Code: Select all
Release 8.8.12.GA.3794.UBUNTU14.64 UBUNTU14_64 FOSS edition, Patch 8.8.12_P4.
Clamd version (from freshclam.log):
Code: Select all
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.4 Recommended version: 0.101.2
I can manually restart zimbra with a "zontrol restart" but it comes back every few days.
Today, I decided to take a look at what might be causing this and found this in the log when the zimbra services start
Code: Select all
Jul 30 11:51:30 mail clamd[30211]: TCP: Bound to [127.0.0.1]:3310
Jul 30 11:51:30 mail clamd[30211]: TCP: Setting connection queue length to 200
Jul 30 11:51:30 mail clamd[30211]: LOCAL: Unix socket file /opt/zimbra/data/clamav/clamav.sock
Jul 30 11:51:30 mail clamd[30211]: LOCAL: Setting connection queue length to 200
Jul 30 11:51:30 mail clamd[30211]: daemonize() failed: Cannot allocate memory
Jul 30 11:51:30 mail clamd[30211]: Socket file removed.
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!)connect to /opt/zimbra/data/clamav/clamav.sock failed, attempt #1: Can't connect to a UNIX socket /opt/zimbra/data/clamav/clamav.sock: No such file or directory
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /opt/zimbra/data/clamav/clamav.sock (All attempts (1) failed connecting to /opt/zimbra/data/clamav/clamav.sock) at (eval 148) line 613.\n
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!)WARN: all primary virus scanners failed, considering backups
Jul 30 11:51:30 mail amavis[30041]: (30041-01) (!!)AV: ALL VIRUS SCANNERS FAILED
Code: Select all
zimbra@mail:~/data/clamav$ zmcontrol status
Host mail.myhost.com
amavis Running
antispam Running
antivirus Running
dnscache Running
ldap Running
logger Running
mailbox Running
memcached Running
mta Running
opendkim Running
proxy Running
service webapp Running
snmp Running
spell Running
stats Running
zimbra webapp Running
zimbraAdmin webapp Running
zimlet webapp Running
zmconfigd Running
zimbra@mail:~/data/clamav$ zmantivirusctl stop
Stopping clamd...done.
Stopping freshclam...done.
zimbra@mail:~/data/clamav$ zmantivirusctl start
Starting amavisd-mc...amavisd-mc is already running.
Starting amavisd...amavisd is already running.
Starting clamd...failed.
Starting freshclam...done.
zimbra@mail:~/data/clamav$ zmantivirusctl restart
Stopping amavisd... done.
Stopping amavisd-mc... done.
Starting amavisd-mc...done.
Starting amavisd...done.
Stopping clamd...done.
Starting clamd...failed.
Stopping freshclam...done.
Starting freshclam...done.
zimbra@mail:~/data/clamav$ zmclamdctl status
clamd is running.
zimbra@mail:~/data/clamav$ zmclamdctl stop
Stopping clamd...done.
zimbra@mail:~/data/clamav$ zmclamdctl start
Starting clamd...failed.
zimbra@mail:~/data/clamav$ zmantivirusctl status
antivirus is running
zimbra@mail:~/data/clamav$ zmclamdctl status
clamd is running.
Any idea what's going on?
I did find that I had some duplicates in /opt/zimbra/data/clamav/db/
Code: Select all
zimbra@mail:~/data/clamav/db$ ls -al
total 479508
drwxr-xr-x 10 zimbra zimbra 4096 Jul 30 12:16 .
drwxrwxr-x 4 zimbra zimbra 4096 Jul 30 12:16 ..
-rw-r----- 1 zimbra zimbra 1013248 Jan 2 2019 bytecode.cld
-rw-r----- 1 zimbra zimbra 207879 Jul 30 11:52 bytecode.cvd
drwxr-x--- 2 zimbra zimbra 4096 May 21 2016 clamav-067d7d74e7db25496b87dbf761186fe1.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 9 2016 clamav-278a82d9b2c3fd7be2d4619e1652882b.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 9 2016 clamav-4d234370c55f3805833208b2e6a4870c.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 9 2016 clamav-4e0ab5775afb14c96bf117438cd53466.tmp
drwxr-x--- 2 zimbra zimbra 4096 Nov 13 2016 clamav-60e9d3622749eee696cda4a47066900e.tmp
drwxr-x--- 2 zimbra zimbra 4096 May 13 2016 clamav-79abe18ba0ab500e60858078dd42eb79.tmp
drwxr-x--- 2 zimbra zimbra 4096 Jun 1 2016 clamav-97fe75be43aacdf44e1b5a983578b096.tmp
drwxr-x--- 2 zimbra zimbra 4096 May 21 2016 clamav-c4caf97b60239b9a82cc51161cb5398b.tmp
-rw-r----- 1 zimbra zimbra 136675328 Jul 29 20:02 daily.cld
-rw-r----- 1 zimbra zimbra 45067320 Jul 30 11:50 daily.cvd
-rw-r----- 1 zimbra zimbra 307499008 Jul 30 11:50 main.cld
-rw------- 1 zimbra zimbra 2548 Jul 30 12:16 mirrors.dat
Code: Select all
cd /opt/zimbra/data/clamav/db/
mv *.* /tmp/clamavdbback/
/opt/zimbra/common/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
Code: Select all
zimbra@mail:~/data/clamav/db$ ls -al
total 159532
drwxr-xr-x 2 zimbra zimbra 4096 Jul 30 14:16 .
drwxrwxr-x 4 zimbra zimbra 4096 Jul 30 13:18 ..
-rw-r----- 1 zimbra zimbra 207879 Jul 30 12:48 bytecode.cvd
-rw-r----- 1 zimbra zimbra 45067320 Jul 30 12:46 daily.cvd
-rw-r----- 1 zimbra zimbra 117892267 Jul 30 12:46 main.cvd
-rw------- 1 zimbra zimbra 52 Jul 30 14:16 mirrors.dat
I will wait a few days to see if the unchecked issue comes back.
Any suggestions on what the problems are with the lock file?