Clamd.conf ArchiveMaxCompressRatio (ClamAV Nub)
Apr 17, 2008
I have a VPS that started sending me emails last night (in mass) giving me failures saying
clamd failed @ Thu Apr 17 13:11:50 2008. A restart was attempted automagically.
I ran a yum update, and since the server isn't critical I just gave it a restart. Still getting the errors, I checked the boot.log file, where I saw errors like:
Apr 17 12:37:56 host exim: Starting clamd:
Apr 17 12:37:56 host clamd: ERROR: Parse error at line 299: Unknown option ArchiveMaxCompressionRatio.
Apr 17 12:37:56 host clamd: ERROR: Can't open/parse the config file /etc/clamd.conf
Apr 17 12:37:56 host exim: ERROR: Can't open/parse the config file /etc/clamd.conf
Apr 17 12:37:56 host exim: clamd startup failed
The clamd.conf file hasn't been edited since it was installed in August, I'm not sure why it decided to have issues now. So I just commented out the ArchiveMaxCompressionRatio directive in the config file to get it up and running again.
I have no knowledge of ClamAV (clamd), so I'm not sure exactly what it archives or how it compresses it, but I was just wondering if this will a) cause any noticeable issues and/or b) if theres a new directive equivalent to this one I should use instead (man just said "outdated").
View 6 Replies
ADVERTISEMENT
Jul 8, 2008
I guess most of you are familiar with clamAV but i wanna use this as a cpanel plugin and provide my customer the anti virus option in cpanel.. how do i do this?
ive already install clamAV on ym server.
View 9 Replies
View Related
Aug 21, 2006
malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
View 6 Replies
View Related
Jul 29, 2009
I can't update Clamav.
root@constan [~]# freshclam
sda1: write failed, user block limit reached.
ClamAV update process started at Sun Jul 26 15:56:52 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read http://www.clamav.net/support/faq
ERROR: chdir_tmp: Can't create directory ./clamav-1cb832b46c1c20fe798628ebf3ddf422
WARNING: Incremental update failed, trying to download main.cvd
getfile: Can't write 1448 bytes to /usr/share/clamav/clamav-917a563483a6171fe02eac0059852cbe
WARNING: Can't download main.cvd from database.clamav.net
View 5 Replies
View Related
Apr 8, 2009
It started with this error:
Bind reloading on server01 using rndc zone: [ns1.mydomain.net]
Error reloading bind on server01: rndc: connect failed: 127.0.0.1#953: connection refused
so i did the obvious checked the csf firewall to see if port 953 was enabled and it was
so i took a look at rndc.conf
Code:
root@server01 [~]# nano /etc/rndc.conf
#start of rndc.conf
key "rndc-key" {
algorithm hmac-md5;
secret "KLGSBmWZrev0I4fR4Tm4GXxdcYSTFzF23b1f9is1M=";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
# End of rndc.conf
# Use with the following in named.conf, adjusting the allow list as needed:
#key "rndc-key" {
# algorithm hmac-md5;
# secret "KLGSBmWZrev0I4fR4Tm4GXxdcYSTFzF23b1f9is1M=";
#};
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf
Then i took a look at named.conf
Code:
options {
/* make named use port 53 for the source of all queries, to allow
* firewalls to block all ports except 53:
*/
//query-source port 53;
/* We no longer enable this by default as the dns posion exploit
has forced many providers to open up their firewalls a bit */
// Put files that named is allowed to write in the data/ directory:
directory "/var/named"; // the default
pid-file "/var/run/named/named.pid";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
/* memstatistics-file "data/named_mem_stats.txt"; */
};
logging {
/* If you want to enable debugging, eg. using the 'rndc trace' command,
* named will try to write the 'named.run' file in the $directory (/var/named").
* By default, SELinux policy does not allow named to modify the /var/named" directory,
* so put the default debug log file in data/ :
*/
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the
// "default" view, which matches all clients.
