HAVP Trouble, ClamAV is not starting


  • Hi together,

    I'm getting bad messages from my system log:

    Feb 16 22:44:40	havp[36891]: --- Initializing Clamd Socket Scanner
    Feb 16 22:44:40	havp[36891]: Running as user: havp, group: havp
    Feb 16 22:44:40	havp[36891]: === Mandatory locking disabled! KEEPBACK settings not used!
    Feb 16 22:44:40	havp[36891]: === Starting HAVP Version: 0.91
    ...
    Feb 16 22:45:40	havp[36891]: ERROR: Clamd Socket Scanner failed EICAR virus test! (Could not connect to scanner socket)
    Feb 16 22:45:40	havp[36891]: Clamd: Could not connect to scanner! Scanner down?
    

    Can anybody help, please?


  • I'm having similar problems for dansguardian package, too. No Content is being checked by clamAV.
    Does anybody can give me a hint where i could start searching for?

    ~maybe~ the problems with dansguardian could be the result of the problems i had before using havp. How can i remove clamav and all it's config by shell for a fresh dansguardian install (auto-depencies should reinstall it, right?)?

    I'm not firm with bsd commands - is it the common apt-get or what's running on here?

    Thanks in advance


  • You can run pkg_delete (package name) to manually remove a package.  You can add a -f before the package name to force it regardless of dependecies if needed.


  • is clamd running check if you have .pid and .sock in the /var/run/clamav/ directory?


  • @samham:

    is clamd running check if you have .pid and .sock in the /var/run/clamav/ directory?

    Could you explain this a bit more detailled, please? i only know 'ps' from ubuntu machine.


  • @wheelz:

    You can run pkg_delete (package name) to manually remove a package.  You can add a -f before the package name to force it regardless of dependecies if needed.

    Thanks very much - is pkg_list valid for listing installed Packages?


  • type in 'ls -l /var/run/clamav/' what is the output if nothing type 'clamd' what do you get?


  • @redflag237:

    @wheelz:

    You can run pkg_delete (package name) to manually remove a package.  You can add a -f before the package name to force it regardless of dependecies if needed.

    Thanks very much - is pkg_list valid for listing installed Packages?

    I believe so.  I don't have a system on hand to check right now, but you can try it.


  • @samham:

    type in 'ls -l /var/run/clamav/' what is the output if nothing type 'clamd' what do you get?

    Hi,
    There is nothing running.
    /var/run holds a large list, but clamd is missing.

    Any Ideas?


  • @redflag237:

    @samham:

    type in 'ls -l /var/run/clamav/' what is the output if nothing type 'clamd' what do you get?

    Hi,
    There is nothing running.
    /var/run holds a large list, but clamd is missing.

    Any Ideas?

    Okay, one pkg_delete later… :-)
    [2.0.2-RELEASE][admin@herakles.home]/root(2): ls -l /var/run/clamav
    -> total 0

    this is more than before. UNfortunately i cannot find any init.d folder, i would have tried restarting it manually.
    Any Ideas?


  • type clamd what do you get?


  • @samham:

    type clamd what do you get?

    Ah, interesting!
    Got following message:

    WARNING: Ignoring deprecated option MailFollowURLs at line 50
    LibClamAV Error: cli_loaddb(): No supported database files found in /var/db/clamav
    ERROR: Can't open file or directory
    
    

    I'm currently trying to use the Update option. Hopefully it helps, but the last Update was even this night.

    Update: In /var/db/clamav is only one file called mirrors.dat

    Update 2: manually running 'freshclam -v', error filesystem full.
    But…

    # df -h
    Filesystem           Size    Used   Avail Capacity  Mounted on
    /dev/ufs/pfsense0    908M    583M    252M    70%    /
    devfs                1.0K    1.0K      0B   100%    /dev
    /dev/md0              38M    3.8M     32M    11%    /tmp
    /dev/md1              58M     25M     28M    47%    /var
    /dev/ufs/cf           49M    4.8M     41M    11%    /cf
    devfs                1.0K    1.0K      0B   100%    /var/dhcpd/dev
    /dev/md10            357M     10K    329M     0%    /var/tmp/havpRAM
    

    there should be enough space left. Any Idea?

    And of course the full Message:

    Trying to download http://clamav.edpnet.net/main.cvd (IP: 212.71.0.66)
    Downloading main.cvd [ 97%]
    /var: write failed, filesystem is full
    getfile: Can't write 1440 bytes to /var/db/clamav/clamav-791a1aa09c0e56b68368f1047a2c156b/clamav-7839e6b13656db5b723773c445f34aab
    WARNING: Can't download main.cvd from clamav.edpnet.net
    cannot create /tmp/havp.freshclam.status: Permission denied
    
    

  • The file you are attempting to download (main.cvd) is 29 meg. Your /var filesystem has 28meg free. Hence your out of disk space error.

    What sort of device are you installing to?


  • @Gloom:

    The file you are attempting to download (main.cvd) is 29 meg. Your /var filesystem has 28meg free. Hence your out of disk space error.

    What sort of device are you installing to?

    It is a Watchguard Firebox, Embedded 4GB CF Card

    Okay, I deleted rdd and now it was enough space for the main.cvd, it is still not enough for the daily.cvd.
    Due to 1.5GB of RAM, i had the idea to use a tmpfs in RAM for storing the db. Including it in fstab and directly mounting /var/db/clamav to that ram-partition. 
    However, it will be refreshed frequently, so a reboot won't be that bad.

    Goal 1 Archieved: clamd is up and running. But DB Version is from 2011 :-(