Re: [clamav-users] Failed to start Generic clamav scanner daemon.
Hi Ged, Thanks for your help. I deleted bytecode.cvd and main.cvd but the service still not be started. The output is as below. I can wait till you are available. Thanks. [root@tplinuxuhgdb2 clamav]# ls bytecode.cld daily.cld main.cld mirrors.dat [root@tplinuxuhgdb2 clamav]# systemctl start clamd@scan.service Job for clamd@scan.service failed because the control process exited with error code. See "systemctl status clamd@scan.service" and "journalctl -xe" for details. [root@tplinuxuhgdb2 clamav]# journalctl -xe -- -- Unit clamd@scan.service has failed. -- -- The result is failed. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Unit clamd@scan.service entered failed state. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service failed. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service holdoff time over, scheduling restart. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Stopped clamd scanner (scan) daemon. -- Subject: Unit clamd@scan.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit clamd@scan.service has finished shutting down. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Starting clamd scanner (scan) daemon... -- Subject: Unit clamd@scan.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit clamd@scan.service has begun starting up. Jun 16 16:23:28 tplinuxuhgdb2.localdomain clamd[4888]: Received 0 file descriptor(s) from systemd. Jun 16 16:23:28 tplinuxuhgdb2.localdomain clamd[4888]: Please define server type (local and/or TCP). Jun 16 16:23:28 tplinuxuhgdb2.localdomain clamd[4887]: ERROR: Please define server type (local and/or TCP). Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service: control process exited, code=exited status=1 Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Failed to start clamd scanner (scan) daemon. -- Subject: Unit clamd@scan.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit clamd@scan.service has failed. -- -- The result is failed. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Unit clamd@scan.service entered failed state. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service failed. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service holdoff time over, scheduling restart. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Stopped clamd scanner (scan) daemon. -- Subject: Unit clamd@scan.service has finished shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit clamd@scan.service has finished shutting down. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: start request repeated too quickly for clamd@scan.service Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Failed to start clamd scanner (scan) daemon. -- Subject: Unit clamd@scan.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit clamd@scan.service has failed. -- -- The result is failed. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Unit clamd@scan.service entered failed state. Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: clamd@scan.service failed. BR, Eric. G.W. Haywood via clamav-users 於 2021年6月16日 週三 下午2:43寫道: > Hi Eric, > > On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote: > > > The ClamAV was installed in the oracle server two years ago. The > > clamd@scan.service could be started and running for a long time. The > > following output is from the command of "clamconf -n" in the oracle > server. > > Please help me confirm if it could find the cause. Thanks. > > > > [root@tplinuxuhgdb2 clamd.d]# clamconf -n > > [...snip...] > > Database information > > > > Database directory: /var/lib/clamav > > daily.cld: version 26202, sigs: 3989629, built on Tue Jun 15 19:21:24 > 2021 > > bytecode.cld: version 333, sigs: 92, built on Mon Mar 8 23:21:51 2021 > > main.cld: version 59, sigs: 4564902, built on Mon Nov 25 21:56:15 2019 > > bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 23:21:51 2021 > > main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 21:56:15 2019 > > Total number of signatures: 13119617 > > [...snip...] > > I haven't looked in depth at the output but at first sight this looks > wrong. Again I don't know if it's causing your problem. For both the > main.* and the bytecode.* signatures in your database, you have both a > .cld and a .cvd file. They are two different representations of the > same thing; a .cvd file is compressed and a .cld file is not. Perhaps > you can try deleting one of them, then (re)start clamd. > > The build information is a little overwhelming compared to mine (see > below). I don't know what it might be telling m
Re: [clamav-users] Failed to start Generic clamav scanner daemon.
