Antivirus / Antispam

Discussion in 'Server Operation' started by MiniMe, Oct 29, 2008.

  1. MiniMe

    MiniMe Member

    I somewhat get the feeling that my antivirus and antispam do not work.

    I have the following in my mail log file :

    Code:
    Oct 29 14:16:10 Artemis amavis[2361]: (02361-01) (!!)WARN: all primary virus scanners failed, considering backups
Oct 29 14:34:06 Artemis amavis[2411]: (02411-01) (!!)WARN: all primary virus scanners failed, considering backups
Oct 29 15:00:01 Artemis amavis[2361]: (02361-02) (!!)WARN: all primary virus scanners failed, considering backups
Oct 29 16:00:02 Artemis amavis[2411]: (02411-02) (!!)WARN: all primary virus scanners failed, considering backups
Oct 29 16:29:59 Artemis amavis[2361]: (02361-03) (!!)WARN: all primary virus scanners failed, considering backups
    What is going wrong and how can i fix it ... Remark: i only installed razor-agents something ( Suse 11 ) :/ - Pyzor is installed as well and is working afaik
     
    MiniMe, Oct 29, 2008
    #1
  2. falko

    falko Super Moderator ISPConfig Developer

    Did you install ClamAV?
     
    falko, Oct 30, 2008
    #2
  3. MiniMe

    MiniMe Member

    │Name │Summary │Avail. V│
    │Search▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒v ││ i │clamav │Antivirus Toolkit │0.94 │
    │┌──────────────────────┐││ i │clamav-db│Virus Database for ClamAV│0.94 │
    ││clamav▒▒▒▒▒▒▒v[Search]│││ │klamav │Frontend for clamav │0.42

    I would say yes ???

    clamav is installed, clamav-dv is also installed !
     
    MiniMe, Oct 30, 2008
    #3
  4. falko

    falko Super Moderator ISPConfig Developer

    Make sure that the ClamAV paths are correct in the ClamAV section in amavisd.conf.
     
    falko, Oct 31, 2008
    #4
  5. MiniMe

    MiniMe Member

    Uhm, i didnt touch that, so my guess is, since they r set by default, all should be good ... no ?
     
    MiniMe, Oct 31, 2008
    #5
  6. falko

    falko Super Moderator ISPConfig Developer

    No, not necessarily...
     
    falko, Nov 1, 2008
    #6
  7. MiniMe

    MiniMe Member

    shall i post my complete config file ?

    Regards,
     
    MiniMe, Nov 2, 2008
    #7
  8. falko

    falko Super Moderator ISPConfig Developer

    You just need to check the ClamAV part of your amavisd configuration.
     
    falko, Nov 2, 2008
    #8
  9. MiniMe

    MiniMe Member

    I did, and i can only really find this :

    Code:
    # ### http://www.clamav.net/
# ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#   qr/\bOK$/, qr/\bFOUND$/,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd, or run it under its own
# #   uid such as clamav, add user clamav to the amavis group, and then add
# #   AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# #   this entry; when running chrooted one may prefer socket "$MYHOME/clamd".

# ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)
# # note that Mail::ClamAV requires perl to be build with threading!
# ['Mail::ClamAV', \&ask_clamav, "*", [0], [1], qr/^INFECTED: (.+)/],

# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
#   qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],

# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
#   \&ask_daemon, ["{}/\n", '/var/run/trophie'],
#   qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
#   qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],

# ### http://www.grisoft.com/
# ['AVG Anti-Virus',
#   \&ask_daemon, ["SCAN {}\n", '127.0.0.1:55555'],
#   qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],
     
    MiniMe, Nov 2, 2008
    #9
  10. falko

    falko Super Moderator ISPConfig Developer

    This part is commented out. Is there something about ClamAV in that file that's not commented out?
     
    falko, Nov 3, 2008
    #10
  11. MiniMe

    MiniMe Member

    eh only this as far as i can see :

    Code:
    @av_scanners_backup = (

  ### http://www.clamav.net/   - backs up clamd or Mail::ClamAV
  ['ClamAV-clamscan', 'clamscan',
    "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
    [0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
     
    MiniMe, Nov 3, 2008
    #11
  12. MiniMe

    MiniMe Member

    PS, what i forgot to add was :

    i posted some commented out mess before, but this is what goes before that whole list :

    @av_scanners = (
     
    MiniMe, Nov 3, 2008
    #12
  13. falko

    falko Super Moderator ISPConfig Developer

    Please uncomment this part and restart amavisd:

    Code:
    # ['ClamAV-clamd',
#   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
#   qr/\bOK$/, qr/\bFOUND$/,
#   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
     
    falko, Nov 4, 2008
    #13
  14. MiniMe

    MiniMe Member

    done, will check later today if it worked, thx in advance
     
    MiniMe, Nov 4, 2008
    #14
  15. MiniMe

    MiniMe Member

    now i have this output in my mail.err log :

    Code:
    Nov  4 14:00:02 Artemis amavis[31591]: (31591-01) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 14:19:00 Artemis amavis[31944]: (31944-01) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 14:45:54 Artemis amavis[32280]: (32280-01) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 14:45:54 Artemis amavis[32280]: (32280-01) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 14:50:19 Artemis amavis[32281]: (32281-01) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 14:50:19 Artemis amavis[32281]: (32281-01) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 14:51:57 Artemis amavis[32280]: (32280-02) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 14:51:57 Artemis amavis[32280]: (32280-02) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 15:00:09 Artemis amavis[32281]: (32281-02) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 15:00:09 Artemis amavis[32281]: (32281-02) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 15:00:59 Artemis amavis[32280]: (32280-03) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 15:00:59 Artemis amavis[32280]: (32280-03) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 15:05:52 Artemis amavis[32281]: (32281-03) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 15:05:52 Artemis amavis[32281]: (32281-03) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 15:40:37 Artemis amavis[32280]: (32280-04) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 15:40:37 Artemis amavis[32280]: (32280-04) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 16:00:09 Artemis amavis[32281]: (32281-04) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 16:00:09 Artemis amavis[32281]: (32281-04) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 16:36:00 Artemis amavis[32280]: (32280-05) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 16:36:00 Artemis amavis[32280]: (32280-05) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 16:47:13 Artemis amavis[32281]: (32281-05) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 16:47:13 Artemis amavis[32281]: (32281-05) (!!)WARN: all primary virus scanners failed, considering backups
Nov  4 17:00:09 Artemis amavis[32280]: (32280-06) (!!)ClamAV-clamd av-scanner FAILED: CODE(0x7c3cc0) Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 98) line 310. at (eval 98) line 511.)
Nov  4 17:00:09 Artemis amavis[32280]: (32280-06) (!!)WARN: all primary virus scanners failed, considering backups
     
    Last edited: Nov 4, 2008
    MiniMe, Nov 4, 2008
    #15
  16. MiniMe

    MiniMe Member

    Its fixed :)

    Thx a lot :) just had to change the setting inside amavisd.conf
     
    MiniMe, Nov 4, 2008
    #16

Share This Page