malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
I guess most of you are familiar with clamAV but i wanna use this as a cpanel plugin and provide my customer the anti virus option in cpanel.. how do i do this?
ive already install clamAV on ym server.
I have a VPS that started sending me emails last night (in mass) giving me failures saying
clamd failed @ Thu Apr 17 13:11:50 2008. A restart was attempted automagically.
I ran a yum update, and since the server isn't critical I just gave it a restart. Still getting the errors, I checked the boot.log file, where I saw errors like:
Apr 17 12:37:56 host exim: Starting clamd:
Apr 17 12:37:56 host clamd: ERROR: Parse error at line 299: Unknown option ArchiveMaxCompressionRatio.
Apr 17 12:37:56 host clamd: ERROR: Can't open/parse the config file /etc/clamd.conf
Apr 17 12:37:56 host exim: ERROR: Can't open/parse the config file /etc/clamd.conf
Apr 17 12:37:56 host exim: clamd startup failed
The clamd.conf file hasn't been edited since it was installed in August, I'm not sure why it decided to have issues now. So I just commented out the ArchiveMaxCompressionRatio directive in the config file to get it up and running again.
I have no knowledge of ClamAV (clamd), so I'm not sure exactly what it archives or how it compresses it, but I was just wondering if this will a) cause any noticeable issues and/or b) if theres a new directive equivalent to this one I should use instead (man just said "outdated").
I have ftp server (pure-ftp). with firewall.
i allowed 20 and 21 port in "CSF" firewall
now when i or our client connect to the server connection done.
and the they fire dir or ls command they will receive error
"425 Could not open data connection to port 2535: Connection timed out"
what is the problem.i have already allowed passive port 2500:3500 then why i received this types of error
I can't update Clamav.
root@constan [~]# freshclam
sda1: write failed, user block limit reached.
ClamAV update process started at Sun Jul 26 15:56:52 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read http://www.clamav.net/support/faq
ERROR: chdir_tmp: Can't create directory ./clamav-1cb832b46c1c20fe798628ebf3ddf422
WARNING: Incremental update failed, trying to download main.cvd
getfile: Can't write 1448 bytes to /usr/share/clamav/clamav-917a563483a6171fe02eac0059852cbe
WARNING: Can't download main.cvd from database.clamav.net
I’m running RHEL 3, Apache and Cpanel. When I ran: "netstat –an" I found this in the results:
tcp 0 0 11.11.111.229:49158 11.11.111.229:80 ESTABLISHED
tcp 0 0 11.11.111.229:49578 11.11.111.229:80 ESTABLISHED
If I’m reading this right these two unprivileged ports are open and talking to my privileged http port 80. Does this seem right? Why would these two ports on my machine have a connection. All this attention was sparked by abnormal spikes in load. Now I’m getting paranoid that something may be off even though I’m clean when scanning for rootkits etc…
We have a script that run for more day without problem Script connect to port 25
Now we get this:
Warning: fsockopen() [function.fsockopen]: unable to connect to my.domain.com:25 in /home/mydom/public_html/backend/go.php on line 47
Connection refused (111)
I want to connect to my mysql server from an external server. How can I open up port 3303 to enable external connection?
I am using Plesk on virtuozzo, with AFP.
I am looking for a way to put a rewrite condition into my configuration where I can poll an external web page and based on the http status code, allow the rewrite or not.
I am doing this in order to set a maintenance status on two different proxy servers, one is apache the other is a big-ip. I already have the maintenance pages and control setup on the big-ip, but I need a way to poll a url and pull a specific http status code served up by the big-ip.
Code:
$ md5sum sim-current.tar.gz
6c1cece6f3af87598c4bdb09cabcb3cc sim-current.tar.gz
Line 25, file: sim-2.5-3/setup
Code:
TMPS="/tmp/sim_cj"
Line 399, file sim-2.5-3/install/sim
Code:
cat $TMPS >> /etc/crontab
If a local user creates a symlink to that file, then writes to the sim_cj file being linked to, as SIM is being installed, they can influence the contents of /etc/crontab.
Contacted the vendor via email on 04/17/07, email bounced.
Opened a ticket via their helpdesk ~5 days ago, no response.
Again, this is only an issue during the install, which is an extremely small window of time. Any bug that could lead to root access should be fixed, however.
my support and sales mailbox almost get full of spam and advertise emails. i turned on spamassasin but it have not any effect..
i wondering to myself to delete support and sales mail account and create a new one with another spell ( for example something like supporting@website.com instead of support@website.com)
is there any way to get rid of these spams ?
How would I trace a malware file uploaded to a particular account? ....
View 2 Replies View Relatedin my server more than 5 sites got malware and gumblar.cn trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?
View 10 Replies View RelatedCan this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
My log is filling up with errors + 500 internal displaying:
2008-01-09 16:17:50: (mod_fastcgi.c.2703) fcgi-server re-enabled: unix:/tmp/php-fastcgi.socket-1
2008-01-09 16:17:59: (mod_fastcgi.c.1731) connect failed: Connection refused on unix:/tmp/php-fastcgi.socket-1
2008-01-09 16:17:59: (mod_fastcgi.c.2885) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 5
2008-01-09 16:18:05: (mod_fastcgi.c.2703) fcgi-server re-enabled: unix:/tmp/php-fastcgi.socket-1
2008-01-09 16:18:18: (mod_fastcgi.c.1731) connect failed: Connection refused on unix:/tmp/php-fastcgi.socket-1
2008-01-09 16:18:18: (mod_fastcgi.c.2885) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 5
2008-01-09 16:18:24: (mod_fastcgi.c.2703) fcgi-server re-enabled: unix:/tmp/php-fastcgi.socket-1
2008-01-09 16:18:33: (mod_fastcgi.c.1731) connect failed: Connection refused on unix:/tmp/php-fastcgi.socket-1
I have tried all sorts of combos.
Core2Duo 1 processor
Lighttpd 1.4.18
PHP 5.2.5
xcache 1.2.1
2gig ram
fastcgi.server = ( ".php" =>
( "localhost" =>
(
"socket" => "/tmp/php-fastcgi.socket",
"bin-path" => "/usr/local/php5/bin/php-cgi",
"min-procs" => 2,
"max-procs" => 6,
"bin-environment" => (
"PHP_FCGI_CHILDREN" => "10",
"PHP_FCGI_MAX_REQUESTS" => "1000"
)
)
)
Up till the last update Plesk was working correctly. After the latest update I can't send out mail in any form:
webmail, pop3, wordpress forms, etc.
This is the error message I get:
Command died with status 100: "/usr/bin/spamc".
Command output: Mail handler 'limit-out' said: REPLY:554:5.7.0
Your message could not be sent. The user spamfilter is not allowed to send email.
When I reverted back to the last snapshot before the update everything works fine again. But the automated update bot messes it all up again when it downloads the newer version.
Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
I'm running WHM 11.15.0 cPanel 11.18.3-R21703 CENTOS Enterprise 4.5 i686 on virtuozzo - WHM X v3.1.0. I'm on a fully managed plan. Clamd has been using over 20% of my VPS's memory lately. I restart Exim and it drops it back to under 10% but it usually builds back up to 20% in an hour or so. My host basically says that this is the nature of the beast and is suggesting disabling clam altogether but I'm not sure if that's a good idea. I have never even received an email that had a virus removed by clam that I'm aware of. I'm pretty sure my clients are all using some sort of AV anyway. So maybe I don't need it?
View 4 Replies View RelatedI've a dedicated server at ThePlanet / Servermatrix for the past few years and for the most part the service has been okay. Uptime has been good and support used to be fairly swift.
Early wednesday morning the primary hard drive in my server started dying. Throughout the day various services kept going up and down and overall the entire server was very unstable. I didn't get much movement from ThePlanet's support team - they would reboot the server, SSH and other services would come back online, and so they would close the ticket.
Thirty minutes after the reboot the HD would switch to read-only and stuff would start dying. So they finally recommended that I replace the HD and do an OS reload. I said fine as I had a backup of all of the accounts on a 2nd hard drive.
Well it took until 6am this morning for the OS reload to finally be completed, but when it was done apache was *completely* screwed up. WHM was up and running but if you went to the server IP address in the browser you got an error.
It turns out that something really badly went wrong with the OS reload but it took them hours before they even admitted that there was something wrong that needed more action. It's now 10pm and while email and other services are up, apache is still nonexistent.
When I try to run easyapache it barely starts before it errors out with a bunch of missing dependencies. I cannot instal GD and a bunch of other items, and I keep getting error messages that SSL isn't installed either.
Please visit [url] for help with this error.!
No original working apache backup to restore!
Executing '/scripts/initfpsuexec'!
Executing '/scripts/initsslhttpd'!
Compiling report...
Sending report (6304 bytes)...
If you want to create a support ticket with cPanel regarding this please reference 'BuildAP Report Id': '741873'!
Report processed.
Verbose logfile is at '/usr/local/cpanel/logs/easy/apache/build.1212079281'
----
seems the yum repo being used has bad files:
Error: Missing Dependency: zlib = 1.2.3-0 is needed by package zlib-devel
Error: Missing Dependency: libjpeg = 6b-0 is needed by package libjpeg-devel
--- -0 isn't a normal package id.
I can't even transfer my accounts off the server as that's also broken - I was going to all of the accounts off to my KnownHost VPS but I keep getting an authentication error ("sshcmdpermissiondeny") even though I'm definitely entering the correct root password.
Let me start off by saying I'm not here to trash TheNYNOC or anything of the sort, in fact they've been fairly pleasant to me sofar. But I'm wondering if anyone else is having problems with the recently advertised E7200 dedicated server special they've been advertising here at WHT?
When I first ordered my server a couple of weeks ago it was delayed an extra couple of days because they were having problems with the E7200 Core 2 Duos getting along with the motherboards they were using - no big deal, I know from experience that the E7200 is a great little C2D but it can be a real booger with certain motherboards. (Some boards still can't handle the new 45nm cores) But they finally got my server delivered and BOY was it FAST compared to my old Celeron 2.4ghz that I had at ExistHosting (now GoGax). I was one HAPPY camper.
Well tonight I come home from a party to dozens of emails from people saying half of my sites are down, email isn't responding, etc. Upon logging into the server I quickly discover that there is an apparent hardware failure of MASSIVE proportions going on. Half of the files on the server were missing, what was still there was corrupt, and almost every basic linux command resulted in a nasty I/O error.
Code:
Last login: Fri Aug 15 23:23:29 2008 from XXxxxx.swbell.net
[root@hammond ~]# fsck
-bash: /sbin/fsck: Input/output error
[root@hammond ~]# shutdown now
-bash: /sbin/shutdown: Input/output error
[root@hammond ~]# vi
Vim: Caught deadly signal BUS
Vim: Finished.
Bus error
[root@hammond ~]#
Before Vim completelystopped working I also spotted some errors in /var/log/messages complaining about a couple of bad sectors on /dev/sda1 and /dev/sda2 so I suppose I could have just gotten a bad HDD... I dunno though something seems weird.
So I'm wondering, has anyone else with this particular server from TheNYNoc been having problems after a few weeks, or am I just unlucky? Hopefully it's just a bad drive and not some weird exotic problem with the E7200 + mobo combination. I don't fancy having to setup my server a THIRD time in the next few weeks. A second time is going to be bad enough.
Dang it, I just had everything perfect the way I like it too.
we have a dedicated with 1 only customer that use server x mailing
we would disable clamd because is not used in this situation
we have disable, any day ago, from 'service manager' of WHM but now we see this under "today cpu usage":
Top Process %CPU 67.5 /usr/sbin/clamd
Top Process %CPU 44.0 /usr/bin/perl -w /usr/sbin/eximstats
Top Process %CPU 25.9 /usr/sbin/clamd
A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.
The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.
Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?
my box is down, in WHM is shown, that clamd is failed.
try to restart it
and got
Code:
root@host [~]# clamd restart
LibClamAV Warning: **************************************************
LibClamAV Warning: *** The virus database is older than 7 days! ***
LibClamAV Warning: *** Please update it as soon as possible. ***
LibClamAV Warning: **************************************************
LibClamAV Error: cli_cvdload(): Can't create temporary directory /tmp/clamav-07c 775ef49c83a4a0a977c8a373c51a9
LibClamAV Error: Can't load /usr/share/clamav/daily.cvd: Unable to create tempor ary directory
ERROR: Unable to create temporary directory
When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
We have an abnormal server load because of clamd.
View 4 Replies View RelatedDo yo uguys know how to skip CLAMD and SPAMD on local emails on cpanel server?
our clietns send emails internall too crazily, running clamd and spamd cause high load often