I'm asking because I observe every time when I upgrade ispconfig the message that there was an error: Code: Job for [email protected] failed because the control process exited with error code. Running Code: systemctl status [email protected] returns an Code: activating as active state, and this every time the status is checked (even after days). Just the time since when it's activating changes every time when the status is checked. Is this the normal way of running if it's running via amavis? Or do I need to change something in order to make it work properly?
I actually would appreciate a reply to this, because every minute, I get this message on my server: Code: clamd: ERROR: LOCAL: Socket file /var/run/clamd.amavisd/clamd.socket is in use by another process [email protected] control process exited, code = exited status = 1 Failed to start clamd scanner (amavisd) daemon Unit clamavisd.service entered failed state. [email protected] failed. It worries me because in the recent days the server crashed quite regularly, and while I don't find any hint to the cause, I only see those messages about clamd and wonder if it does its job or not. I just notice that I have placed this question in the wrong forum. Is it possible to move it?
Find out what other process is using clamd.socket. Looks like that prevents that service starting. Maybe it is twice in startup scripts so the second attempt to start it fails? I do not use CentOS so I can not give better advice.
How do I find that out? I went through the scripts in /etc/systemd/system and didn't find anything suspicious. Any other place?
Examine if there are more than one clamd processes: Code: ps -ef | grep -i clam Things to try: Code: systemctl status clamav-daemon.service systemctl stop clamav-daemon.service systemctl stop clamav-freshclam.service Then see if clam prosseses are running. If they run, kill them. Then remove that socket file. Now start clamave-daemon and freshclam.
Code: systemctl status clamav-daemon.service says that there is no such service (could not be found). Code: ps -ef | grep -i clam returns amavis twice and root once (if I knew how to copy lines from the putty window I would, but the somewhere described methods which I found don't seem to work here - no idea why).
Code: ps -ef | grep -i clam Returns this: Code: amavis 4973 1 0 Okt05 ? 00:01:20 /usr/sbin/clamd -c /etc/clamd.d/scan.conf amavis 26905 1 99 05:34 ? 00:00:35 /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf root 26978 26962 0 05:34 pts/1 00:00:00 grep --color=auto -i clam Code: systemctl status clamav-daemon.service Returns this: Code: Unit clamav-daemon.service could not be found.
I'm sorry for the double post. When I just looked, I didn't see my reply, and it bugged me that I couldn't copy from Putty's console, so I checked once more and looked into the configuration and found that the use of the mouse for copying was disabled. Sop now it works and I posted the output. Oddly, my reply from yesterday then showed up.
So there are two clamd processes: Code: amavis 4973 1 0 Okt05 ? 00:01:20 /usr/sbin/clamd -c /etc/clamd.d/scan.conf amavis 26905 1 99 05:34 ? 00:00:35 /usr/sbin/clamd -c /etc/clamd.d/amavisd.conf Both run as user amavis, so maybe something is wrong in amavis configuration and it starts two clamd processes? A temporary fix is to kill both clamd processes, and then start just one. This works until next reboot. Perhaps some CentOS user can give insights on how to fix this permanently?
Your Amavis/ClamAV configuration seems to be different to the ISPConfig CentOS defaults. Also the EPEL Amavis/Clam packages are using .sock file types instead of .socket in their configs. So, I've no idea from which repository you got your packages from. First you should check which process blocks the socket by using the command "lsof". Example (change the socketname/type accordingly): Code: lsof /var/run/clamd.amavisd/clamd.sock COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME clamd 13570 amavis 4u unix 0xffff9acc4368ac00 0t0 51224 /var/run/clamd.amavisd/clamd.sock The socket should be used by clamd command and user amavis. You should also check how you have configured the socket in your amavis and clamav configuration. In a working ISPConfig (default) environment and amavis/clamav packages installed from EPEL the config looks as follows: Code: grep clamd.sock /etc/amavisd.conf \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"], grep clamd.sock /etc/clamd.d/* /etc/clamd.d/amavisd.conf:LocalSocket /var/run/clamd.amavisd/clamd.sock Make sure that the sockets match in each config file and restart the services after you've made your changes. Consider to commit the changes if you use etckeeper, or make a backup of the config files before you do any changes to the configs - just in case...
First of all, thank you very much for your reply! I appreciate your help very much! Is there a way to find out what these defaults are? I followed the installation instructions as much as possible, I don't remember if there were any glitches. But it sure would be nice to have somewhere a presentation of what are the defaults for a properly functioning CentOS installation. It may be (but I'm absolutely not sure) that the ISPConfig installation expected .socket files. Or it was the other way round. I think that there was a mismatch, and probably I matched them by just naming the one as (one of) the config-file(s) suggested. But I'm really not sure (I didn't take notes of every step I went through, but I realise it's probably worth doing that). The result is: Code: COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME clamd 1821 amavis 4u unix 0x00000000bff3b486 0t0 22221 /var/run/clamd.amavisd/clamd.socket clamd 2015 amavis 4u unix 0x00000000bff3b486 0t0 22221 /var/run/clamd.amavisd/clamd.socket It seems to me as if there are two identical processes, only with different PIDs? That seems to be the case - for both processes... These are the results: Code: grep clamd.sock /etc/amavisd.conf \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.socket"], and Code: grep clamd.sock /etc/clamd.d/* /etc/clamd.d/amavisd.conf:LocalSocket /var/run/clamd.amavisd/clamd.socket /etc/clamd.d/scan.conf:#LocalSocket /var/run/clamd.scan/clamd.sock /etc/clamd.d/scan.conf:LocalSocket /var/run/clamd.amavisd/clamd.socket /etc/clamd.d/scan.conf.rpmnew:#LocalSocket /var/run/clamd.scan/clamd.sock This seems to be correct, too. The two lines with clamd.sock are commented out, so they shouldn't have any impact. Is it correct that there are two conf-files in /etc/clamd.d? Another thought: should I just rename the clamd.socket entries into clamd.sock? But in /var/run/clamd.amavisd is only a file "clamd.socket". From looking at the conf file /etc/clamd.d/scan.conf, I notice that I changed those lines to match the socket file already last year. Now this could have been caused by the entry in the amavis conf file, where it was looking for a .socket file and didn't find it.
Ok, your scan.conf might have the final clue for what is the issue on your system. I guess you have clamd standalone service running which blocks the socket for the [email protected]. Check whether [email protected] is running and if so stop & disable it. Afterwards restart [email protected].
Well, that seems to have done it. Now I get the status "active" instead of "activating" for the [email protected]. Thanks a lot for your help!!!