[Debian|Jessie] ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan ABORTED, signal 6 (0006) at (eval 102) line 905

Debian, Linux, News, Open Source, Security

Con l’aggiornamento fatto ieri del clamav alla release 0.100.0+dfsg-0+deb8u1 di una Debian Jessie mi ritrovo nel log le seguenti linee

Jun 26 11:51:42 xxxx amavis[23548]: (23548-13) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Jun 26 11:51:43 xxxx amavis[23472]: (23472-13) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan ABORTED, signal 6 (0006) at (eval 102) line 905.
Jun 26 11:51:48 xxxx amavis[23548]: (23548-13) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can’t connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Jun 26 11:51:48 xxxx amavis[23548]: (23548-13) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 102) line 613.\n

ovviamente ripetute. Mentre invece lato mail viene aggiunto un tag ***UNCHECKED*** per segnalare che qualcosa non va lato server e in particolare l’antivirus non è in funzione.

Se instanzio lo status  dell’amavis ottengo:

Jun 26 11:46:48 xxxx amavis[23548]: (23548-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can’t connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Jun 26 11:46:49 xxxx amavis[23548]: (23548-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can’t connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Jun 26 11:46:49 xxxx amavis[23548]: (23548-12) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
Jun 26 11:46:55 xxxx amavis[23548]: (23548-12) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can’t connect to a UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Jun 26 11:46:55 xxxx amavis[23548]: (23548-12) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (All attempts (1) failed connecting to /var/run/clamav/clamd.ctl) at (eval 102) line 613.\n
Jun 26 11:46:55 xxxx amavis[23548]: (23548-12) (!)WARN: all primary virus scanners failed, considering backups
Jun 26 11:48:12 xxxx amavis[23548]: (23548-12) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan ABORTED, signal 6 (0006) at (eval 102) line 905.
Jun 26 11:48:12 xxxx amavis[23548]: (23548-12) (!!)AV: ALL VIRUS SCANNERS FAILED
Jun 26 11:48:17 xxxx amavis[23548]: (23548-12) Passed UNCHECKED {RelayedTaggedInbound}, [185.17.106.186]:54024 [185.221.173.26] <noreply@addlance.com> -> <gabriele.cicala@gabcicala.it>, Queue-ID: 3B3EA2C6006E, Message-ID: <2946eb4dcd6d95a532855b464a199823@localhost.localdomain>, mail_id: 9jT4Hg0Klc1Y, Hits: -0.485, size: 31106, queued_as: 3CB802C60082, dkim_sd=default:addlance.com, 88887 ms

Altra nota non di poco conto riguarda il file /var/run/clamav/clamd.ctl che appunto viene segnalato e che nonostante i vari riavvii del clamav ha un timestamp che non viene in alcun modo alterato.

I suggerimenti che si trovano in giro sulla rete sono per varie casistiche per cui bisogna riflettere quale fa al caso nostro. Nel mio caso ho pensato di tornare indietro rispetto ai suggerimenti dell’aptitude per qui son passata da un downgrade.

Dapprima ho pensato al solo clamav; ma poi ho scoperto non essere sufficiente. Per cui preso il log dell’aptitude

Aptitude 0.6.11: log report
Mon, Jun 25 2018 17:26:25 +0200

IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.

Will install 23 packages, and remove 0 packages.
2,584 kB of disk space will be freed
===============================================================================
……….
[UPGRADE] clamav:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
[UPGRADE] clamav-base:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
[UPGRADE] clamav-daemon:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
[UPGRADE] clamav-docs:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
[UPGRADE] clamav-freshclam:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
[UPGRADE] clamdscan:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
……….
[UPGRADE] libclamav7:amd64 0.99.2+dfsg-0+deb8u3 -> 0.100.0+dfsg-0+deb8u1
……….
===============================================================================

Log complete.

Son tornato indietro.

aptitude versions clamav
aptitude install clamav=0.99.2+dfsg-0+deb8u3

aptitude install clamav-base=0.99.2+dfsg-0+deb8u3
aptitude install clamav-daemon=0.99.2+dfsg-0+deb8u3
aptitude install clamav-docs=0.99.2+dfsg-0+deb8u3
aptitude install clamav-freshclam=0.99.2+dfsg-0+deb8u3
aptitude install clamdscan=0.99.2+dfsg-0+deb8u3
aptitude install libclamav7=0.99.2+dfsg-0+deb8u3

Ora il funzionameto del clamav ha ripreso correttamente. Ovviamente con un restart del daemon dell’amavis.

_______________

Aptitude 0.6.11: log report
Mon, Jun 25 2018 21:52:31 +0200

IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.

Will install 1 packages, and remove 0 packages.
177 kB of disk space will be used
===============================================================================
[DOWNGRADE] clamav:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
===============================================================================

Log complete.
Aptitude 0.6.11: log report
Tue, Jun 26 2018 11:51:13 +0200

IMPORTANT: this log only lists intended actions; actions which fail due to
dpkg problems may not be completed.

Will install 6 packages, and remove 0 packages.
1,597 kB of disk space will be used
===============================================================================
[DOWNGRADE] clamav-base:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
[DOWNGRADE] clamav-daemon:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
[DOWNGRADE] clamav-docs:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
[DOWNGRADE] clamav-freshclam:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
[DOWNGRADE] clamdscan:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
[DOWNGRADE] libclamav7:amd64 0.100.0+dfsg-0+deb8u1 -> 0.99.2+dfsg-0+deb8u3
[HOLD] clamav:amd64
===============================================================================

Log complete.

_______________

Related content:

  1. XML-RPC: come proteggersi
  2. How to get CKEditor 4.x working with the Drupal 7 WYSIWYG module
  3. Too many open files
  4. Dovecot e il problema “Too many open files”
  5. add-firmware-to.sh un utile script per integrare in Lenny il firmware delle bnx2

About the Author: glycerin