Clamav stopped working, to old database... freshclam missing ?

Thomas Spuhler thomas.spuhler at btspuhler.com
Sat Apr 23 17:04:27 CEST 2016 

On Saturday, April 23, 2016 03:43:50 PM Johannes wrote:
> Hi,
> I wanted to look into the clamav log-file, but I couldn't fine one.
> Also, I couldn't find a clamd.conf file, neither /etc/clamd.conf nor
> /etc/clamd.d/cland.conf.
> 
> Is this normal? I am just wondering, because everywhere on the net, it
> is written, that clamd need a configuration file.
> 
> If this is indeed necessary, can anybode send an example, or even better
> the kolab clamd.conf file?
> 
> Thanks,
> Johannes
> 
> ---
> Johannes Kehrer
> Otto-Hahn-Weg 22
> 88046 Friedrichshafen
> Germany
> 
> Email:Johannes at kehrer.by
> 
> Am 2016-04-21 15:43, schrieb Winfried Ritsch:
> > Hello,
> > 
> > Did you see clamd at amavisd.service running ?
> > 
> >  # systemctl status -l clamd at amavisd.service
> > 
> > When yes  there should be the
> > /var/run/clamd.amavisd/clamd.sock
> > 
> > if not it is not st
> > 
> >  # systemctl start clamd at amavisd.service
> > 
> > should give you the error to old database.
> > 
> > After installing  clamav-update also enable freshclam  in
> > 
> > /etc/freshclam.conf:
> >  # Comment or remove the line below.
> >  #Example
> > 
> > and restart. afterwards restart clamd at amavisd.service, if not done by
> > supervisor.
> > 
> > mfg
> > 
> >  winfried
> > 
> > Am Mittwoch, 20. April 2016, 12:08:16 schrieb Stephen Switzer:
> >> I too am having this issue after updating last night. I'm tempted to
> >> backup my mail and rollback the VM.
> >> 
> >> After update, EVERY email is coming in with "***UNCHECKED***". I
> >> looked
> >> at the logs and found many entries like this:
> >> 
> >> Apr 20 11:31:16 kolab16 amavis[9442]: (09442-17) (!)ClamAV-clamd: All
> >> attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock,
> >> retrying (2)
> >> Apr 20 11:31:22 kolab16 amavis[9442]: (09442-17) ClamAV-clamd:
> >> Connecting to socket  /var/run/clamd.amavisd/clamd.sock, retry #2
> >> Apr 20 11:31:22 kolab16 amavis[9442]: (09442-17) new socket by
> >> IO::Socket::UNIX to /var/run/clamd.amavisd/clamd.sock, timeout set to
> >> 10
> >> 
> >> 
> >> Directory listing shows it doesn't exist:
> >> 
> >> [root at kolab16 etc]# ls -l /var/run/clamd.amavisd/clamd.sock
> >> ls: cannot access /var/run/clamd.amavisd/clamd.sock: No such file or
> >> directory
> >> [root at kolab16 etc]# ls -l /var/run/clamd.amavisd/
> >> total 0
> >> [root at kolab16 etc]#
> >> 
> >> 
> >> These files seem to match:
> >> 
> >> [root at kolab16 etc]# grep -i clamd.sock /etc/amavisd/amavisd.conf
> >> 
> >>    \&ask_daemon, ["CONTSCAN {}\n",
> >> 
> >> "/var/run/clamd.amavisd/clamd.sock"],
> >> [root at kolab16 etc]# grep -i clamd.sock /etc/clamd.d/amavisd.conf
> >> LocalSocket /var/run/clamd.amavisd/clamd.sock
> >> [root at kolab16 etc]#
> >> 
> >> 
> >> Nothing is running under clam:
> >> 
> >> [root at kolab16 etc]# ps -el | grep clam
> >> [root at kolab16 etc]# ps -el | grep clam\|amavis
> >> [root at kolab16 etc]#
> >> 
> >> 
> >> clamav-update wasn't installed either. I tried to install it, and it
> >> was
> >> no help.
> >> 
> >> Any help would be appreciated. If I can't figure it out by tonight,
> >> I'll
> >> have to backup "/var/spool/imap/domain/" and rollback the VM and
> >> restore
> >> - that additional subject is annoying! LOL
> >> 
> >> Thank you!
> >> 
> >> 
> >> ---
> >> Best regards,
> >> 
> >> STEPHEN H. SWITZER
> >> 
> >> On 2016-04-12 12:13 PM, Winfried Ritsch wrote:
> >> > Hello,
> >> > 
> >> > On an Kolab 16 and Centos 7, Installation on 2016-4-09 I did a yum
> >> > update and
> >> > afterwards all emails are reported as  "***UNCHECKED***" in subject.
> >> > 
> >> > It showed clamd at amavisd does not start and reports "database more than
> >> > 7 days
> >> > old"
> >> > 
> >> > Looking at issues I found:
> >> > https://issues.kolab.org/show_bug.cgi?id=3996
> >> > 
> >> >   "Running Kolab 16 and freshclam is still not provided"
> >> > 
> >> > I installed freshclam and it worked again but on install told me:
> >> >  [...]
> >> >  ERROR: Corrupted database file /var/lib/clamav/main.cvd: Can't verify
> >> > 
> >> > database integrity
> >> > 
> >> >  Corrupted database file renamed to /var/lib/clamav/main.cvd.broken
> >> >  [...]
> >> > 
> >> > So my question is, since it worked  for a month:
> >> > 
> >> > How has clam database been updated in Kolab 16 without freshclam before
> >> > ?
> >> > 
> >> > Did I something wrong installing freshclam by hand ?
> >> > 
> >> > I just wanted to get sure it works before I post here and found some on
> >> > german
> >> > kolab list with same problem, but we didn't find any hints, anyway I am
> >> > 
> >> >  not a
> >> > 
> >> > kolab specialist.
> >> > 
> >> > 
> >> > mfg
> >> > 
> >> >  winfried
> >> 
> >> _______________________________________________
> >> users mailing list
> >> users at lists.kolab.org
> >> https://lists.kolab.org/mailman/listinfo/users
> 
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users


see 
$ rpm -ql clamav
/etc/clamd.conf
/etc/freshclam.conf
/etc/logrotate.d/freshclam
/usr/bin/clambc

and 

$ rpm -ql clamd
/etc/logrotate.d/clamd
/usr/lib/systemd/system/clamd.service
/usr/sbin/clamd
/usr/share/man/man8/clamd.8.xz
/var/log/clamav/clamd.log


-- 
Best regards
Thomas Spuhler

All of my e-mails have a valid digital signature
ID 60114E63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/users/attachments/20160423/acbaf00a/attachment.sig>

More information about the users mailing list