Clamav Antivirus not working anymore after update

Windowseat · 25. Februar 2020

Hope anybody can help: A few days ago there was un update of the Clamav plugin and I run it. Since then it doesn't work anymore. It shows in the Dashboard that it is enabled but not running.

I use Putty to take a look and got the following after running: systemctl status clamav-daemon

● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: failed (Result: exit-code) since Tue 2020-02-25 12:51:01 CET; 35min ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 697 (code=exited, status=1/FAILURE)
Feb 25 12:50:26 CoolerMasterNAS systemd[1]: Starting Clam AntiVirus userspace daemon...
Feb 25 12:50:26 CoolerMasterNAS systemd[1]: Started Clam AntiVirus userspace daemon.
Feb 25 12:51:01 CoolerMasterNAS clamd[697]: Tue Feb 25 12:51:01 2020 -> !LOCAL: Socket file /var/run/clamav/clamd.ctl could not be bound: Permission denied
Feb 25 12:51:01 CoolerMasterNAS systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
Feb 25 12:51:01 CoolerMasterNAS systemd[1]: clamav-daemon.service: Unit entered failed state.
Feb 25 12:51:01 CoolerMasterNAS systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.
root@CoolerMasterNAS:/var/run/clamav#

I strongly believe it had to do with the update so I looked for others having the same issue but I found no other posts related to this.

Any ideas?
Thanks

votdev · 25. Februar 2020

Try to delete /var/run/clamav/clamd.ctl

Windowseat · 25. Februar 2020

Thanks for the response votdev,

The /var/run/clamav directory turns out to be empty...

It seems something went wrong with the permissions?

votdev · 25. Februar 2020

Are you using a Debian system with Apparmor?

Are you running the latest clamav? I do not see

Process: 627 ExecStartPre=/bin/chown root /run/clamav (code=exited, status=0/SUCCESS)
Process: 617 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS)

in the output.

Windowseat · 26. Februar 2020

Thanks votdev,

I have installed OMV 4 a long time ago and keep it updated through the OMV management only and regularly. I assume this means I am using the latest clamav.
There is nothing else on this server than OMV which is Debian based as I understood and I don't see Apparmor in the Plugins so I assume I am not using it.

This morning I tried to scan and got the following message which confirms there is no clamd.ctl in the directory /var/run/clamav/. Question is why not?

a putty into the /var/run reveals;

drwxr-xr-x 2 root root 40 Feb 25 12:50 clamav

-----------------------------------------------------------------------------------------------------------------------------
Please wait, scanning shared folder <GedeeldeMappen> ...

ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd.ctl: No such file or directory

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Done ...

----------------------------------------------------------------------------------------------------------------------------

Windowseat · 27. Februar 2020

Going through some other Clamav posts, I figured out that I have Apparmor installed and it is enabled;

root@CoolerMasterNAS:~# cat /sys/module/apparmor/parameters/enabled
Y

Checking the status of it however, doesn't work;

root@CoolerMasterNAS:~# sudo aa-status
sudo: aa-status: command not found

root@CoolerMasterNAS:~# ps auxZ | grep -v '^unconfined'
LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND

root@CoolerMasterNAS:~# sudo aa-unconfined
sudo: aa-unconfined: command not found

root@CoolerMasterNAS:~#

So, it seems I am having a deeper problem with Apparmor that causes the Clamav issues... I think!

votdev · 27. Februar 2020

No, apparmor is in the kernel or loaded via module, but it is not used. If the CLI tools are not available, then the apparmor package is not installed. That's the default behavior i know (all Debian systems i am using do not have Apparmor installed).

Related to your problem i am really out of ideas. I can not reproduce this on OMV4 and OMV5 systems.

Windowseat · 27. Februar 2020

Thanks for the Quick Response again!

I have deinstalled the clamav plugin and reinstalled but nothing helps.

Can I do a refresh of the latest OMV install without having to re-setup the entire server?

Windowseat · 27. Februar 2020

I just run another update of OMV 4 and noticed it did not update anything. So all is already up-to-date. I will continue to battle this and when I find a solution post it as a closure to this thread.

Windowseat · 27. Februar 2020

SOLVED:

First removed clamav Plugin from OMV
Then removed clamav using the terminal using "apt-get purge clamav-daemon"

Then reinstalled plugin and left it alone for an hour.

Then I found a response from you on May 26 2019 that sudgested to have ALL the users have privileges the Shared Folder that I wanted to scan...

Now it is running... thanks for the help!!

Erzi · 8. März 2020

Hello,

After I did the latest update on my OMV5 incl. OMV Extras today, I can no longer activate Antivirus. I have already uninstalled and reinstalled the plugin, but there is always an error message. I once hung them in an error.txt. Could you help me?

votdev · 9. März 2020

It seems that freshclam needs to download the virus definitions at first startup. The download does not happen in the specified time and the Salt SLS aborts. You can eaasily re-deploy the clamav state with omv-salt deploy run clamav. After that everything should work normally.

Erzi · 10. März 2020

Thanks! Now it works fine!!!

m4tt0 · 18. Mai 2020

Didn't work for me. I'm on 5.4.6-1 Usul, 5.5.0 backport kernel.

Clamav is activated but not running. From the log file it seems the clamav version is outddated and wants to update. During the start-up procedure clamav tries to create the /run/clamav directory, but creates it as root user, not as clamav user. It then fails with Socket file /run/clamav/clamd.ctl could not be bound: Permission denied.

I've tried...

- to deactivate and reactivate it

- to change the /run/clamav ownership to clamav while clamav was deactivated, and reactivating it again

- run omv-salt deploy run clamav

Nothing helps. It cannot bind the socket file. Any other ideas how to fix this?

m4tt0 · 19. Mai 2020

Fixed:

- I purged the installation of the antivirus extension via the OMV web-interface

- Manually deleted /etc/clamd (flagged as non-empty left-over from the purging process)

- Reinstalled and reconfigured the antivirus extension

Probably just some hick-up from the manual OMV 4 -> 5 upgrade.

mdmc · 20. Mai 2020

Zitat von m4tt0

- Manually deleted /etc/clamd (flagged as non-empty left-over from the purging process)

m4tt0 Matteo ... how did you delete the folder?

m4tt0 · 21. Mai 2020

I just used ssh to get on my NAS as root, executed cd /etc, and then rm -rf clamd.

Afterwards I closed the ssh session again, went back into the OMV web-interface and reinstalled the antivirus extension. Done.

Blueray · 15. August 2020

Have not installed CLAMAV plug-in yet and was wondering where and how do I get status and reports of the scan? Need to go to SSH or from OMV webpage? I am a newbie to OMV. Thanks in advance.

votdev · 15. August 2020

Zitat von Blueray

Have not installed CLAMAV plug-in yet and was wondering where and how do I get status and reports of the scan? Need to go to SSH or from OMV webpage? I am a newbie to OMV. Thanks in advance.

They will be sent via email.

Blueray · 15. August 2020

Thanks.

Jetzt mitmachen!