Topic: Problem with ClamAV

[kiig]

Hi all.

Have used Clamav for a while, - and it usually works great I reinstalled my server a couple of weeks ago, - and put ClamAv on it, - again, - using the beautiful scripts at sme.swerts-knudsen.dk, - and I tested it and I could both send and receive mails. I don't use it that much so not until now I realized that mail in/out works with ClamAv installed, - until I reboot the server. After that, - the Clamav log says :
...
AMAVIS::AV:CLAMD: Cannot connect to /var/lib/clamav/clamd.sock
...

and there's no clamd.sock file in that folder. (there was after install of ClamAv)

Disabled ClamAv (following the instructions @ smerts-knudsen), - and I could send/receive again, - also after rebooting.

Installed again, - same thing, - it works, until I reboot it.

Now... has anyone got any ideas... ? log files to check or anything... for now I have to disable ClamAv.... unfortunately.

Kim Igel

[Brenno]

kiig,

Had the same problem and I suspect that it's an issue with Jesper's install script.  I emailed him and he indicated that it was best to re-download the install script from his site to get the latest version and then re-run the install.

Did you run the manual installation tests listed on his site?

You could also use the pagefault.org implementation, as it's got a nice GUI add-on for the server-manager.

Cheers!

[mlpbinfo]

Hi,

I've got the same problem the 17th and 18th of August.

All mails have gone to /var/spool/amavis-ng/problems/

the log for each file shows this :
....
Aug 17 13:34:21 avallon amavis[9435]: Not attempting to unpack 00000002
Aug 17 13:34:21 avallon amavis[9435]: AMAVIS: Determined 00000003 to be type text/plain
Aug 17 13:34:21 avallon amavis[9435]: Not attempting to unpack 00000003
Aug 17 13:34:21 avallon amavis[9435]: AMAVIS::AV::CLAMD: Cannot connect to /var/lib/clamav/clamd.sock.
Aug 17 13:34:21 avallon amavis[9435]: Error while scanning for viruses with AMAVIS::AV::CLAMD:
Aug 17 13:34:21 avallon amavis[9435]: AMAVIS::MTA::Qmail: Freezing message
Aug 17 13:34:21 avallon amavis[9435]: Quarantining infected message to /var/spool/amavis-ng/problems/4121ed3d-24db

Messages was all types of mail (with or without attachment, in plain text or html)

Maybe a problem between Amavis and Clamav database version.

I've reinstalled with Jesper's install script
http://sme.swerts-knudsen.dk/index.html?frame=http%3A//sme.swerts-knudsen.dk/howtos/howto_22_new.htm

Update OK. Mails are scanned and send normally.

Mails quarantined was not infected, there was a mistake somewhere...

I've reinjected mails with this command :

/usr/bin/amavis-inject -S 127.0.0.1 /var/spool/amavis-ng/problems/<message-number>.msg

All is ok now.

system : SME 6.0.1-01

[kiig]

thanx guys.

I'll try the pagefault.org implementation (nice to have it in the sme server-manager, -though one rarely changes anything  ) so thanx for the hint.

I have pulled ClamAv off again, - and on, - without success, - so if the pagefault thing still won't run, - I'll reinstall my SME and try putting Jesper's script on it again, - I mean, - with a fresh installed machine, - it will work, - right ?

I did before.... actually... that was before I put the 6.01 contribs edition on it.. is that significant ?

Kim Igel.

[smeghead]

As I use Jespers scripts a lot I got fed up with getting them manually everytime (so I'm a lazy bum, its a curse) so I wrote a brief, basic, script to do the job, I call this script get_scripts.sh:

<start of script>
#!/bin/sh

#############################################################################
# Revision History:
#
# April 13, 2004:   Downloads all install scripts to current directory   
# April 16, 2004:   Sets execute perms on all downloaded scripts
# May    9, 2004:   Gets enable_calamav script as well
#               Move old scripts to old directory
# Aug   19, 2004:   Get new spamfilter script
#               enable_clamav script now built in
#############################################################################


mkdir old
mv mrtg*.sh old
mv clamav*.sh old
mv s*.sh old
wget http://sme.swerts-knudsen.dk/downloads/MRTG/mrtg_install.sh
wget http://sme.swerts-knudsen.dk/downloads/ClamAv/clamav_install.sh
wget http://sme.swerts-knudsen.dk/downloads/SpamAssassin/sa_install.sh
wget http://sme.swerts-knudsen.dk/downloads/SpamFilter/spamfilter_install.sh

chmod 777 *.sh
<end of script>

Paste this into a file of your own and chmod it to 777. Execute using ./get_scripts.sh in the folder where the script is located.

This will allow you to get the latest version of the scripts before you run any install routine.

HTH

[kiig]

allright thanx, - but I did actually get the newest scripts, - the two times I tried it (well it did both 'remove' the existing packages then hashed it's way through a new download.

But I'll keep your script. Thanx.

[kiig]

The pagefault implementation works, - nice gui and all :-) haven't tested if it actually catches anything, - but I can send and receive mails, - also after a reboot :-)

Not sure about the spam-assassin though, - have done the two command lines, - but I thought it should go into the server-manager, - like the antivirus part.. ?

[kiig]

found the rpm for spam-assassin here @ contribs, - so now they both work. Not sure about the "Problem list, - or Virus list"... my old setup hopefully removed them after a certain period of time (rarely looked at the log files), - but will the the pagefault implementation do that as well, - or is it just a limitation of the 'frontend' ?

Kim Igel.

[nefkho]

hi,

i have tried both script from pagefault and jesper and still get the clamd.sock error, my boss is kiiling me now, is there a way a can cleanly remove the clam files, and install it again. thanks

[nefkho]

hi, i got this error after installing jasper script:

# /usr/bin/qmail-queue.amavis
Use of uninitialized value in split at /usr/lib/perl5/site_perl/5.6.1/AMAVIS/Notify/Admin.pm line 23.