drwxr-xr-x 2 zimbra zimbra   4096 2007-06-04 22:01 .
    drwxr-xr-x 9 zimbra zimbra   4096 2007-06-04 22:01 ..
    -rwxr-xr-x 1 zimbra zimbra   1217 2007-04-18 20:46 clamav-config
    -rwxr-xr-x 1 zimbra zimbra  39784 2007-04-18 20:46 clamconf
    -rwxr-xr-x 1 zimbra zimbra  74723 2007-04-18 20:46 clamdscan
    -rwxr-xr-x 1 zimbra zimbra 107203 2007-04-18 20:46 clamscan
    -rwxr-xr-x 1 zimbra zimbra 151159 2007-04-18 20:46 freshclam
    -rwxr-xr-x 1 zimbra zimbra 152293 2007-04-18 20:46 sigtool
    
    /opt/zimbra/clamav/db:
    total 11548
    drwxr-xr-x 3 zimbra zimbra    4096 2007-06-05 00:34 .
    drwxr-xr-x 9 zimbra zimbra    4096 2007-06-04 22:01 ..
    -r--r--r-- 1 zimbra zimbra  200881 2007-06-04 22:40 daily.cvd
    -r--r--r-- 1 zimbra zimbra  200881 2007-05-04 04:57 daily.cvd.init
    drwxr-xr-x 2 zimbra zimbra    4096 2007-06-04 22:39 daily.inc
    -rw-r--r-- 1 zimbra zimbra 9351789 2007-06-04 22:40 main.cvd
    -r--r--r-- 1 zimbra zimbra 2014018 2007-05-04 04:57 main.cvd.init
    -rw------- 1 zimbra zimbra     208 2007-06-05 00:34 mirrors.dat
    
    /opt/zimbra/clamav/etc:
    total 24
    drwxr-xr-x 2 zimbra zimbra 4096 2007-06-04 22:01 .
    drwxr-xr-x 9 zimbra zimbra 4096 2007-06-04 22:01 ..
    -rw-r--r-- 1 zimbra zimbra 9253 2007-04-18 20:46 clamd.conf
    -rw-r--r-- 1 zimbra zimbra 3620 2007-04-18 20:46 freshclam.conf
    
    /opt/zimbra/clamav/include:
    total 20
    drwxr-xr-x 2 zimbra zimbra 4096 2007-06-04 22:01 .
    drwxr-xr-x 9 zimbra zimbra 4096 2007-06-04 22:01 ..
    -rw-r--r-- 1 zimbra zimbra 8426 2007-04-18 20:46 clamav.h
    
    /opt/zimbra/clamav/lib:
    total 2436
    drwxr-xr-x 3 zimbra zimbra    4096 2007-06-04 22:01 .
    drwxr-xr-x 9 zimbra zimbra    4096 2007-06-04 22:01 ..
    -rw-r--r-- 1 zimbra zimbra 1432798 2007-04-18 20:46 libclamav.a
    -rwxr-xr-x 1 zimbra zimbra    1017 2007-04-18 20:46 libclamav.la
    lrwxrwxrwx 1 zimbra zimbra      18 2007-06-04 22:01 libclamav.so -> libclamav.so.2.0.2
    lrwxrwxrwx 1 zimbra zimbra      18 2007-06-04 22:01 libclamav.so.2 -> libclamav.so.2.0.2
    -rwxr-xr-x 1 zimbra zimbra 1034214 2007-04-18 20:46 libclamav.so.2.0.2
    drwxr-xr-x 2 zimbra zimbra    4096 2007-06-04 22:01 pkgconfig
    
    /opt/zimbra/clamav/sbin:
    total 180
    drwxr-xr-x 2 zimbra zimbra   4096 2007-06-04 22:01 .
    drwxr-xr-x 9 zimbra zimbra   4096 2007-06-04 22:01 ..
    -rwxr-xr-x 1 zimbra zimbra 168718 2007-04-18 20:46 clamd
    
    /opt/zimbra/clamav/share:
    total 16
    drwxr-xr-x 4 zimbra zimbra 4096 2007-06-04 22:01 .
    drwxr-xr-x 9 zimbra zimbra 4096 2007-06-04 22:01 ..
    drwxr-xr-x 2 zimbra zimbra 4096 2007-06-04 22:01 clamav
    drwxr-xr-x 5 zimbra zimbra 4096 2007-06-04 22:01 man
    root@mailserver:~#
    I'm using a fresh UBUNTU 6.06.1, with Bind9 installed.