//
// If named.conf contains any "view" clause, then all zones MUST be in a view;
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.
view "localhost_resolver" {
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
* If all you want is a caching-only nameserver, then you need only define this view:
*/
match-clients { 127.0.0.0/24; };
match-destinations { localhost; };
recursion yes;
zone "." IN {
type hint;
file "/var/named/named.ca";
};
/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";
};
View 5 Replies
View Related
Aug 3, 2008
I'm running WHM 11.15.0 cPanel 11.18.3-R21703 CENTOS Enterprise 4.5 i686 on virtuozzo - WHM X v3.1.0. I'm on a fully managed plan. Clamd has been using over 20% of my VPS's memory lately. I restart Exim and it drops it back to under 10% but it usually builds back up to 20% in an hour or so. My host basically says that this is the nature of the beast and is suggesting disabling clam altogether but I'm not sure if that's a good idea. I have never even received an email that had a virus removed by clam that I'm aware of. I'm pretty sure my clients are all using some sort of AV anyway. So maybe I don't need it?
View 4 Replies
View Related
Jul 13, 2007
we have a dedicated with 1 only customer that use server x mailing
we would disable clamd because is not used in this situation
we have disable, any day ago, from 'service manager' of WHM but now we see this under "today cpu usage":
Top Process %CPU 67.5 /usr/sbin/clamd
Top Process %CPU 44.0 /usr/bin/perl -w /usr/sbin/eximstats
Top Process %CPU 25.9 /usr/sbin/clamd
View 8 Replies
View Related
Jun 8, 2008
my box is down, in WHM is shown, that clamd is failed.
try to restart it
and got
Code:
root@host [~]# clamd restart
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
LibClamAV Error: cli_cvdload(): Can't create temporary directory /tmp/clamav-07c 775ef49c83a4a0a977c8a373c51a9
LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Unable to create tempor ary directory
ERROR: Unable to create temporary directory
View 10 Replies
View Related
Apr 20, 2009
We have an abnormal server load because of clamd.
View 4 Replies
View Related
Nov 9, 2009
Do yo uguys know how to skip CLAMD and SPAMD on local emails on cpanel server?
our clietns send emails internall too crazily, running clamd and spamd cause high load often
View 1 Replies
View Related
Dec 12, 2007
On 11/29/07, I posted the following question, but have received no replies to date:
Quote:
TITLE: Are frequent failure notices common with VPS hosting?
We have a VPS1 account at Liquid Web ($60/month). Below I have copied just the most recent series of failure notices (clamd, cpsrvd, exim, ftpd, mysql, pop, spamd). We tend to receive these by e-mail on a fairly regular basis, accompanied by the usual message "A restart was attempted automagicly."
Since March 2006, when we first switched our web host to LW, there have been well over a hundred of them.
My question is: Are such frequent failures commonplace (i.e.: benign) on a VPS, or should I be concerned about them?
I usually check our web site after receiving each notice, and it is always up by the time I get there. Nevertheless, it would be nice to know if all these occurrences are considered normal. For example, 19 exim failures over a 6.5-hour span on 9/29/07 do seem a bit extreme.
If anyone reading this thread is technically inclined, I'd like to know what process or hardware state is usually responsible for causing such failures.
FYI, I use cPanel in my web browser to administer the site from a Macintosh computer running OS 9.2.2. I have never used SSH, and have also never read any raw logs. If I did, I'm not sure what they would tell me about this, anyway.
I should also say that our site uses nowhere near the capacity provided by our VPS1 account. We are well below the maximum HD space and monthly allowable bandwidth. The site uses only standard HTML, text include files, and GIF/JPG graphics files; no streaming. There is only limited use of a CGI script for routine form submissions, and currently there are no PHP scripts running for BBs, calendars, blogs, chat rooms, or any MySQL databases being used. In short, I would think that the site places little load on the server or its processes.
I would greatly appreciate any feedback.
