clamav errors

A

admail

Member
Apr 14, 2022
21
2
8
Hi !

We recently getting a lot of

Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412

In our mail.err log. Any ideas what could be the reason ?

Thanks
 
admail said:
Hi !

We recently getting a lot of

Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412

In our mail.err log. Any ideas what could be the reason ?
Click to expand...
check the system journal for entries from clamav-daemon, try restarting clamav-daemon.

else - one possibility could be that one mails contains some kind of zip-bomb, which clamav cannot unpack in the available time

please also share your `pmgversion -v`

I hope this helps!

P.S. I moved the thread to the PMG form (since the message comes from a PMG)
 
Thanks for your Suggestions. We installed a clamav update last week, however the Problem persists. We tried restarting clamav.
The output of ``pmgcersion -v`` is
proxmox-mailgateway: 7.1-1 (API: 7.1-2/75d043b3, running kernel: 5.13.19-6-pve) pmg-api: 7.1-2 pmg-gui: 3.1-2 pve-kernel-helper: 7.2-3 pve-kernel-5.13: 7.1-9 pve-kernel-5.13.19-6-pve: 5.13.19-15 pve-kernel-5.13.19-1-pve: 5.13.19-3 clamav-daemon: 0.103.6+dfsg-0+deb11u1 ifupdown2: 3.1.0-1+pmx3 libarchive-perl: 3.4.0-1 libjs-extjs: 7.0.0-1 libjs-framework7: 4.4.7-1 libproxmox-acme-perl: 1.4.2 libproxmox-acme-plugins: 1.4.2 libpve-apiclient-perl: 3.2-1 libpve-common-perl: 7.1-5 libpve-http-server-perl: 4.1-2 libxdgmime-perl: 1.0-1 lvm2: 2.03.11-2.1 pmg-docs: 7.1-2 pmg-i18n: 2.7-1 pmg-log-tracker: 2.3.1-1 postgresql-13: 13.7-0+deb11u1 proxmox-mini-journalreader: 1.3-1 proxmox-spamassassin: 3.4.6-4 proxmox-widget-toolkit: 3.4-10 pve-firmware: 3.4-2 pve-xtermjs: 4.16.0-1 zfsutils-linux: 2.1.4-pve1
 
Then please share the complete logs of this mail (+/- 10 minutes) - maybe they tell us something
 
Sorry for the late reply. The problem still exists...

We noted that the problem always occurs in the time span 10:00 -11:30 and persists around 10 minutes.

An example for a maillog entry looks like this:

Code: 
Jul 13 10:17:05 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: new mail message-id=<73a18239-af45-2ea6-c731-96f331e055d0@REMOVED>#012
Jul 13 10:22:05 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:22:14 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: SA score=0/5 time=8.232 bayes=0.00 autolearn=ham autolearn_force=no hits=BAYES_00(-1.9),DCC_REPUT_00_12(-0.4),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),RCVD_IN_DNSWL_MED(-2.3),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01)
Jul 13 10:22:14 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: accept mail to <REMOVED> (6437F428DF) (rule: default-accept)
Jul 13 10:22:14 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: accept mail to <REMOVED> (6437F428DF) (rule: default-accept)
Jul 13 10:22:14 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: processing time: 308.794 seconds (8.232, 300.007, 0)
Jul 13 10:22:14 smtp1 postfix/lmtp[2037977]: A936A41712: to=<REMOVED>, relay=127.0.0.1[127.0.0.1]:10024, delay=309, delays=0.02/0/0.01/309, dsn=2.5.0, status=sent (250 2.5.0 OK (4171562CE7F81B0B84))
Jul 13 10:22:14 smtp1 postfix/lmtp[2037977]: A936A41712: to=<REMOVED>, relay=127.0.0.1[127.0.0.1]:10024, delay=309, delays=0.02/0/0.01/309, dsn=2.5.0, status=sent (250 2.5.0 OK (4171562CE7F81B0B84))
We checked the mail manually and it is ok. Definitely not a zip bomb.

Interesting is the corresponding syslog filtered for clam:

