[SOLVED] Proxmox mail gateway Clamav update error.
- Thread starter kalpa
- Start date
did you override the config template for freshclam? (see https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine)
what is the content of /etc/clamav/freshclam.conf?
the content of the file looks ok...
what are the permissions:
and do you have any messages in the journal when trying to update the database:
(and check what gets written there when running the database update)
what are the permissions:
Code:
ls -la /etc/clamavand do you have any messages in the journal when trying to update the database:
Code:
journalctl -f@Stoiko Ivanov, We have solved the issue. Thank you very much for your support.
ERROR: Can't open/parse the config file /etc/clamav/freshclam.conf
TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 2
We checked wether clamav service is running
#systemctl status clamav-daemon
#systemctl status clamav-freshclam
Then we found that clamav-freshclan is not running and when we check for clamav-daemon, it runs for several minutes, and then it changed to a failed state.
By checking the status of clamav-daemon we found the below ERROR.
#systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: failed (Result: exit-code) since Mon 2020-09-28 05:56:22 EDT; 5s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 10973 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS)
Process: 10975 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
Process: 10983 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE)
Main PID: 10983 (code=exited, status=1/FAILURE)
Sep 28 05:56:01 proxmox systemd[1]: Starting Clam AntiVirus userspace daemon...
Sep 28 05:56:01 proxmox systemd[1]: Started Clam AntiVirus userspace daemon.
Sep 28 05:56:22 proxmox clamd[10983]: ERROR: LOCAL: Socket allocation error: Permission denied
Sep 28 05:56:22 proxmox systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
Sep 28 05:56:22 proxmox systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.
This issue has been resolved by adding freshclam and clamd to AppArmor
Basically, Apparmor is like SELinux in CentOS
You can add the clamd and freshclam to AppArmor by the below commands.
#aa-complain /usr/bin/freshclam
#aa-complain /usr/sbin/clamd
Then start the clamav-daemon and after that, start the clamav-freshclam
According to my observation, the issue occurs because AppArmor doesn't allow permission to start both clamav-daemon and clamav-freshclam services. if you stop the AppArmor it will allow starting services. But for security purpose, we didn't stop the AppArmor and added both services to AppArmor. After that, we were able to update the ClamAV via the web interface.
ERROR: Can't open/parse the config file /etc/clamav/freshclam.conf
TASK ERROR: command '/usr/bin/freshclam --stdout' failed: exit code 2
We checked wether clamav service is running
#systemctl status clamav-daemon
#systemctl status clamav-freshclam
Then we found that clamav-freshclan is not running and when we check for clamav-daemon, it runs for several minutes, and then it changed to a failed state.
By checking the status of clamav-daemon we found the below ERROR.
#systemctl status clamav-daemon.service
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: failed (Result: exit-code) since Mon 2020-09-28 05:56:22 EDT; 5s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 10973 ExecStartPre=/bin/mkdir /run/clamav (code=exited, status=0/SUCCESS)
Process: 10975 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
Process: 10983 ExecStart=/usr/sbin/clamd --foreground=true (code=exited, status=1/FAILURE)
Main PID: 10983 (code=exited, status=1/FAILURE)
Sep 28 05:56:01 proxmox systemd[1]: Starting Clam AntiVirus userspace daemon...
Sep 28 05:56:01 proxmox systemd[1]: Started Clam AntiVirus userspace daemon.
Sep 28 05:56:22 proxmox clamd[10983]: ERROR: LOCAL: Socket allocation error: Permission denied
Sep 28 05:56:22 proxmox systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE
Sep 28 05:56:22 proxmox systemd[1]: clamav-daemon.service: Failed with result 'exit-code'.
This issue has been resolved by adding freshclam and clamd to AppArmor
Basically, Apparmor is like SELinux in CentOS
You can add the clamd and freshclam to AppArmor by the below commands.
#aa-complain /usr/bin/freshclam
#aa-complain /usr/sbin/clamd
Then start the clamav-daemon and after that, start the clamav-freshclam
According to my observation, the issue occurs because AppArmor doesn't allow permission to start both clamav-daemon and clamav-freshclam services. if you stop the AppArmor it will allow starting services. But for security purpose, we didn't stop the AppArmor and added both services to AppArmor. After that, we were able to update the ClamAV via the web interface.
Glad you found the issue!
Apparmor (or rather the shipped feature-pinning file) in PMG6 does not work with the newer shipped kernel - check https://pmg.proxmox.com/wiki/index....ilure_Caused_By_Apparmor_Featureset_Missmatch
I had the same issue. In addition to commenting out the features-file line mentioned here, I also noticed the permissions on the file were clamav / adm. I fixed the issue by renaming the original file and then creating a new file while logged in at root. Updates work again.
I just installed PMG a few days ago from ISO (6.3-1) and upgraded to 6.3-5. Made a few configuration changes from the Web UI, such as setting View Images and Allow HREFs to <No> but I suspect something in the version upgrade probably was the culprit?
Code:
mv /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf.OLD
cp /etc/clamav/freshclam.conf.OLD /etc/clamav/freshclam.confI just installed PMG a few days ago from ISO (6.3-1) and upgraded to 6.3-5. Made a few configuration changes from the Web UI, such as setting View Images and Allow HREFs to <No> but I suspect something in the version upgrade probably was the culprit?