# ClamAV startet nicht



## FraMic (1. Nov. 2016)

Hallo zusammen,
bin neu hier und versuche, nach langer Recherche bei G**gle, hier in diesem Forum Hilfe zu bekommen.
Habe voriges Jahr mit Hilfe der Anleitung Perfect Server Debian Jessie einen kleinen VServer (OpenVZ) mit 1GB Ram aufgesetzt.

Zum Problem:
Nach Update von ClamAV 0.99.2, erhalte ich folgende Fehlermeldung in der mail.log und versuche seitdem vergeblich, das in den Griff zu bekommen:

```
Nov  1 09:18:05 alpha amavis[26833]: (26833-08) (!)ClamAV-clamd av-scanner FAILED: run_av error: ask_daemon_internal: Exceeded allowed time at (eval 102) line 611.\n
Nov  1 09:18:05 alpha amavis[26833]: (26833-08) (!)WARN: all primary virus scanners failed, considering backups
Nov  1 09:18:07 alpha amavis[26833]: (26833-08) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan KILLED, signal 9 (0009) at (eval 102) line 905.
Nov  1 09:18:07 alpha amavis[26833]: (26833-08) (!!)AV: ALL VIRUS SCANNERS FAILED
```
Ich bin für jeden Hinweis und für jegliche Hilfe wie ich ClamAV zum Laufen bringe dankbar.