cpanel @ host.xxxxxx.net 9/9/07, 11:53 PM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:06 AM mysql on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:06 AM spamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:07 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:07 AM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:08 AM ftpd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:08 AM named on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/10/07, 2:08 AM pop on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/27/07, 11:42 PM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 12:59 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 1:09 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 1:30 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 1:39 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 1:58 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 2:10 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 2:22 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 2:31 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 2:41 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 2:50 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 3:00 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 3:09 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 3:40 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 3:50 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 3:59 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 7:09 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 7:19 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 7:28 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 9/29/07, 7:37 AM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 10/7/07, 11:41 PM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/8/07, 12:42 AM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/19/07, 12:37 PM exim on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/21/07, 12:43 AM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/22/07, 12:44 AM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/23/07, 12:42 AM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/25/07, 11:32 AM cpsrvd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/25/07, 11:44 AM pop on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/25/07, 12:06 PM spamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 11/29/07, 12:41 AM cpsrvd on host.xxxxxx.net failed
This morning, I received a total of 17 failure notices over the span of 2h19m, as follows:
cpanel @ host.xxxxxx.net 12/12/07, 3:26 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 3:36 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 3:44 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 3:53 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:02 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:11 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:19 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:28 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:36 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:45 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 4:53 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 5:02 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 5:11 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 5:19 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 5:28 AM clamd on host.xxxxxx.net failed
cpanel @ host.xxxxxx.net 12/12/07, 5:36 AM clamd on host.xxxxxx.net failed
cpanel@ host.xxxxxx.net 12/12/07, 5:45 AM clamd on host.xxxxxx.net failed
(Note that our real host name has been replaced above with "xxxxxx" to prevent possible spamming.)
I would appreciate any comments from experienced VPS customers or technicians, as to whether these incidences are considered normal with all VPS accounts, or if they might be indicative of a more severe problem with our web host's (Liquid Web) server.
As I mentioned on 11/29/07, "I use cPanel in my web browser to administer the site from a Macintosh computer running OS 9.2.2. I have never used SSH, and have also never read any raw logs. If I did, I'm not sure what they would tell me about this, anyway."
In the course of reading a number of posts in another WHT thread, there seems to be little agreement on the possible causes. Some have suggested that (1.) there may be "no space left on the device"; (2.) we may be "out of Semaphores" (I have no idea what those are!); (3.) we may be "out of RAM"; (4.) "/tmp is full"; or that (5.) "something is wrong with /tmp permission."
When I inquired in 2006 to Liquid Web's technical support about these recurrent failures, I was told that they are normal with this sort of hosting account. We pay them a hosting fee with the expectation of receiving an accurate diagnosis, but it would be very helpful to receive some impartial, third-party input.
View 2 Replies
View Related
Dec 12, 2008
ClamAV or AVG ?
which one is better ?
ClamAV or AVG
and how should i scan my folder with ClamAV ?
View 10 Replies
View Related
Apr 20, 2008
My hosting provider (which will go unnamed because I doubt they would appreciate me broadcasting the fact that their server-based antivirus software isn't working properly) is experiencing almost daily email delivery failures on multiple shared servers because ClamAV stops working. They say they are running the latest stable versions of exim and ClamAV, but that "there is no guarantee...that the clamav error will not happen again". Right around the time this started happening, there was an article on the ComputerWorld web site (http://www.computerworld.com/action/...icleId=9077638) about a ClamAV patch being released to fix a security vulnerability. I'm wondering whether that patch was buggy, and whether other hosting providers are having problems with ClamAV. (It would probably be a good idea not to mention any providers by name because of the security implications.)
View 8 Replies
View Related
Mar 10, 2007
Anybody have a version running on CentOS 4.4...if so what version...keeps complaining about libcrypt.so.5, libssl.so.5 and a few other things that are not updated yet on CentOS 4.4
View 3 Replies
View Related
Dec 6, 2007
I would like to ask whether should we use/enable the clamAV service on our VPS? I have read from several article, it said that ClamAV is pretty hungry on CPU/Memory resources.
I would like to know, do you use/enable the clamAV on your VPS? Or even don't have it installed on your VPS?
View 5 Replies
View Related
Mar 19, 2008
How can I disable clamav on cpanel server and make sure that it's not running
because when clamav is running the outlook is not working so I have to restart clamav every time.
View 6 Replies
View Related
Jun 21, 2007
I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?
View 8 Replies
View Related
Oct 31, 2008
How to Install ClamAV? ....
View 6 Replies
View Related
Apr 3, 2007
I installed ClamAv from WHM, but i can see some process name "Mail Scanner" in top command on my CentOs server ....
View 6 Replies
View Related
Apr 14, 2009
I run a CPanel environment, and want to know the best way to install and configure ClanAV. I know CPanel has an install for it under WHM, but is that the best way? How hard is it to keep updated and does it scan all directories for viruses ect...?
View 1 Replies
View Related
Oct 27, 2009
I normally use Win32 Clamav for scanning of viruses in servers but now it is no longer being maintained. Where can I find an equivalent? Or is there any step by step instructions on compiling it from source?
