Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 26

Thread: Antivirus failing to start in scripted restart

  1. #11
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    So here's the logs, errors, and what I did in more detail (and I apologize, this post is a book):

    First of all, as mentioned above, I do a nightly stop & restart of Zimbra services in order to do a shell script backup. On Zimbra restart, I find the following error shows up in /opt/zimbra/log/clamd.log (this is the snippet from Zimbra services stop until the error):
    Code:
    Sun Aug  2 22:01:27 2009 -> Pid file removed.
    Sun Aug  2 22:01:27 2009 -> --- Stopped at Sun Aug  2 22:01:27 2009
    Sun Aug  2 22:04:20 2009 -> +++ Started at Sun Aug  2 22:04:20 2009
    Sun Aug  2 22:04:20 2009 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Sun Aug  2 22:04:20 2009 -> Log file size limited to 20971520 bytes.
    Sun Aug  2 22:04:20 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sun Aug  2 22:04:20 2009 -> Not loading PUA signatures.
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
    LibClamAV Warning: ***********************************************************
    LibClamAV Error: cli_load(): Can't open file /opt/zimbra/data/clamav/db/main.cvd
    Sun Aug  2 22:04:41 2009 -> ERROR: Can't open file or directory
    ERROR: Can't open file or directory
    At the same timestamp of this error, I find the following in /var/log/zimbra.log:
    Code:
    Aug  2 22:04:15 mail amavis[5351]: starting.  /opt/zimbra/amavisd/sbin/amavisd at mail.XXXXX.com amavisd-new-2.5.4 (20080312), Unicode aware, LANG="C"
    Aug  2 22:04:15 mail amavis[5351]: user=1001, EUID: 1001 (1001);  group=, EGID: 1001 1002 1001 5 4 (1001 1002 1001 5 4)
    Aug  2 22:04:15 mail amavis[5351]: Perl version               5.008007
    Aug  2 22:04:16 mail amavis[5351]: SpamControl: init_pre_chroot done
    Aug  2 22:04:16 mail amavis[5371]: Net::Server: Process Backgrounded
    Aug  2 22:04:16 mail amavis[5371]: Net::Server: 2009/08/02-22:04:16 Amavis (type Net::Server::PreForkSimple) starting! pid(5371)
    Aug  2 22:04:16 mail amavis[5371]: Net::Server: Binding to UNIX socket file /opt/zimbra/data/amavisd/amavisd.sock using SOCK_STREAM
    Aug  2 22:04:16 mail amavis[5371]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
    Aug  2 22:04:16 mail amavis[5371]: Net::Server: Group Not Defined.  Defaulting to EGID '1001 1002 1001 5 4'
    Aug  2 22:04:16 mail amavis[5371]: Net::Server: User Not Defined.  Defaulting to EUID '1001'
    Aug  2 22:04:17 mail amavis[5371]: Module Amavis::Conf        2.094
    Aug  2 22:04:17 mail amavis[5371]: Module Archive::Zip        1.26
    Aug  2 22:04:17 mail amavis[5371]: Module Compress::Zlib      1.42
    Aug  2 22:04:17 mail amavis[5371]: Module Convert::TNEF       0.17
    Aug  2 22:04:17 mail amavis[5371]: Module Convert::UUlib      1.12
    Aug  2 22:04:17 mail amavis[5371]: Module DBD::mysql          4.011
    Aug  2 22:04:17 mail amavis[5371]: Module DBI                 1.608
    Aug  2 22:04:17 mail amavis[5371]: Module DB_File             1.82
    Aug  2 22:04:17 mail amavis[5371]: Module Digest::MD5         2.33
    Aug  2 22:04:17 mail amavis[5371]: Module Digest::SHA1        2.11
    Aug  2 22:04:17 mail amavis[5371]: Module IO::Socket::INET6   2.56
    Aug  2 22:04:17 mail amavis[5371]: Module MIME::Entity        5.426
    Aug  2 22:04:17 mail amavis[5371]: Module MIME::Parser        5.426
    Aug  2 22:04:17 mail amavis[5371]: Module MIME::Tools         5.426
    Aug  2 22:04:17 mail amavis[5371]: Module Mail::Header        2.04
    Aug  2 22:04:17 mail amavis[5371]: Module Mail::Internet      2.04
    Aug  2 22:04:17 mail amavis[5371]: Module Mail::SpamAssassin  3.002005
    Aug  2 22:04:17 mail amavis[5371]: Module Net::DNS            0.65
    Aug  2 22:04:17 mail amavis[5371]: Module Net::LDAP           0.39
    Aug  2 22:04:17 mail amavis[5371]: Module Net::Server         0.97
    Aug  2 22:04:17 mail amavis[5371]: Module Time::HiRes         1.9719
    Aug  2 22:04:17 mail amavis[5371]: Module URI                 1.37
    Aug  2 22:04:17 mail amavis[5371]: Module Unix::Syslog        1.1
    Aug  2 22:04:17 mail amavis[5371]: Amavis::DB code      NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: Amavis::Cache code   NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: SQL base code        NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: SQL::Log code        NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: SQL::Quarantine      NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: Lookup::SQL code     NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: Lookup::LDAP code    loaded
    Aug  2 22:04:17 mail amavis[5371]: AM.PDP-in proto code loaded
    Aug  2 22:04:17 mail amavis[5371]: SMTP-in proto code   loaded
    Aug  2 22:04:17 mail amavis[5371]: Courier proto code   NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: SMTP-out proto code  loaded
    Aug  2 22:04:17 mail amavis[5371]: Pipe-out proto code  NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: BSMTP-out proto code NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: Local-out proto code loaded
    Aug  2 22:04:17 mail amavis[5371]: OS_Fingerprint code  NOT loaded
    Aug  2 22:04:17 mail amavis[5371]: ANTI-VIRUS code      loaded
    Aug  2 22:04:17 mail amavis[5371]: ANTI-SPAM code       loaded
    Aug  2 22:04:17 mail amavis[5371]: ANTI-SPAM-SA code    loaded
    Aug  2 22:04:17 mail amavis[5371]: Unpackers code       loaded
    Aug  2 22:04:17 mail amavis[5371]: Found $file            at /usr/bin/file
    Aug  2 22:04:17 mail amavis[5371]: No $dspam,             not using it
    Aug  2 22:04:17 mail amavis[5371]: No $altermime,         not using it
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .mail
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .asc