Hi Eric, On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote: [...] I deleted bytecode.cvd and main.cvd but the service still not be started. The output is as below. [...] [root@tplinuxuhgdb2 clamav]# systemctl start clamd@scan.service Job for clamd@scan.service failed [...] "journalctl -xe" for details. [root@tplinuxuhgdb2 clamav]# journalctl -xe [...] Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Starting clamd scanner (scan) daemon... [...] Jun 16 16:23:28 tplinuxuhgdb2.localdomain clamd[4887]: ERROR: Please define server type (local and/or TCP). [...] In the clamd configuration file there should be a definition for the socket on which clamd will listen - it is either a Unix socket, or a TCP socket. Do you have a line in the file which defines the socket? If not, since you say that the scanner has been working for two years it seems that something (possibly an upgrade?) has changed it. It's not a bad idea to include configuration files in your backups. Here is last night's backup of my clamd server's clamd configuration file; as it happens it was a 'full' backup (using BackupPC), it is backup number 483 and its size is 27752 bytes, last modified in May: clamd_tcp3.conf file 0644 483 27752 2021-05-15 13:59:48 I often run more than one clamd daemon, which is why I names this differently from the defaults for upstream and the distributions. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Problem with clamdscan and SELinux
On Tue, Jun 15, 2021 at 7:19 PM G.W. Haywood via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi there, > > On Tue, 15 Jun 2021, Lee, Raymond via clamav-users wrote: > > > ... I don't want this thread to become a debate about whether or not to > > scan the entire system. I was just looking for insight into my question > > about clamd and SELinux. > > Sure, with you. FWIW I don't scan Linux systems. Primarily I use > ClamAV to scan mail, and I'm not especially interested in malware. > > As far as SELinux is concerned it seems to me that it's most likely > doing what it's supposed to do. My personal take on is that there's > no reason on Earth to scan a shadow_t type file with ClamAV, and if > you do let it do that you risk a vulnerability in ClamAV ruining your > whole holiday. I don't know why you aren't seeing the log messages > which you're expecting to see, perhaps it's a permissions issue too. > > I figured it out! Apparently, there were dontaudit rules that were preventing the SELinux denials from being logged to audit.log. I temporarily disabled the dontaudit rules with 'semodule -DB' and then re-ran clamdscan with SELinux in Permissive mode. Then I saw the AVC denial messages in audit.log and was able to use audit2allow to generate a local policy to allow clamd to read the files that it was previously unable to. > In case it's interesting, here's the detection performance of some > scanners for the last 40 malicious emails processed by my systems: > > 30 fortinet.com > 28 drweb.com > 26 gdatasoftware.com > 26 escanav.com > 26 bitdefender.com > 25 avast.com > 20 sophos.com > 20 ikarus.at > 19 eset.com >7 f-secure.com >5 f-prot.com >3 clamav.net >0 trendmicro.com > > The detection numbers were obtained by manually inspecting attempts to > send suspicious mail to our servers, and after confirming that the mail > was malicious, submitting samples to Jotti's malware scan: > > https://virusscan.jotti.org/ > > This was by no means a scientific experiment. The sample size was > very samll; the malware chose to be in the study, not the other way > around; some of the 40 samples were almost identical; there may be > issues with the way in which samples were presented to the scanners > which skews the comparitive results. But as you can see, even the > best performer only found three out of four. > > LOL, I guess you get what you pay for. Maybe I'll install the clamav-unofficial-sigs package to hopefully get a better detection rate. Thanks for your insight! -- Kind Regards, Ray > It's food for thought. > > -- > > 73, > Ged. > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Notice: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy the message and attachments without retaining a copy. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Failed to start Generic clamav scanner daemon.
Hi Ged, The ClamAV was never upgraded until I found the service couldn't be started yesterday. I executed the command of "clamconf" and got the following results. Thanks for your help. Checking configuration files in /etc Config file: clamd.d/scan.conf -- AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile disabled LogFileUnlock disabled LogFileMaxSize = "1048576" LogTime disabled LogClean disabled LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled ExtendedDetectionInfo disabled PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket disabled LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "200" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "10" ReadTimeout = "120" CommandReadTimeout = "30" SendBufTimeout = "500" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "600" ConcurrentDatabaseReload = "yes" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamscan" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "1" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertBrokenMedia disabled AlertEncrypted disabled StructuredCCOnly disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10" PCRERecMatchLimit = "2000" PCREMaxFileSize = "26214400" OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled OnAccessCurlTimeout = "5000" OnAccessMaxThreads = "5" OnAccessRetryAttempts disabled OnAccessDenyOnError disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled AlgorithmicDetection = "yes" BlockMax disabled PhishingAlwaysBlockSSLMismatch disabled PhishingAlwaysBlockCloak disabled PartitionIntersection disabled OLE2BlockMacros disabled ArchiveBlockEncrypted disabled Config file: freshclam.conf --- LogFileMaxSize = "1048576" LogTime disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled UpdateLogFile disabled DatabaseOwner = "clamupdate" Checks = "12" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "database.clamav.net" PrivateMirror disabled MaxAttempts = "3" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled ExcludeDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamd.d/scan.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout disabled Bytecode = "yes" mail/clamav-milter.conf not found Software settings - Version: 0.103.2 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information Database directory: /var/lib/clamav daily.cld: version 26203, sigs: 3989972, built on Wed Jun 16 19:07:58 2021 bytecode.cld: version 333, sigs: 92, built on Mon
Re: [clamav-users] Failed to start Generic clamav scanner daemon.
Hi Eric, On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote: G.W. Haywood via clamav-users 於 2021年6月16日 週三 下午6:25寫道: In the clamd configuration file there should be a definition for the socket on which clamd will listen - it is either a Unix socket, or a TCP socket. Do you have a line in the file which defines the socket? If not, since you say that the scanner has been working for two years it seems that something (possibly an upgrade?) has changed it. ... The ClamAV was never upgraded until I found the service couldn't be started yesterday. I executed the command of "clamconf" and got the following results. [...] [...] Checking configuration files in /etc Config file: clamd.d/scan.conf [...] LocalSocket disabled LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled [...] If everything you say is true then I suspect that clamd has never run on your system. There is no local socket defined and no TCP socket, so clamd has nothing to which it can listen. If you wish to run the clamd daemon, you *must* choose which type of socket you want it to use, and set that up in its configuration file. -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Failed to start Generic clamav scanner daemon.
Hi Ged, Please teach me how to configure these sockets. Why can it scan these files as below if the clamd never run? [root@tplinuxuhgdb2 clamav]# clamscan -r /home /home/oracle/.bash_logout: OK /home/oracle/.bashrc: OK /home/oracle/.cache/gdm/session.log.old: Empty file /home/oracle/.cache/gdm/session.log: Empty file /home/oracle/.cache/imsettings/log.bak: OK /home/oracle/.cache/imsettings/log: OK /home/oracle/.cache/gnome-shell/update-check-3.22: Empty file /home/oracle/.cache/gnome-shell/update-check-3.28: Empty file /home/oracle/.cache/tracker/db-version.txt: OK /home/oracle/.cache/tracker/meta.db: OK /home/oracle/.cache/tracker/db-locale.txt: OK /home/oracle/.cache/tracker/ontologies.gvdb: OK /home/oracle/.cache/tracker/parser-sha1.txt: OK /home/oracle/.cache/tracker/locale-for-miner-user-guides.txt: OK /home/oracle/.cache/tracker/locale-for-miner-apps.txt: OK /home/oracle/.cache/tracker/last-crawl.txt: OK /home/oracle/.cache/tracker/first-index.txt: OK /home/oracle/.cache/tracker/meta.db-wal: OK /home/oracle/.cache/tracker/meta.db-shm: OK /home/oracle/.cache/event-sound-cache.tdb.tplinuxuhgdb2.localdomain.x86_64-redhat-linux-gnu: OK /home/oracle/.cache/abrt/applet_dirlist: Empty file /home/oracle/.cache/abrt/lastnotification: OK /home/oracle/.cache/gnome-software/3.22/ratings/odrs.json: OK /home/oracle/.cache/gnome-software/3.22/extensions/gnome.json: OK /home/oracle/.cache/gnome-software/3.22/flatpak/installation-tmp/repo/config: OK /home/oracle/.cache/gnome-software/3.22/flatpak/installation-tmp/.changed: Empty file /home/oracle/.cache/gnome-software/odrs/ratings.json: OK /home/oracle/.cache/gnome-software/shell-extensions/gnome.json: OK /home/oracle/.cache/gstreamer-1.0/registry.x86_64.bin: OK /home/oracle/.cache/fontconfig/3f821257dd33660ba7bbb45c32deb84c-le64.cache-4: OK /home/oracle/.cache/fontconfig/CACHEDIR.TAG: OK /home/oracle/.cache/fontconfig/46d51d90fe9d963f6f4186edb936a931-le64.cache-4: OK /home/oracle/.cache/fontconfig/75726aeed9fe8691fd29315754d820cc-le64.cache-4: OK /home/oracle/.cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-le64.cache-4: OK /home/oracle/.cache/fontconfig/3c3fb04d32a5211b073874b125d29701-le64.cache-4: OK /home/oracle/.cache/fontconfig/2e1514a9fdd499050989183bb65136db-le64.cache-4: OK /home/oracle/.cache/fontconfig/bb3dfe132a8a0633a017c99ce0c0-le64.cache-4: OK /home/oracle/.cache/fontconfig/2881ed3fd21ca306ddad6f9b0dd3189f-le64.cache-4: OK /home/oracle/.cache/fontconfig/e0636055caa850f70f1a6db008fc4729-le64.cache-4: OK /home/oracle/.cache/fontconfig/3640555adad8a8f6978400293cfce7ab-le64.cache-4: OK /home/oracle/.cache/fontconfig/47f48679023f44a4d1e44699a69464f6-le64.cache-4: OK /home/oracle/.cache/fontconfig/29c8f5b6bf15d25ebb2e963855ab41be-le64.cache-4: OK /home/oracle/.cache/fontconfig/87f5e051180a7a75f16eb6fe7dbd3749-le64.cache-4: OK /home/oracle/.cache/fontconfig/928306c3ad40271d946e41014a49fc28-le64.cache-4: OK /home/oracle/.cache/fontconfig/900402270e15d763a6e008bb2d4c7686-le64.cache-4: OK /home/oracle/.cache/fontconfig/0fef740e1edd47736fa2cccff935ab7c-le64.cache-4: OK /home/oracle/.cache/fontconfig/b6801251-8f1b-4121-b2eb-93877adc50d2-le64.cache-7: OK /home/oracle/.cache/fontconfig/0251a5afa6ac727a1e32b7d4d4aa7cf0-le64.cache-4: OK /home/oracle/.cache/fontconfig/df893b4576ad6107f9397134092c4059-le64.cache-4: OK /home/oracle/.cache/fontconfig/f132fa2327207a6ac3298c0518879731-le64.cache-4: OK /home/oracle/.cache/fontconfig/d51eeab6-f16e-4e4f-93b5-b2eb9b42ae7f-le64.cache-7: OK /home/oracle/.cache/fontconfig/12b26b760a24f8b4feb03ad48a333a72-le64.cache-4: OK /home/oracle/.cache/fontconfig/fa2b533b7056bdadb961f088bc0a978b-le64.cache-4: OK /home/oracle/.cache/fontconfig/e26bf336397aae6fcef4d3803472adec-le64.cache-4: OK /home/oracle/.cache/fontconfig/b14e78aa9400ae7a28193faee1d62280-le64.cache-7: OK /home/oracle/.cache/fontconfig/614d1caaa4d7914789410f6367de37ca-le64.cache-4: OK /home/oracle/.cache/fontconfig/d290456e58f67f52b0f8f224126f9ea8-le64.cache-4: OK /home/oracle/.cache/fontconfig/12513961c6e7090f8648812f9eaf65d6-le64.cache-4: OK /home/oracle/.cache/fontconfig/e4c10840-9d0d-4ca6-84e7-36328cdd7cd1-le64.cache-7: OK /home/oracle/.cache/fontconfig/f9d379b867d7c69c85310a4f24e5228f-le64.cache-4: OK /home/oracle/.cache/fontconfig/d759ee9cd048e494517a1be23d25a662-le64.cache-4: OK /home/oracle/.cache/fontconfig/f951a6bc01c50d58ac4af16a0108457e-le64.cache-4: OK /home/oracle/.cache/fontconfig/99a1ce9f8b6a0434aadb01d3779b0780-le64.cache-4: OK /home/oracle/.cache/fontconfig/211368abcb0ff835c229ff05c9ec01dc-le64.cache-4: OK /home/oracle/.cache/fontconfig/ac68f755438cc3dc5a526084839fc7ca-le64.cache-4: OK /home/oracle/.cache/fontconfig/b4d0b56f766d89640448751fcd18ec1e-le64.cache-4: OK /home/oracle/.cache/fontconfig/81a173283b451552b599cfaafd6236bd-le64.cache-4: OK /home/oracle/.cache/fontconfig/d3379abda271c4acd2ad0c01f565d0b0-le64.cache-4: OK /home/oracle/.cache/fontconfig/860639f272b8b4b3094f9e399e41bccd-le64.cache-4: OK /home/oracle/.cache/fontconfig/0b1bcc92b4d25cc15
Re: [clamav-users] Failed to start Generic clamav scanner daemon.
Hi Eric, On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote: Please teach me how to configure these sockets. Please read the documentation. A lot of people (including me, in a small way) have spent a lot of time working on it. It would be so very rewarding for them to see that they didn't waste their time. https://www.clamav.net/documents/configuration#clamdconf Why can it scan these files as below if the clamd never run? https://www.clamav.net/documents/usage -- 73, Ged. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] clamav error
Hello, Suddenly, we are getting the following error in clamd.log file Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file ERROR Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or directory ERROR We have checked up all the permission and ownership. There is no change in it. We still have the old version of clamav - 0.99 on our mail server. We are in the process of upgrading with a new server. Meanwhile, we need to run the server without any issue. We request kind help. With Regards Jigar Raval ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
On 17/06/2021 13:30, Jigar via clamav-users wrote: Hello, Suddenly, we are getting the following error in clamd.log file Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file ERROR Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or directory ERROR We have checked up all the permission and ownership. There is no change in it. We still have the old version of clamav - 0.99 on our mail server. We are in the process of upgrading with a new server. Meanwhile, we need to run the server without any issue. We request kind help. Have you checked that whatever file system contains "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not run out of space? Cheers, GaryB-) ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamav error
Hello, Following is disk space status. It appears no issue with disk space. /dev/sda375G 50G 22G 71% / With Regards Jigar Raval On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt wrote: > > On 17/06/2021 13:30, Jigar via clamav-users wrote: > > Hello, > > > > Suddenly, we are getting the following error in clamd.log file > > > > Thu Jun 17 08:52:49 2021 -> > > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: > > Can't create new file ERROR > > Thu Jun 17 08:52:49 2021 -> > > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: > > Can't open file or directory ERROR > > > > We have checked up all the permission and ownership. There is no change in > > it. > > > > We still have the old version of clamav - 0.99 on our mail server. We > > are in the process of upgrading with a new server. Meanwhile, we need > > to run the > > server without any issue. We request kind help. > > > Have you checked that whatever file system contains > "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not > run out of space? > > Cheers, > GaryB-) > > ___ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
