Since 05:04 this morning I've been getting messages like:
Events around this time were:
clearsdn-antimalaware update at 03:08
clearsdn-antispam update at 04:34
freshclam at 05:02
This leads me to think it is freshclam. I've tried reinstalling app-antimalaware* and app-antivirus* and no change.
Reinstalling the latest clearsdn-antimalaware changes the error slightly to:
Similarly, reloading clearsdn-antispam changes the message to:
I can open all the files in WinSCP.
My clamd.log shows repeating:
Has anyone a clue how to fix it because I am pretty much stumped.
Dec 17 05:04:14 server systemd: clamd.service: main process exited, code=exited, status=1/FAILURE
Dec 17 05:04:14 server systemd: Unit clamd.service entered failed state.
Dec 17 05:04:14 server systemd: clamd.service failed.
Dec 17 05:04:19 server clamd: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/spearl.ndb
Dec 17 05:04:19 server clamd: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/spearl.ndb
Dec 17 05:04:19 server clamd: ERROR: Can't open file or directory
Dec 17 05:04:19 server systemd: clamd.service: control process exited, code=exited status=1
Dec 17 05:04:19 server systemd: Failed to start ClamAV daemon.
Dec 17 05:04:19 server systemd: Unit clamd.service entered failed state.
Dec 17 05:04:19 server systemd: clamd.service failed.
Events around this time were:
clearsdn-antimalaware update at 03:08
clearsdn-antispam update at 04:34
freshclam at 05:02
This leads me to think it is freshclam. I've tried reinstalling app-antimalaware* and app-antivirus* and no change.
Reinstalling the latest clearsdn-antimalaware changes the error slightly to:
Dec 17 12:59:56 server clamd: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/lott.ndb
Dec 17 12:59:56 server clamd: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/lott.ndb
Dec 17 12:59:56 server clamd: ERROR: Can't open file or directory
Dec 17 12:59:56 server systemd: clamd.service: control process exited, code=exited status=1
Dec 17 12:59:56 server systemd: Failed to start ClamAV daemon.
Dec 17 12:59:56 server systemd: Unit clamd.service entered failed state.
Dec 17 12:59:56 server systemd: clamd.service failed.
Similarly, reloading clearsdn-antispam changes the message to:
Dec 17 13:55:25 server clamd: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/phish.ndb
Dec 17 13:55:25 server clamd: LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/phish.ndb
Dec 17 13:55:25 server clamd: ERROR: Can't open file or directory
Dec 17 13:55:25 server systemd: clamd.service: control process exited, code=exited status=1
Dec 17 13:55:25 server systemd: Failed to start ClamAV daemon.
Dec 17 13:55:25 server systemd: Unit clamd.service entered failed state.
Dec 17 13:55:25 server systemd: clamd.service failed.
I can open all the files in WinSCP.
My clamd.log shows repeating:
Sat Dec 17 13:52:30 2016 -> ERROR: Can't open file or directory
Sat Dec 17 13:52:31 2016 -> +++ Started at Sat Dec 17 13:52:31 2016
Sat Dec 17 13:52:31 2016 -> Received 0 file descriptor(s) from systemd.
Sat Dec 17 13:52:31 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sat Dec 17 13:52:31 2016 -> Running as user clam (UID 989, GID 988)
Sat Dec 17 13:52:31 2016 -> Log file size limited to 4294967295 bytes.
Sat Dec 17 13:52:31 2016 -> Reading databases from /var/lib/clamav
Sat Dec 17 13:52:31 2016 -> Not loading PUA signatures.
Sat Dec 17 13:52:31 2016 -> Bytecode: Security mode set to "TrustSigned".Has anyone a clue how to fix it because I am pretty much stumped.
Share this post:
Responses (9)
-
Accepted Answer
Nick Howitt wrote:
Hi Partick,
I received an update which fixed the problem last night. You could try running a "yum update". If that does not work, temporarily change the permissions as described in this thread.
Hi Nick,
I've did this also, but i was just reporting that this was not the only issue. -
Accepted Answer
-
Accepted Answer
Same here, but also Dansguardian is blocking sites.