Viele Grüße
FraMic


----------



## FraMic (1. Nov. 2016)

Anbei die Ausgabe der Konfiguration mit Hilfe des Threads für neue Postings:

```
##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.1.1p1


##### VERSION CHECK #####

[INFO] php (cli) version is 5.6.27-0+deb8u1
[INFO] php-cgi (used for cgi php in default vhost!) is version 5.6.27-0+deb8u1

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
  Apache 2 (PID 1102)
[INFO] I found the following mail server(s):
  Postfix (PID 19905)
[INFO] I found the following pop3 server(s):
  Dovecot (PID 16198)
[INFO] I found the following imap server(s):
  Unknown process (init) (PID 1)
  Dovecot (PID 16198)
[INFO] I found the following ftp server(s):
  PureFTP (PID 3319)

##### LISTENING PORTS #####
Server)  ()
Local  (Address)
[anywhere]:21  (3319/pure-ftpd)
[anywhere]:22  (442/sshd)
[anywhere]:25  (19905/master)
[anywhere]:2812  (526/monit)
[anywhere]:993  (1/init)
[anywhere]:995  (16198/dovecot)
[localhost]:8999  (440/php-fpm.conf))
[localhost]:10024  (14577/amavisd-new)
[localhost]:10025  (19905/master)
[localhost]:3306  (21765/mysqld)
[localhost]:10026  (14577/amavisd-new)
[localhost]:10027  (19905/master)
[anywhere]:587  (19905/master)
[localhost]:11211  (445/memcached)
[anywhere]:110  (16198/dovecot)
[anywhere]:143  (1/init)
[anywhere]:465  (19905/master)
*:*:*:*::*:21  (3319/pure-ftpd)
*:*:*:*::*:4949  (685/perl)
*:*:*:*::*:22  (442/sshd)
*:*:*:*::*:25  (19905/master)
*:*:*:*::*:443  (1102/apache2)
*:*:*:*::*:993  (16198/dovecot)
*:*:*:*::*:995  (16198/dovecot)
*:*:*:*::*:10024  (14577/amavisd-new)
*:*:*:*::*:10026  (14577/amavisd-new)
*:*:*:*::*:587  (19905/master)
[localhost]10  (16198/dovecot)
[localhost]43  (16198/dovecot)
*:*:*:*::*:8080  (1102/apache2)
*:*:*:*::*:80  (1102/apache2)
*:*:*:*::*:465  (19905/master)
*:*:*:*::*:8081  (1102/apache2)

##### IPTABLES #####
Chain INPUT (policy DROP)
target  prot opt source  destination   
droplist  all  --  [anywhere]/0  [anywhere]/0   
fail2ban-joomla-error  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 80,443
fail2ban-postfix-sasl  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 25
fail2ban-dovecot-pop3imap  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 110,995,143,993
fail2ban-pureftpd  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 21
fail2ban-dovecot  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 25,465,587,143,220,993,110,995
fail2ban-sasl  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 25,465,587,143,220,993,110,995
fail2ban-postfix  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 25,465,587
fail2ban-ssh  tcp  --  [anywhere]/0  [anywhere]/0  multiport dports 22
DROP  tcp  --  [anywhere]/0  ***.***.***.***/8   
ACCEPT  all  --  [anywhere]/0  [anywhere]/0  state RELATED,ESTABLISHED
ACCEPT  all  --  [anywhere]/0  [anywhere]/0   
DROP  all  --  ***.***.***.***/4  [anywhere]/0   
PUB_IN  all  --  [anywhere]/0  [anywhere]/0   
PUB_IN  all  --  [anywhere]/0  [anywhere]/0   
PUB_IN  all  --  [anywhere]/0  [anywhere]/0   
PUB_IN  all  --  [anywhere]/0  [anywhere]/0   
PUB_IN  all  --  [anywhere]/0  [anywhere]/0   
PUB_IN  all  --  [anywhere]/0  [anywhere]/0   
DROP  all  --  [anywhere]/0  [anywhere]/0   

Chain FORWARD (policy DROP)
target  prot opt source  destination   
droplist  all  --  [anywhere]/0  [anywhere]/0   
ACCEPT  all  --  [anywhere]/0  [anywhere]/0  state RELATED,ESTABLISHED
DROP  all  --  [anywhere]/0  [anywhere]/0   

Chain OUTPUT (policy ACCEPT)
target  prot opt source  destination   
droplist  all  --  [anywhere]/0  [anywhere]/0   
PUB_OUT  all  --  [anywhere]/0  [anywhere]/0   
PUB_OUT  all  --  [anywhere]/0  [anywhere]/0   
PUB_OUT  all  --  [anywhere]/0  [anywhere]/0   
PUB_OUT  all  --  [anywhere]/0  [anywhere]/0   
PUB_OUT  all  --  [anywhere]/0  [anywhere]/0   
PUB_OUT  all  --  [anywhere]/0  [anywhere]/0   

Chain INT_IN (0 references)
target  prot opt source  destination   
ACCEPT  icmp --  [anywhere]/0  [anywhere]/0   
DROP  all  --  [anywhere]/0  [anywhere]/0   

Chain INT_OUT (0 references)
target  prot opt source  destination   
ACCEPT  icmp --  [anywhere]/0  [anywhere]/0   
ACCEPT  all  --  [anywhere]/0  [anywhere]/0   

Chain PAROLE (18 references)
target  prot opt source  destination   
ACCEPT  all  --  [anywhere]/0  [anywhere]/0   

Chain PUB_IN (6 references)
target  prot opt source  destination   
ACCEPT  icmp --  [anywhere]/0  [anywhere]/0  icmptype 3
ACCEPT  icmp --  [anywhere]/0  [anywhere]/0  icmptype 0
ACCEPT  icmp --  [anywhere]/0  [anywhere]/0  icmptype 11
ACCEPT  icmp --  [anywhere]/0  [anywhere]/0  icmptype 8
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:20
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:21
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:22
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:25
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:53
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:80
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:110
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:143
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:443
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:587
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:993
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:995
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:2812
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:3306
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:8080
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:8081
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpt:10000
PAROLE  tcp  --  [anywhere]/0  [anywhere]/0  tcp dpts:40110:40210
ACCEPT  udp  --  [anywhere]/0  [anywhere]/0  udp dpt:53
ACCEPT  udp  --  [anywhere]/0  [anywhere]/0  udp dpt:3306
DROP  icmp --  [anywhere]/0  [anywhere]/0   
DROP  all  --  [anywhere]/0  [anywhere]/0   

Chain PUB_OUT (6 references)
target  prot opt source  destination   
ACCEPT  all  --  [anywhere]/0  [anywhere]/0   

Chain droplist (3 references)
target  prot opt source  destination   
LOG  all  --  ***.***.***.***/21  [anywhere]/0  LOG flags 0 level 4 prefix "IPTables: droplist "
DROP  all  --  ***.***.***.***/21  [anywhere]/0   
... plus weitere 55000 Einträge: Länderlisten (CN, BR, UA, HU, RU)   
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-dovecot (1 references)
target  prot opt source  destination   
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-dovecot-pop3imap (1 references)
target  prot opt source  destination   
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-joomla-error (1 references)
target  prot opt source  destination   
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-postfix (1 references)
target  prot opt source  destination   
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-postfix-sasl (1 references)
target  prot opt source  destination   
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-pureftpd (1 references)
target  prot opt source  destination   
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-sasl (1 references)
target  prot opt source  destination   
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
RETURN  all  --  [anywhere]/0  [anywhere]/0   

Chain fail2ban-ssh (1 references)
target  prot opt source  destination   
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
REJECT  all  --  ***.***.***.***  [anywhere]/0  reject-with icmp-port-unreachable
RETURN  all  --  [anywhere]/0  [anywhere]/0
```


----------



## florian030 (1. Nov. 2016)

Starte mal clamav. /etc/init.d/clamav-daemon start


----------



## FraMic (1. Nov. 2016)

Hallo Florian,
Danke für Deine Unterstützung!
Leider konnte ich hier nur 10.000 Zeichen posten, hatte bereits sämtliche logs und Info´s mit beigepackt.