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .uue
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .hqx
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .ync
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
    Aug  2 22:04:17 mail amavis[5371]: Found decoder for    .Z    at /bin/uncompress
    Aug  2 22:04:17 mail amavis[5371]: Found decoder for    .gz   at /bin/gzip -d
    Aug  2 22:04:17 mail amavis[5371]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .lzo  tried: lzop -d
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio
    Aug  2 22:04:17 mail amavis[5371]: Found decoder for    .cpio at /bin/cpio
    Aug  2 22:04:17 mail amavis[5371]: Found decoder for    .tar  at /bin/cpio
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .deb  tried: ar
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .zip
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .7z   tried: 7zr, 7za, 7z
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .rar  tried: rar, unrar
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .arj  tried: arj, unarj
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .arc  tried: nomarch, arc
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .zoo  tried: zoo, unzoo
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .lha  tried: lha
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .cab  tried: cabextract
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .tnef tried: tnef
    Aug  2 22:04:17 mail amavis[5371]: Internal decoder for .tnef
    Aug  2 22:04:17 mail amavis[5371]: No decoder for       .exe  tried: rar, unrar; lha; arj, unarj
    Aug  2 22:04:17 mail amavis[5371]: Using primary internal av scanner code for ClamAV-clamd
    Aug  2 22:04:17 mail amavis[5371]: SpamControl: initializing Mail::SpamAssassin
    Aug  2 22:04:17 mail zimbramon[3892]: 3892:info: Starting antivirus via zmcontrol
    Aug  2 22:04:18 mail amavis[5371]: SpamControl: init_pre_fork done
    Aug  2 22:04:20 mail clamd[5463]: clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Aug  2 22:04:20 mail clamd[5463]: Log file size limited to 20971520 bytes.
    Aug  2 22:04:20 mail clamd[5463]: Reading databases from /opt/zimbra/data/clamav/db
    Aug  2 22:04:20 mail clamd[5463]: Not loading PUA signatures.
    (slapd section that is another process snipped out)
    Aug  2 22:04:33 mail zmmailboxdmgr[5484]: status requested
    Aug  2 22:04:33 mail zmmailboxdmgr[5484]: status OK
    Aug  2 22:04:41 mail clamd[5463]: Can't open file or directory
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: antispam: Running
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: antivirus: Stopped
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: ldap: Running
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: logger: Running
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: mailbox: Running
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: mta: Stopped
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: snmp: Stopped
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: spell: Stopped
    Aug  2 22:04:41 mail zimbramon[5199]: 5199:info: 2009-08-02 22:04:02, STATUS: mail.XXXXX.com: stats: Stopped
    My original workaround, was to put a batch file together and call it at 22:25 to restart amavis services. Here's the batch:
    Code:
    #!/bin/bash
    sudo -u zimbra /opt/zimbra/bin/zmantivirusctl restart
    The log shows that this batch starts clamd properly. Here's clamd.log (notice the "can't open file or directory" error DOES NOT OCCUR:
    Code:
    Sun Aug  2 22:26:46 2009 -> +++ Started at Sun Aug  2 22:26:46 2009
    Sun Aug  2 22:26:46 2009 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Sun Aug  2 22:26:46 2009 -> Log file size limited to 20971520 bytes.
    Sun Aug  2 22:26:46 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sun Aug  2 22:26:46 2009 -> Not loading PUA signatures.
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
    LibClamAV Warning: ***********************************************************
    Sun Aug  2 22:26:56 2009 -> Loaded 606527 signatures.
    Sun Aug  2 22:26:56 2009 -> TCP: Bound to port 3310
    Sun Aug  2 22:26:56 2009 -> TCP: Setting connection queue length to 15
    Sun Aug  2 22:26:56 2009 -> Limits: Global size limit set to 15728640 bytes.
    Sun Aug  2 22:26:56 2009 -> Limits: File size limit set to 15728640 bytes.
    Sun Aug  2 22:26:56 2009 -> Limits: Recursion level limit set to 16.
    Sun Aug  2 22:26:56 2009 -> Limits: Files limit set to 10000.
    Sun Aug  2 22:26:56 2009 -> Archive support enabled.
    Sun Aug  2 22:26:56 2009 -> Archive: Blocking encrypted archives.
    Sun Aug  2 22:26:56 2009 -> Algorithmic detection enabled.
    Sun Aug  2 22:26:56 2009 -> Portable Executable support enabled.
    Sun Aug  2 22:26:56 2009 -> ELF support enabled.
    Sun Aug  2 22:26:56 2009 -> Mail files support enabled.
    Sun Aug  2 22:26:56 2009 -> OLE2 support enabled.
    Sun Aug  2 22:26:56 2009 -> PDF support enabled.
    Sun Aug  2 22:26:56 2009 -> HTML support enabled.
    Sun Aug  2 22:26:56 2009 -> Self checking every 600 seconds.
    Sun Aug  2 22:39:06 2009 -> No stats for Database check - forcing reload
    Sun Aug  2 22:39:07 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sun Aug  2 22:39:13 2009 -> Database correctly reloaded (606527 signatures)
    Sun Aug  2 22:54:09 2009 -> SelfCheck: Database status OK.
    So, given that the file error exists in the first startup at 22:04, I created a symlink in /opt/zimbra/data/clamav/db/:
    Code:
    root@mail:/opt/zimbra/data/clamav/db# ls
    clamav-993a64a7d6f0432d89f853e25550dc71  daily.cld  main.cld  mirrors.dat
    root@mail:/opt/zimbra/data/clamav/db# ln -s main.cld main.cvd
    root@mail:/opt/zimbra/data/clamav/db# ls
    clamav-993a64a7d6f0432d89f853e25550dc71  daily.cld  main.cld  main.cvd  mirrors.dat
    root@mail:/opt/zimbra/data/clamav/db#
    Cheers,

    Dan

  2. #12
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Part 2 of logs and what I did:
    With that I let my usual processes happen again last night. clamd.log shows that our missing file error did not occur:
    Code:
    Mon Aug  3 22:01:40 2009 -> Pid file removed.
    Mon Aug  3 22:01:40 2009 -> --- Stopped at Mon Aug  3 22:01:40 2009
    Mon Aug  3 22:04:39 2009 -> +++ Started at Mon Aug  3 22:04:39 2009
    Mon Aug  3 22:04:39 2009 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Mon Aug  3 22:04:39 2009 -> Log file size limited to 20971520 bytes.
    Mon Aug  3 22:04:39 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Mon Aug  3 22:04:39 2009 -> Not loading PUA signatures.
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
    LibClamAV Warning: ***********************************************************
    Mon Aug  3 22:04:45 2009 -> Loaded 606705 signatures.
    Mon Aug  3 22:04:45 2009 -> TCP: Bound to port 3310
    Mon Aug  3 22:04:45 2009 -> TCP: Setting connection queue length to 15
    Mon Aug  3 22:04:45 2009 -> Limits: Global size limit set to 15728640 bytes.
    Mon Aug  3 22:04:45 2009 -> Limits: File size limit set to 15728640 bytes.
    Mon Aug  3 22:04:45 2009 -> Limits: Recursion level limit set to 16.
    Mon Aug  3 22:04:45 2009 -> Limits: Files limit set to 10000.
    Mon Aug  3 22:04:45 2009 -> Archive support enabled.
    Mon Aug  3 22:04:45 2009 -> Archive: Blocking encrypted archives.
    Mon Aug  3 22:04:45 2009 -> Algorithmic detection enabled.
    Mon Aug  3 22:04:45 2009 -> Portable Executable support enabled.
    Mon Aug  3 22:04:45 2009 -> ELF support enabled.
    Mon Aug  3 22:04:45 2009 -> Mail files support enabled.
    Mon Aug  3 22:04:45 2009 -> OLE2 support enabled.
    Mon Aug  3 22:04:45 2009 -> PDF support enabled.
    Mon Aug  3 22:04:45 2009 -> HTML support enabled.
    Mon Aug  3 22:04:45 2009 -> Self checking every 600 seconds.
    And zimbra.log shows that the process started successfully (we increased log verbosity to DEBUG in order to better see what's happening):
    Code:
    Aug  3 22:04:33 mail zimbramon[24471]: 24471:info: Starting antispam via zmcontrol
    Aug  3 22:04:35 mail amavis[26081]: starting.  /opt/zimbra/amavisd/sbin/amavisd at mail.XXXXX.com amavisd-new-2.5.4 (20080312), Unicode aware, LANG="C"
    Aug  3 22:04:35 mail amavis[26081]: user=1001, EUID: 1001 (1001);  group=, EGID: 1001 1002 1001 5 4 (1001 1002 1001 5 4)
    Aug  3 22:04:35 mail amavis[26081]: Perl version               5.008007
    Aug  3 22:04:36 mail amavis[26081]: SpamControl: init_pre_chroot done
    Aug  3 22:04:36 mail amavis[26086]: Net::Server: Process Backgrounded
    Aug  3 22:04:36 mail amavis[26086]: Net::Server: 2009/08/03-22:04:36 Amavis (type Net::Server::PreForkSimple) starting! pid(26086)
    Aug  3 22:04:36 mail amavis[26086]: Net::Server: Binding to UNIX socket file /opt/zimbra/data/amavisd/amavisd.sock using SOCK_STREAM
    Aug  3 22:04:36 mail amavis[26086]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
    Aug  3 22:04:36 mail amavis[26086]: Net::Server: Group Not Defined.  Defaulting to EGID '1001 1002 1001 5 4'
    Aug  3 22:04:36 mail amavis[26086]: Net::Server: User Not Defined.  Defaulting to EUID '1001'
    Aug  3 22:04:36 mail amavis[26086]: Module Amavis::Conf        2.094
    Aug  3 22:04:36 mail amavis[26086]: Module Archive::Zip        1.26
    Aug  3 22:04:36 mail amavis[26086]: Module Compress::Zlib      1.42
    Aug  3 22:04:36 mail amavis[26086]: Module Convert::TNEF       0.17
    Aug  3 22:04:36 mail amavis[26086]: Module Convert::UUlib      1.12
    Aug  3 22:04:36 mail amavis[26086]: Module DBD::mysql          4.011
    Aug  3 22:04:36 mail amavis[26086]: Module DBI                 1.608
    Aug  3 22:04:36 mail amavis[26086]: Module DB_File             1.82
    Aug  3 22:04:36 mail amavis[26086]: Module Digest::MD5         2.33
    Aug  3 22:04:36 mail amavis[26086]: Module Digest::SHA1        2.11
    Aug  3 22:04:36 mail amavis[26086]: Module IO::Socket::INET6   2.56
    Aug  3 22:04:36 mail amavis[26086]: Module MIME::Entity        5.426
    Aug  3 22:04:36 mail amavis[26086]: Module MIME::Parser        5.426
    Aug  3 22:04:36 mail amavis[26086]: Module MIME::Tools         5.426
    Aug  3 22:04:36 mail amavis[26086]: Module Mail::Header        2.04
    Aug  3 22:04:36 mail amavis[26086]: Module Mail::Internet      2.04
    Aug  3 22:04:36 mail amavis[26086]: Module Mail::SpamAssassin  3.002005
    Aug  3 22:04:36 mail amavis[26086]: Module Net::DNS            0.65
    Aug  3 22:04:36 mail amavis[26086]: Module Net::LDAP           0.39
    Aug  3 22:04:36 mail amavis[26086]: Module Net::Server         0.97
    Aug  3 22:04:36 mail amavis[26086]: Module Time::HiRes         1.9719
    Aug  3 22:04:36 mail amavis[26086]: Module URI                 1.37
    Aug  3 22:04:36 mail amavis[26086]: Module Unix::Syslog        1.1
    Aug  3 22:04:36 mail amavis[26086]: Amavis::DB code      NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: Amavis::Cache code   NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: SQL base code        NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: SQL::Log code        NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: SQL::Quarantine      NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: Lookup::SQL code     NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: Lookup::LDAP code    loaded
    Aug  3 22:04:36 mail amavis[26086]: AM.PDP-in proto code loaded
    Aug  3 22:04:36 mail amavis[26086]: SMTP-in proto code   loaded
