Antivirus not starting

17322JustinC · Post by **17322JustinC** » Tue Oct 04, 2005 9:47 am

I've done a fresh install of FC4 and then installed Zimbra (modified hosts and created the appropriate symlinks). The installation appears to work in that I can provision domains and set up users. I can also log in as a user. When Zimbra receives an email the antivirus scanning fails. When zimbra is started it indicates that the antivirus is not working.
At startup I get the following.
[QUOTE]RESPONSE: (Zimbra::Mon::serviceInfo)

antispam

status Running

antivirus

status Stopped

ldap

status Running

mailbox

status Running

mta

status Running

snmp

status Stopped[/QUOTE]
When a mail is received and passed to amavis I get this in the zimbra.log
[QUOTE]Oct 5 00:20:05 zimbra amavis[21088]: (21088-02) Using ClamAV-clamd: (built-in interface)

Oct 5 00:20:05 zimbra amavis[21088]: (21088-02) Using (ClamAV-clamd) on dir: CONTSCAN /opt/zimbra/amavisd/tmp/amavis-20051005T002005-21088/parts

Oct 5 00:20:05 zimbra amavis[21088]: (21088-02) ClamAV-clamd: Connecting to socket 127.0.0.1:3310

Oct 5 00:20:05 zimbra amavis[21088]: (21088-02) ClamAV-clamd: Can't connect to INET socket 127.0.0.1

Connection refused, retrying (1)

Oct 5 00:20:05 zimbra amavis[21088]: (21088-02) ClamAV-clamd: sleeping for 1 s

Oct 5 00:20:06 zimbra amavis[21088]: (21088-02) ClamAV-clamd: Connecting to socket 127.0.0.1:3310, retry #1

Oct 5 00:20:06 zimbra amavis[21088]: (21088-02) ClamAV-clamd: Can't connect to INET socket 127.0.0.1

Connection refused, retrying (2)

Oct 5 00:20:06 zimbra amavis[21088]: (21088-02) ClamAV-clamd: sleeping for 6 s

Oct 5 00:20:06 zimbra postfix/smtpd[32189]: connect from localhost.localdomain[127.0.0.1]

Oct 5 00:20:06 zimbra postfix/smtpd[32189]: disconnect from localhost.localdomain[127.0.0.1]

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) ClamAV-clamd: Connecting to socket 127.0.0.1:3310, retry #2

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1

Connection refused) at (eval 40) line 264.

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) WARN: all primary virus scanners failed, considering backups

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1

Connection refused) at (eval 40) line 264.

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) PRESERVING EVIDENCE in /opt/zimbra/amavisd/tmp/amavis-20051005T002005-21088
Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) TIMING [total 7133 ms] - SMTP EHLO: 3 (0%)0, SMTP pre-MAIL: 1 (0%)0, mkdir tempdir: 0 (0%)0, create email.txt: 0 (0%)0, lookup_ldap: 91 (1%)1, SMTP pre-DATA-flush: 2 (0%)1, SMTP DATA: 0 (0%)1, body_hash: 2 (0%)1, gen_mail_id: 0 (0%)1, mkdir parts: 0 (0%)1, mime_decode: 10 (0%)2, get-file-type1: 10 (0%)2, parts_decode: 0 (0%)2, AV-scan-1: 7012 (98%)100, rundown: 1 (0%)100

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) extra modules loaded: Net/LDAP/Bind.pm

Oct 5 00:20:12 zimbra amavis[21088]: (21088-02) load: 0 %, total idle 2966.369 s, busy 14.256 s

[/QUOTE]
Has anyone else had a similar problem?
Justin.

14319KevinH · Post by **14319KevinH** » Tue Oct 04, 2005 11:00 am

Anything in your install log point to the problem? (it's in /tmp)

marcmac · Post by **marcmac** » Tue Oct 04, 2005 11:01 am

do an ldd on clamd, and make sure it's finding all it's libraries. Also, zmclamdctl start may shed some light.

jacko · Post by **jacko** » Tue Oct 04, 2005 11:07 am

Hi Justin,
I had exactly the same problem, same platform (FC4 clean install). I was getting:
/opt/zimbra/clamav/sbin/clamd: error while loading shared libraries: libgmp.so.3: cannot open shared object file: No such file

or directory
in: /opt/zimbra/log/clamd.log
I had to install gmp.
yum gmp.i386
After that I restarted Zimbra:
su - zimbra

zmcontrol stop followed by zmcontrol start
and then AV started and the mail came flooding in. I am still unable to get SNMP to start though, have a thread running here for that:

Hopefully">http://www.zimbra.com/forums/showthread.php?t=232
Hopefully the above should sort you out, if not clamd.log will probably shed some light.

17322JustinC · Post by **17322JustinC** » Tue Oct 04, 2005 6:40 pm

Thanks guys, it's fixed now. ldd and clamd.log showed that libgmp was missing, I've installed that and it's all working fine. I'm seeing the same snmp problem that jacko is, will look into this further.
Kevin, I had a look at the install log. There are a couple of errors in there I'm not sure about.
After adding the certificate to the keystore I get:

[QUOTE]keytool error: java.io.FileNotFoundException: /opt/zimbra/java/jre/lib/security/cacerts (Permission denied)[/QUOTE]
and after importing the server certificate:

[QUOTE]keytool error: java.lang.Exception: Failed to establish chain from reply[/QUOTE]
Not sure if it's something I need to be worried about, SSL seems to work.
Justin.

marcmac · Post by **marcmac** » Tue Oct 04, 2005 6:45 pm

Those aren't important errors, when you create a self signed cert - the second one, in particular, just means that there's no CA for the certificate.