Good morning, This morning I got some issues with my installation of ISPconfig on a Centos 6 machine, the email service was kind of stuck, the users were not able to receive/send emails even if the ISPconfig monitor was telling me that everything was ok. So, I ran a yum update and upgraded the ISPConfig to the latest version (3.1.11) and I realised that something looks wrong. First of all: - During the update via update.php the service Clamd didn't stop but the update script completed his tasks without throwing an error Secondly: - When I run ps ax | grep clam this is the output (I was expecting to have just one line) Code: 27577 ? Ssl 0:00 clamd 30684 ? R 0:39 /usr/bin/clamscan --stdout --no-summary -r --tempdir=/var/spool/amavisd/tmp /var/spool/amavisd/tmp/amavis-20180129T112005-27462-P7DZo2H3/parts 30758 ? R 0:16 /usr/bin/clamscan --stdout --no-summary -r --tempdir=/var/spool/amavisd/tmp /var/spool/amavisd/tmp/amavis-20180129T113016-28910-ubhRqFrE/parts - When I try to force the reload of the service this is the output: Code: /etc/init.d/clamd.amavisd restart Stopping clamd.amavisd: [FAILED] Code: /etc/init.d/clamd.amavisd stop Stopping clamd.amavisd: [FAILED] - When I look at mine log file it shots this: Code: Jan 29 12:14:55 mail amavis[28910]: (28910-08-3) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: 111 Jan 29 12:14:56 mail amavis[28910]: (28910-08-3) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: Connection refused Jan 29 12:14:56 mail amavis[28910]: (28910-08-3) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2) Jan 29 12:15:02 mail amavis[28910]: (28910-08-3) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: Connection refused Jan 29 12:15:02 mail amavis[28910]: (28910-08-3) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 115) line 608.\n Jan 29 12:15:02 mail amavis[28910]: (28910-08-3) (!)WARN: all primary virus scanners failed, considering backups Any Idea?
It might be that the clamav socket file on your system is in a different location (not in /var/spool/amavisd/clamd.sock). If that#s the case, try to adjust the path in amavisd.conf and restart amavis.
Thanks for your reply, it seems ok the location of the clamd.sock Code: # cd /var/spool/amavisd/ # ls amavisd.sock clamd.sock db quarantine tmp p.s. this guy works: Code: /etc/init.d/amavisd restart Shutting down amavisd: Waiting for the process [8005] to terminate Daemon [8005] terminated by SIGTERM [ OK ] amavisd stopped Starting amavisd: [ OK ]
ok. Try to restart calamav daemon, if it does not start then there should be an error message in one of the clamav log files to locate the error.
The deamon doesn't restart, it seems like stuck, no output during the "Starting Clam deamon" I did a cat of the clamd.log: Code: Mon Jan 29 13:04:12 2018 -> +++ Started at Mon Jan 29 13:04:12 2018 Mon Jan 29 13:04:12 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:04:12 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:04:12 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:04:12 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:04:12 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:04:12 2018 -> Not loading PUA signatures. Mon Jan 29 13:04:12 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Jan 29 13:04:24 2018 -> Loaded 6398744 signatures. Mon Jan 29 13:04:29 2018 -> TCP: Bound to [127.0.0.1]:3310 Mon Jan 29 13:04:29 2018 -> TCP: Setting connection queue length to 30 Mon Jan 29 13:04:29 2018 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock Mon Jan 29 13:04:29 2018 -> LOCAL: Setting connection queue length to 30 Mon Jan 29 13:04:29 2018 -> Limits: Global size limit set to 104857600 bytes. Mon Jan 29 13:04:29 2018 -> Limits: File size limit set to 26214400 bytes. Mon Jan 29 13:04:29 2018 -> Limits: Recursion level limit set to 16. Mon Jan 29 13:04:29 2018 -> Limits: Files limit set to 10000. Mon Jan 29 13:04:29 2018 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes. Mon Jan 29 13:04:29 2018 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes. Mon Jan 29 13:04:29 2018 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes. Mon Jan 29 13:04:29 2018 -> Limits: MaxScriptNormalize limit set to 5242880 bytes. Mon Jan 29 13:04:29 2018 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes. Mon Jan 29 13:04:29 2018 -> Limits: MaxPartitions limit set to 50. Mon Jan 29 13:04:29 2018 -> Limits: MaxIconsPE limit set to 100. Mon Jan 29 13:04:29 2018 -> Limits: MaxRecHWP3 limit set to 16. Mon Jan 29 13:04:29 2018 -> Limits: PCREMatchLimit limit set to 10000. Mon Jan 29 13:04:29 2018 -> Limits: PCRERecMatchLimit limit set to 5000. Mon Jan 29 13:04:29 2018 -> Limits: PCREMaxFileSize limit set to 26214400. Mon Jan 29 13:04:29 2018 -> Archive support enabled. Mon Jan 29 13:04:29 2018 -> Algorithmic detection enabled. Mon Jan 29 13:04:29 2018 -> Portable Executable support enabled. Mon Jan 29 13:04:29 2018 -> ELF support enabled. Mon Jan 29 13:04:29 2018 -> Detection of broken executables enabled. Mon Jan 29 13:04:29 2018 -> Mail files support enabled. Mon Jan 29 13:04:29 2018 -> OLE2 support enabled. Mon Jan 29 13:04:29 2018 -> PDF support enabled. Mon Jan 29 13:04:29 2018 -> SWF support enabled. Mon Jan 29 13:04:29 2018 -> HTML support enabled. Mon Jan 29 13:04:29 2018 -> XMLDOCS support enabled. Mon Jan 29 13:04:29 2018 -> HWP3 support enabled. Mon Jan 29 13:04:29 2018 -> Self checking every 600 seconds. Mon Jan 29 13:14:29 2018 -> SelfCheck: Database