Hi, i'm getting a lof of these and don't know how to fix it. I already tried to restart all services. Code: Sep 5 16:49:42 ns3107256 amavis[10405]: (10405-06-5) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Resource temporarily unavailable Sep 5 16:49:42 ns3107256 amavis[10405]: (10405-06-5) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2) Sep 5 16:49:48 ns3107256 amavis[10405]: (10405-06-5) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: Resource temporarily unavailable Sep 5 16:49:48 ns3107256 amavis[10405]: (10405-06-5) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 112) line 613.\n Sep 5 16:49:48 ns3107256 amavis[10405]: (10405-06-5) (!)WARN: all primary virus scanners failed, considering backups Still looking for a solution. Checked about 20 websites. Couldn't fix it so far.
Also, Code: # freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
Look if clamd is running: "ps -ef|grep clamd" or "service amavis status" if not, try to (re)start it: service clamav-daemon (re)start service clamav-freshclam (re)start service amavis (re)start In case of an error, post logmessage. Post recent logfile: /var/log/clamav/clamav.log
Yes, I tested this. I had: Code: root 371 1429 0 17:43 pts/0 00:00:00 grep clamd clamav 27997 1 1 16:36 ? 00:01:08 /usr/sbin/clamd --foreground=true Got no errors on restarting services. Logfile shows this: Code: Thu Sep 5 15:18:15 2019 -> +++ Started at Thu Sep 5 15:18:15 2019 Thu Sep 5 15:18:15 2019 -> Received 0 file descriptor(s) from systemd. Thu Sep 5 15:18:15 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Thu Sep 5 15:18:15 2019 -> Running as user clamav (UID 113, GID 119) Thu Sep 5 15:18:15 2019 -> Log file size limited to 4294967295 bytes. Thu Sep 5 15:18:15 2019 -> Reading databases from /var/lib/clamav Thu Sep 5 15:18:15 2019 -> Not loading PUA signatures. Thu Sep 5 15:18:15 2019 -> Bytecode: Security mode set to "TrustSigned". Thu Sep 5 15:19:26 2019 -> Loaded 6321861 signatures. Thu Sep 5 15:19:27 2019 -> ERROR: LOCAL: Socket file /var/run/clamav/clamd.ctl is in use by another process. Thu Sep 5 15:19:27 2019 -> +++ Started at Thu Sep 5 15:19:27 2019 Thu Sep 5 15:19:27 2019 -> Received 0 file descriptor(s) from systemd. Thu Sep 5 15:19:27 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Thu Sep 5 15:19:27 2019 -> Running as user clamav (UID 113, GID 119) Thu Sep 5 15:19:27 2019 -> Log file size limited to 4294967295 bytes. Thu Sep 5 15:19:27 2019 -> Reading databases from /var/lib/clamav Thu Sep 5 15:19:27 2019 -> Not loading PUA signatures. Thu Sep 5 15:19:27 2019 -> Bytecode: Security mode set to "TrustSigned". Thu Sep 5 15:20:28 2019 -> Loaded 6321861 signatures. Thu Sep 5 16:36:19 2019 -> +++ Started at Thu Sep 5 16:36:19 2019 Thu Sep 5 16:36:19 2019 -> Received 0 file descriptor(s) from systemd. Thu Sep 5 16:36:19 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Thu Sep 5 16:36:19 2019 -> Running as user clamav (UID 113, GID 119) Thu Sep 5 16:36:19 2019 -> Log file size limited to 4294967295 bytes. Thu Sep 5 16:36:19 2019 -> Reading databases from /var/lib/clamav Thu Sep 5 16:36:19 2019 -> Not loading PUA signatures. Thu Sep 5 16:36:19 2019 -> Bytecode: Security mode set to "TrustSigned". Thu Sep 5 16:37:37 2019 -> Loaded 6321861 signatures. Thu Sep 5 17:47:43 2019 -> +++ Started at Thu Sep 5 17:47:43 2019 Thu Sep 5 17:47:43 2019 -> Received 0 file descriptor(s) from systemd. Thu Sep 5 17:47:43 2019 -> clamd daemon 0.101.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Thu Sep 5 17:47:43 2019 -> Running as user clamav (UID 113, GID 119) Thu Sep 5 17:47:43 2019 -> Log file size limited to 4294967295 bytes. Thu Sep 5 17:47:43 2019 -> Reading databases from /var/lib/clamav Thu Sep 5 17:47:43 2019 -> Not loading PUA signatures. Thu Sep 5 17:47:43 2019 -> Bytecode: Security mode set to "TrustSigned". Thu Sep 5 17:48:52 2019 -> Loaded 6321861 signatures.
Well, it's started but can't use the sock file, because it is in use by another process. Looks like some clam process is already running. Try stopping all clam related services, then start only via: service clamav-daemon start service clamav-freshclam start Have you tried a server reboot?
I tried to reboot 3 times during the day but it did the same thing. Also this time, I didnt set all my iptables rules (I had some kind of smtp connexion issue from a Prestashop as well, one of the following was responsible) Code: iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP Since then, got no more of these. Looks good. Must get rid of these also now Code: Sep 5 19:54:37 ns3107256 postfix/smtpd[21559]: warning: unknown[141.98.80.75]: SASL PLAIN authentication failed: Sep 5 19:54:37 ns3107256 postfix/smtpd[21559]: lost connection after AUTH from unknown[141.98.80.75]
Damn, got much of this also now Code: 2019-09-05 19:57:16,914 fail2ban.actions [1375]: ERROR Failed to execute ban jail 'pure-ftpd' action 'iptables-multiport' info 'CallingMap({'failures': 3, 'matches': 'Sep 5 19:57:00 ns3107256 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [anonymous]\nSep 5 19:57:07 ns3107256 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [extiff]\nSep 5 19:57:14 ns3107256 pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [extiff]', 'ipmatches': <function Actions.__checkBan.<locals>. <lambda> at 0x7fdcfc1b5598>, 'ip': '182.156.218.6', 'ipjailfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fdcfc1b5400>, 'ipjailmatches': <function Actions.__checkBan.<locals>.<lambda> at 0x7fdcfc1b5620>, 'ipfailures': <function Actions.__checkBan.<locals>.<lambda> at 0x7fdcfc1b5378>, 'time': 1567706236.6007895})': Error stopping action
