[SOLVED] Antivirus not running, sending all mail to deferred queue

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Ron Haines
Posts: 15
Joined: Fri Sep 12, 2014 10:37 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by Ron Haines »

OS X Disk Utility found damaged directories and repaired them. Disk verified OK after this. Ran the 4.5.5 installer as an upgrade and ran zmsetup without problems. After all the services had started up zmcontrol status showed anti-virus stopped. Clamd is still dying and was again causing mail to get stuck in the deferred queue. Using the web admin I turned off anti-virus, then used zmcontrol stop/zmcontrol start and postqueue -f to get mail moving again. Something that was corrupted in the crash and wasn't replaced by re-running the installer is killing clamd. The last line in clamd.log before it dies is 'Reading databases from /opt/zimbra/clamav/db'. Can I rebuild the contents of this directory (should I? and how?).

Also ran zmfixperms and tried starting clamd after that. Still doesn't start properly, doesn't get to writing out its pid file.

Thanks again to the good folk who have offered advice.

Ron.
User avatar
jholder
Ambassador
Ambassador
Posts: 4824
Joined: Fri Sep 12, 2014 10:00 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by jholder »

**Not official Zimbra advice,
But I'd remove the /opt/zimbra/clamav/db dir, and upgrade to 4.5.6 :)
Ron Haines
Posts: 15
Joined: Fri Sep 12, 2014 10:37 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by Ron Haines »

[quote user="jholder"]**Not official Zimbra advice,
But I'd remove the /opt/zimbra/clamav/db dir, and upgrade to 4.5.6 :)[/QUOTE]
I'm hoping someone can alert me to the consequences of removing clamav/db. Does an upgrade install anything into clamav/db/? I have backups of the whole of /opt/zimba/ which I could use to restore clamav/db to how it was after the initial install.
And I will update to 4.5.6, however I am running Zimbra primarily for one 'very important user'. I want to upgrade the outlook connector on their machine when I upgrade the server but the user's computer is on the other side of the planet right now. So the upgrade to 4.5.6 will have to wait a while. :)
While poking around the server I noticed the free disk space was a lot less than I recall it being. Looking at the disk space reported in the logs by zimbramon I could see it dropping alarmingly since this clamd problem began. A little hunting found hundreds of directories like clamav-5145907358182416d2857299a25a3434 in /var/tmp, each taking about 19M. Could be another clue to clamd's problems. The perms on /var/tmp look OK.
jadjei
Posts: 4
Joined: Fri Sep 12, 2014 10:36 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by jadjei »

[quote user="Ron Haines"]I'm hoping someone can alert me to the consequences of removing clamav/db. [/QUOTE]
I think these files are the virus databases updated by freshclam, so I reckon they're safe to delete or temporarily move at least.
[quote user="Ron Haines"]A little hunting found hundreds of directories like clamav-5145907358182416d2857299a25a3434 in /var/tmp, each taking about 19M. Could be another clue to clamd's problems. The perms on /var/tmp look OK.[/QUOTE]
I had the same symptoms as you... possibly caused by a server crash corrupting files.. or perhaps running out of space in /tmp.
Everything is sort of running now, but I had to cludge things a little.
I updated clamav to the latest version using this wiki entry...

Updating CLAMAV - ZimbraWiki
I deleted all the clamav-* directories in /tmp.
I reran the install in upgrade mode.
Clamd still won't report as running using 'zmcontrol status' or 'zmclamdctl status', and the error is always

'cat: /opt/zimbra/log/clamd.pid: No such file or directory'.
By grepping for the clamd process, I can find it and get it's PID tho, so when I fake the clamd.pid file antivirus is reported as running by zmcontrol status.
Something still needs fixing as 'zmclamdctl restart' puts me back in the same position, but at least outgoing mail works again.



$ zmclamdctl start

$ ps aux | grep clamd
zimbra 28500 12.7 2.6 32500 27480 ? Ss 11:36 1:41 /opt/zimbra/clamav/sbin/clamd --config-file /opt/zimbra/conf/clamd.conf
$ echo 28500 > /opt/zimbra/log/clamd.pid

$ zmclamdctl status

Ron Haines
Posts: 15
Joined: Fri Sep 12, 2014 10:37 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by Ron Haines »

[quote user="jadjei"]I updated clamav to the latest version using this wiki entry...

Updating CLAMAV - ZimbraWiki
I deleted all the clamav-* directories in /tmp.
I reran the install in upgrade mode.
Clamd still won't report as running using 'zmcontrol status' or 'zmclamdctl status', and the error is always

'cat: /opt/zimbra/log/clamd.pid: No such file or directory'.

[/QUOTE]
I think our problems with clamd are very similar, if not identical. Given the list of sensible things you've done and still don't have clamd running properly, I'm going to leave my server as is for now. All the mail entering my server has passed through an AV scan on our campus mailservers so having clamav running isn't a big deal for me. But it does worry me that part of Zimbra just won't work on my installation.
Did you ever delete clamav/db/ or clean it out?
phxmark
Posts: 9
Joined: Fri Sep 12, 2014 10:11 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by phxmark »

I too am having this trouble of getting calmav running. Is there a bug we don't know about?
Krishopper
Outstanding Member
Outstanding Member
Posts: 769
Joined: Fri Sep 12, 2014 10:23 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by Krishopper »

I'm having this identical issue as well. I disabled clamav on my OS X machine and redirected my MX records to another machine as I didn't have time to look into it. Mail queues up, clamd keeps dying, with hundreds of directories for clamd under /var/tmp/.. it actually filled up a 300GB hard drive which was only 30% full prior to that issue starting.
Experienced the issue in 4.5.5, upgraded to 4.5.6, removed the db directory, and still had the issue.. but as I said, I disabled clam and haven't looked into it further.
Mac OS X is 10.4.10 (it was on 10.4.9 with the same issue as well), PPC machine.
jadjei
Posts: 4
Joined: Fri Sep 12, 2014 10:36 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by jadjei »

My Zimbra is back fully working again now. I upgraded to the latest version(4.5.6_GA_1044.FC5_20070706162711), and tried deleting '/opt/zimbra/clamav/db'. I can't say if that did anything, and I suspect not. Trying to restart zimbra, running a virus db update and restarting just the av part still resulted in the same error. The only way to get things going was by manually creating the pid file.

However after a reboot, everything was up and running, and subsequents restarts of Zimbra have been fine. It's been happy for a couple of weeks now. I hate when reboots fix things.. feels so windows :)
algogr
Posts: 2
Joined: Fri Sep 12, 2014 10:41 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by algogr »

I had this problem today and now is solved without even an upgrade.I feel very lucky since i can see that the solution took you 3 weeks to be solved and you posted it right when i faced the problem.Thanks again
algogr
Posts: 2
Joined: Fri Sep 12, 2014 10:41 pm

[SOLVED] Antivirus not running, sending all mail to deferred queue

Post by algogr »

After a zimbra restart i had the same problem so i did a little hack and now everything is working fine even after zimbra restarts. I created an empty file

/opt/zimbra/log/clamd.pid.fake as zimbra user. Then as root user i inserted

cp /opt/zimbra/log/clamd.pid.fake /opt/zimbra/log/clamd.pid

in /opt/zimbra/bin/zmantivirusctl right after the line

/opt/zimbra/bin/$i start norewrite

and now everything works fine since everytime clamav starts it creates the clamd.pid file from clamd.pid.fake.

!!!Attention!!!

Be sure to backup the /opt/zimbra/bin/zmantivirusctl file before making any change just in case something goes wrong
Post Reply