Zimbra

aNt1X · #1 (**permalink**) 06-04-2007, 10:43 AM

Hi,
i already installed 2 or 3 times zimbra open source, with no problems, but this time i'm suffering this weird problem.

I'm running zcs-4.5.5_GA_838.UBUNTU6 and i tried to manually upgrade CLAMD from 0.90.2 to 0.90.3 but the problem still persists before and after the upgrade.

It seems that che CLAMD daemon freezes reading the databases.

In /opt/zimbra/log/clamd.log i'm getting these messages every 2 minutes

Code:

Mon Jun  4 19:35:33 2007 -> +++ Started at Mon Jun  4 19:35:33 2007
Mon Jun  4 19:35:33 2007 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Mon Jun  4 19:35:33 2007 -> Log file size limited to 20971520 bytes.
Mon Jun  4 19:35:33 2007 -> Reading databases from /opt/zimbra/clamav/db
Mon Jun  4 19:37:12 2007 -> +++ Started at Mon Jun  4 19:37:12 2007
Mon Jun  4 19:37:12 2007 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Mon Jun  4 19:37:12 2007 -> Log file size limited to 20971520 bytes.
Mon Jun  4 19:37:12 2007 -> Reading databases from /opt/zimbra/clamav/db
Mon Jun  4 19:38:59 2007 -> +++ Started at Mon Jun  4 19:38:59 2007
Mon Jun  4 19:38:59 2007 -> clamd daemon 0.90.3 (OS: linux-gnu, ARCH: i386, CPU: i686)
Mon Jun  4 19:38:59 2007 -> Log file size limited to 20971520 bytes.
Mon Jun  4 19:38:59 2007 -> Reading databases from /opt/zimbra/clamav/db

When i receive e-mail, amavisd says that clamd is not responding.
So, it seems to me that CLAMD is crashing while reading databases, and never starts ("zmcontrol status" says that antivirus is stopped). But i can't see any errors in the various log files.

I tried to "rm *" the directory "/opt/zimbra/clamav/db" and the freshclean downloaded the new db, but i still got this weird freeze.

Also, i checked with "ls -la" the /opt/zimbra/clamav/db directory, and this is the output

Code:

drwxr-xr-x 2 zimbra zimbra    4096 Jun  4 19:43 .
drwxr-xr-x 9 zimbra zimbra    4096 Jun  4 17:45 ..
-rwxrwxr-- 1 zimbra zimbra       0 Jun  4 19:43 .dbLock
-rw-r--r-- 1 zimbra zimbra  608128 Jun  4 19:12 daily.cvd
-rw-r--r-- 1 zimbra zimbra 9351789 Jun  4 19:11 main.cvd
-rw------- 1 zimbra zimbra      52 Jun  4 19:43 mirrors.dat

What can i do now?

Thank you i.a.

aNt1X

djve · #2 (**permalink**) 06-04-2007, 01:00 PM

Manually upgraded a component of Zimbra? Did you take a backup before you tried to upgrade? If you did then you may be able to find what went wrong.

Since nobody from Zimbra has answered have:
1. Checked the size of log,
2. Checked the owner, group and permissions of the ClamAV subsystem,
3. Checked the ClamAV config files?

I gather you stopped and restarted processes rather than just overwriting the existing files.

I'd have waited for an update from Zimbra to ensure compatibility between components to try an avoid this sort of problem as it may something outside of CalmAV. Something similar to Zimbra expecting a specific version of CalmAV in the processing and you've changed the string being returned due to the upgrade.

aNt1X · #3 (**permalink**) 06-04-2007, 01:14 PM

Let me explain.

I had this problem BEFORE the component upgrade, and spent few hours trying to understand what was happening, without success.
So i decided to try to upgrade that component. Didn't mind for backups, because that was a fresh install on a fresh ubuntu 6.06 LTS machine, with only few test accounts created.

Log size, owner/group/permissions and clamav should be ok because it is a fresh install, and I did just few days ago a fresh install following the same identical howto (from howtoforge), without problems.

Now i've formatted and repeated the installation, let's see if the problem persists

Bye.

aNt1X · #4 (**permalink**) 06-04-2007, 03:08 PM

still got the problem...
fresh install, on a fresh ubuntu 6.06 install, and zmcontrol status says that antivirus is stopped.

what can i do ?

sill got these messages every few minutes

Code:

Jun  5 00:26:34 mailserver clamd[20416]: clamd daemon 0.90.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
Jun  5 00:26:34 mailserver clamd[20416]: Log file size limited to 20971520 bytes.
Jun  5 00:26:34 mailserver clamd[20416]: Reading databases from /opt/zimbra/clamav/db

this is the output of a ps

Code:

zimbra@mailserver:~$ ps -ax | grep clamd
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
20416 ?        Rs     1:01 /opt/zimbra/clamav/sbin/clamd --config-file /opt/zimbra/conf/clamd.conf
20443 pts/0    S+     0:00 grep clamd

so the process is running, but i can't understand what's happening.
if a mail arrives, i got these messages in zimbra.log

Code:

Jun  5 00:30:02 mailserver amavis[4348]: (04348-01) Checking: DkmOYJDUMtQR [80.247.70.64] <##########> -> <########>
Jun  5 00:30:03 mailserver amavis[4348]: (04348-01) ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (1)
Jun  5 00:30:04 mailserver amavis[4348]: (04348-01) (!)ClamAV-clamd: Can't connect to INET socket 127.0.0.1:3310: Connection refused, retrying (2)
Jun  5 00:30:07 mailserver zimbramon[20838]: 20838:info: 2007-06-05 00:30:06, QUEUE: 4 1
Jun  5 00:30:07 mailserver CRON[20833]: (pam_unix) session closed for user zimbra
Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!!)ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 45) line 269.
Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!!)WARN: all primary virus scanners failed, considering backups
Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 45) line 269.
Jun  5 00:30:10 mailserver amavis[4348]: (04348-01) (!)PRESERVING EVIDENCE in /opt/zimbra/amavisd/tmp/amavis-20070605T003000-04348
Jun  5 00:30:10 mailserver postfix/smtp[20822]: BC0F613B6F7: to=<##############>, relay=127.0.0.1[127.0.0.1], delay=13, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=04348-01, virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to 127.0.0.1:3310 (Can't connect to INET socket 127.0.0.1:3310: Connection refused) at (eval 45) line 269. (in reply to end of DATA command))
zimbra@mailserver:~$

aNt1X · #5 (**permalink**) 06-04-2007, 03:45 PM

I attached the clamd.conf file.

As you can see, the clamd.log file is very small (fresh install)

Code:

root@mailserver:~# ls -la /opt/zimbra/log/cla*
-rw-r--r-- 1 zimbra zimbra 21087 2007-06-05 00:34 /opt/zimbra/log/clamd.log

and here are the privs in the clamav directory and subdirectories

Code:

root@mailserver:~# ls -la /opt/zimbra/clamav/*
/opt/zimbra/clamav/bin:
total 552
drwxr-xr-x 2 zimbra zimbra   4096 2007-06-04 22:01 .
drwxr-xr-x 9 zimbra zimbra   4096 2007-06-04 22:01 ..
-rwxr-xr-x 1 zimbra zimbra   1217 2007-04-18 20:46 clamav-config
-rwxr-xr-x 1 zimbra zimbra  39784 2007-04-18 20:46 clamconf
-rwxr-xr-x 1 zimbra zimbra  74723 2007-04-18 20:46 clamdscan
-rwxr-xr-x 1 zimbra zimbra 107203 2007-04-18 20:46 clamscan
-rwxr-xr-x 1 zimbra zimbra 151159 2007-04-18 20:46 freshclam
-rwxr-xr-x 1 zimbra zimbra 152293 2007-04-18 20:46 sigtool

/opt/zimbra/clamav/db:
total 11548
drwxr-xr-x 3 zimbra zimbra    4096 2007-06-05 00:34 .
drwxr-xr-x 9 zimbra zimbra    4096 2007-06-04 22:01 ..
-r--r--r-- 1 zimbra zimbra  200881 2007-06-04 22:40 daily.cvd
-r--r--r-- 1 zimbra zimbra  200881 2007-05-04 04:57 daily.cvd.init
drwxr-xr-x 2 zimbra zimbra    4096 2007-06-04 22:39 daily.inc
-rw-r--r-- 1 zimbra zimbra 9351789 2007-06-04 22:40 main.cvd
-r--r--r-- 1 zimbra zimbra 2014018 2007-05-04 04:57 main.cvd.init
-rw------- 1 zimbra zimbra     208 2007-06-05 00:34 mirrors.dat

/opt/zimbra/clamav/etc:
total 24
drwxr-xr-x 2 zimbra zimbra 4096 2007-06-04 22:01 .
drwxr-xr-x 9 zimbra zimbra 4096 2007-06-04 22:01 ..
-rw-r--r-- 1 zimbra zimbra 9253 2007-04-18 20:46 clamd.conf
-rw-r--r-- 1 zimbra zimbra 3620 2007-04-18 20:46 freshclam.conf

/opt/zimbra/clamav/include:
total 20
drwxr-xr-x 2 zimbra zimbra 4096 2007-06-04 22:01 .
drwxr-xr-x 9 zimbra zimbra 4096 2007-06-04 22:01 ..
-rw-r--r-- 1 zimbra zimbra 8426 2007-04-18 20:46 clamav.h

/opt/zimbra/clamav/lib:
total 2436
drwxr-xr-x 3 zimbra zimbra    4096 2007-06-04 22:01 .
drwxr-xr-x 9 zimbra zimbra    4096 2007-06-04 22:01 ..
-rw-r--r-- 1 zimbra zimbra 1432798 2007-04-18 20:46 libclamav.a
-rwxr-xr-x 1 zimbra zimbra    1017 2007-04-18 20:46 libclamav.la
lrwxrwxrwx 1 zimbra zimbra      18 2007-06-04 22:01 libclamav.so -> libclamav.so.2.0.2
lrwxrwxrwx 1 zimbra zimbra      18 2007-06-04 22:01 libclamav.so.2 -> libclamav.so.2.0.2
-rwxr-xr-x 1 zimbra zimbra 1034214 2007-04-18 20:46 libclamav.so.2.0.2
drwxr-xr-x 2 zimbra zimbra    4096 2007-06-04 22:01 pkgconfig

/opt/zimbra/clamav/sbin:
total 180
drwxr-xr-x 2 zimbra zimbra   4096 2007-06-04 22:01 .
drwxr-xr-x 9 zimbra zimbra   4096 2007-06-04 22:01 ..
-rwxr-xr-x 1 zimbra zimbra 168718 2007-04-18 20:46 clamd

/opt/zimbra/clamav/share:
total 16
drwxr-xr-x 4 zimbra zimbra 4096 2007-06-04 22:01 .
drwxr-xr-x 9 zimbra zimbra 4096 2007-06-04 22:01 ..
drwxr-xr-x 2 zimbra zimbra 4096 2007-06-04 22:01 clamav
drwxr-xr-x 5 zimbra zimbra 4096 2007-06-04 22:01 man
root@mailserver:~#

I'm using a fresh UBUNTU 6.06.1, with Bind9 installed.

One last note: if i disablle the "anti-virus" feature from the admin interface, and restart, all works perfectly, obviously without antivirus check.

djve · #6 (**permalink**) 06-04-2007, 04:04 PM

Your conf file matches mine if it's any help.

But my logs show the database being reloaded and the selfcheck being performed.

The big differences is that I have libclamav.so.1.0.19, not 2.0.2 and

-rw-r--r-- 1 zimbra zimbra 616305 Jun 4 10:58 daily.cvd
-r--r--r-- 1 zimbra zimbra 200881 Jul 7 2006 daily.cvd.init

So we are using different versions of clamav. Hopefully Zimbra can help you with the details you've supplied but I'm not familiar enough with ClamAV and how it's integrated into Zimbra to help.

aNt1X · #7 (**permalink**) 06-04-2007, 04:09 PM

Thank you for your help, man.

Quote:

Originally Posted by djve

The big differences is that I have libclamav.so.1.0.19, not 2.0.2 and

Why? Haven't you used the latest zimbra package (zcs-4.5.5_GA_838.UBUNTU6) ? If not, please tell what package you used, i'll try with that

thank you again,

aNt1X

djve · #8 (**permalink**) 06-04-2007, 05:48 PM

I'm using the Zimbra appliance from rPath.

Fully configured and easy to install and use. I'm using an external LDAP replica for authtication and GAL with command line shell scripts to create the system.

So I'd guess you'd say I'm using a system "blessed" by Zimbra as confirmed working.

Have you checked out the thread: http://www.zimbra.com/forums/adminis...e-clamav.html? It may help but it's germain to my set-up (or at least not yet).

aNt1X · #9 (**permalink**) 06-05-2007, 09:36 AM

I think i got it.
Manually starting the Clamav, it takes something like 1-2 minutes to load the DB, and then it starts.
So, i think that it is zimbra that tries to restart it, because a timeout occours.

Is there a way to increase this timeout that occours while starting Clamav ?

Thank you,
aNt1X

aNt1X · #10 (**permalink**) 06-05-2007, 01:38 PM

Ok, i solved modifying the watchdog interval in /opt/zimbra/libexec/zmmtaconfig

[code]
my %config = (
progname => "zmmtaconfig",
hostname => $ENV{zimbra_server_hostname},
loglevel => 3,
watchdog => 1,
wd_all => 0,
debug => 0,
interval => 180,
baseDir => "/opt/zimbra",
logStatus => ( 4 => "Debug", 3 => "Info", 2 => "Warning", 1 => "Error", 0 =$
);[code]

(i extended the interval value from 60 to 180).

I was going crazy looking at crontabs, but this watchdog process wasn't in the crontab, but in this perl script

I hope it will not break something else ...

Thank you anyway.

aNt1X