[SOLVED] Antivirus not running, sending all mail to deferred queue
Posted: Sun Jul 01, 2007 9:55 pm
I had my Zimbra server crash hard today, requiring a power cycle to get up again. After the reboot zmcontrol reported antivirus was not running. Soon after I noticed mail getting diverted into the deferred queue and this in the logs:
Jul 2 10:01:35 Zimbra-Computer amavis[684]: (00684-01) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1 Connection refused, retrying (2)
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!!)ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0
.1 Connection refused) at (eval 54) line 269.
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!!)WARN: all primary virus scanners failed, considering backups
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED:
Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1 Connection refused) at (eval 54) line 269.
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!)PRESERVING EVIDENCE in /opt/zimbra/amavisd/tmp/amavis-20070702T100133-00684
After a clean shutdown and reboot the situation persists, and now I also see snmp is not running ('swatch not running'). I have tried turning off antivirus in the server settings (web interface). Still incoming mail is getting stuck in the deferred queue for the same reason as above.
Any and all help would be welcomed. Looking though the forum archives I see a few posts about this, but none that give me a solution.
The server is: Release 4.5.5_GA_838.MACOSX, Zimbra, Inc. MACOSX NETWORK edition
More details: after turning off antivirus and antispam (using web admin), then turning them back on I was able to get mail going into mailboxes with repeated use of postqueue -f. Now incoming mail does appear to be getting into mailboxes. However 'zmcontrol status' still reports:
antivirus Stopped
zmclamdctl is not running
ldap Running
logger Running
mailbox Running
mta Running
snmp Stopped
swatch is not running
Curiously ps aux shows:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
zimbra 21633 96.0 1.8 40500 15424 ?? Rs 4:01PM 0:33.89 /opt/zimbra/clamav/sbin/clamd --config-file /opt/zimbra/conf/clamd.conf
Clamd.log shows no errors, just lots of instances of:
Mon Jul 2 15:46:25 2007 -> +++ Started at Mon Jul 2 15:46:25 2007
Mon Jul 2 15:46:25 2007 -> clamd daemon 0.90.2 (OS: darwin8.7.0, ARCH: ppc, CPU: powerpc)
Mon Jul 2 15:46:25 2007 -> Log file size limited to 20971520 bytes.
Mon Jul 2 15:46:25 2007 -> Reading databases from /opt/zimbra/clamav/db
Looks like clamd is trying to start and failing over and over.
thanks,
Ron.
Jul 2 10:01:35 Zimbra-Computer amavis[684]: (00684-01) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1 Connection refused, retrying (2)
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!!)ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0
.1 Connection refused) at (eval 54) line 269.
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!!)WARN: all primary virus scanners failed, considering backups
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED:
Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1 Connection refused) at (eval 54) line 269.
Jul 2 10:01:41 Zimbra-Computer amavis[684]: (00684-01) (!)PRESERVING EVIDENCE in /opt/zimbra/amavisd/tmp/amavis-20070702T100133-00684
After a clean shutdown and reboot the situation persists, and now I also see snmp is not running ('swatch not running'). I have tried turning off antivirus in the server settings (web interface). Still incoming mail is getting stuck in the deferred queue for the same reason as above.
Any and all help would be welcomed. Looking though the forum archives I see a few posts about this, but none that give me a solution.
The server is: Release 4.5.5_GA_838.MACOSX, Zimbra, Inc. MACOSX NETWORK edition
More details: after turning off antivirus and antispam (using web admin), then turning them back on I was able to get mail going into mailboxes with repeated use of postqueue -f. Now incoming mail does appear to be getting into mailboxes. However 'zmcontrol status' still reports:
antivirus Stopped
zmclamdctl is not running
ldap Running
logger Running
mailbox Running
mta Running
snmp Stopped
swatch is not running
Curiously ps aux shows:
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
zimbra 21633 96.0 1.8 40500 15424 ?? Rs 4:01PM 0:33.89 /opt/zimbra/clamav/sbin/clamd --config-file /opt/zimbra/conf/clamd.conf
Clamd.log shows no errors, just lots of instances of:
Mon Jul 2 15:46:25 2007 -> +++ Started at Mon Jul 2 15:46:25 2007
Mon Jul 2 15:46:25 2007 -> clamd daemon 0.90.2 (OS: darwin8.7.0, ARCH: ppc, CPU: powerpc)
Mon Jul 2 15:46:25 2007 -> Log file size limited to 20971520 bytes.
Mon Jul 2 15:46:25 2007 -> Reading databases from /opt/zimbra/clamav/db
Looks like clamd is trying to start and failing over and over.
thanks,
Ron.