View 0 Replies
View Related
Sep 29, 2006
is there a antivirus i can use with cpanel apart from clamav? found a virus on my work pc this morning that was trying to send emails out so i want my cpanel server to prevent any emails with virus's going out.
i was told clamav would slow down my server so i thought about AVG and was just wondering what other people have installed.
View 0 Replies
View Related
Jul 18, 2009
I am running Clamav in Windows, it seems that the FreshClam is giving some errors when updating
ClamAV update process started at Sat Jul 18 13:20:41 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 51, sigs: 545035, f-level:
Downloading daily.cvd [ 99%]
ERROR: Can't rename c:clamavdata/clamav-8b0fa144b304158b0
e0c.clamtmp to daily.cvd: Permission denied
View 3 Replies
View Related
Dec 11, 2008
A few weeks ago I installed clamav using the cPanel "Manage Plug-Ins". It all seemed fine but my server load kept going ridiculously high. I couldn't work out what was wrong until I managed to get a ps aux when it was very high and found that clamd was using ridiculous amounts of memory/cpu. It's not such a big deal having it on my server, so I decide to uninstall it. After uninstalling it, MySQL started to randomly turn off regularly (around every 30 minutes). I tried forcing a cPanel update, updating the MySQL files, reinstalling MySQL, etc. but nothing has seemed to fix it. So as a last resort, I've reinstalled Clamav and now my MySQL is fine but my server load keeps going ridiculously high again; causing problems still.
Has anyone/cPanel ever experienced this problem? I need to find a solution as almost every account on my server uses MySQL as a basis for their website, so I can't have it going down even for less than a minute.
View 2 Replies
View Related
Oct 27, 2009
I've got ClamAV installed on my cPanel (Dedicated) server with a single site and would am having trouble setting up ClamAV to scan emails.
I installed it via WHM and have set it up in WHM to scan all items.
Ie: WHM -> Plugins -> Configure ClamAV Scanner -> Scan ALL items
After doing a few manual scans however (using 'clamscan -ri') I'm finding infections in the account mail folder.
1. Is there a good guide to setting up ClamAV on a cPanel serve do do automatic mail scanning? I was under the impression that ClamAV scans emails also however after doing some reading people seem to recommend MailScanner.
2. My logwatch is giving me the following error.
The ClamAV update process (freshclam daemon) was not running! If you no longer wish to run freshclam, deleting the freshclam.log file will suppress this error message.
The freshclam daemon wasn't running so I've started it (freshclam --daemon). I've also checked the freshclam.conf file and the logrile is set as follows:
UpdateLogFile /var/log/freshclam.log
View 7 Replies
View Related
Jan 23, 2007
I am looking into implementing an antivirus/spam relay server using Postfix + MailScanner + SpamAssassin. Does anyone here have experience with this kind of solution?
What kind of rough performance in messages/hour or messages/day could I expect from a server like this:
PowerEdge 2950
2x QuadCore Xeon E5320 (1.8GHz)
8GB RAM
4x 146GB 15,000rpm SAS in RAID 10
View 0 Replies
View Related
Apr 19, 2008
I installed clamavconnector from Plugins sections at WHM, but after installing, i dont see any option about Clamd or Clamav in WHM, where should I go to use this tool?
Im running latest release version + RHE 4
View 3 Replies
View Related
Jul 10, 2008
Ok so clamavconnector has been running for like 3hrs and this is a brand new server i just got yesterday so theres hardly any files but clamavconnector is using 99% of 1 of my CPUs which i think is a bit mad. You think its frozen or somthing and should i kill it or keep it running?
View 6 Replies
View Related
Apr 2, 2005
I am recently trying to install the ClamAV program onto my servers. Everything goes well and it is able to get installed but I am encountering some problems.
1) The program keeps recurring the scanning process on my /home directory and will not stop looping.... I waited for around 12 hours but it still keeps looping....
2) I have started the clamd and tested it out by loading a virus onto my server... Nothing happens... the file still is able to be uploaded and excuted....
Is there anyway for ClamAV to auto scan everything that gets uploaded or transmitted into the server? And also mail me its daily scan logs that is issue to be stored in a specific directory.
View 5 Replies
View Related
