CKB:File pre-processing errors with ClamAV

Aus Cryptshare Documentation
Version vom 15. Dezember 2023, 11:14 Uhr von Dalipip (Diskussion | Beiträge) (→‎Solutions:: Added --fdpass)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche

Applies to:

All Linux-based Cryptshare Servers

Symptoms:

Several users report that after the file upload has finished, the following message is shown:

48136607.png

The following warnings may be shown in the logs:

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory

Cause:

This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. This leads to all files of all transfers with pre-processing enabled being rejected.

Solutions:

Check if minimum system requirements are met

Please check if your Cryptshare Server host system meets the following requirements, especially the amount of memory. Too few available memory is a well-known cause of ClamAV crashes.

In addition, please make sure that an appropriate amount of swap space is available, to cover peak memory loads. See the documentation of your Linux distribution for more details, e.g. for Ubuntu: https://help.ubuntu.com/community/SwapFaq or OpenSUSE: https://en.opensuse.org/SDB:Partitioning#The_swap_partition_type

Check if your distribution is up-to-date

Usually, the ClamAV packages are updated together with the Linux distribution. Please check if all your packages are up-to-date.

Cryptshare Appliance:

  1. Login to the Cryptshare Administration Interface.
  2. Open "Operating System" in the main menu.
  3. Check if a distribution upgrade is provided there.
    1. If yes, perform the distribution upgrade using the Administration Interface. See this section for details.
    2. If not, proceed with the following steps.
  4. Connect to your Cryptshare Appliance via SSH (as root).
  5. Execute the following command:
    zypper update -y
  6. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.


Other Linux distributions:

The actual update process depends on your Linux distribution. For example, on Debian/Ubuntu:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    sudo apt update
    sudo apt upgrade -y
  3. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.

Restart ClamAV service

The following commands assume that your Linux distribution uses "systemd", like Debian, Ubuntu or openSUSE (Cryptshare Appliances). Furthermore, it is assumed that the service is called "clamd" - in some distributions this is "clamav-daemon" instead.

First, check if the service is enabled. This keeps it started accross system reboots:

  1. Connect to your server via SSH.
  2. Execute the following commands:
  3. systemctl status clamd
    This should result in an output like this:
    Clamav-status.png
  4. If the output shows a "disabled" status instead, issue the following command:
    systemctl enable clamd

Next, restart the ClamAV deamon:

  1. Execute the following command:
    systemctl restart clamd
    (This may take some seconds)
  2. If the command succeeded (no output), check the status of the service with:
    systemctl status clamd

If the ClamAV service failed to start, check the following sections.

ClamAV failed to start with "Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory"

This may occur if the ClamAV virus definitions were not updated successfully during an automatic update. Follow these steps to repair the definitions:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    systemctl stop clamd
    rm /var/lib/clamav/daily.*
    rm /var/lib/clamav/main.*
    freshclam
    systemctl start clamd
  3. Check the ClamAV service status:
    systemctl status clamd

ClamAV failed to start with "Job for clamd.service failed because a timeout was exceeded."

This occurs if the clamd service runs into a timeout while starting. Follow these steps to increase the timeout to 900 seconds:

  1. Insert the line TimeoutSec=900 in the File /usr/lib/systemd/system/clamd.service beneath the [Service] tag:
    51970799.png
    WinSCP can also be used to edit the file: (https://winscp.net/eng/download.php)
    51970805.png
  2. Execute the following commands:
    systemctl daemon-reload
    systemctl start clamd

In Case The Issue Persists

In case the issue persists we can try adding the --fdpass flag to ClamAV within the Cryptshare. For this navigate to "Transfer Processing" -> "Pre-Processing". Here add the flag within the third input field and then click the "+" button on the right side. Then save changes. Please repeat these steps for any policies in use. ClamAV set --fdpass.png