    One last note: if i disablle the "anti-virus" feature from the admin interface, and restart, all works perfectly, obviously without antivirus check.
    Attached Files Attached Files
    Last edited by aNt1X; 06-04-2007 at 04:59 PM.

  6. #6
    Join Date
    May 2007
    Location
    San Mateo
    Posts
    68
    Rep Power
    8

    Default

    Your conf file matches mine if it's any help.

    But my logs show the database being reloaded and the selfcheck being performed.

    The big differences is that I have libclamav.so.1.0.19, not 2.0.2 and

    -rw-r--r-- 1 zimbra zimbra 616305 Jun 4 10:58 daily.cvd
    -r--r--r-- 1 zimbra zimbra 200881 Jul 7 2006 daily.cvd.init

    So we are using different versions of clamav. Hopefully Zimbra can help you with the details you've supplied but I'm not familiar enough with ClamAV and how it's integrated into Zimbra to help.

  7. #7
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default

    Thank you for your help, man.

    Quote Originally Posted by djve View Post
    The big differences is that I have libclamav.so.1.0.19, not 2.0.2 and
    Why? Haven't you used the latest zimbra package (zcs-4.5.5_GA_838.UBUNTU6) ? If not, please tell what package you used, i'll try with that

    thank you again,

    aNt1X

  8. #8
    Join Date
    May 2007
    Location
    San Mateo
    Posts
    68
    Rep Power
    8

    Default

    I'm using the Zimbra appliance from rPath.

    Fully configured and easy to install and use. I'm using an external LDAP replica for authtication and GAL with command line shell scripts to create the system.

    So I'd guess you'd say I'm using a system "blessed" by Zimbra as confirmed working.

    Have you checked out the thread: http://www.zimbra.com/forums/adminis...e-clamav.html? It may help but it's germain to my set-up (or at least not yet).

  9. #9
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default

    I think i got it.
    Manually starting the Clamav, it takes something like 1-2 minutes to load the DB, and then it starts.
    So, i think that it is zimbra that tries to restart it, because a timeout occours.

    Is there a way to increase this timeout that occours while starting Clamav ?

    Thank you,
    aNt1X

  10. #10
    Join Date
    Jun 2007
    Posts
    9
    Rep Power
    8

    Default

    Ok, i solved modifying the watchdog interval in /opt/zimbra/libexec/zmmtaconfig

    [CODE]
    my %config = (
    progname => "zmmtaconfig",
    hostname => $ENV{zimbra_server_hostname},
    loglevel => 3,
    watchdog => 1,
    wd_all => 0,
    debug => 0,
    interval => 180,
    baseDir => "/opt/zimbra",
    logStatus => ( 4 => "Debug", 3 => "Info", 2 => "Warning", 1 => "Error", 0 =$
    );[CODE]

    (i extended the interval value from 60 to 180).

    I was going crazy looking at crontabs, but this watchdog process wasn't in the crontab, but in this perl script

    I hope it will not break something else ...

    Thank you anyway.

    aNt1X

Similar Threads

  1. [SOLVED] Howto: Update ClamAV
    By unilogic in forum Administrators
    Replies: 9
    Last Post: 12-12-2007, 05:28 AM
  2. Zimbra, WM5.0, AS + problem with regional fonts
    By wojo2000 in forum Zimbra Mobile
    Replies: 7
    Last Post: 06-25-2007, 02:04 AM
  3. clamav problem?
    By dcm in forum Installation
    Replies: 2
    Last Post: 08-30-2006, 12:10 PM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •