Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Antivirus Crashing nightly

  1. #11
    dionrowney is offline Active Member
    Join Date
    Mar 2008
    Posts
    31
    Rep Power
    7

    Default zmcontrol stop

    We stop the server every night to do the rsync to guarentee the setup is in a steady state for the backup. We assume It was during the restart that the AV usually died.

    Here is our script
    Code:
    #!/bin/sh
    #
    # This scripts monitors the AV status and if it does not restart successfully in morning
    # it will start it again.
    #
    
    export PATH=$PATH:/opt/zimbra/bin
    AVSTATUS=`zmcontrol status |grep antivirus|awk '{ print $2 }'`
    
    date
    echo Antivirus is $AVSTATUS
    
    if [[ $AVSTATUS != "Running" ]]; then
            #Start the AV service if not running
            echo Antivirus was not running after backup - Attempting start of antivirus
            zmclamdctl restart
            zmcontrol status
    fi
    
    date
    Also : I just checked the log for this script and it turns out to be having to start the service ever 5 - 7 days or so. So the AV is still failing. Changing th update and backup times didnt fix it.

    Here is the error I see when the system attempts to start:

    Code:
            Starting ldap...Done.
            Starting logger...Done.
            Starting mailbox...Done.
            Starting antispam...Done.
            Starting antivirus...FAILED
    amavisd already running: pid 19085
    ClamAV update process started at Fri Jan 23 03:52:47 2009
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.93.3 Recommended version: 0.94.2
    DON'T PANIC! Read http://www.clamav.net/support/faq
    
    Downloading main-49.cdiff [100%]
    
    main.cld updated (version: 49, sigs: 437972, f-level: 35, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 33, recommended = 35
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: getfile: daily-7652.cdiff not found on remote server (IP: 64.246.134.219)
    WARNING: getpatch: Can't download daily-7652.cdiff from db.us.clamav.net
    WARNING: getfile: daily-7652.cdiff not found on remote server (IP: 138.123.96.134)
    WARNING: getpatch: Can't download daily-7652.cdiff from db.us.clamav.net
    WARNING: getfile: daily-7652.cdiff not found on remote server (IP: 64.246.134.219)
    WARNING: getpatch: Can't download daily-7652.cdiff from db.us.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    
    Downloading daily.cvd [100%]
    
    daily.cvd updated (version: 8895, sigs: 61157, f-level: 38, builder: mcichosz)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 33, recommended = 38
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Database updated (499129 signatures) from db.us.clamav.net (IP: 208.67.80.27)
    WARNING: Clamd was NOT notified: Can't connect to clamd on 127.0.0.1:3310
    connect(): Connection refused
    clamd failed to start
    
    
            Starting snmp...Done.
            Starting spell...Done.
            Starting mta...Done.
            Starting stats...Done.
    Last edited by dionrowney; 01-23-2009 at 09:58 AM.
    --
    Zimbra 6.0.3
    CentOS 5.3

  2. #12
    dmmincrjr is offline Member
    Join Date
    Jul 2007
    Posts
    12
    Rep Power
    7

    Default

    Thank you for posting the script. I have implemented it as a cron job to run a few minutes after my nightly backup stops. I just started experiencing this issue on Tuesday 1/20/09 after having the backup run successfully for over a year. I changed to FIOS for internet access on Monday 1/19 and received a new static ip so I am not sure if this had something to do with this problem developing. The machine is behind a firewall and I am using the split-dns setup so I did not need to make any configuration changes on the mail server. It's just weird the problem showed up after making the switch however. The backup has run correctly 2 out of the 5 nights since the change. I can stop and start zimbra manually and it always starts without the error occurring. It just seems to be from the cron job their is an issue. I am running version 5.0.11 on Centos 4.5. My log files appear to show the same information as contained in previous posts. Hopefully someone will be able to come up with what is causing this error to occur.

  3. #13
    pjfawcett is offline New Member
    Join Date
    May 2007
    Posts
    3
    Rep Power
    7

    Default

    I have been having the same problem, i.e. Antivirus not starting after a shutdown for backup.

    Looking through the logs there appeared to be some correlation between clamd not starting and freshclam taking a longer time to download updates (either because there were more updates or because of download failures and necessary retries).

    I wondered if the "Can't open file /opt/zimbra/data/clamav/db/main.cvd" error might be due to some clash between clamd trying to load the virus definitions while freshclam is still trying to update them.

    I am currently running version 5.0.12 on Ubuntu 8.04 64 bit.

    I am going to edit "/opt/zimbra/bin/zmclamdctl" so that freshclam is not started until clamd has successfully started.

    I'll give it a few days to see if the problem goes away.
    Last edited by pjfawcett; 03-24-2009 at 02:53 AM.

  4. #14
    pjfawcett is offline New Member
    Join Date
    May 2007
    Posts
    3
    Rep Power
    7

    Default

    Ah well. That didn't fix things. It failed on the next startup, but not on the following (manual) one.

    Will need to invetigate further.

  5. #15
    gbrandt is offline Member
    Join Date
    Oct 2007
    Posts
    13
    Rep Power
    7

    Default

    I'm getting this as well. Ubuntu 8.04 LTS, 5.0.14. Occasionally on a restart after backup I get:

    LibClamAV Error: cli_load(): Can't open file /opt/zimbra/data/clamav/db/main.cvd

    This happens every 4 or 5 days.

    Any solutions yet? Has anybody filed a bug report?

  6. #16
    pjfawcett is offline New Member
    Join Date
    May 2007
    Posts
    3
    Rep Power
    7

    Default Antivirus Crashing nightly - My current workaround

    I haven't filed a bug report on this. I think it is a ClamAV error rather than a Zimbra error. The fact that Zimbra isn't running the latest ClamAV code adds further complication.

    As a work around I use the following approach:

    I have a script '/root/StartZimbra.sh' as follows:

    Code:
    #!/bin/bash
    su -c 'zmcontrol start' -l zimbra
    In my experience, aided by some examination of the code, it is safe to run this command when Zimbra is running - in such circumstances it will just start those services that are not currently running (in my case the 'antivirus').

    I then have a crontab entry for the 'root' user as follows:

    Code:
    #
    # Try to ensure Zimbra is running fully (in case something didn't start after reboot
    #
    00 03 * * * /root/StartZimbra.sh
    The 03:00am time is chosen to be about half an hour after Zimbra has been restarted following shutdown for backup.

    If the antivirus has failed to start after the backup then this second script has, to date, always succeeded in starting it. As I said above, it is safe to run this even if all the other services are running so I don't bother with any checks to see if it is already running.

    The result of this is that, when the AV fails to start (which is still does every now and then) it is only down for about half an hour. During that time messages get queued internally but clear when the AV is started. (Most of them are spam at that time of night).

    I can tell if the AV has failed because the "Daily mail report" will show a slew of errors between 2:30am and 3:00am.

    As I said, the error still occurs every few days, but with this workaround it is no longer much of a problem and so tracing the root cause has slipped down my priority list.

  7. #17
    dmmincrjr is offline Member
    Join Date
    Jul 2007
    Posts
    12
    Rep Power
    7

    Default

    I also have not filed as bug report but am still experiencing the problem. I have upgraded to version 5.0.16 hoping each upgrade would correct the problem as I am not sure if it lies with Zimbra or Clam. The restart script provided earlier in this thread has always restarted anti-virus. You just need to add the script back to the cron jobs after upgrades. My anti-virus again failed to start this morning and here is the snippet of text from the freshclam.log

    Code:
    ClamAV update process started at Thu May 14 04:58:35 2009
    ERROR: Problem with internal logger (UpdateLogFile = /opt/zimbra/log/freshclam.log).
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.94.1 Recommended version: 0.95.1
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Trying host db.us.clamav.net (168.143.19.95)...
    Downloading main-50.cdiff [100%]
    main.cld updated (version: 50, sigs: 500667, f-level: 38, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 38
    DON'T PANIC! Read http://www.clamav.net/support/faq
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (168.143.19.95)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (168.143.19.95)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host db.us.clamav.net (168.143.19.95)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9357, sigs: 49175, f-level: 42, builder: neo)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 42
    DON'T PANIC! Read http://www.clamav.net/support/faq
    Database updated (549842 signatures) from db.us.clamav.net (IP: 168.143.19.95)
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310
    The error problem with internal logger is showing up in the freshclam.log when it fails. I can't figure out what is causing the problem or how to fix and why it might work for a week or better and then fail for a couple days. However like I said the script seems to restart the service so as long as that works this is down on my priority list even though it is annoying.

  8. #18
    paper is offline Starter Member
    Join Date
    Jan 2009
    Posts
    2
    Rep Power
    6

    Default

    Hello,

    I've had similar problems, every few days my clam stopped working

    Sat Sep 5 02:16:28 2009 -> --- Stopped at Sat Sep 5 02:16:28 2009
    Sat Sep 5 02:16:40 2009 -> +++ Started at Sat Sep 5 02:16:40 2009
    Sat Sep 5 02:16:40 2009 -> clamd daemon 0.94.1-broken-compiler (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
    Sat Sep 5 02:16:40 2009 -> Log file size limited to 20971520 bytes.
    Sat Sep 5 02:16:40 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sat Sep 5 02:16:40 2009 -> Not loading PUA signatures.
    LibClamAV Error: Can't load /opt/zimbra/data/clamav/db/main.cvd: MD5 verification error
    Sat Sep 5 02:16:41 2009 -> ERROR: MD5 verification error
    ERROR: MD5 verification error


    This began cycling (with corrupted DB) and mails were not going through. 'zmclamdctl restart' did not help me, since DB was corrupted. I modified a script i got here to:

    Code:
    #!/bin/sh
    #
    # This scripts monitors the AV status and if it does not restart successfully in morning
    # it will start it again.
    #
    
    AVSTATUS=`zmcontrol status |grep antivirus|awk '{ print $2 }'`
    
    date >> /root/backupscripts/zimbra_av.log
    echo Antivirus is $AVSTATUS >> /root/backupscripts/zimbra_av.log
    
    if [ $AVSTATUS != "Running" ]
    then
      echo Antivirus was not running, restoring clamdb and restarting.
      /opt/zimbra/bin/zmclamdctl stop >> /root/backupscripts/zimbra_av.log
      rm -rf /opt/zimbra/data/clamav/db/* >> /root/backupscripts/zimbra_av.log
      /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf >> /root/backupscripts/zimbra_av.log
      /opt/zimbra/bin/zmclamdctl start >> /root/backupscripts/zimbra_av.log
    fi
    
    AVSTATUS=`zmcontrol status |grep antivirus|awk '{ print $2 }'`
    echo Antivirus is $AVSTATUS >> /root/backupscripts/zimbra_av.log
    
    date >> /root/backupscripts/zimbra_av.log
    I'll see how it goes in next days, in few tests when I manually crashed clam, it helped. My zimbra version: Release 5.0.16_GA_2921.UBUNTU8_64 UBUNTU8_64 FOSS edition

    Best Regards

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 5
    Last Post: 05-28-2009, 12:53 AM
  2. Antivirus keeps restarting (ZCS Network ed 4.5.11)
    By jcapel in forum Administrators
    Replies: 1
    Last Post: 02-18-2008, 09:38 AM
  3. Replies: 45
    Last Post: 11-28-2007, 06:39 PM
  4. AntiVirus unable to connect to localhost
    By net4home in forum Administrators
    Replies: 15
    Last Post: 07-25-2007, 05:55 PM
  5. AntiVirus won't run - error accessing mail queues
    By mrambo3501 in forum Administrators
    Replies: 2
    Last Post: 07-25-2007, 08:45 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •