[clamav-users] clamav-milter with sendmail on Fedora 28: init failed to open, to error state, initialization failed, temp failing commands

Robert Kudyba rkudyba at fordham.edu
Thu Jul 12 13:52:00 EDT 2018


Well I changed sendmail.mc to:
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav-milter/clamav-milter.socket,F=,
T=S:4m;R:4m')dnl

But now in clamav-milter.log I see these errors:
Thu Jul 12 13:46:40 2018 -> Probe for slot 1 returned: success
Thu Jul 12 13:46:40 2018 -> Probe for slot 2 returned: success
Thu Jul 12 13:47:08 2018 -> ERROR: Connection closed while reading from
socket
Thu Jul 12 13:47:08 2018 -> ERROR: No reply from clamd
Thu Jul 12 13:47:18 2018 -> connect failed: Connection refused
Thu Jul 12 13:47:18 2018 -> ERROR: Failed to initiate streaming/fdpassing

But:
 ps -auwx | grep clam
clamupd+  2252  0.0  0.0  50680  4240 ?        Ss   Jul11   0:07
/usr/bin/freshclam -d -c 4
clamilt   2831  0.0  0.0 250512  1132 ?        Ssl  13:42   0:00
/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
clamscan  6704  0.0  4.6 1406420 1141724 ?     Ssl  13:49   0:00
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
root     22999  0.0  0.0 119104  3216 ?        Ss   12:00   0:00 /bin/bash
/usr/share/clamav/freshclam-sleep

And:
systemctl status clamav-milter
* clamav-milter.service - Milter module for the Clam Antivirus scanner
   Loaded: loaded (/usr/lib/systemd/system/clamav-milter.service; enabled;
vendor preset: disabled)
   Active: active (running) since Thu 2018-07-12 13:42:02 EDT; 8min ago
  Process: 2830 ExecStart=/usr/sbin/clamav-milter -c
/etc/mail/clamav-milter.conf (code=exited, status=0/SUCCESS)
 Main PID: 2831 (clamav-milter)
    Tasks: 3 (limit: 4915)
   Memory: 1.9M
   CGroup: /system.slice/clamav-milter.service
           `-2831 /usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf

Jul 12 13:42:02  systemd[1]: Starting Milter module for the Clam Antivirus
scanner...
Jul 12 13:42:02  systemd[1]: Started Milter module for the Clam Antivirus
scanner.

As well as:
systemctl status clamd at scan
* clamd at scan.service - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/clamd at scan.service; enabled;
vendor preset: disabled)
   Active: active (running) since Thu 2018-07-12 13:49:38 EDT; 40s ago
  Process: 5816 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf
(code=exited, status=0/SUCCESS)
 Main PID: 6704 (clamd)
    Tasks: 2 (limit: 4915)
   Memory: 1.0G
   CGroup: /system.slice/system-clamd.slice/clamd at scan.service
           `-6704 /usr/sbin/clamd -c /etc/clamd.d/scan.conf

Jul 12 13:48:31  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 14217 undefined identifier "pe"
Jul 12 13:48:31  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 14241 undefined identifier "pe"
Jul 12 13:48:31  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 14253 undefined identifier "pe"
Jul 12 13:48:31  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 14265 undefined identifier "pe"
Jul 12 13:48:31  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 14277 undefined identifier "pe"
Jul 12 13:48:31  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/packer.yar line 14290 undefined identifier "pe"
Jul 12 13:49:32  systemd-journald[623]: Suppressed 420 messages from
clamd at scan.service
Jul 12 13:49:32  clamd[5816]: LibClamAV Error: yyerror():
/var/lib/clamav/maldoc_somerules.yar line 245 undefined identifier
"uint32be"
Jul 12 13:49:32  clamd[5816]: LibClamAV Warning: cli_loadyara: failed to
parse or load 1 yara rules from file /var/lib/clamav/maldoc_somerule>
Jul 12 13:49:38 [1]: Started Generic clamav scanner daemon.


What else can I check?

On Tue, Jul 10, 2018 at 7:24 PM, Kees Theunissen <C.J.Theunissen at differ.nl>
wrote:

> On Tue, 10 Jul 2018, Robert Kudyba wrote:
>
> >Hello hive,
> >
> >Running:
> >clamav-0.100.0-2.fc28.x86_64
> >
> >clamd, freshclam and clamav-milter all up and running:
> >ps -auwx | grep clam
> >clamupd+ 20336  0.0  0.0  50672  4016 ?        Ss   Jun29   1:15
> >/usr/bin/freshclam -d -c 4
> >clamav   23713  0.0  0.0 176780  1160 ?        Ssl  13:23   0:00
> >/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
> >clamscan 25458  0.0  4.6 1405848 1142996 ?     Ssl  13:27   0:00
> >/usr/sbin/clamd -c /etc/clamd.d/scan.conf
> >root     25593  0.0  0.0   9156  1084 pts/1    S+   17:02   0:00 grep
> >--color=auto clam
> >
> >However it fails with sendmail with these errors:
> >Jul 10 17:03:45 storm sendmail[26273]: w6AL3j2R026273:
> >milter_sys_read(clamav): cmd read returned 11, expecting 1431194445
> >Jul 10 17:03:45 storm sendmail[26273]: w6AL3j2R026273: Milter (clamav): to
> >error state
> >Jul 10 17:03:45 storm sendmail[26273]: w6AL3j2R026273: Milter (clamav):
> >init failed to open
> >Jul 10 17:03:45 storm sendmail[26273]: w6AL3j2R026273: Milter (clamav): to
> >error state
> >Jul 10 17:03:45 storm sendmail[26273]: w6AL3j2R026273: Milter:
> >initialization failed, temp failing commands
> >
> >Here's the relevant line in sendmail.mc:
> >INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamd.scan/clamd.sock,
> >F=T,T=S:4m;R:4m;E:10m')dnl
>
>
> Your INPUT_MAIL_FILTER should be clamav-milter listening on socket
> /var/run/clamav-milter/clamav-milter.socket (as defined below)
> and not the clamd daemom which is listening on socket
> /var/run/clamd.scan/clamd.sock
>
>
> >
> >Lines in /etc/mail/clamav-milter.conf
> >MilterSocket /var/run/clamav-milter/clamav-milter.socket
> >MilterSocket inet:7357
> >ClamdSocket tcp:localhost:3310
> >ClamdSocket unix:/var/run/clamd.scan/clamd.sock
> >
> >Lines in /etc/clamd.d/scan.conf
> >
> >TCPSocket 3310
> >TCPAddr 127.0.0.1
> >
> >Everything I've read says that as long as ClamdSocket in the
> >clamav-milter.conf and INPUT_MAIL_FILTER in sendmail.mc match it should
> >work.
> >
> >Is my syntax wrong some where?
> >
>
>
>
> Regards,
>
> Kees Theunissen.
>
> --
> Kees Theunissen,  System and network manager,   Tel: +31 (0)40-3334724
> Dutch Institute For Fundamental Energy Research (DIFFER)
> email address:    C.J.Theunissen at differ.nl
> postal address:   PO Box 6336, 5600 HH, Eindhoven, the Netherlands
> visitors address: De Zaale 20, 5612 AJ, Eindhoven, the Netherlands
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.
> clamav.net_cgi-2Dbin_mailman_listinfo_clamav-2Dusers&d=DwICAg&c=
> aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_
> qVtR3lLNo4tOL1ry_m7-psV3GejY&m=jiz7EwfK1t__Is3kNPegVMEo3iMKj7lQSiyfXtHn-
> 0Y&s=cKhQ-Xlw7TVUG-GqVe60_drnT9hMi0VO190LkoqnZeI&e=
>
>
> Help us build a comprehensive ClamAV guide:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.
> com_vrtadmin_clamav-2Dfaq&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk
> cqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=jiz7EwfK1t__
> Is3kNPegVMEo3iMKj7lQSiyfXtHn-0Y&s=TQ-IubMYKtH8xbKsyLjRUUzACmXdh7izw
> dfDkwZI3og&e=
>
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.
> clamav.net_contact.html-23ml&d=DwICAg&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURk
> cqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=jiz7EwfK1t__
> Is3kNPegVMEo3iMKj7lQSiyfXtHn-0Y&s=ZyYBPSklcpmGQSwBOvBidde4Yg7Ti-
> ZmleLteA3hp2Y&e=
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clamav.net/pipermail/clamav-users/attachments/20180712/c9c56f83/attachment.html>


More information about the clamav-users mailing list