ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Clamav is down

https://mail.forum.configserver.com/viewtopic.php?t=3138

Page 1 of 1

Clamav is down

Posted: 10 Jan 2010, 12:04
by hilario
Hi,
My clamav server is down and I am receiving thousands of clamd failed mails.
I have already forced the update of Mailscanner, clamav and MSFE, but
The only report I saw during clamav update was:
Stopping clamd: [FAILED]
Starting clamd: [FAILED]

Anyone has the same issue? What more should I check to trace the origin of the problem?

Thanks
Hilário
[INDENT]clamd failed @ Sun Jan 10 09:52:28 2010. A restart was attempted automagically.
Service Check Method: [check command]
Cmd Service Check Raw Output: clamd is not running or is crashed.
[/INDENT]

Posted: 22 Jan 2010, 10:21
by Sarah
You could try setting up logging in clamd to see if that gives you any clues.

edit /usr/local/etc/clamd.conf

Uncomment:

#LogFile /tmp/clamd.log
#LogTime yes
#LogVerbose yes

Posted: 15 Feb 2010, 22:44
by maverick
I'm having the same issue. Today, all of the suddenly, two of our servers started sending these clamav failed message (until the /tmp directory filled up).

I forced a clamav upgrade and restarted apache. That seemed to solve the issue for about five minutes. So I came here (since I had WaytotheWeb install this on all my servers).

Now trying what Sarah suggested....

Okay, this is what I get for log output:

Mon Feb 15 14:48:19 2010 -> +++ Started at Mon Feb 15 14:48:19 2010
Mon Feb 15 14:48:19 2010 -> clamd daemon 0.95.3 (OS: linux-gnu, ARCH: i386, CPU$
Mon Feb 15 14:48:19 2010 -> Log file size limited to 1048576 bytes.
Mon Feb 15 14:48:19 2010 -> Reading databases from /usr/local/share/clamav
Mon Feb 15 14:48:19 2010 -> Not loading PUA signatures.
Mon Feb 15 14:48:20 2010 -> ERROR: Broken or not a CVD file
Mon Feb 15 14:48:20 2010 -> Closing the main socket.


Not sure what all that means. PUA signatures, CVD file?

How do I fix it so the problem goes away?

Thanks in advance for any assistance.

Posted: 16 Feb 2010, 06:41
by Sarah
Sounds like a problem with the signature databases. Try removing the files in /usr/local/share/clamav/ and then run freshclam, then restart clamd.

Regards,
Sarah

Edit: It might also be the filesize limit problem. Do you see an error relating to file size when you restart clamd at the command prompt? If so, please see this post: showpost.php?p=7108&postcount=4

You might have to up the ulimit to 40000 if it's already at 30000.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited