Closed captainwasabi closed 9 years ago
Same here, broken symlinks pointing from /usr/local/maldetect/sigs to non-existing files in tmp.
In my case it turned out to be a permission problem, related to both file permissions and apparmor. Here is what I did to fix it:
chmod o+x /usr/local/maldetect/{,sigs}
chmod o+r /usr/local/maldetect/sigs/*db
echo "/usr/local/maldetect/sigs/* r," >> /etc/apparmor.d/local/usr.sbin.clamd
service apparmor reload
service clamav-daemon restart
The missing lmd.user links where no longer a problem for me after i fixed the permissions. The next signature update will probably reset the file permissions again, I still have to check whether that was due to my tightened root umask setting or the update script itself.
the file permission problem probably was homegrown. I think the apparmor stuff should be all you need:
echo "/usr/local/maldetect/sigs/* r," >> /etc/apparmor.d/local/usr.sbin.clamd
service apparmor reload && service clamav-daemon restart
I had the same issue. I will try fo fiw with previous comment
For me, file is missing. Only option is to delete symlink from clamav lib dir until a fix is provided
Running CentOS 6.7.
I ran ./uninstall.sh and then downloaded the current again and ran ./install.sh. That still left the bad symlinks in /var/clamav/ in place
lmd.user.hdb -> /usr/local/maldetect/sigs/lmd.user.hdb lmd.user.ndb -> /usr/local/maldetect/sigs/lmd.user.ndb
but these ones were not present any longer in sigs
lmd.user.hdb -> /usr/local/maldetect/tmp/.runtime.user.15757.hdb lmd.user.ndb -> /usr/local/maldetect/tmp/.runtime.user.15757.ndb
I went ahead and deleted the /var/clamav/ lmd symlinks and restarted clamd and it worked ok. If anyone can confirm that the lmd symlinks are not needed in /var/clamav/ that would be great. The following valid symlinks remain there
rfxn.hdb -> /usr/local/maldetect/sigs/rfxn.hdb rfxn.ndb -> /usr/local/maldetect/sigs/rfxn.ndb
It is likely that just deleting the lmd bad symlinks will allow you to restart clamd.
For reference, my initial symptoms were email subjects prepended with the string
UNCHECKED
and the following in the clamd log
Sat Sep 19 03:24:11 2015 -> Reading databases from /var/clamav Sat Sep 19 03:24:21 2015 -> ERROR: reload db failed: Can't open file or directory Sat Sep 19 03:24:21 2015 -> Terminating because of a fatal error.
Symlink in /var/lib/clamav to lmd and rfxn has appears back. But lmd symlin still linked to nothing. Clamav 0.98, debian 8
I still have the dangling symlinks pointing from /var/lib/clamav to /usr/local/maldetect/sigs, but no more symlinks pointing from /usr/local/maldetect/sigs to tmp. I do not get errors this way.
chmod 755 /usr/local/maldetect/tmp
This should fix he issue, it is not so much that the file is empty but that clamav cant lsstat the file due to the parent directories permissions when clamd is running as a non-root user.
I've made an upstream change in the code that I will commit to address this in a few minutes.
tried this and the following still happens when I start clamav
service clamav-daemon start
*Starting ClamAV daemon clamd
LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/rfxn.ndb
LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/rfxn.ndb
ERROR: Can't open file or directory
[fail]
I also get the same errors as reported above in the maillog (because the daemon isn't running) but it does look like email is being delivered.
BTW, thank you for this great package that I use daily on all my servers. Also thank you for looking at this issue so quickly, it's really appreciated!
@captainwasabi no problem at all, glad to help. In most sane mail configurations, clamd failing should be a fail-open setup so mail keeps moving.
That being said, can you answer a few questions: What OS version are you running (cat /etc/redhat-release) ? What version of clamd (clamd -V) ? Is there a control panel (e.g cpanel) ?
Thanks
Ubuntu 12.04.5 LTS everything is up to date as of 9/15
Linux version 3.2.0-90-generic (buildd@lgw01-29) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #128-Ubuntu SMP Fri Aug 14 21:43:58 UTC 2015 (Ubuntu 3.2.0-90.128-generic 3.2.69)
ClamAV 0.98.7/20927/Fri Sep 18 12:41:20 2015
No cpanel, this is a server running on metal.
this issue still exists on commit 5ad545275b7b5e4a577adb9e2366668265306909 on Ubuntu 14.04.3 LTS.
root@admin:/var/lib/clamav# ls -la drwxr-xr-x 2 clamav clamav 4096 Sep 19 18:42 . drwxr-xr-x 58 root root 4096 Sep 19 17:45 .. -rw-r--r-- 1 clamav clamav 407040 Aug 20 18:59 bytecode.cld -rw-r--r-- 1 clamav clamav 101435904 Sep 18 20:23 daily.cld lrwxrwxrwx 1 root root 38 Sep 19 18:42 lmd.user.hdb -> /usr/local/maldetect/sigs/lmd.user.hdb lrwxrwxrwx 1 root root 38 Sep 19 18:42 lmd.user.ndb -> /usr/local/maldetect/sigs/lmd.user.ndb -rw-r--r-- 1 clamav clamav 64720632 May 5 21:14 main.cvd -rw------- 1 clamav clamav 2236 Sep 19 18:23 mirrors.dat lrwxrwxrwx 1 root root 34 Sep 19 18:42 rfxn.hdb -> /usr/local/maldetect/sigs/rfxn.hdb lrwxrwxrwx 1 root root 34 Sep 19 18:42 rfxn.ndb -> /usr/local/maldetect/sigs/rfxn.ndb
root@admin:/var/lib/clamav# ls -la /usr/local/maldetect/sigs/ drwxr-xr-x 2 root root 4096 Sep 19 18:42 . drwxr-xr-x 12 root root 4096 Sep 19 18:42 .. -rw-r--r-- 1 root root 0 Sep 19 18:42 custom.hex.dat -rw-r--r-- 1 root root 0 Sep 19 18:42 custom.md5.dat -rw-r--r-- 1 root root 429904 Sep 19 18:42 hex.dat -rw-r--r-- 1 root root 14 Sep 19 18:42 maldet.sigs.ver -rw-r--r-- 1 root root 551001 Sep 19 18:42 md5.dat -rw-r--r-- 1 root root 602518 Sep 19 18:42 md5v2.dat -rw-r--r-- 1 root root 598632 Sep 19 18:42 rfxn.hdb -rw-r--r-- 1 root root 437560 Sep 19 18:42 rfxn.ndb
root@admin:~# service clamav-daemon restart
root@admin:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.3 LTS Release: 14.04 Codename: trusty
I've committed update https://github.com/rfxn/linux-malware-detect/commit/fa1db0ad74649a62f5423a59fe6b8ddc20e8f865 which should now resolve the clamd startup errors on ubuntu. The changelog entry goes into detail:
[Fix] clamd.conf configurations containing FollowDirectorySymlinks/FollowFileSymlinks set to false results in the rfxn.* and lmd.user.* links causing clamd startup failures; corrected by updating clamav_linksigs() to copy signatures into clamav data paths instead of linking them
issue verified resolved for Ubuntu 12.04.5
Thanks!
For me the lmd.user files or links did not regenerate. I tried uninstall and install and saw this on install as the first few lines:
cp: cannot stat
/usr/local/maldetect/sigs/lmd.user.ndb': No such file or directory cp: cannot stat
/usr/local/maldetect/sigs/lmd.user.hdb': No such file or directory cat: /usr/local/maldetect/sess/session.monitor.current: No such file or directory
After clean install of lmd clamav-daemon starts correctly. But as @lgonzalez-silen reported lmd.user link failed to create.
root@admin:~/linux-malware-detect-master# ./install.sh cp: cannot stat ‘/usr/local/maldetect/sigs/rfxn.ndb’: No such file or directory cp: cannot stat ‘/usr/local/maldetect/sigs/rfxn.hdb’: No such file or directory cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.ndb’: No such file or directory cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.hdb’: No such file or directory Removing any system startup links for /etc/init.d/maldet ... update-rc.d: warning: /etc/init.d/maldet missing LSB information update-rc.d: see http://wiki.debian.org/LSBInitScripts Adding system startup for /etc/init.d/maldet ... /etc/rc0.d/K30maldet -> ../init.d/maldet /etc/rc1.d/K30maldet -> ../init.d/maldet /etc/rc6.d/K30maldet -> ../init.d/maldet /etc/rc2.d/S70maldet -> ../init.d/maldet /etc/rc3.d/S70maldet -> ../init.d/maldet /etc/rc4.d/S70maldet -> ../init.d/maldet /etc/rc5.d/S70maldet -> ../init.d/maldet cat: /usr/local/maldetect/sess/session.monitor.current: No such file or directory Linux Malware Detect v1.5 (C) 2002-2015, R-fx Networks proj@r-fx.org (C) 2015, Ryan MacDonald ryan@r-fx.org This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect config file: /usr/local/maldetect/conf.maldet exec file: /usr/local/maldetect/maldet exec link: /usr/local/sbin/maldet exec link: /usr/local/sbin/lmd cron.daily: /etc/cron.daily/maldet maldet(28271): {sigup} performing signature update check... maldet(28271): {sigup} could not determine signature version maldet(28271): {sigup} signature files missing or corrupted, forcing update... maldet(28271): {sigup} new signature set (2015091828029) available maldet(28271): {sigup} downloading http://cdn.rfxn.com/downloads/maldet-sigpack.tgz maldet(28271): {sigup} downloading http://cdn.rfxn.com/downloads/maldet-cleanv2.tgz maldet(28271): {sigup} verified md5sum of maldet-sigpack.tgz maldet(28271): {sigup} unpacked and installed maldet-sigpack.tgz cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.ndb’: No such file or directory cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.hdb’: No such file or directory maldet(28271): {sigup} verified md5sum of maldet-clean.tgz maldet(28271): {sigup} unpacked and installed maldet-clean.tgz maldet(28271): {sigup} signature set update completed maldet(28271): {sigup} 10822 signatures (8908 MD5 / 1914 HEX / 0 USER)
root@admin:~/linux-malware-detect-master# maldet -d -u Linux Malware Detect v1.5 (C) 2002-2015, R-fx Networks proj@rfxn.com (C) 2015, Ryan MacDonald ryan@rfxn.com This program may be freely redistributed under the terms of the GNU GPL v2
maldet(28448): {update} checking for available updates... maldet(28448): {update} hashing install files and checking against server... maldet(28448): {update} latest version already installed. Linux Malware Detect v1.5 (C) 2002-2015, R-fx Networks proj@rfxn.com (C) 2015, Ryan MacDonald ryan@rfxn.com This program may be freely redistributed under the terms of the GNU GPL v2
maldet(28448): {sigup} performing signature update check... maldet(28448): {sigup} local signature set is version 2015091828029 maldet(28448): {sigup} latest signature set already installed
root@admin:~# maldet -u -d -a /var/www/imscp/gui/ Linux Malware Detect v1.5 (C) 2002-2015, R-fx Networks proj@rfxn.com (C) 2015, Ryan MacDonald ryan@rfxn.com This program may be freely redistributed under the terms of the GNU GPL v2
maldet(30475): {sigup} performing signature update check... maldet(30475): {sigup} local signature set is version 2015091828029 maldet(30475): {sigup} latest signature set already installed Linux Malware Detect v1.5 (C) 2002-2015, R-fx Networks proj@rfxn.com (C) 2015, Ryan MacDonald ryan@rfxn.com This program may be freely redistributed under the terms of the GNU GPL v2
cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.ndb’: No such file or directory cp: cannot stat ‘/usr/local/maldetect/sigs/lmd.user.hdb’: No such file or directory maldet(30475): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER) maldet(30475): {scan} building file list for /var/www/imscp/gui/, this might take awhile... maldet(30475): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6 maldet(30475): {scan} file list completed in 1s, found 5004 files... maldet(30475): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine... maldet(30475): {scan} scan of /var/www/imscp/gui/ (5004 files) in progress... maldet(30475): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details!
maldet(30475): {scan} scan completed on /var/www/imscp/gui/: files 5004, malware hits 0, cleaned hits 0, time 1s maldet(30475): {scan} scan report saved, to view run: maldet --report 150919-1945.30475
also after uninstall the files in /var/lib/clamav did not removed. root@admin:/var/lib/clamav# ls -la -rw-r--r-- 1 root root 598632 Sep 19 19:45 rfxn.hdb -rw-r--r-- 1 root root 437560 Sep 19 19:45 rfxn.ndb
update done, but link no recreated in clamav lib folder, how to add it again ?
