Receiving ClamAV notifications despite plug-in not installed

Hello Forum!

I am experiencing a quite unusual problem and I am at lost regarding how to solve it. A year ago or so I installed ClamAV in my server since I gave my parents access to it. Shortly after, they didn't required access any longer so decided to uninstall ClamAV. At the time, the server was running OMV 5.

Fast forward to last week. I upgraded my server to version 6 and decided to activate notifications. To my surprise, I am getting 60+ notifications early in the morning with error message from ClamAV telling me that it cannot scan a folder (the one I originally shared with my parents and that was being monitored a year ago):

ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd.ctl: No such file or directory

As far as I recalled I had uninstalled the plugin. So I checked again and the plugin was indeed not installed. I checked the scheduled jobs, but there was no task related to ClamAV. I tried installing the plugin and uninstalling it again, but the problem still persists.

In my humble understanding of how OMV works, I suspect that there is a zombie cron job somewhere trying to run a scan or monitor a folder every day at 4:00 am. It fails of course since the plug in is not available, and then it generates a zillion notifications that end up in my inbox.

I checked the files in my server hopping to find a cron job under etc/crontab, but what I found instead is a clamav folder with a bunch of configurations inside (which I suppose shouldn't exist since the plugin is not installed). I also tried cleaning the installed packages (System -> omv-extras -> Settings -> apt-clean) but that didn't solve the issue either.

So, I am at a dead end and have no clue what went wrong. I don't think that the problem was a consequence of the server upgrade. Any ideas or suggestions are highly appreciated!

Hello macom

Thanks for the reply. I believe the issue might be solved. A couple of days ago tried installing the plug in, enabling it, disabling and uninstalling it. Apparently that worked, since have received no further notifications in the last two days.

However, coming back to your suggestion, the output of the commands is as follows. If I am not mistaken, the plug in is somehow still running:

root@Openmediavault:~# omv-showkey clamav
<clamav>
<enable>0</enable>
<quarantine>
<sharedfolderref></sharedfolderref>
</quarantine>
<clamd>
<logclean>0</logclean>
<scanpe>1</scanpe>
<scanole2>1</scanole2>
<scanhtml>1</scanhtml>
<scanpdf>1</scanpdf>
<scanelf>1</scanelf>
<scanarchive>1</scanarchive>
<detectbrokenexecutables>0</detectbrokenexecutables>
<algorithmicdetection>1</algorithmicdetection>
<followdirectorysymlinks>0</followdirectorysymlinks>
<followfilesymlinks>0</followfilesymlinks>
<detectpua>0</detectpua>
<extraoptions></extraoptions>
</clamd>
<freshclam>
<enable>0</enable>
<checks>24</checks>
</freshclam>
<onaccesspaths></onaccesspaths>
<jobs></jobs>
</clamav>

root@Openmediavault:~# dpkg -l | grep clamav
ii  clamav-base                         0.103.7+dfsg-0+deb11u1         all          anti-virus utility for Unix - base package
ii  clamav-daemon                       0.103.7+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - scanner daemon
ii  clamav-freshclam                    0.103.7+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - virus database update utility
ii  libclamav9:amd64                    0.103.7+dfsg-0+deb11u1         amd64        anti-virus utility for Unix - library
ii  openmediavault-clamav               6.0.1-2                        all          openmediavault ClamAV plugin

root@Openmediavault:~# systemctl status clamav-daemon
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; disabled; vendor pre>
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: inactive (dead)
Docs: man:clamd(8)
man:clamd.conf(5)
https://docs.clamav.net/


Sep 30 22:27:06 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:27:16 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:27:26 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:27:36 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:27:46 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:27:57 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:28:07 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:28:17 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Sep 30 22:28:27 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>
Oct 02 09:03:06 Openmediavault systemd[1]: /lib/systemd/system/clamav-daemon.service>

For whatever reason it was still installed. Why exactly is completely unknown to me. I uninstalled it (again) and ran the commands you suggested. They all returned nothing (as it should be).

So, problem solved I guess? I'll wait until tomorrow to see if I get notifications regarding ClamAV. If not, I believe the issue was a zombie ClamAV process running in my server.