status OK. Mon Jan 29 13:16:28 2018 -> +++ Started at Mon Jan 29 13:16:28 2018 Mon Jan 29 13:16:28 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:16:28 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:16:28 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:16:28 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:16:28 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:16:28 2018 -> Not loading PUA signatures. Mon Jan 29 13:16:28 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Jan 29 13:19:09 2018 -> Loaded 6398744 signatures. Mon Jan 29 13:19:53 2018 -> +++ Started at Mon Jan 29 13:19:53 2018 Mon Jan 29 13:19:53 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:19:53 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:19:53 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:19:53 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:19:53 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:19:53 2018 -> Not loading PUA signatures. Mon Jan 29 13:19:53 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Jan 29 13:21:37 2018 -> +++ Started at Mon Jan 29 13:21:37 2018 Mon Jan 29 13:21:37 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:21:37 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:21:37 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:21:37 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:21:37 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:21:37 2018 -> Not loading PUA signatures. Mon Jan 29 13:21:37 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Jan 29 13:24:48 2018 -> +++ Started at Mon Jan 29 13:24:48 2018 Mon Jan 29 13:24:48 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:24:48 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:24:48 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:24:48 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:24:48 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:24:48 2018 -> Not loading PUA signatures. Mon Jan 29 13:24:48 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Jan 29 13:24:56 2018 -> +++ Started at Mon Jan 29 13:24:56 2018 Mon Jan 29 13:24:57 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:24:57 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:24:57 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:24:57 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:24:57 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:24:57 2018 -> Not loading PUA signatures. Mon Jan 29 13:24:57 2018 -> Bytecode: Security mode set to "TrustSigned". Mon Jan 29 13:26:52 2018 -> Loaded 6398744 signatures. Mon Jan 29 13:59:04 2018 -> +++ Started at Mon Jan 29 13:59:04 2018 Mon Jan 29 13:59:04 2018 -> Received 0 file descriptor(s) from systemd. Mon Jan 29 13:59:04 2018 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Mon Jan 29 13:59:04 2018 -> Running as user clam (UID 497, GID 497) Mon Jan 29 13:59:04 2018 -> Log file size limited to 4294967295 bytes. Mon Jan 29 13:59:04 2018 -> Reading databases from /var/lib/clamav Mon Jan 29 13:59:04 2018 -> Not loading PUA signatures. Mon Jan 29 13:59:04 2018 -> Bytecode: Security mode set to "TrustSigned". Btw thanks for your help
Please check with: ps aux | grep clam if the clamav daemon process is running (so it's stuck during signature loading) or if the process dies so that there is no clamav daemon process active anymore.
This is the output of the ps aux: Code: amavis 16582 32.6 36.7 631168 184380 ? R 14:48 0:43 /usr/bin/clamscan --stdout --no-summary -r --tempdir=/var/spool/amavisd/tmp /var/spool/amavisd/tmp/amavis-20180129T141929-14342-4bsjIWe4/parts amavis 16642 30.9 19.5 537356 98308 ? R 14:49 0:20 /usr/bin/clamscan --stdout --no-summary -r --tempdir=/var/spool/amavisd/tmp /var/spool/amavisd/tmp/amavis-20180129T141859-14293-zWYS_74K/parts root 16772 0.0 0.1 103324 812 pts/0 S+ 14:50 0:00 grep clam Also doing top gives me this, amavis seems to use more than 90% of CPU: Code: 16642 amavis 20 0 172m 97m 384 R 42.1 19.8 0:01.29 clamscan 16582 amavis 20 0 596m 182m 244 R 35.2 37.2 0:25.79 clamscan 29 root 20 0 0 0 0 R 14.4 0.0 398:28.89 kswapd0
ok, so the clamav daemon process is dying completely. That's not amavis, this is clamav. Amavis is the user that clamscan is running under and clamscan is used as a fallback for clamav-daemon (which is not working). The higher load is normal when using this fallback method. So the problem is that ClamAV daemon dies without any error in the log. maybe some clamav signature DB is broken, as it seems to fail at that point. you can try to remove the clamav signature db and then re-download it with freshclam.
Ok, could you help me with this? I don't know how to remove the clamav signature db and reinstall it properly (without messing with the current ispconfig configuration) thanks in advance
update: I ran yum remove clamav and reinstalled it with his dependencies (amavis-new) then I ran the ispconfig update script and reconfigured services. Apparently it doesn't solve the issue, seems that the mail service doesn't get stuck but I still have these logs: Code: Jan 29 16:58:44 mail amavis[22532]: (22532-17) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/spool/amavisd/clamd.sock: No such file or directory Jan 29 16:58:44 mail amavis[22532]: (22532-17) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 113) line 608.\n Jan 29 16:58:44 mail amavis[22532]: (22532-17) (!)WARN: all primary virus scanners failed, considering backups