    Aug  3 22:04:36 mail amavis[26086]: Courier proto code   NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: SMTP-out proto code  loaded
    Aug  3 22:04:36 mail amavis[26086]: Pipe-out proto code  NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: BSMTP-out proto code NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: Local-out proto code loaded
    Aug  3 22:04:36 mail amavis[26086]: OS_Fingerprint code  NOT loaded
    Aug  3 22:04:36 mail amavis[26086]: ANTI-VIRUS code      loaded
    Aug  3 22:04:36 mail amavis[26086]: ANTI-SPAM code       loaded
    Aug  3 22:04:36 mail amavis[26086]: ANTI-SPAM-SA code    loaded
    Aug  3 22:04:36 mail amavis[26086]: Unpackers code       loaded
    Aug  3 22:04:36 mail amavis[26086]: Found $file            at /usr/bin/file
    Aug  3 22:04:36 mail amavis[26086]: No $dspam,             not using it
    Aug  3 22:04:36 mail amavis[26086]: No $altermime,         not using it
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .mail
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .asc
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .uue
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .hqx
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .ync
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .F    tried: unfreeze, freeze -d, melt, fcat
    Aug  3 22:04:36 mail amavis[26086]: Found decoder for    .Z    at /bin/uncompress
    Aug  3 22:04:36 mail amavis[26086]: Found decoder for    .gz   at /bin/gzip -d
    Aug  3 22:04:36 mail amavis[26086]: Found decoder for    .bz2  at /usr/bin/bzip2 -d
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .lzo  tried: lzop -d
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio
    Aug  3 22:04:36 mail amavis[26086]: Found decoder for    .cpio at /bin/cpio
    Aug  3 22:04:36 mail amavis[26086]: Found decoder for    .tar  at /bin/cpio
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .deb  tried: ar
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .zip
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .7z   tried: 7zr, 7za, 7z
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .rar  tried: rar, unrar
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .arj  tried: arj, unarj
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .arc  tried: nomarch, arc
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .zoo  tried: zoo, unzoo
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .lha  tried: lha
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .cab  tried: cabextract
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .tnef tried: tnef
    Aug  3 22:04:36 mail amavis[26086]: Internal decoder for .tnef
    Aug  3 22:04:36 mail amavis[26086]: No decoder for       .exe  tried: rar, unrar; lha; arj, unarj
    Aug  3 22:04:36 mail amavis[26086]: Using primary internal av scanner code for ClamAV-clamd
    Aug  3 22:04:36 mail amavis[26086]: SpamControl: initializing Mail::SpamAssassin
    Aug  3 22:04:37 mail zimbramon[24471]: 24471:info: Starting antivirus via zmcontrol
    Aug  3 22:04:38 mail amavis[26086]: SpamControl: init_pre_fork done
    Aug  3 22:04:39 mail clamd[26122]: clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Aug  3 22:04:39 mail clamd[26122]: Log file size limited to 20971520 bytes.
    Aug  3 22:04:39 mail clamd[26122]: Reading databases from /opt/zimbra/data/clamav/db
    Aug  3 22:04:39 mail clamd[26122]: Not loading PUA signatures.
    Aug  3 22:04:45 mail clamd[26122]: Loaded 606705 signatures.
    Aug  3 22:04:45 mail clamd[26122]: TCP: Bound to port 3310
    Aug  3 22:04:45 mail clamd[26122]: TCP: Setting connection queue length to 15
    Aug  3 22:04:45 mail clamd[26139]: Limits: Global size limit set to 15728640 bytes.
    Aug  3 22:04:45 mail clamd[26139]: Limits: File size limit set to 15728640 bytes.
    Aug  3 22:04:45 mail clamd[26139]: Limits: Recursion level limit set to 16.
    Aug  3 22:04:45 mail clamd[26139]: Limits: Files limit set to 10000.
    Aug  3 22:04:45 mail clamd[26139]: Archive support enabled.
    Aug  3 22:04:45 mail clamd[26139]: Archive: Blocking encrypted archives.
    Aug  3 22:04:45 mail clamd[26139]: Algorithmic detection enabled.
    Aug  3 22:04:45 mail clamd[26139]: Portable Executable support enabled.
    Aug  3 22:04:45 mail clamd[26139]: ELF support enabled.
    Aug  3 22:04:45 mail clamd[26139]: Mail files support enabled.
    Aug  3 22:04:45 mail clamd[26139]: OLE2 support enabled.
    Aug  3 22:04:45 mail clamd[26139]: PDF support enabled.
    Aug  3 22:04:45 mail clamd[26139]: HTML support enabled.
    Aug  3 22:04:45 mail clamd[26139]: Self checking every 600 seconds.
    (snip)
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: antispam: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: antivirus: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: ldap: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: logger: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: mailbox: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: mta: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: snmp: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: spell: Running 
    Aug  3 22:06:16 mail zimbramon[27313]: 27313:info: 2009-08-03 22:06:03, STATUS: mail.XXXXX.com: stats: Running
    So everything appears copacetic at this point, except that when my cron'ed restart ran at 22:25 the symlink disappeared, which means it'd crash again tonight if I left it alone. I have re-created the symlink and disabled that extra restart, and will see tomorrow morning how it looks.
    Cheers,

