Hi,
My clamav server is down and I am receiving thousands of clamd failed mails.
I have already forced the update of Mailscanner, clamav and MSFE, but
The only report I saw during clamav update was:
Stopping clamd: [FAILED]
Starting clamd: [FAILED]
Anyone has the same issue? What more should I check to trace the origin of the problem?
Thanks
Hilário
[INDENT]clamd failed @ Sun Jan 10 09:52:28 2010. A restart was attempted automagically.
Service Check Method: [check command]
Cmd Service Check Raw Output: clamd is not running or is crashed.
[/INDENT]
Clamav is down
I'm having the same issue. Today, all of the suddenly, two of our servers started sending these clamav failed message (until the /tmp directory filled up).
I forced a clamav upgrade and restarted apache. That seemed to solve the issue for about five minutes. So I came here (since I had WaytotheWeb install this on all my servers).
Now trying what Sarah suggested....
Okay, this is what I get for log output:
Mon Feb 15 14:48:19 2010 -> +++ Started at Mon Feb 15 14:48:19 2010
Mon Feb 15 14:48:19 2010 -> clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386, CPU$
Mon Feb 15 14:48:19 2010 -> Log file size limited to 1048576 bytes.
Mon Feb 15 14:48:19 2010 -> Reading databases from /usr/local/share/clamav
Mon Feb 15 14:48:19 2010 -> Not loading PUA signatures.
Mon Feb 15 14:48:20 2010 -> ERROR: Broken or not a CVD file
Mon Feb 15 14:48:20 2010 -> Closing the main socket.
Not sure what all that means. PUA signatures, CVD file?
How do I fix it so the problem goes away?
Thanks in advance for any assistance.
I forced a clamav upgrade and restarted apache. That seemed to solve the issue for about five minutes. So I came here (since I had WaytotheWeb install this on all my servers).
Now trying what Sarah suggested....
Okay, this is what I get for log output:
Mon Feb 15 14:48:19 2010 -> +++ Started at Mon Feb 15 14:48:19 2010
Mon Feb 15 14:48:19 2010 -> clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386, CPU$
Mon Feb 15 14:48:19 2010 -> Log file size limited to 1048576 bytes.
Mon Feb 15 14:48:19 2010 -> Reading databases from /usr/local/share/clamav
Mon Feb 15 14:48:19 2010 -> Not loading PUA signatures.
Mon Feb 15 14:48:20 2010 -> ERROR: Broken or not a CVD file
Mon Feb 15 14:48:20 2010 -> Closing the main socket.
Not sure what all that means. PUA signatures, CVD file?
How do I fix it so the problem goes away?
Thanks in advance for any assistance.
Sounds like a problem with the signature databases. Try removing the files in /usr/local/share/clamav/ and then run freshclam, then restart clamd.
Regards,
Sarah
Edit: It might also be the filesize limit problem. Do you see an error relating to file size when you restart clamd at the command prompt? If so, please see this post: showpost.php?p=7108&postcount=4
You might have to up the ulimit to 40000 if it's already at 30000.
Regards,
Sarah
Edit: It might also be the filesize limit problem. Do you see an error relating to file size when you restart clamd at the command prompt? If so, please see this post: showpost.php?p=7108&postcount=4
You might have to up the ulimit to 40000 if it's already at 30000.