Die Abfrage mit
# systemctl status clamav-daemon.service -l
liefert folgendes Ergebnis:

```
● clamav-daemon.service - Clam AntiVirus userspace daemon
  Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
  Active: failed (Result: signal) since Di 2016-11-01 08:45:19 CET; 47s ago
  Docs: man:clamd(8)
  man:clamd.conf(5)
  http://www.clamav.net/lang/en/doc/
  Process: 18083 ExecStart=/usr/sbin/clamd --foreground=true (code=killed, signal=KILL)
 Main PID: 18083 (code=killed, signal=KILL)

Nov 01 08:45:16 alpha systemd[1]: Started Clam AntiVirus userspace daemon.
Nov 01 08:45:19 alpha systemd[1]: clamav-daemon.service: main process exited, code=killed, status=9/KILL
Nov 01 08:45:19 alpha systemd[1]: Unit clamav-daemon.service entered failed state.
```
Nach Neustart mit
# service clamav-daemon start
wird freundlicher Weise folgendes ausgegeben:

```
root@alpha:~# systemctl status clamav-daemon.service -l
● clamav-daemon.service - Clam AntiVirus userspace daemon
  Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled)
  Active: active (running) since Di 2016-11-01 09:20:04 CET; 751ms ago
  Docs: man:clamd(8)
  man:clamd.conf(5)
  http://www.clamav.net/lang/en/doc/
 Main PID: 23012 (clamd)
  CGroup: /system.slice/clamav-daemon.service
  └─23012 /usr/sbin/clamd --foreground=true

Nov 01 09:20:04 alpha systemd[1]: Unit clamav-daemon.service entered failed state.
Nov 01 09:20:04 alpha systemd[1]: Starting Clam AntiVirus userspace daemon...
Nov 01 09:20:04 alpha systemd[1]: Started Clam AntiVirus userspace daemon.
```
... jedoch endet der Prozess nach einer Sekunde und wird unverzüglich neu gestartet (bis er nach unbestimmter Zeit aufgibt !)
er hängt also in einer permanenten Loop, erzeugt Serverlast und funktioniert nicht ...

Die clamav.log ist deshalb inzwischen 9MB groß und verfügt über 120000 Zeilen, daher nachfolgend nur ein Ausschnitt nach dem Neustart.

```
Tue Nov  1 10:24:29 2016 -> +++ Started at Tue Nov  1 10:24:29 2016
Tue Nov  1 10:24:29 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:24:29 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:24:29 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:24:29 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:24:29 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:24:29 2016 -> Not loading PUA signatures.
Tue Nov  1 10:24:29 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:24:38 2016 -> Loaded 5018129 signatures.
Tue Nov  1 10:24:42 2016 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
Tue Nov  1 10:24:42 2016 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.
Tue Nov  1 10:24:42 2016 -> Limits: Global size limit set to 104857600 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: File size limit set to 26214400 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: Recursion level limit set to 16.
Tue Nov  1 10:24:42 2016 -> Limits: Files limit set to 10000.
Tue Nov  1 10:24:42 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: MaxScriptNormalize limit set to 5242880 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Tue Nov  1 10:24:42 2016 -> Limits: MaxPartitions limit set to 50.
Tue Nov  1 10:24:42 2016 -> Limits: MaxIconsPE limit set to 100.
Tue Nov  1 10:24:42 2016 -> Limits: MaxRecHWP3 limit set to 16.
Tue Nov  1 10:24:42 2016 -> Limits: PCREMatchLimit limit set to 10000.
Tue Nov  1 10:24:42 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
Tue Nov  1 10:24:42 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
Tue Nov  1 10:24:42 2016 -> Archive support enabled.
Tue Nov  1 10:24:42 2016 -> Algorithmic detection enabled.
Tue Nov  1 10:24:42 2016 -> Portable Executable support enabled.
Tue Nov  1 10:24:42 2016 -> ELF support enabled.
Tue Nov  1 10:24:42 2016 -> Mail files support enabled.
Tue Nov  1 10:24:42 2016 -> OLE2 support enabled.
Tue Nov  1 10:24:42 2016 -> PDF support enabled.
Tue Nov  1 10:24:42 2016 -> SWF support enabled.
Tue Nov  1 10:24:42 2016 -> HTML support enabled.
Tue Nov  1 10:24:42 2016 -> XMLDOCS support enabled.
Tue Nov  1 10:24:42 2016 -> HWP3 support enabled.
Tue Nov  1 10:24:42 2016 -> Self checking every 3600 seconds.
Tue Nov  1 10:24:44 2016 -> +++ Started at Tue Nov  1 10:24:44 2016
Tue Nov  1 10:24:44 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:24:44 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:24:44 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:24:44 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:24:44 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:24:44 2016 -> Not loading PUA signatures.
Tue Nov  1 10:24:44 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:24:50 2016 -> Loaded 5018129 signatures.
Tue Nov  1 10:24:51 2016 -> +++ Started at Tue Nov  1 10:24:51 2016
Tue Nov  1 10:24:51 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:24:51 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:24:51 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:24:51 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:24:51 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:24:51 2016 -> Not loading PUA signatures.
Tue Nov  1 10:24:51 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:24:57 2016 -> Loaded 5018129 signatures.
usw. usw.
Tue Nov  1 10:37:28 2016 -> +++ Started at Tue Nov  1 10:37:28 2016
Tue Nov  1 10:37:28 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:37:28 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:37:28 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:37:28 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:37:28 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:37:28 2016 -> Not loading PUA signatures.
Tue Nov  1 10:37:28 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:37:32 2016 -> +++ Started at Tue Nov  1 10:37:32 2016
Tue Nov  1 10:37:32 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:37:32 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:37:32 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:37:32 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:37:32 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:37:32 2016 -> Not loading PUA signatures.
Tue Nov  1 10:37:32 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:37:37 2016 -> +++ Started at Tue Nov  1 10:37:37 2016
Tue Nov  1 10:37:37 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:37:37 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:37:37 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:37:37 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:37:37 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:37:37 2016 -> Not loading PUA signatures.
Tue Nov  1 10:37:37 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:37:42 2016 -> +++ Started at Tue Nov  1 10:37:42 2016
Tue Nov  1 10:37:42 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:37:42 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:37:42 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:37:42 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:37:42 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:37:42 2016 -> Not loading PUA signatures.
Tue Nov  1 10:37:42 2016 -> Bytecode: Security mode set to "TrustSigned".
Tue Nov  1 10:37:47 2016 -> +++ Started at Tue Nov  1 10:37:47 2016
Tue Nov  1 10:37:47 2016 -> Received 1 file descriptor(s) from systemd.
Tue Nov  1 10:37:47 2016 -> clamd daemon 0.99.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Tue Nov  1 10:37:47 2016 -> Running as user clamav (UID 110, GID 117)
Tue Nov  1 10:37:47 2016 -> Log file size limited to 4294967295 bytes.
Tue Nov  1 10:37:47 2016 -> Reading databases from /var/lib/clamav
Tue Nov  1 10:37:47 2016 -> Not loading PUA signatures.
Tue Nov  1 10:37:47 2016 -> Bytecode: Security mode set to "TrustSigned".
```

sorry, dass ich hier "Scheibchenweise" komme ...


----------



## FraMic (1. Nov. 2016)

Zusätzlich noch das wichtigste aus der freshclam.log:

```
Tue Nov  1 07:17:08 2016 -> --------------------------------------
Tue Nov  1 08:17:08 2016 -> Received signal: wake up
Tue Nov  1 08:17:08 2016 -> ClamAV update process started at Tue Nov  1 08:17:08 2016
Tue Nov  1 08:17:08 2016 -> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Tue Nov  1 08:17:08 2016 -> Downloading daily-22463.cdiff [100%]
Tue Nov  1 08:17:10 2016 -> daily.cld updated (version: 22463, sigs: 804704, f-level: 63, builder: neo)
Tue Nov  1 08:17:10 2016 -> bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
Tue Nov  1 08:17:13 2016 -> Database updated (5023547 signatures) from db.local.clamav.net (IP: 145.58.29.83)
Tue Nov  1 08:17:13 2016 -> WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory
Tue Nov  1 08:17:13 2016 -> --------------------------------------
Tue Nov  1 09:17:13 2016 -> Received signal: wake up
Tue Nov  1 09:17:13 2016 -> ClamAV update process started at Tue Nov  1 09:17:13 2016
Tue Nov  1 09:17:13 2016 -> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Tue Nov  1 09:17:13 2016 -> daily.cld is up to date (version: 22463, sigs: 804704, f-level: 63, builder: neo)
Tue Nov  1 09:17:13 2016 -> bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
Tue Nov  1 09:17:13 2016 -> --------------------------------------
Tue Nov  1 10:17:13 2016 -> Received signal: wake up
Tue Nov  1 10:17:13 2016 -> ClamAV update process started at Tue Nov  1 10:17:13 2016
Tue Nov  1 10:17:13 2016 -> main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Tue Nov  1 10:17:13 2016 -> daily.cld is up to date (version: 22463, sigs: 804704, f-level: 63, builder: neo)
Tue Nov  1 10:17:13 2016 -> bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
Tue Nov  1 10:17:13 2016 -> --------------------------------------
```


----------



## FraMic (1. Nov. 2016)

Falls noch zusätzliche Info benötigt werden, hier nocht die clamav.conf:

```
#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
# AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
DetectBrokenExecutables false
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 5
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
ScanOnAccess false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StatsEnabled false
StatsPEDisabled true
StatsHostID auto
StatsTimeout 10
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
```
Auch "AllowSupplementaryGroups true" hat nichts gebracht
und hier noch die freshclam.conf

```
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package

DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
```
Wie gesagt, Ich bin für jeden Hinweis und für jegliche Hilfe wie ich ClamAV zum Laufen bringe, dankbar.

Hatte in einem Forumsbeitrag hier auf HowToForge von Mitte diesen Jahres gelesen, dass es ein BUG sein kann.
Finde aber leider die Thread-Nummer nicht mehr ...

Viele Grüße
FraMic


----------



## florian030 (1. Nov. 2016)

halte mal clamad-daemon und clamav-freshclam an und lass dann freshclam -v laufen, um die db zu aktualisieren


----------



## FraMic (1. Nov. 2016)

hatte ich bereits gemacht, auch komplett gelöscht und neu geladen: ohne Erfolg!
Dennoch:

```
root@alpha:~# service clamav-daemon stop
root@alpha:~# service clamav-freshclam stop
root@alpha:~# freshclam -v
Current working dir is /var/lib/clamav
Max retries == 5
ClamAV update process started at Tue Nov  1 18:07:47 2016
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 1139
Software version from DNS: 0.99.2
main.cvd version from DNS: 57
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
daily.cvd version from DNS: 22465
daily.cld is up to date (version: 22465, sigs: 808168, f-level: 63, builder: neo)
bytecode.cvd version from DNS: 283
bytecode.cvd is up to date (version: 283, sigs: 53, f-level: 63, builder: neo)
```
Irgendetwas killed den Prozess, anschließend versucht er wieder selber zu starten ...
und das seit dem Update auf 0.99.2
Gruß
Frank


----------



## FraMic (1. Nov. 2016)

... habs wieder gefunden ... :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824042
Könnte es damit zu tun haben und: sollte ich auf die unstable clamav/0.99.2+dfsg-3 updaten?
Zur Zeit läuft die Offizielle clamav/0.99.2+dfsg-0

Gruß
Frank


----------



## florian030 (2. Nov. 2016)

Bei mir läuft die Version aber möglich ist alles. Du kannst aber auch clamav und freshclam stoppen und dann nachsehen, ob viellecht noch andere Prozesse mit dem Namen laufen und die dann ggf. beenden.


----------



## FraMic (2. Nov. 2016)

Hallo Florian,
nach intensiver Suche und zahlreichen Versuchen sieht es jetzt danach aus, dass es am zu geringen RAM von 1GB liegt.
# free -m sagt: 3MB von 1024 frei
Mit HTOP war es für mich etwas verwirrend zu erkennen.
Jetzt heisst es wohl: Speicher sparen oder aufrüsten!
Viele Grüße
Frank


----------



## florian030 (2. Nov. 2016)

1GB ist für einen Mailserver schon sehr wenig..


----------



## FraMic (3. Nov. 2016)

So, dieses Thema ist gelöst:
Nach 22h läuft der Server ohne Fehler durch!
Es hat definitiv am mangelnden Speicher gelegen.
Der im Paket enthaltene SWAP von 1GB war nicht richtig konfiguriert und konnte bis gestern nicht genutzt werden.
Ein bisschen anpassen der MySQL my.conf brachte auch schon Einsparungen.
Die clamav/0.99.2+dfsg-4 ist wieder runter, jetzt ist wieder die stable drauf.
@Florian: Danke für die Unterstützung!
Viele Grüße
Frank


----------