@jcarnus the rfxn.* signatures should be copied into the clamav lib folder , not linked. The lmd.user* signatures will now only copy into the clamav lib folder when you have custom signatures defined.
https://github.com/rfxn/linux-malware-detect/commit/1c7f626800311fa9cbac6e1dd9d336a6ff1c64fb
@lgonzalez-silen Do you have custom signatures? The lmd.user.* signatures will now only copy into the clamav lib path when you have custom signatures created. The error output should now be suppressed in the latest commit, 'maldet -d' or pull from git and fresh install. Thanks!
@nanonettr The uninstall.sh has been updated to address this, Thanks!
No custom signatures, so great!
@rfxn thanks for your great efforts. Only one problem left.. When using maldet i got an error; "clamscan returned an error"
$ maldet -u -d -a /var/www/imscp/gui/ maldet(3725): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER) maldet(3725): {scan} building file list for /var/www/imscp/gui/, this might take awhile... maldet(3725): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6 maldet(3725): {scan} file list completed in 0s, found 5004 files... maldet(3725): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine... maldet(3725): {scan} scan of /var/www/imscp/gui/ (5004 files) in progress... maldet(3725): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details! maldet(3725): {scan} scan completed on /var/www/imscp/gui/: files 5004, malware hits 0, cleaned hits 0, time 1s maldet(3725): {scan} scan report saved, to view run: maldet --report 150919-2019.3725
$ maldet --report 150919-2019.3725 HOST: admin SCAN ID: 150919-2019.3725 STARTED: Sep 19 2015 20:19:35 +0300 COMPLETED: Sep 19 2015 20:19:36 +0300 ELAPSED: 1s [find: 0s]
PATH: /var/www/imscp/gui/ TOTAL FILES: 5004 TOTAL HITS: 0 TOTAL CLEANED: 0
Linux Malware Detect v1.5 < proj@rfxn.com >
$ cat /usr/local/maldetect/logs/clamscan_log Sep 19 20:19:35 admin clamscan start Sep 19 20:19:35 admin executed: /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/clamdscan --max-filesize=5M --max-scansize=5M -d /usr/local/maldetect/tmp/.runtime.user.3725.hdb -d /usr/local/maldetect/tmp/.runtime.user.3725.ndb -r --infected --no-summary -f /usr/local/maldetect/tmp/.find.3725 WARNING: Ignoring unsupported option --max-filesize WARNING: Ignoring unsupported option --max-scansize WARNING: Ignoring unsupported option --database (-d) WARNING: Ignoring unsupported option --database (-d) WARNING: Ignoring unsupported option --recursive (-r) Sep 19 20:19:36 admin clamscan end Sep 19 20:19:36 admin clamscan end
$ which clamscan /usr/bin/clamscan
$ dpkg -S /usr/bin/clamscan clamav: /usr/bin/clamscan
$ aptitude show clamav
Package: clamav
State: installed
Version: 0.98.7+dfsg-0ubuntu0.14.04.1
ah sorry. wrong package reported. it did not clamscan, it is "clamdscan"
root@admin:~# which clamdscan /usr/bin/clamdscan
root@admin:~# dpkg -S clamdscan clamav-daemon: /usr/share/man/man1/clamdscan.1.gz clamav-daemon: /usr/bin/clamdscan
root@admin:~# aptitude show clamav-daemon
Package: clamav-daemon
State: installed
Version: 0.98.7+dfsg-0ubuntu0.14.04.1
Ok seems to be good so right now Thanks for all a saturday :)
I just have one more request. From now on when you update, I don't mind the problems at all, but please respect the sanctity of read-only friday ;)
@captainwasabi totally understand and read-only friday I usually live and die by but at some point I need to find time to work on maldet and that is usually my weekends :D Will make an effort in the future to limit releases to Monday-Thur cycles.
Oh if you just work this on weekends then more power to you! Awesome stuff, release when you can.
Sent with AquaMail for Android http://www.aqua-mail.com
On September 19, 2015 6:31:06 PM Ryan MacDonald notifications@github.com wrote:
@captainwasabi totally understand and read-only friday I usually live and die by but at some point I need to find time to work on maldet and that is usually my weekends :D Will make an effort in the future to limit releases to Monday-Thur cycles.
Reply to this email directly or view it on GitHub: https://github.com/rfxn/linux-malware-detect/issues/58#issuecomment-141711707
It looks like when maldet updated at midnight as part of my daily scan and backup script it broke ClamAV. As this is on my mail server, and amavis uses clamAV to scan for viruses, this is preventing mail from being sent or delivered.
I've tried running freshclam, maldet -d, maldet -u, restarting clamav-daemon, restarting amavis, etc.
When I try to start ClamAV this is what I get:
service clamav-daemon start
LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/lmd.user.hdb LibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/lmd.user.hdb ERROR: Can't open file or directory [fail]
contents of /var/lib/clamav:
drwxr-xr-x 2 clamav clamav 4096 Sep 19 02:15 ./ drwxr-xr-x 59 root root 4096 Aug 26 07:41 ../ -rw-r--r-- 1 clamav clamav 407040 Aug 20 11:45 bytecode.cld -rw-r--r-- 1 clamav clamav 101435904 Sep 18 13:52 daily.cld lrwxrwxrwx 1 root root 38 Sep 19 00:01 lmd.user.hdb -> /usr/local/maldetect/sigs/lmd.user.hdb lrwxrwxrwx 1 root root 38 Sep 19 00:01 lmd.user.ndb -> /usr/local/maldetect/sigs/lmd.user.ndb -rw-r--r-- 1 clamav clamav 64720632 Sep 17 2013 main.cvd -rw------- 1 clamav clamav 1196 Sep 19 02:15 mirrors.dat lrwxrwxrwx 1 root root 34 Sep 19 00:01 rfxn.hdb -> /usr/local/maldetect/sigs/rfxn.hdb lrwxrwxrwx 1 root root 34 Sep 19 00:01 rfxn.ndb -> /usr/local/maldetect/sigs/rfxn.ndb
contents of /usr/local/maldetect/sigs:
ll /usr/local/maldetect/sigs total 2584 drwxr-xr-x 3 root root 4096 Sep 19 00:04 ./ drwxr-xr-x 11 root root 4096 Sep 19 02:10 ../ drwxr-xr-x 2 root root 4096 Sep 12 2013 appver/ -rw-r--r-- 1 root root 0 Sep 19 00:01 custom.hex.dat -rw-r--r-- 1 root root 0 Sep 19 00:01 custom.md5.dat -rw-r--r-- 1 root root 429904 Sep 18 18:18 hex.dat lrwxrwxrwx 1 root root 48 Sep 19 00:04 lmd.user.hdb -> /usr/local/maldetect/tmp/.runtime.user.13092.hdb lrwxrwxrwx 1 root root 48 Sep 19 00:04 lmd.user.ndb -> /usr/local/maldetect/tmp/.runtime.user.13092.ndb -rw-r--r-- 1 root root 14 Sep 19 00:01 maldet.sigs.ver -rw-r--r-- 1 root root 551001 Sep 18 18:18 md5.dat -rw-r--r-- 1 root root 602518 Sep 18 18:18 md5v2.dat -rw-r--r-- 1 root root 598632 Sep 18 18:18 rfxn.hdb -rw-r--r-- 1 root root 437560 Sep 18 18:18 rfxn.ndb
contents of /usr/local/maldetect/tmp:
ll /usr/local/maldetect/tmp total 8 drwxr-x--- 2 root root 4096 Sep 19 00:04 ./ drwxr-xr-x 11 root root 4096 Sep 19 02:10 ../ -rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.alert.hits -rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.clean.hits -rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.monitor.alert -rw-r--r-- 1 root root 0 Sep 19 00:01 .digest.susp.hits
so as you can see the .runtime.user.13092.* files are missing.
The error I'm getting in my /var/log/mail.log is:
Sep 19 02:08:52 pigeon amavis[4089]: (04089-06) (!)run_av (ClamAV-clamscan) FAILED - unexpected exit 2, output="LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/lmd.user.hdb\nLibClamAV Error: cli_loaddbdir(): error loading database /var/lib/clamav/lmd.user.hdb\nERROR: Can't open file or directory"
relevant lines from /var/log/clamav/clamav.log:
Fri Sep 18 22:17:23 2015 -> SelfCheck: Database status OK. Fri Sep 18 23:21:25 2015 -> SelfCheck: Database status OK. Sat Sep 19 00:01:35 2015 -> Reading databases from /var/lib/clamav Sat Sep 19 00:01:38 2015 -> ERROR: reload db failed: Can't open file or director y Sat Sep 19 00:01:38 2015 -> Terminating because of a fatal error. Sat Sep 19 00:01:38 2015 -> Pid file removed. Sat Sep 19 00:01:38 2015 -> --- Stopped at Sat Sep 19 00:01:38 2015 Sat Sep 19 00:01:38 2015 -> Socket file removed.
relevant lines from /usr/local/maldetect/logs/event_log
Sep 19 00:01:31 pigeon maldet(11534): {sigup} performing signature update check... Sep 19 00:01:31 pigeon maldet(11534): {sigup} local signature set is version 2015091828029 Sep 19 00:01:31 pigeon maldet(11534): {sigup} latest signature set already installed Sep 19 00:01:31 pigeon maldet(11237): {update} completed update v1.4.2 => v1.5, running signature updates... Sep 19 00:01:31 pigeon maldet(11619): {sigup} performing signature update check... Sep 19 00:01:31 pigeon maldet(11619): {sigup} local signature set is version 2015091828029 Sep 19 00:01:31 pigeon maldet(11619): {sigup} latest signature set already installed Sep 19 00:01:31 pigeon maldet(11237): {update} update and config import completed. Sep 19 00:01:31 pigeon maldet(11237): {sigup} performing signature update check... Sep 19 00:01:31 pigeon maldet(11237): {sigup} local signature set is version 2015091516329 Sep 19 00:01:31 pigeon maldet(11237): {sigup} new signature set (2015091828029) available Sep 19 00:01:32 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/md5.dat Sep 19 00:01:33 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/hex.dat Sep 19 00:01:34 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.ndb Sep 19 00:01:35 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/rfxn.hdb Sep 19 00:01:35 pigeon maldet(11237): {sigup} downloaded http://cdn.rfxn.com/downloads/maldet-clean.tgz Sep 19 00:01:35 pigeon maldet(11237): {sigup} signature set update completed Sep 19 00:01:35 pigeon maldet(11237): {sigup} 10822 signatures (8908 MD5 / 1914 HEX) Sep 19 00:01:36 pigeon maldet(11791): {scan} launching scan of /root changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress Sep 19 00:01:36 pigeon maldet(11791): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER) Sep 19 00:01:36 pigeon maldet(11791): {scan} building file list for /root of new/modified files from last 1 days, this might take awhile... Sep 19 00:01:36 pigeon maldet(11791): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6 Sep 19 00:01:36 pigeon maldet(11791): {scan} executed /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/find /root /tmp /var/tmp /dev/shm -maxdepth 15 -regextype posix-egrep -type f ( -mtime -1 -o -ctime -1 ) -size +24c -size -6947618c -not -perm 000 -not -regex "" -not -uid 0 -not -gid 0 Sep 19 00:01:37 pigeon maldet(11791): {scan} file list completed in 1s, found 69 files... Sep 19 00:01:37 pigeon maldet(11791): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine... Sep 19 00:01:37 pigeon maldet(11791): {scan} scan of /root (69 files) in progress... Sep 19 00:01:38 pigeon maldet(11791): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details!
relevant lines from /usr/local/maldetect/logs/clamscan_log:
Sep 19 00:01:37 pigeon clamscan start Sep 19 00:01:37 pigeon executed: /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/clamdscan --infected - -no-summary -f /usr/local/maldetect/tmp/.find.11791 ERROR: Communication error ERROR: Could not lookup : Servname not supported for ai_socktype ERROR: Could not lookup : Servname not supported for ai_socktype ERROR: Could not lookup : Servname not supported for ai_socktype . . . Sep 19 00:01:42 pigeon clamscan start Sep 19 00:01:42 pigeon executed: /usr/bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /usr/bin/clamdscan --max-filesiz e=5M --max-scansize=5M -d /usr/local/maldetect/tmp/.runtime.user.12047.hdb -d /usr/local/maldetect/tmp/.runtim e.user.12047.ndb -r --infected --no-summary -f /usr/local/maldetect/tmp/.find.12047 WARNING: Ignoring unsupported option --max-filesize WARNING: Ignoring unsupported option --max-scansize WARNING: Ignoring unsupported option --database (-d) WARNING: Ignoring unsupported option --database (-d) WARNING: Ignoring unsupported option --recursive (-r) ERROR: Could not lookup : Servname not supported for ai_socktype ERROR: Could not lookup : Servname not supported for ai_socktype ERROR: Could not lookup : Servname not supported for ai_socktype . . .
This is a MAJOR issue. for now I have disabled anti-virus checking in amavis like this:
Try this on Debian or Ubuntu:
Add a new file /etc/amavis/conf.d/90-custom
with the following content:
Code:
and restart amavisd.