[clamav-users] error notifications received

G.W. Haywood clamav at jubileegroup.co.uk
Tue Jan 5 12:58:42 EST 2016


Hi there,

On Tue, 5 Jan 2016, James Pett wrote:

> I have recently been receiving notifications from my server containing an
> error. The emails content is below:
> ...
> Subject: Cron <root at stomp-web> [ ! -f /etc/cron.hourly/0anacron ] && run-parts /etc/cron.daily
> /etc/cron.daily/freshclam:
> ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamd.conf
> ...
> I have contacted my server administrator and they have informed me that this
> is an error caused by a ClamAV update ...

Can you share with us the job description of your server administrator?
I'd expect any administrator I employed to fix this himself, not to lay
blame at the door of some other party.  It is after all likely to be an
extremely simple issue.

> ... is this true?

Your description doesn't really give enough information to answer your
first question.  It seems a strange error to result from any "ClamAV
update" but it isn't beyond the realms of possibility.  If you're
using an operating system 'distribution' it might mean that a package
maintainer for the distribution screwed up.  In that case I'd expect
him to fix it pronto without input from me, as I'd expect legions of
users to be in touch with him fairly soon, and that a newer "ClamAV
update" would fix the problem.

OTOH there's a lot that I don't know about your system.  The message
appears to be from a regularly scheduled job which is failing for some
reason.  Has this job been running for some time successfully and
recently started failing, or is it a new addition to your server?

> If this is the case how does this affect our systems and how do we
> stop the errors occurring? I would appreciate any help with this and
> will give any information needed to facilitate achieving a fix.

Whether or not it is the case, it seems likely that something is
wrong, and at the very least could be expected to affect your virus
database updates.  For example they might fail to be applied.
Depending on how much you rely on ClamAV, this could be anywhere
between almost of no consequence to perfectly dreadful.  Again you
don't give enough information to answer the question.

In short I would rarely worry about a ClamAV problem, I'd simply fix
it at my leisure because ClamAV isn't exactly on any critical path.
But then I build ClamAV from source and it's only one of a number of
tools that I use to scan mail.  I rarely use it for anything else.

To enable us to give more useful help, please answer (in addition to
the two questions I asked above) the following:

1. What is the name and version of the OS distribution you're using?
2. How is the OS kept up-to-date with security patches etc.?
3. What version of ClamAV are you using?
4. Is that the version of ClamAV provided by the distribution's packaging?
5. What else is hosted on this server (email, Web sites, ...)?
6. Are you using ClamAV as a mail scanner?
7. Are you using ClamAV to scan files on the server which hosts it?
8. Are you using ClamAV on the server to provide scanning services for other hosts?
9. Do you have 'root shell' access to the host via something like ssh?

-- 

73,
Ged.



More information about the clamav-users mailing list