Hi, I encounter a strange problem with the ISPConfig 2.2.11 (Thats why I didnt release it yet). Sometimes I get a Clamav error 50 which indicates a problem with the antivirus database, in this case clamav creates a directory in /tmp/ with "clamav" plus a random string as name which contains a antivirus database. This directory is owned by the user that received the mail. Does anyone else encounter this with either the 2.2.11 beta or 2.2.10 and the clamasassin fix (--mbox removed in clamav option)? Any ideas what may cause this?
Yes, I also have 2 directory's in my /tmp dir. (using ISPconfig 2.2.10 and the clamasassin fix) Code: host:/tmp# ls clamav-1d03d1f461af0bde85a34f126a131995 clamav-24465acfba690eb49a98090fe5bd3f70 One of the dir's does have some stuff in it! Code: host:/tmp# cd clamav-24465acfba690eb49a98090fe5bd3f70 host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# ls COPYING main.db main.hdb main.ndb host:/tmp/clamav-24465acfba690eb49a98090fe5bd3f70# I have no clue what's causing this..!
I also have this directories on a server not using clamasassin. And one is dated from december 2004, so this does not look as something new. But personally I nerver got an error 50.
How old are the directories? Have they been created on the day you updated ISPConfig to 2.2.10 / 2.2.11 or later?
Both directories are from march the 3rd (yesterday) The last ISPconfig update was before that. I do not have the directories on my other servers as I do not have email users on it.
On my server with ISPConfig 2.2.10 i have also some files provided by ClamAV like these: clamav-17e026743d5eb53079befc999f400211 clamav-1965d9ee836e5305662cf4d6c94f196e clamav-267d1f325ab2cd5ab18bc762797d2b4d clamav-3e1568b86157e54192153f8d04dc088a clamav-4cbda0ff46b7ab0f1d5bfd11b813dbfd clamav-75ddddcd3ce7258833105095fdc6cc17 clamav-a67137b8bf83fa7e7b4ae1d7953bb4ff clamav-b298b1dcb6014422176f79df11c66bf0 clamav-c00c83d2c04dfe35efb468a669a53ffa clamav-cb6c4d62b5f2ad5297e3a71ac2554a2f clamav-ed89f07e5015ba43d1f29583772d3755 clamav-f38b2659af676d7d633aa296f584a5c7 I do not have that files on my testserver with ISPConfig 2.2.11 beta1, as i do not use that server as a mailserver.
I searched a bit in the clamav mailing lists and this seems to be a common problem with the new release. It looks like almost all systems are broken that invoke clamav from different users. They created a patch release 0.90.1 that shall fix some of the issues and additionally a change in freshclam prevents that clamav can access the signature databases because they changed the chmod of the files from 0755 to 0700. I added some patches to ISPConfig and test it now. Lets hope that this fixes the problems
I think I fixed it now ISPConfig 2.2.11 Beta 2 download: http://www.howtoforge.com/forums/showthread.php?t=10969
Till, I've downloaded 2.2.11 beta2 on my testing-server with Debian Sarge. Everything looks fine. After that (i think i trust you a lot) i installed it on one of my production servers. (Debian Sarge unofficial 64 bit) Everything looks ok, but i have to wait to see if the strange clamav-files within /tmp do not appear again. Thanks for your work, i think you did it!
Thats great to hear By the wy, I enabled logging in freshclam to the mail logfile, if you run a grep for clam or freshclam on the logfile, you should now be able to monitor if the update of the signatures is ok
Till, After one night, i've checked my /tmp file and no clamav stuff anymore. So, that's good. Within the my email-header, i can see that the new clamav is functioning: X-Virus-Checker-Version: clamassassin 1.2.3 with clamscan / ClamAV 0.90.1/2735/Mon Mar 5 16:23:59 2007 No problems, so far!
