Page 1 of 1
Clamav Failed
Posted: 08 Dec 2008, 03:15
by docbreed
WHM 11.23.2 cPanel 11.23.6-R27698
CENTOS Enterprise 5.2 i686 on standard - WHM X v3.1.0
* ConfigServer Mail Manage
* ConfigServer Mail Queues
* ConfigServer Security&Firewall
* ConfigServer MailScanner FE
I'm recieveing multiple emails of this:
Code: Select all
From Subject Received Size Categories
cpanel@server.myhost.com clamav on server.myhost.com failed 6:53 PM 5 KB
chkservd.log file
Code: Select all
]...cpsrvd [+]...lfd [+]...mailscanner [+]...named [+]...Done
[Sun Dec 7 20:52:54 2008] Service check ....clamav [Unable to connect to port -Notification => me@myhost.com via EMAIL [level => 1]
Restarting clamav....
Posted: 08 Dec 2008, 08:46
by Sarah
Are you seeing any clamav related errors in the maillog?
Posted: 08 Dec 2008, 12:51
by docbreed
Sarah wrote:Are you seeing any clamav related errors in the maillog?
Code: Select all
Dec 8 06:01:02 chicago1 update.virus.scanners: Found clamav installed
Dec 8 06:01:02 chicago1 update.virus.scanners: Running autoupdate for clamav
Dec 8 06:01:02 chicago1 ClamAV-autoupdate[11605]: ClamAV did not need updating
Dec 8 06:01:02 chicago1 update.virus.scanners: Found generic installed
Dec 8 06:01:02 chicago1 update.virus.scanners: Running autoupdate for generic
Dec 8 06:01:13 chicago1 MailScanner[10643]: New Batch: Forwarding 1 unscanned messages, 1766 bytes
Dec 8 06:01:13 chicago1 MailScanner[10643]: Unscanned: Delivered 1 messages
Dec 8 06:01:13 chicago1 MailScanner[10643]: Virus and Content Scanning: Starting
Dec 8 06:01:13 chicago1 MailScanner[10643]: Logging message 1L9enX-000331-59 to SQL
Dec 8 06:01:13 chicago1 MailScanner[10540]: 1L9enX-000331-59: Logged to MailWatch SQL
Dec 8 06:01:18 chicago1 pop3d: Connection, ip=[::ffff:1.31.238.52]
Dec 8 06:01:18 chicago1 pop3d: LOGIN, user=skh@domain.com, ip=[::ffff:1.31.238.52], port=[4704]
Dec 8 06:01:18 chicago1 pop3d: LOGOUT, user=skh@domain.com, ip=[::ffff:1.31.238.52], port=[4704], top=0, retr=0, rcvd=12, sent=39, time=0
Dec 8 06:01:19 chicago1 MailScanner[10633]: New Batch: Forwarding 1 unscanned messages, 3533 bytes
Dec 8 06:01:19 chicago1 MailScanner[10633]: Unscanned: Delivered 1 messages
Dec 8 06:01:19 chicago1 MailScanner[10633]: Virus and Content Scanning: Starting
Dec 8 06:01:19 chicago1 MailScanner[10633]: Logging message 1L9enc-00033J-6y to SQL
Dec 8 06:01:19 chicago1 MailScanner[10540]: 1L9enc-00033J-6y: Logged to MailWatch SQL
By looks of it finds updates on the hour every hour and installs it. but I'm receiving the Failed emails about every ten mins.
Posted: 08 Dec 2008, 16:07
by Sarah
Is clamd actually running if you look for it in ps axf? Are there two entries for clamav/clamd in Service Manager?
Posted: 08 Dec 2008, 16:35
by docbreed
Code: Select all
root@chicago1 [/var/log]# ps axf|grep clam
17369 pts/0 S+ 0:00 \_ grep clam
2149 ? Ssl 0:08 /usr/local/sbin/clamd
Posted: 08 Dec 2008, 20:43
by docbreed
Service Manager has
clamav
enabled and monitored...
I do not see a clamd in the list...
Posted: 10 Dec 2008, 10:25
by Sarah
I'm not sure what's happening on your server. I presume you've tested the virus scanner by sending the eicar test virus, or otherwise confirmed that virus scanning is occurring. It may be a problem with chkservd itself. You could contact cPanel if you're concerned about it.
Posted: 10 Dec 2008, 15:17
by docbreed
I did the virus test and watching mailwatch it did grab it. I did post on cpanel forums hopefully I find an answer soon.
http://forums.cpanel.net/showthread.php ... post453349
--Jeremy
Posted: 13 Dec 2008, 13:16
by docbreed
ok so i was running whm 11.23 and upgraded last night to whm 11.24 and clamav had the tick box.. Thanks.
--Jeremy