    Dan

  3. #13
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Take home message:

    zmcontrol start, at least as called using su from a cron'ed job, appears to try to access a file /opt/zimbra/data/clamav/db/main.cld which does not exist. zmantivirusctl restart does not encounter the same problem.

    Creating a symlink for main.cld referencing main.cvd which DOES exist, seems to work around the problem.

    Restarting clamav using zmantivirusctl restart ALSO seems to work around the problem, as does a simple, user-at-the-commandline zmcontrol restart.

    I'm guessing there must be either a syntax error or a permissions problem to lead to this, but I don't know where to look for either.
    Cheers,

    Dan

  4. #14
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    There is more going on and not good. This afternoon without warning my clamd just stopped & restarted (fortunately did it on its own). Here's zimbra.log for the relevant period:
    Code:
    Aug  4 16:27:32 mail clamd[11561]: Reading databases from /opt/zimbra/data/clamav/db
    
    Aug  4 16:27:49 mail slapd[24537]: conn=11388 op=1 BIND dn="uid=zmamavis,cn=appaccts,
    cn=zimbra" method=128
    Aug  4 16:27:49 mail slapd[24537]: conn=11388 op=1 BIND dn="uid=zmamavis,cn=appaccts,
    cn=zimbra" mech=SIMPLE ssf=0
    Aug  4 16:27:49 mail slapd[24537]: conn=11388 op=2 SRCH base="" scope=2 deref=2 filte
    r="(&(objectClass=amavisAccount)(|(mail=admin@XXXXX.com)(mail=@XXXXX.com)(mail=@.XXXXX.com)(mail=@.net)(mail=@.)))"
    Aug  4 16:27:49 mail amavis[13584]: (13584-01) ESMTP::10024 /opt/zimbra/data/amavisd/
    tmp/amavis-20090804T162749-13584: <zimbra@mail.XXXXX.com> -> <admin@XXXXX.com> SIZE=499 Received: from mail.XXXXX.com ([127.0.0.1]) by localhost (
    mail.XXXXX.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <admin@XXXXX.com>; Tue,  4 Aug 2009 16:27:49 -0700 (PDT)
    Aug  4 16:27:49 mail amavis[13584]: (13584-01) Checking: aWQ6vY6cc-qL <zimbra@mail.XXXXX.com> -> <admin@XXXXX.com>
    Aug  4 16:27:49 mail amavis[13584]: (13584-01) ClamAV-clamd: Can't connect to INET so
    cket 127.0.0.1:3310: Connection refused, retrying (1)
    Aug  4 16:27:50 mail amavis[13584]: (13584-01) (!)ClamAV-clamd: Can't connect to INET
     socket 127.0.0.1:3310: Connection refused, retrying (2)
    Aug  4 16:27:56 mail amavis[13584]: (13584-01) (!)run_av (ClamAV-clamd, built-in i/f)
    : Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:
    3310: Connection refused) at (eval 75) line 310.
    Aug  4 16:27:56 mail amavis[13584]: (13584-01) (!!)ClamAV-clamd av-scanner FAILED: CO
    DE(0x818ea24) Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socke
    t 127.0.0.1:3310: Connection refused) at (eval 75) line 310. at (eval 75) line 511.
    Aug  4 16:27:56 mail amavis[13584]: (13584-01) (!!)WARN: all primary virus scanners f
    ailed, considering backups
    Aug  4 16:27:56 mail amavis[13584]: (13584-01) (!!)TROUBLE in check_mail: virus_scan
    FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: CODE(0
    x818ea24) Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 12
    7.0.0.1:3310: Connection refused) at (eval 75) line 310. at (eval 75) line 511.
    Aug  4 16:27:56 mail amavis[13584]: (13584-01) (!)PRESERVING EVIDENCE in /opt/zimbra/
    data/amavisd/tmp/amavis-20090804T162749-13584
    Aug  4 16:27:56 mail amavis[13584]: (13584-01) extra modules loaded: /opt/zimbra/zimb
    ramon/lib/i486-linux-gnu-thread-multi/auto/Net/SSLeay/autosplit.ix, /opt/zimbra/zimbr
    amon/lib/i486-linux-gnu-thread-multi/auto/Net/SSLeay/randomize.al, IO/Socket/SSL.pm,
    Net/LDAP/Extension.pm, Net/SSLeay.pm
    Aug  4 16:28:24 mail clamd[31234]: Reading databases from /opt/zimbra/data/clamav/db
    And here's clamd.log for the same episode:
    Code:
    Tue Aug  4 16:24:05 2009 -> SelfCheck: Database status OK.
    Tue Aug  4 16:27:32 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Tue Aug  4 16:27:42 2009 -> ERROR: reload db failed: Can't verify database integrity
    Tue Aug  4 16:27:43 2009 -> Terminating because of a fatal error.
    Tue Aug  4 16:27:43 2009 -> Pid file removed.
    Tue Aug  4 16:27:43 2009 -> --- Stopped at Tue Aug  4 16:27:43 2009
    Tue Aug  4 16:28:24 2009 -> +++ Started at Tue Aug  4 16:28:24 2009
    Tue Aug  4 16:28:24 2009 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH
     i386, CPU: i686)
    Tue Aug  4 16:28:24 2009 -> Log file size limited to 20971520 bytes.
    Tue Aug  4 16:28:24 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Tue Aug  4 16:28:24 2009 -> Not loading PUA signatures.
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
    LibClamAV Warning: ***********************************************************
    Tue Aug  4 16:28:29 2009 -> Loaded 607906 signatures.
    Tue Aug  4 16:28:29 2009 -> TCP: Bound to port 3310
    Tue Aug  4 16:28:29 2009 -> TCP: Setting connection queue length to 15
    Tue Aug  4 16:28:29 2009 -> Limits: Global size limit set to 15728640 bytes.
    Tue Aug  4 16:28:29 2009 -> Limits: File size limit set to 15728640 bytes.
    Tue Aug  4 16:28:29 2009 -> Limits: Recursion level limit set to 16.
    Tue Aug  4 16:28:29 2009 -> Limits: Files limit set to 10000.
    Tue Aug  4 16:28:29 2009 -> Archive support enabled.
    Tue Aug  4 16:28:29 2009 -> Archive: Blocking encrypted archives.
    Tue Aug  4 16:28:29 2009 -> Algorithmic detection enabled.
    Tue Aug  4 16:28:29 2009 -> Portable Executable support enabled.
    Tue Aug  4 16:28:29 2009 -> ELF support enabled.
    Tue Aug  4 16:28:29 2009 -> Mail files support enabled.
    Tue Aug  4 16:28:29 2009 -> OLE2 support enabled.
    Tue Aug  4 16:28:29 2009 -> PDF support enabled.
    Tue Aug  4 16:28:29 2009 -> HTML support enabled.
    Tue Aug  4 16:28:29 2009 -> Self checking every 600 seconds.
    And just to add insult to injury, that restart deleted my symlink again. SO for the time being I have re-added my clamd restart batch into cron so I don't come in with a totally impacted mail queue tomorrow am. I sure would appreciate some help on this!
    Last edited by dwmtractor; 08-04-2009 at 04:57 PM. Reason: obfuscate domain
    Cheers,

