Hi! ##### ISPCONFIG ##### ISPConfig version is 3.1.8p1 :~# uname -a Linux *.*.net 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 GNU/Linux The problem I got is that I installed one Wordpress site and I checked plenty of pluggins, I didn't knew that I was getting on risk because of the pluggins. Finally I detect an intrusion on my server. I deleted the wordpress and restore a safe backup and i thought that was everything done but later I realized that my mail service get compromised. I wasn't able to send or receive mails. When i checked the logs I saw Code: Feb 9 06:18:33 vps488468 postfix/smtp[17743]: E6D7426B84: to=<[email protected]>, relay=mta6.am0.yahoodns.net[98.137.159.26]:25, delay=193021, delays=193020/0/1.5/0.1, dsn=4.7.0, status=deferred (host mta6.am0.yahoodns.net[98.137.159.26] said: 421 4.7.0 [TSS04] Messages from 37.59.113.92 temporarily deferred due to user complaints - 4.16.55.1; see https://help.yahoo.com/kb/postmaster/SLN3434.html (in reply to MAIL FROM command)) Feb 9 06:18:33 vps488468 postfix/qmgr[22480]: 6E55B2E1E7: from=<[email protected]>, size=1661, nrcpt=1 (queue active) Feb 9 06:18:39 vps488468 amavis[17296]: (17296-02-6) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory Feb 9 06:18:39 vps488468 amavis[17296]: (17296-02-6) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 102) line 613.\n Feb 9 06:18:39 vps488468 amavis[17296]: (17296-02-6) (!)WARN: all primary virus scanners failed, considering backups Feb 9 06:18:39 vps488468 amavis[17403]: (17403-02-5) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory Feb 9 06:18:39 vps488468 amavis[17403]: (17403-02-5) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 102) line 613.\n Feb 9 06:18:39 vps488468 amavis[17403]: (17403-02-5) (!)WARN: all primary virus scanners failed, considering backups Feb 9 06:19:15 vps488468 amavis[17403]: (17403-02-5) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: Problem parsing database at line 58721\nLibClamAV Error: Can't load main.ndb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.ndb\nLibClamAV Error: Can't load /var/lib/clamav/main.cvd: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cvd\nERROR: Malformed database" Feb 9 06:19:15 vps488468 amavis[17296]: (17296-02-6) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: cli_parse_add(): Problem adding signature (1).\nLibClamAV Error: cli_parseadd(): Problem adding signature (1b).\nLibClamAV Error: Problem parsing database at line 55839\nLibClamAV Error: Can't load main.ndb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.ndb\nLibClamAV Error: Can't load /var/lib/clamav/main.cvd: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cvd\nERROR: Malformed database" Feb 9 06:19:15 vps488468 amavis[17296]: (17296-02-6) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: cli_parse_add(): Problem adding signature (1).\nLibClamAV Error: cli_parseadd(): Problem adding signature (1b).\nLibClamAV Error: Problem parsing database at line 55839\nLibClamAV Error: Can't load main.ndb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.ndb\nLibClamAV Error: Can't load /var/lib/clamav/main.cvd: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cvd\nERROR: Malformed database" at (eval 102) line 905. Feb 9 06:19:15 vps488468 amavis[17403]: (17403-02-5) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan unexpected exit 2, output="LibClamAV Error: mpool_malloc(): Can't allocate memory (262144 bytes).\nLibClamAV Error: Problem parsing database at line 58721\nLibClamAV Error: Can't load main.ndb: Malformed database\nLibClamAV Error: cli_tgzload: Can't load main.ndb\nLibClamAV Error: Can't load /var/lib/clamav/main.cvd: Malformed database\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/main.cvd\nERROR: Malformed database" at (eval 102) line 905. Feb 9 06:19:15 vps488468 amavis[17296]: (17296-02-6) (!!)AV: ALL VIRUS SCANNERS FAILED Feb 9 06:19:15 vps488468 amavis[17403]: (17403-02-5) (!!)AV: ALL VIRUS SCANNERS FAILED Feb 9 06:19:15 vps488468 postfix/smtpd[8623]: C5D7827C73: client=localhost[127.0.0.1] Feb 9 06:19:15 vps488468 postfix/cleanup[15690]: C5D7827C73: message-id=<[email protected]> Feb 9 06:19:15 vps488468 amavis[17296]: (17296-02-6) Passed UNCHECKED {RelayedOutbound}, LOCAL [127.0.0.1] <[email protected]> -> <[email protected]>, Message-ID: <[email protected]>, mail_id: 7ej5LDZO6N3v, Hits: 0.001, size: 1633, queued_as: C5D7827C73, dkim_new=default:myhost.com, 44037 ms Feb 9 06:19:15 vps488468 postfix/smtp[15447]: 27CAB28325: to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=6, delay=407888, delays=0.02/407844/0/44, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as C5D7827C73) Feb 9 06:19:15 vps488468 postfix/qmgr[22480]: 27CAB28325: removed Feb 9 06:19:15 vps488468 postfix/qmgr[22480]: 2BB8D243AE: from=<[email protected]>, size=2580, nrcpt=1 (queue active) Feb 9 06:19:16 vps488468 amavis[17296]: (17296-02-7) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory Feb 9 06:19:16 vps488468 postfix/smtpd[8573]: 43F4227C74: client=localhost[127.0.0.1] Also the Mail Queue is full of mails. Code: :~# systemctl status clamd ● clamd.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead) I guess this is suppose to be active in order to send mails. Any help to resolve the situation will be appreciated. Greetings.
Check the service status with /etc/init.d/clamav-daemon status if it says stopped, start it with the same command but replace "status" with "start". If your postfix queue is full withspam emails, delete them.
