Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 16:39:16

Author Topic: Clamav Problem after update.  (Read 6414 times)

0 Members and 1 Guest are viewing this topic.

Offline putude

  • Valuable Member
  • *
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Clamav Problem after update.
« on: 2017-08-25, 01:10:37 »
Dear Master,

I have a problem with my VPS after update to version 2017082302

I have error on sending/receiving message

# tail -f maillog
Aug 25 07:06:26 server clamd: ERROR: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
Aug 25 07:06:26 server clamd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.

so I have to turn Clamav off to make it work. however, this error message is still appear although the option "Enable Virus Scan" was unchecked.

Please help, how to make the Antivirus work normal again.

Best regards,
Putu de

Offline putude

  • Valuable Member
  • *
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Clamav Problem after update.
« Reply #1 on: 2017-08-25, 01:19:58 »
What I have done,

#yum clean all; yum update -y; sh /script/cleanup;

then error appear
- uncheck "Enable Virus Scan" option. Email back to normal, but still the same error in log

# yum reinstall clamav
# reboot
{no luck, same result}



Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Clamav Problem after update.
« Reply #2 on: 2017-08-25, 01:59:50 »
Inform 'chkconfig --list; dir -l /var/qmail/supervise/clamd'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline putude

  • Valuable Member
  • *
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Clamav Problem after update.
« Reply #3 on: 2017-08-25, 10:23:01 »
[root@server home]# chkconfig --list; dir -l /var/qmail/supervise/clamd
atd             0:off   1:off   2:off   3:on    4:on    5:on    6:off
clamd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
crond           0:off   1:off   2:on    3:on    4:on    5:on    6:off
cups            0:off   1:off   2:on    3:on    4:on    5:on    6:off
dc_client       0:off   1:off   2:off   3:off   4:off   5:off   6:off
dc_server       0:off   1:off   2:off   3:off   4:off   5:off   6:off
djbdns          0:off   1:off   2:off   3:off   4:off   5:off   6:off
dovecot         0:off   1:off   2:off   3:off   4:off   5:off   6:off
fail2ban        0:off   1:off   2:on    3:on    4:on    5:on    6:off
hiawatha        0:off   1:off   2:off   3:off   4:off   5:off   6:off
httpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off
httpry          0:off   1:off   2:on    3:on    4:on    5:on    6:off
ipset           0:off   1:off   2:on    3:on    4:on    5:on    6:off
iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off
kloxo-php       0:off   1:off   2:on    3:on    4:on    5:on    6:off
kloxo-web       0:off   1:off   2:on    3:on    4:on    5:on    6:off
kloxo-wrap      0:off   1:off   2:on    3:on    4:on    5:on    6:off
lighttpd        0:off   1:off   2:off   3:off   4:off   5:off   6:off
messagebus      0:off   1:off   2:on    3:on    4:on    5:on    6:off
modules_dep     0:off   1:off   2:on    3:on    4:on    5:on    6:off
mysql           0:off   1:off   2:on    3:on    4:on    5:on    6:off
named           0:off   1:off   2:on    3:on    4:on    5:on    6:off
netconsole      0:off   1:off   2:off   3:off   4:off   5:off   6:off
netfs           0:off   1:off   2:off   3:off   4:on    5:on    6:off
network         0:off   1:off   2:on    3:on    4:on    5:on    6:off
nginx           0:off   1:off   2:off   3:off   4:off   5:off   6:off
nginx-debug     0:off   1:off   2:off   3:off   4:off   5:off   6:off
nsd             0:off   1:off   2:off   3:off   4:off   5:off   6:off
pdns            0:off   1:off   2:off   3:off   4:off   5:off   6:off
php-fpm         0:off   1:off   2:on    3:on    4:on    5:on    6:off
portreserve     0:off   1:off   2:on    3:on    4:on    5:on    6:off
pure-ftpd       0:off   1:off   2:on    3:on    4:on    5:on    6:off
qmail           0:off   1:off   2:on    3:on    4:on    5:on    6:off
quota_nld       0:off   1:off   2:off   3:off   4:off   5:off   6:off
rdisc           0:off   1:off   2:off   3:off   4:off   5:off   6:off
restorecond     0:off   1:off   2:off   3:off   4:off   5:off   6:off
rsyslog         0:off   1:off   2:on    3:on    4:on    5:on    6:off
snmpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
snmptrapd       0:off   1:off   2:off   3:off   4:off   5:off   6:off
spawn-fcgi      0:off   1:off   2:off   3:off   4:off   5:off   6:off
sshd            0:off   1:off   2:on    3:on    4:on    5:on    6:off
svnserve        0:off   1:off   2:off   3:off   4:off   5:off   6:off
sysstat         0:off   1:on    2:on    3:on    4:on    5:on    6:off
udev-post       0:off   1:on    2:on    3:off   4:on    5:on    6:off
varnish         0:off   1:off   2:off   3:off   4:off   5:off   6:off
varnishncsa     0:off   1:off   2:off   3:off   4:off   5:off   6:off
winbind         0:off   1:off   2:off   3:off   4:off   5:off   6:off
xinetd          0:off   1:off   2:off   3:on    4:on    5:on    6:off
yadifad         0:off   1:off   2:off   3:off   4:off   5:off   6:off

xinetd based services:
        chargen-dgram:  off
        chargen-stream: off
        daytime-dgram:  off
        daytime-stream: off
        discard-dgram:  off
        discard-stream: off
        echo-dgram:     off
        echo-stream:    off
        rsync:          off
        tcpmux-server:  off
        time-dgram:     off
        time-stream:    off
total 12
drwx------ 3 qmaill qmail 4096 Aug 25 06:46 log
-rwxr-x--x 1 root   root    60 Aug 25 06:46 run
drwxr-xr-x 2 qmaill qmail 4096 Aug 25 16:32 supervise
[root@server home]#

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Clamav Problem after update.
« Reply #4 on: 2017-08-26, 13:37:08 »
Try 'chkconfig clamd off; service clamd stop; sh /script/restart-mail'.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline putude

  • Valuable Member
  • *
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Clamav Problem after update.
« Reply #5 on: 2017-08-26, 15:06:30 »
Executing command
#chkconfig clamd off; service clamd stop; sh /script/restart-mail;

#tail -f /var/log/maillog
Aug 26 20:50:52 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:53 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:54 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:55 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:56 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:57 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:58 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:50:59 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:51:00 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:51:01 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist
Aug 26 20:51:02 server clamd: setuidgid: fatal: unable to run /usr/sbin/clamd: f                                                                                                                                                             ile does not exist


---
Then I try to check "Enable Virus Scan"
and see /var/log/maillog


Aug 26 20:55:10 server clamd: ERROR: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
Aug 26 20:55:10 server clamd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
Aug 26 20:55:21 server clamd: ERROR: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
Aug 26 20:55:21 server clamd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.

just FYI, I have 3 VPS with KloxoMR running on these machines. They have same problem. Even if "Enable Virus Scan" unchecked, clamd still running and took a huge memory and processor.   

# ps aux
root       506  0.0  0.0   3936   400 ?        S    21:05   0:00 supervise clamd
qmaill     535  0.0  0.0   4076   664 ?        S    21:05   0:00 /var/qmail/bin/splogger clamd
clam       726 61.2  3.9 390928 251124 ?       R    21:06   0:02 /usr/sbin/clamd


---
Then I uncheck "Enable Virus Scan" and
#chkconfig clamd off; service clamd stop; sh /script/restart-mail;
I saw clamd keep running  :-[



Offline putude

  • Valuable Member
  • *
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Clamav Problem after update.
« Reply #6 on: 2017-08-26, 15:22:19 »
Hi Mustafa,

I've just trying to move "clamd" directory in /var/qmail/supervise/
then reboot the machine and It works.
Is it okay to do this ?

thank you.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Clamav Problem after update.
« Reply #7 on: 2017-08-26, 15:24:50 »
Kloxo-MR use supervise from qmail for handle clamav. Better use it instead initd.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline putude

  • Valuable Member
  • *
  • Posts: 62
  • Karma: +0/-0
    • View Profile
Re: Clamav Problem after update.
« Reply #8 on: 2017-08-28, 18:16:16 »
Yes, I would like to use it but sadly when I restore Supervise's files, the processor activity start increasing by Clamd.

in var/log/maillog
----------------------
...
server clamd: ERROR: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.
.....
in /var/log/message
----------------------
Aug 29 00:00:48 server clamd[3075]: Self checking every 600 seconds.
Aug 29 00:00:50 server clamd[3077]: Received 0 file descriptor(s) from systemd.
Aug 29 00:00:50 server clamd[3077]: clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Aug 29 00:00:50 server clamd[3077]: Log file size limited to 4294967295 bytes.
Aug 29 00:00:50 server clamd[3077]: Reading databases from /var/lib/clamav
Aug 29 00:00:50 server clamd[3077]: Not loading PUA signatures.
Aug 29 00:00:50 server clamd[3077]: Bytecode: Security mode set to "TrustSigned".
Aug 29 00:01:03 server clamd[3077]: Loaded 6414151 signatures.
Aug 29 00:01:05 server clamd[3077]: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
Aug 29 00:01:05 server clamd[3077]: LOCAL: Socket file /var/run/clamav/clamd.sock is in use by another process.

FYI, This problem is appear after update version 2017082302.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Clamav Problem after update.
« Reply #9 on: 2017-08-29, 09:47:07 »
Try reboot.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

 


Top 4 Global Search Engines:    Google    Bing    Baidu    Yahoo
Click Here

Page created in 0.032 seconds with 22 queries.

web stats analysis