    Dan

  5. #15
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    dwmtractor I spent some time looking at this yesterday. I couldn't reproduce your crashing issues but I did find some inconsistencies in the startup process. In some cases we incorrectly restore main.cvd which forces an unnecessary db update delaying the startup.

    Also do you have any entries in the freshclam.log around 16:27 that coorespond to a db update?

    At this point I would not recommend creating symlink's from main.cvd to main.cld, you only want to have one of these files at any given time otherwise you end up loading the signatures twice which is a waste of resources.

    There is a built-in watchdog process in the zmmtaconfig daemon that checks to make sure clamd is running every 60 seconds. You can turn this on/off and control which processes it watches via localconfig variables.

    zmmtaconfig_watchdog=TRUE
    zmmtaconfig_watchdog_services=antivirus
    Bugzilla - Wiki - Downloads - Before posting... Search!

  6. #16
    dmmincrjr is offline Member
    Join Date
    Jul 2007
    Posts
    12
    Rep Power
    8

    Default

    I had posted the following freshclam.log snippet in this thread Antivirus Crashing nightly.

    ClamAV update process started at Thu May 14 04:58:35 2009
    ERROR: Problem with internal logger (UpdateLogFile = /opt/zimbra/log/freshclam.log).
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.94.1 Recommended version: 0.95.1
    DON'T PANIC! Read Clam AntiVirus
    Trying host db.us.clamav.net (168.143.19.95)...
    Downloading main-50.cdiff [100%]
    main.cld updated (version: 50, sigs: 500667, f-level: 38, builder: sven)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 38
    DON'T PANIC! Read Clam AntiVirus
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (168.143.19.95)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    Trying host db.us.clamav.net (168.143.19.95)...
    WARNING: getfile: daily-8543.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-8543.cdiff from db.us.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host db.us.clamav.net (168.143.19.95)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9357, sigs: 49175, f-level: 42, builder: neo)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 37, recommended = 42
    DON'T PANIC! Read Clam AntiVirus
    Database updated (549842 signatures) from db.us.clamav.net (IP: 168.143.19.95)
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310

    My current freshclam.log is full so it was not capturing detail but this does show a problem around the time zimbra was trying to restart back in May. Hopefully this might be a clue.

  7. #17
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    Quote Originally Posted by brian View Post
    Also do you have any entries in the freshclam.log around 16:27 that coorespond to a db update?
    No, unfortunately I don't. It looks like there's no log rotation for freshclam.log, and as of April 2, 2008 (!!!) it's full of messages saying "Log size = 4822241, max = 1048576 LOGGING DISABLED (Maximal log file size exceeded)." I just deleted the file (well, renamed it) so it should (I hope) start logging today...but nothing else to offer. Should I file a bug for log rotation on that one (and clamd.log, also not rotating), or is there one already pending that I can't find?

    Quote Originally Posted by brian View Post
    At this point I would not recommend creating symlink's from main.cvd to main.cld, you only want to have one of these files at any given time otherwise you end up loading the signatures twice which is a waste of resources.
    OK
    Quote Originally Posted by brian View Post
    There is a built-in watchdog process in the zmmtaconfig daemon that checks to make sure clamd is running every 60 seconds. You can turn this on/off and control which processes it watches via localconfig variables.

    zmmtaconfig_watchdog=TRUE
    zmmtaconfig_watchdog_services=antivirus
    Are you suggesting this was already true, or that I needed to execute these lines? I tried to find out first by doing zmmtaconfig_watchdog status and zmmtaconfig status but both were (obviously) wrong as I got "command not found" errors. I did the two commands exactly as you said above, and they executed without returning any error, but I have no idea if this was already watching by default.

    If it was (as opposed to my having just turned it on), then why does antivirus stay off at night until my cron job restarts it? This leads me to suspect that something deeper is wrong...

    Thanks, Brian! If you want more detail (like unobfuscated logs) feel free to pm me an email address and I'll send them to you.
    Cheers,

    Dan

  8. #18
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    zmmtaconfig watchdog is turn on by default if the localconfig keys are not set. The default service list includes only the antivirus (clamd) service.

    Code:
    zmlocalconfig zmmtaconfig_watchdog
    zmlocalconfig zmmtaconfig_watchdog_services
    the watchdog process has to have seen the service running at least once in order for any service eliglbe for automatic restarts. You may want to take a look at the zmmtaconfig.log to see if it was being marked as eligible for restarts.

    If it's dying right around the time that all the logs are being rotated that might be a clue to whats causing the problem.

    I filed Bug 39938 &ndash; freshclam logs not being rotated on linux for freshclam.log rotation. clamd.log is already be present in zmlogrotate but requires a certain size before rotation.
    Bugzilla - Wiki - Downloads - Before posting... Search!

  9. #19
    dwmtractor's Avatar
    dwmtractor is offline Moderator
    Join Date
    Jul 2007
    Location
    San Jose, CA
    Posts
    1,027
    Rep Power
    9

    Default

    OK, yeah, watchdog restarted antivirus yesterday at 16:27:
    Code:
    Tue Aug  4 16:27:48 2009  Watchdog: adding antivirus to restart list
    Tue Aug  4 16:27:48 2009  CONTROL ANTIVIRUS: /opt/zimbra/bin/zmclamdctl restart
    But where it gets interesting is at the time I do my shutdown & restart between 22:01 and 22:03:
    Code:
    Tue Aug  4 22:01:09 2009  Watchdog: service antivirus status is OK.
    Tue Aug  4 22:03:25 2009  zmmtaconfig started on mail.XXXXX.com with loglevel=3 pid=9385
    
    
    Tue Aug  4 22:05:32 2009  Watchdog: service ldap now available for watchdog.
    Tue Aug  4 22:05:33 2009  Watchdog: service antispam now available for watchdog.
    Tue Aug  4 22:05:33 2009  Watchdog: service mailboxd now available for watchdog.
    Tue Aug  4 22:05:34 2009  Watchdog: service mailbox now available for watchdog.
    Tue Aug  4 22:05:34 2009  Watchdog: service logger now available for watchdog.
    Tue Aug  4 22:05:34 2009  Watchdog: skipping service antivirus. Service not yet available for restarts.
    This condition continues until my antivirus restart fires at 22:20:
    Code:
    Tue Aug  4 22:19:54 2009  Watchdog: skipping service antivirus. Service not yet available for restarts.
    Tue Aug  4 22:20:21 2009  zmmtaconfig started on mail.XXXXX.com with loglevel=3 pid=25463
    
    Tue Aug  4 22:22:45 2009  Watchdog: service sasl now available for watchdog.
    Tue Aug  4 22:22:46 2009  Watchdog: service spell now available for watchdog.
    Tue Aug  4 22:22:47 2009  Watchdog: service stats now available for watchdog.
    Tue Aug  4 22:22:47 2009  Watchdog: service ldap now available for watchdog.
    Tue Aug  4 22:22:48 2009  Watchdog: service antispam now available for watchdog.
    Tue Aug  4 22:22:48 2009  Watchdog: service snmp now available for watchdog.
    Tue Aug  4 22:22:48 2009  Watchdog: service mailboxd now available for watchdog.
    Tue Aug  4 22:22:50 2009  Watchdog: service mta now available for watchdog.
    Tue Aug  4 22:22:51 2009  Watchdog: service mailbox now available for watchdog.
    Tue Aug  4 22:22:51 2009  Watchdog: service logger now available for watchdog.
    Tue Aug  4 22:22:51 2009  Watchdog: service antivirus now available for watchdog.
    Tue Aug  4 22:22:52 2009  Watchdog: service antivirus status is OK.
    So watchdog alone is not sufficient to get it going after my nightly backup and restart.
    Cheers,

    Dan

  10. #20
    dmmincrjr is offline Member
    Join Date
    Jul 2007
    Posts
    12
    Rep Power
    8

    Default

    Zimbra failed to restart this morning after performing the backup. Here is the information from the freshclam.log file
    Code:
    --------------------------------------
    ClamAV update process started at Thu Aug  6 05:00:28 2009
    ERROR: Problem with internal logger (UpdateLogFile = /opt/zimbra/log/freshclam.log).
    ERROR: /opt/zimbra/log/freshclam.log is locked by another process
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.95.1 Recommended version: 0.95.2
    DON'T PANIC! Read Clam AntiVirus
    Trying host db.us.clamav.net (168.143.19.95)...
    Downloading main-51.cdiff [100%]
    main.cld updated (version: 51, sigs: 545035, f-level: 42, builder: sven)
    WARNING: getfile: daily-9214.cdiff not found on remote server (IP: 168.143.19.95)
    WARNING: getpatch: Can't download daily-9214.cdiff from db.us.clamav.net
    WARNING: getfile: daily-9214.cdiff not found on remote server (IP: 207.57.106.31)
    WARNING: getpatch: Can't download daily-9214.cdiff from db.us.clamav.net
    WARNING: getfile: daily-9214.cdiff not found on remote server (IP: 207.57.106.31)
    WARNING: getpatch: Can't download daily-9214.cdiff from db.us.clamav.net
    WARNING: Incremental update failed, trying to download daily.cvd
    Trying host db.us.clamav.net (168.143.19.95)...
    Downloading daily.cvd [100%]
    daily.cvd updated (version: 9659, sigs: 63539, f-level: 43, builder: ccordes)
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Current functionality level = 42, recommended = 43
    DON'T PANIC! Read Clam AntiVirus
    Database updated (608574 signatures) from db.us.clamav.net (IP: 168.143.19.95)
    WARNING: Clamd was NOT notified: Can't connect to clamd on localhost:3310
    --------------------------------------
    freshclam daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    ClamAV update process started at Thu Aug  6 05:05:17 2009
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.95.1 Recommended version: 0.95.2
    DON'T PANIC! Read Clam AntiVirus
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cvd is up to date (version: 9659, sigs: 63539, f-level: 43, builder: ccordes)
    --------------------------------------
    Received signal: wake up
    ClamAV update process started at Thu Aug  6 07:05:19 2009
    WARNING: Your ClamAV installation is OUTDATED!
    WARNING: Local version: 0.95.1 Recommended version: 0.95.2
    DON'T PANIC! Read Clam AntiVirus
    main.cld is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven)
    daily.cvd is up to date (version: 9659, sigs: 63539, f-level: 43, builder: ccordes)
    --------------------------------------
    Here is my clamd.log at the time of the event

    Code:
    Sat Jul 25 05:00:42 2009 -> +++ Started at Sat Jul 25 05:00:42 2009
    Sat Jul 25 05:00:42 2009 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Sat Jul 25 05:00:42 2009 -> Log file size limited to 20971520 bytes.
    Sat Jul 25 05:00:42 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sat Jul 25 05:00:42 2009 -> Not loading PUA signatures.
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read Clam AntiVirus ***
    LibClamAV Warning: ***********************************************************
    LibClamAV Error: cli_load(): Can't open file /opt/zimbra/data/clamav/db/main.cvd
    Sat Jul 25 05:00:51 2009 -> ERROR: Can't open file or directory
    ERROR: Can't open file or directory
    Sat Jul 25 05:05:21 2009 -> +++ Started at Sat Jul 25 05:05:21 2009
    Sat Jul 25 05:05:21 2009 -> clamd daemon 0.95.1-broken-compiler (OS: linux-gnu, ARCH: i386, CPU: i686)
    Sat Jul 25 05:05:21 2009 -> Log file size limited to 20971520 bytes.
    Sat Jul 25 05:05:21 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sat Jul 25 05:05:21 2009 -> Not loading PUA signatures.
    LibClamAV Warning: ***********************************************************
    LibClamAV Warning: ***  This version of the ClamAV engine is outdated.     ***
    LibClamAV Warning: *** DON'T PANIC! Read Clam AntiVirus ***
    LibClamAV Warning: ***********************************************************
    Sat Jul 25 05:05:25 2009 -> Loaded 603148 signatures.
    Sat Jul 25 05:05:25 2009 -> TCP: Bound to port 3310
    Sat Jul 25 05:05:25 2009 -> TCP: Setting connection queue length to 15
    Sat Jul 25 05:05:25 2009 -> Limits: Global size limit set to 921600000 bytes.
    Sat Jul 25 05:05:25 2009 -> Limits: File size limit set to 921600000 bytes.
    Sat Jul 25 05:05:25 2009 -> Limits: Recursion level limit set to 16.
    Sat Jul 25 05:05:25 2009 -> Limits: Files limit set to 10000.
    Sat Jul 25 05:05:25 2009 -> Archive support enabled.
    Sat Jul 25 05:05:25 2009 -> Archive: Blocking encrypted archives.
    Sat Jul 25 05:05:25 2009 -> Algorithmic detection enabled.
    Sat Jul 25 05:05:25 2009 -> Portable Executable support enabled.
    Sat Jul 25 05:05:25 2009 -> ELF support enabled.
    Sat Jul 25 05:05:25 2009 -> Mail files support enabled.
    Sat Jul 25 05:05:25 2009 -> OLE2 support enabled.
    Sat Jul 25 05:05:25 2009 -> PDF support enabled.
    Sat Jul 25 05:05:25 2009 -> HTML support enabled.
    Sat Jul 25 05:05:25 2009 -> Self checking every 600 seconds.
    Sat Jul 25 05:16:20 2009 -> No stats for Database check - forcing reload
    Sat Jul 25 05:16:21 2009 -> Reading databases from /opt/zimbra/data/clamav/db
    Sat Jul 25 05:16:23 2009 -> Database correctly reloaded (603148 signatures)
    Please advise if information from any other log file is needed.

Page 2 of 3 FirstFirst 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  2. Replies: 5
    Last Post: 05-28-2009, 12:53 AM
  3. [SOLVED] Outlook no longer updating
    By jeremy.pratt in forum Zimbra Connector for BlackBerry
    Replies: 10
    Last Post: 05-30-2008, 03:22 PM
  4. Error Installing Outlook Connector
    By DanO in forum Zimbra Connector for Outlook
    Replies: 17
    Last Post: 08-28-2007, 09:35 AM
  5. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 11:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •