[SOLVED] Antivirus not running, messages ***UNCHECKED***, but...

[Labsy]

Hi,

Talking about: Release 8.8.15.GA.3829.UBUNTU16.64 UBUNTU16_64 FOSS edition, Patch 8.8.15_P43.

After applying latest patch P42 + Patch P43 (via apt-get update) and reboot, I noticed all messages being marked with ***UNCHECKED***. Of course, ClamAV not running probably:

Code: Select all

        amavis                  Running
        antispam                Running
        antivirus               Stopped
                zmclamdctl is not running
                zmfreshclamctl is not running
        ldap                    Running
        logger                  Running

Dunno if related, but checked ports 10024 to 10026...Amavis is there listening:

Code: Select all

tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      420/amavisd (ch9-av
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      344/smtpd
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      420/amavisd (ch9-av
tcp6       0      0 ::1:10024               :::*                    LISTEN      420/amavisd (ch9-av
tcp6       0      0 ::1:10026               :::*                    LISTEN      420/amavisd (ch9-av

Tried to start ClamAV service, but failed:

Code: Select all

zmclamdctl start
Starting clamd...failed.

Sep 13 23:46:05 zimbra amavis[6333]: (06333-16) ClamAV-clamd: Connecting to socket  /opt/zimbra/data/clamav/clamav.sock, retry #2
Sep 13 23:46:05 zimbra amavis[6333]: (06333-16) new socket by IO::Socket::UNIX to /opt/zimbra/data/clamav/clamav.sock, timeout set to 10
Sep 13 23:46:05 zimbra amavis[6333]: (06333-16) (!)connect to /opt/zimbra/data/clamav/clamav.sock failed, attempt #1: Can't connect to a UNIX socket /opt/zimbra/data/clamav/clamav.sock: No such file or directory
Sep 13 23:46:05 zimbra amavis[6333]: (06333-16) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /opt/zimbra/data/clamav/clamav.sock (All attempts (1) failed connecting to /opt/zimbra/data/clamav/clamav.sock) at /opt/zimbra/common/lib/perl5/Amavis/AV.pm line 663.\n
Sep 13 23:46:05 zimbra amavis[6333]: (06333-16) (!)WARN: all primary virus scanners failed, considering backups
Sep 13 23:46:05 zimbra amavis[6333]: (06333-16) (!!)AV: ALL VIRUS SCANNERS FAILED

Tried to delete and refresh ClamDB, but failed:

Code: Select all

~/data/clamav/db$ freshclam --config-file=/opt/zimbra/conf/freshclam.conf -v
freshclam: error while loading shared libraries: libcrypto.so.1.1: cannot open shared object file: No such file or directory

Looks like OpenSSL 1.1 is required, but on Ubuntu 16.04 latest is 1.0.1. Sjit...too much for my poor linux knowledge.

So my temporary workaround was to just disable Amavis to modify message headers with ***UNCHECKED***, which also cripled DKIM (as headers are modified). I edited line 856 in /opt/zimbra/common/lib/perl5/Amavis/Conf.pm like this:

Code: Select all

 $undecipherable_subject_tag = undef; # default was '***UNCHECKED***'

Any suggestion how to approach to repairing ClamAV / FreshClam services? All are Zimbra-specific, so I do not want to go usual route.

NOTE: I am using apt-get update and apt-get upgrade only.
Should I try apt update and apt upgrade instead, or even apt full-upgrade or apt-get dist-upgrade instead?

[brunob]

Hey, whatever the problem is: You should urgently consider upgrading your OS.
Ubuntu 16.04 is EOL since two years. You are running at a high security risk.

[Labsy]

Hey, whatever the problem is: You should urgently consider upgrading your OS.
Ubuntu 16.04 is EOL since two years. You are running at a high security risk.

SOLVED!
First off, I wanted to upgrade OS, but did not want to proceed from cripled system. So my first goal was to resolve the issue, leave it for a week or two to be sure, only then proceed with upgrading distribution.
So, what solved the problem was simply upgrade all packages with apt-get dist-upgrade, which not only updated existing packages, but also dependencies. After reboot Zimbra is back fully functional.