Hi ; On my ispconfig host, I'm nearly constantly cpu flooded by clamscan processes, each eating 100% cpu, run by amavis. I know it's related to email filtering, but I don't know what are the rles, the configuration for all of that. In ISPConfig panel, my domains are configured with specific strategy that like viruses, and bypass virus checking. All mail boxes are configured to inherit strategy from their domain. But the server is often running clamscan processes from amavis ! I know I can disable clamav globally but that's not my point, I want to control on which cases (domain / mailbox) I want to run virus scanning, and for the moment I am not able to disable it everywhere from the panel. Any tip ? Thanks.
This is an indication that the ClamD service is not running, which makes amavis fallback to clamscan. Start the clamav daemon.
sorry I forgot to give my conf : ubuntu server 22.04 up to date ispconfig lastest version postfix / dovecot / amavis I also have those lines in amavis journal : Code: (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory I tried some things found on internet but nothing changed : - Code: Bytecode off for freshclam - Code: LocalSocket /var/run/clamav/clamd.ctl for clamd here is the status : Code: # systemctl restart clamav-daemon.service # systemctl status clamav-daemon.service ● clamav-daemon.service - LSB: ClamAV daemon Loaded: loaded (/etc/init.d/clamav-daemon; generated) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (exited) since Fri 2024-12-13 12:14:57 CET; 4s ago Docs: man:systemd-sysv-generator(8) Process: 2967885 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 2967886 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 2967887 ExecStart=/etc/init.d/clamav-daemon start (code=exited, status=0/SUCCESS) CPU: 8ms Dec 13 12:14:57 vm-ispconfig-01.d-l.fr systemd[1]: Starting LSB: ClamAV daemon... Dec 13 12:14:57 vm-ispconfig-01.d-l.fr systemd[1]: Started LSB: ClamAV daemon. # ps -Af | grep clamd root 2969426 2227951 0 12:19 pts/1 00:00:00 grep --color=auto clamd
You must configure ClamA and Amavis to use the same socket file path and then restart clamd and amavisd.
by the way, why would it try to scan for viruses (through the daemon or with a new process) if it should bypass virus scan ? are there virus scan for outgoing emails too ?
If virus scan is done or not is defined in the spamfilter policy that is applied to the account. And yes, amavisd is used for incoming and outgoing emails. But when you fix your clamav/amavis socket issue, then there will be nearly no load from the antivirus scan anyway.
Code: # grep ctl /etc/clamav/ clamd.conf freshclam.conf onerrorexecute.d/ onupdateexecute.d/ [email protected]:/etc/amavis# grep ctl /etc/clamav/clamd.conf LocalSocket /var/run/clamav/clamd.ctl Code: # systemctl restart clamav-daemon.service clamav-freshclam.service amavis.service amavis-mc.service amavisd-snmp-subagent.service Code: # systemctl status clamav-daemon.service ● clamav-daemon.service - LSB: ClamAV daemon Loaded: loaded (/etc/init.d/clamav-daemon; generated) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: active (exited) since Fri 2024-12-13 12:26:51 CET; 1min 0s ago Docs: man:systemd-sysv-generator(8) Process: 2972415 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS) Process: 2972416 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS) Process: 2972418 ExecStart=/etc/init.d/clamav-daemon start (code=exited, status=0/SUCCESS) CPU: 12ms Dec 13 12:26:51 vm-ispconfig-01.d-l.fr systemd[1]: Starting LSB: ClamAV daemon... Dec 13 12:26:51 vm-ispconfig-01.d-l.fr systemd[1]: Started LSB: ClamAV daemon. Code: # ll /var/run/clamav/clamd.ctl ls: cannot access '/var/run/clamav/clamd.ctl': No such file or directory still having some warnings in amavis journal about the unix socket and some clamscan processes appearing. how is the outgoing virus scan working ? is there a global configuration, or set from the panel by domains / mailboxes like incoming emails ?
For outgoing, it uses amavis defaults. But this is nothing you should really worry about as your whole problem is the missing ClamD socket. You must check why ClamD is not opening the socket, see e.g. ClamD log files and syslog. Amavis will of course complain if you tell it to use a non existing socket. Therefore you must fix this in ClamD. E.g. have you checked that there is a directory V at all and that ClamD is able to write there to create the socket?
Hi ; so I decided to completely remove and reinstall clamav stuff : Code: apt autoremove --purge clamav* apt install clamav-daemon after that, it didn't seem to change anything (the socket file was still no present). today, it seems the socket it present, and I don't see any clamscan process anymore. the load average also seems to be way more stable (I had a burst of CPU for each email with attachment). but ... i sometimes get this : which leads again to a clamscan process. fixed by : Code: adduser clamav amavis (and restarting the services). hope this will be fine now, and that it can help someone.