After changing the filter to no-filtering the sites are accesable
Dec 18 14:35:26 pdebrabander dansguardian[22792]: scanFile/Memory returned error: -1
Dec 18 14:35:26 pdebrabander dansguardian[22792]: Error connecting to ClamD socket
Dec 18 14:35:26 pdebrabander dansguardian[22792]: scanFile/Memory returned error: -1
Dec 18 14:35:26 pdebrabander dansguardian[22792]: Error connecting to ClamD socket
Dec 18 14:35:26 pdebrabander dansguardian[22792]: scanFile/Memory returned error: -1
Dec 18 14:35:26 pdebrabander dansguardian[22792]: Error connecting to ClamD socket
Dec 18 14:35:26 pdebrabander dansguardian[22792]: scanFile/Memory returned error: -1
Dec 18 14:35:27 pdebrabander dansguardian[22792]: Error connecting to ClamD socket
Dec 18 14:35:27 pdebrabander dansguardian[22792]: scanFile/Memory returned error: -1
Dec 18 14:35:27 pdebrabander dansguardian[22792]: Error connecting to ClamD socket
Dec 18 14:35:27 pdebrabander dansguardian[22792]: scanFile/Memory returned error: -1
Dec 18 14:35:27 pdebrabander dansguardian[22793]: Error connecting to ClamD socket
Dec 18 14:35:27 pdebrabander dansguardian[22793]: scanFile/Memory returned error: -1
Dec 18 14:35:27 pdebrabander dansguardian[22793]: Error connecting to ClamD socket
Dec 18 14:35:27 pdebrabander dansguardian[22793]: scanFile/Memory returned error: -1
Dec 18 14:35:28 pdebrabander dansguardian[22793]: Error connecting to ClamD socket
Dec 18 14:35:28 pdebrabander dansguardian[22793]: scanFile/Memory returned error: -1
Dec 18 14:35:28 pdebrabander dansguardian[22793]: Error connecting to ClamD socket
Dec 18 14:35:28 pdebrabander dansguardian[22793]: scanFile/Memory returned error: -1 -
Accepted Answer
Hi all,
The root cause of the problem was found. The antispam and antimalware signatures should have been using /var/clearos, not the old /var/lib/suva. The signatures are now back in good order, so the /var/lib/suva permission changes won't be required once the new updates have been installed.
Getting late... sleepy time. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
You're not alone and I'm stumped too. I think I've found the problem/resolution...a permissions issue on /var/lib/suva folder. If you chmod this to 755 and try and restart clamd, does it work for you? It did for me.
However, I'm waiting to hear back from Pete/Darryl on why this suddenly would be necessary and/or if my solution is actually the right way to do things or not.
My recommendation would be to try changing the permissions and see if this works for you, and report back here...and hopefully by then, I'll have had the benefit of hearing back from those with more knowledge than I about what went on...at this point, I can't even pinpoint a relevant update that could have caused this.
Ben -
Accepted Answer
Great. At least I am not alone.
I did bump into a thread saying check ownership saying it should be clam:clam in /var/lib/clamav. I've just tried it and tried changing all the symlinked files but it did not work either. I hope I've reverted correctly!
I'm on 7 so mail is still flowing. While searching, I bumped into this thread. At the end of the first post is a way of disabling anti-virus checking in amavis. I suspect in ClearOS the file you need to edit may be /etc/amavisd/api.conf or /etc/amavisd/override.conf. This may get your ClearOS6 up and running. -
Accepted Answer
Hi Nick....
You're not alone, this is affecting all my clients sites both Cos 6 and 7.
Cos-6 sites have have no mail flow, with errors in mailog showing ClamAV scanning failures.
Cos-7 sites have mail flow but tagged unchecked as per your experience. Errors browsing web sites "Warning - Could not perform virus scan"; disabling the proxy has temporarily resolved this. Also Clamd causing excessive CPU load.
I've raised a couple of tickets with ClearCenter.
Cheers.... Andy
Very odd as it appeared to stop working after freshclam update which is not operating at this folder level.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »