Clamav Antivirus not working anymore after update

  • Hope anybody can help: A few days ago there was un update of the Clamav plugin and I run it. Since then it doesn't work anymore. It shows in the Dashboard that it is enabled but not running.


    I use Putty to take a look and got the following after running: systemctl status clamav-daemon

    ● clamav-daemon.service - Clam AntiVirus userspace daemon
    Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
    Drop-In: /etc/systemd/system/clamav-daemon.service.d
    └─extend.conf
    Active: failed (Result: exit-code) since Tue 2020-02-25 12:51:01 CET; 35min ago
    Docs: man:clamd(8)
    man:clamd.conf(5)
    https://www.clamav.net/documents/
    Main PID: 697 (code=exited, status=1/FAILURE)
    Feb 25 12:50:26 CoolerMasterNAS systemd[1]: Starting Clam AntiVirus userspace daemon...
    Feb 25 12:50:26 CoolerMasterNAS systemd[1]: Started Clam AntiVirus userspace daemon.
    Feb 25 12:51:01 CoolerMasterNAS clamd[697]: Tue Feb 25 12:51:01 2020 -> !LOCAL: Socket file /var/run/clamav/clamd.ctl could not be bound: Permission denied
    Feb 25 12:51:01 CoolerMasterNAS systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
    Feb 25 12:51:01 CoolerMasterNAS systemd[1]: clamav-daemon.service: Unit entered failed state.
    Feb 25 12:51:01 CoolerMasterNAS systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.
    root@CoolerMasterNAS:/var/run/clamav#



    I strongly believe it had to do with the update so I looked for others having the same issue but I found no other posts related to this.


    Any ideas?
    Thanks

  • Are you using a Debian system with Apparmor?


    Are you running the latest clamav? I do not see


    Process: 627 ExecStartPre=/bin/chown root /run/clamav (code=exited, status=0/SUCCESS)
    Process: 617 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS)


    in the output.

  • Thanks votdev,


    I have installed OMV 4 a long time ago and keep it updated through the OMV management only and regularly. I assume this means I am using the latest clamav.
    There is nothing else on this server than OMV which is Debian based as I understood and I don't see Apparmor in the Plugins so I assume I am not using it.



    This morning I tried to scan and got the following message which confirms there is no clamd.ctl in the directory /var/run/clamav/. Question is why not?


    a putty into the /var/run reveals;


    drwxr-xr-x 2 root root 40 Feb 25 12:50 clamav



    -----------------------------------------------------------------------------------------------------------------------------
    Please wait, scanning shared folder <GedeeldeMappen> ...



    ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd.ctl: No such file or directory



    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Total errors: 1
    Time: 0.000 sec (0 m 0 s)
    Done ...


    ----------------------------------------------------------------------------------------------------------------------------

  • Going through some other Clamav posts, I figured out that I have Apparmor installed and it is enabled;


    root@CoolerMasterNAS:~# cat /sys/module/apparmor/parameters/enabled
    Y


    Checking the status of it however, doesn't work;


    root@CoolerMasterNAS:~# sudo aa-status
    sudo: aa-status: command not found


    root@CoolerMasterNAS:~# ps auxZ | grep -v '^unconfined'
    LABEL USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND


    root@CoolerMasterNAS:~# sudo aa-unconfined
    sudo: aa-unconfined: command not found


    root@CoolerMasterNAS:~#



    So, it seems I am having a deeper problem with Apparmor that causes the Clamav issues... I think!

  • No, apparmor is in the kernel or loaded via module, but it is not used. If the CLI tools are not available, then the apparmor package is not installed. That's the default behavior i know (all Debian systems i am using do not have Apparmor installed).


    Related to your problem i am really out of ideas. I can not reproduce this on OMV4 and OMV5 systems.

  • SOLVED:


    First removed clamav Plugin from OMV
    Then removed clamav using the terminal using "apt-get purge clamav-daemon"


    Then reinstalled plugin and left it alone for an hour.


    Then I found a response from you on May 26 2019 that sudgested to have ALL the users have privileges the Shared Folder that I wanted to scan...


    Now it is running... thanks for the help!!

  • Hello,


    After I did the latest update on my OMV5 incl. OMV Extras today, I can no longer activate Antivirus. I have already uninstalled and reinstalled the plugin, but there is always an error message. I once hung them in an error.txt. Could you help me?

    Files

    • error.txt

      (15.88 kB, downloaded 189 times, last: )

    omv 5.3.8-1 | 64 bit | 5.4.0.0 kernel | omvextras 5.2.5



    Asrock C2550D4I 16GB ECC

  • It seems that freshclam needs to download the virus definitions at first startup. The download does not happen in the specified time and the Salt SLS aborts. You can eaasily re-deploy the clamav state with omv-salt deploy run clamav. After that everything should work normally.

  • Didn't work for me. I'm on 5.4.6-1 Usul, 5.5.0 backport kernel.


    Clamav is activated but not running. From the log file it seems the clamav version is outddated and wants to update. During the start-up procedure clamav tries to create the /run/clamav directory, but creates it as root user, not as clamav user. It then fails with Socket file /run/clamav/clamd.ctl could not be bound: Permission denied.


    I've tried...

    - to deactivate and reactivate it

    - to change the /run/clamav ownership to clamav while clamav was deactivated, and reactivating it again

    - run omv-salt deploy run clamav


    Nothing helps. It cannot bind the socket file. Any other ideas how to fix this?

  • Fixed:

    - I purged the installation of the antivirus extension via the OMV web-interface

    - Manually deleted /etc/clamd (flagged as non-empty left-over from the purging process)

    - Reinstalled and reconfigured the antivirus extension


    Probably just some hick-up from the manual OMV 4 -> 5 upgrade.

  • I just used ssh to get on my NAS as root, executed cd /etc, and then rm -rf clamd.

    Afterwards I closed the ssh session again, went back into the OMV web-interface and reinstalled the antivirus extension. Done.

  • Have not installed CLAMAV plug-in yet and was wondering where and how do I get status and reports of the scan? Need to go to SSH or from OMV webpage? I am a newbie to OMV. Thanks in advance.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!