Code: 
Jul 13 10:16:12 smtp1 freshclam[14804]: daily database available for update (local version: 26599, remote version: 26600)
Jul 13 10:16:12 smtp1 freshclam[14804]: daily database available for update (local version: 26599, remote version: 26600)
Jul 13 10:16:26 smtp1 freshclam[14804]: Testing database: '/var/lib/clamav//tmp.ea76d28622/clamav-eaa6f9a01784cb0f16baa5e1a9b2a417.tmp-daily.cld' ...
Jul 13 10:16:26 smtp1 freshclam[14804]: Testing database: '/var/lib/clamav//tmp.ea76d28622/clamav-eaa6f9a01784cb0f16baa5e1a9b2a417.tmp-daily.cld' ...
Jul 13 10:16:34 smtp1 freshclam[14804]: Database test passed.
Jul 13 10:16:34 smtp1 freshclam[14804]: Database test passed.
Jul 13 10:16:34 smtp1 freshclam[14804]: daily.cld updated (version: 26600, sigs: 1989906, f-level: 90, builder: raynman)
Jul 13 10:16:34 smtp1 freshclam[14804]: daily.cld updated (version: 26600, sigs: 1989906, f-level: 90, builder: raynman)
Jul 13 10:16:34 smtp1 freshclam[14804]: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Jul 13 10:16:34 smtp1 freshclam[14804]: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Jul 13 10:16:34 smtp1 freshclam[14804]: bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Jul 13 10:16:34 smtp1 freshclam[14804]: bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Jul 13 10:16:34 smtp1 freshclam[14804]: Clamd successfully notified about the update.
Jul 13 10:16:34 smtp1 freshclam[14804]: Clamd successfully notified about the update.
Jul 13 10:16:34 smtp1 freshclam[14804]: --------------------------------------
Jul 13 10:16:34 smtp1 clamd[1389574]: Reading databases from /var/lib/clamav/
Jul 13 10:16:34 smtp1 clamd[1389574]: Reading databases from /var/lib/clamav/
Jul 13 10:17:01 smtp1 clamd[1389574]: Database correctly reloaded (8621967 signatures)
Jul 13 10:17:01 smtp1 clamd[1389574]: Activating the newly loaded database...
Jul 13 10:17:01 smtp1 clamd[1389574]: Database correctly reloaded (8621967 signatures)
Jul 13 10:17:01 smtp1 clamd[1389574]: Activating the newly loaded database...
Jul 13 10:22:05 smtp1 pmg-smtp-filter[2051884]: 4171562CE7F81B0B84: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:22:30 smtp1 pmg-smtp-filter[2056962]: 4185262CE7F9AB5752: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:23:02 smtp1 pmg-smtp-filter[2060065]: 41AEA62CE7FB702756: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:23:06 smtp1 pmg-smtp-filter[2060091]: 41EDF62CE7FBEC7BB0: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:23:20 smtp1 pmg-smtp-filter[2060102]: 41F5C62CE7FCCAB252: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:24:55 smtp1 pmg-smtp-filter[2060118]: 4287562CE802B1751B: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:25:36 smtp1 pmg-smtp-filter[2061327]: 428D362CE8053DB283: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:27:14 smtp1 pmg-smtp-filter[2061363]: 4171262CE80B69A1A3: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:27:15 smtp1 pmg-smtp-filter[2062576]: 4171562CE80B6E1829: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:27:35 smtp1 pmg-smtp-filter[2062580]: 4172162CE80CAD7AD2: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:27:35 smtp1 pmg-smtp-filter[2062601]: 4185262CE80CAE9511: Maximum time (300 sec) exceeded. virus analyze (clamav) failed: ERROR at /usr/share/perl5/PMG/Utils.pm line 412.
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4185262CE7F9AB5752
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4185262CE7F9AB5752
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/41F5C62CE7FCCAB252
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/41AEA62CE7FB702756
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/41F5C62CE7FCCAB252
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/41AEA62CE7FB702756
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4287562CE802B1751B
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4287562CE802B1751B
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/428D362CE8053DB283
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/428D362CE8053DB283
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4171262CE80B69A1A3
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4171262CE80B69A1A3
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4171562CE80B6E1829
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4171562CE80B6E1829
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4172162CE80CAD7AD2
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4172162CE80CAD7AD2
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4185262CE80CAE9511
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4185262CE80CAE9511
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/41EDF62CE7FBEC7BB0
Jul 13 10:28:05 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/41EDF62CE7FBEC7BB0
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4185262CE7F9AB5752
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4185262CE7F9AB5752
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/41F5C62CE7FCCAB252
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/41AEA62CE7FB702756
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/41F5C62CE7FCCAB252
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/41AEA62CE7FB702756
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4287562CE802B1751B
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4287562CE802B1751B
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/428D362CE8053DB283
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/428D362CE8053DB283
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4171262CE80B69A1A3
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4171262CE80B69A1A3
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4171562CE80B6E1829
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4171562CE80B6E1829
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4172162CE80CAD7AD2
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4172162CE80CAD7AD2
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4185262CE80CAE9511
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4185262CE80CAE9511
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/41EDF62CE7FBEC7BB0
Jul 13 10:28:05 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/41EDF62CE7FBEC7BB0
Jul 13 10:28:20 smtp1 clamd[1389574]: WARNING: File path check failure for: /var/spool/pmg/active/4171562CE7F81B0B84
Jul 13 10:28:20 smtp1 clamd[1389574]: WARNING: File path check failure on: /var/spool/pmg/active/4171562CE7F81B0B84
Jul 13 10:28:20 smtp1 clamd[1389574]: File path check failure for: /var/spool/pmg/active/4171562CE7F81B0B84
Jul 13 10:28:20 smtp1 clamd[1389574]: File path check failure on: /var/spool/pmg/active/4171562CE7F81B0B84
First thing we notice is that each clamav log entry is duplicated. Is this normal? Than it appears that the database reload somehow interrupts clam, which leads to the other errors.

Confusingly we can't find a corresponding cron entry for this clamav-database update. Do you know were we can set the time when this process is run?
Finally we have this problem only on one of our nodes the other runs fine.

Thanks again for your help.
 
I am running in the exact same issue. ClamAV stop responding in the exact same time slot leading to pmg-smtp-filter timeout. I checked all cron and timer files on the system and didn't found anything happening in this hourly range. But it seems that clamav daily db publication are done around the same hour. So it might be related, freshclam just start actual update only when new one is available.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom