CKB:File pre-processing errors with ClamAV: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
(Restructured to one symptom with several solutions. Added updated of distribution.)
Zeile 1: Zeile 1:
 
== Applies to: ==
== Applies to: ==
{{NoteBox|title=|content=All Cryptshare Appliances
{{NoteBox|title=|content=All Linux-based Cryptshare Servers using "ClamAV" antivirus as pre-processing command ("clamscan" or "clamdscan").
}}
}}


-----
== Symptoms: ==
== Purpose: ==
Several users report that after the file upload has finished, the following message is shown:
In case files are removed from transfers, or warnings concerning ClamAV are shown in the Cryptshare logs, please follow the steps below.
-----
== Solution: ==
=== 1. Checking if minimum system requirements are met ===


'''Click to see detailed instructions ...'''
[[File:48136607.png]]


Please check if your Appliance meets the following requirements:
[https://wiki.cryptshare.com/x/LYMP https://wiki.cryptshare.com/x/LYMP]
=== 2. Restarting ClamAV service ===
'''Click to see detailed instructions ...'''
== Symptom: ==
Several users report that after the file upload has finished, the following message is shown:
'''[[File:48136607.png]]'''
== Cause: ==
This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. 
The following warnings may be shown in the logs:
The following warnings may be shown in the logs:
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused
   
   
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory
== Solution: ==
Follow these steps:
* Log in as '''root''' on your appliance
* Execute the following commands:
rccryptshare stop
systemctl stop clamd.service
systemctl start clamd.service
rccryptshare start
* Perform a test transfer. The message should no longer appear. If it does, apply Solution 3 below.


=== 3. Resetting ClamAV virus definitions ===
== Cause: ==
This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. This leads to all files of all transfers with pre-processing enabled being rejected.
 
== Solutions: ==
=== Check if minimum system requirements are met ===
Please check if your Cryptshare Server host system meets the following requirements, especially the amount of memory. Too few available memory is a well-known cause of ClamAV crashes.
* For Cryptshare Appliances: See [https://documentation.cryptshare.com/w/CSSCurrent_en:Requirements_for_Appliances this section for details].
* For other Linux-based installations: See [https://documentation.cryptshare.com/w/CSSCurrent_en:Requirements_for_Self_Installed_Systems  this section for details].
 
=== Check if your distribution is up-to-date ===
Usually, the ClamAV packages are updated together with the Linux distribution. Please check if all your packages are up-to-date.


'''Click to see detailed instructions ...'''
'''Cryptshare Appliance:'''
# Login to the Cryptshare Administration Interface.
# Open "Operating System" in the main menu.
# Check if a distribution upgrade is provided there.
## If yes, perform the distribution upgrade using the Administration Interface. See [https://documentation.cryptshare.com/w/CSSCurrent_en:Operating_System_Upgrade  this section for details].
## If not, proceed with the following steps.
# Connect to your Cryptshare Appliance via SSH (as '''root''').
# Execute the following command:
#: <code>zypper update -y</code>
# Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.


== Symptom: ==
ClamAV is not running and cannot be started anymore. The following warning is shown: '''Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory'''
== Cause: ==
This occurs if the ClamAV virus definitions were not updated successfully during an automatic update.
== Solution: ==
Follow these steps to repair the definitions:
* Log in on your Cryptshare appliance via SSH
* Run the following commands:
systemctl stop clamd.service
rm /var/lib/clamav/daily.*
rm /var/lib/clamav/main.*
freshclam
systemctl start clamd.service
* Check the ClamAV daemon status
systemctl status clamd.service


=== 4. (optional) Increase timeout of clamd.service ===
'''Other Linux distributions:'''
 
The actual update process depends on your Linux distribution. For example, on Debian/Ubuntu:
# Connect to your server via SSH.
# Execute the following commands:
#: <code>sudo apt update</code>
#: <code>sudo apt upgrade -y</code>
# Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.
 
=== Restart ClamAV service ===
{{NoteBox|title=|content=The following commands assume that your Linux distribution uses "systemd", like Debian, Ubuntu or openSUSE (Cryptshare Appliances).Furthermore, it is assumed that the service is called '''"clamd"''' - in some distributions this is '''"clamav-daemon"''' instead.}}
 
First, check if the service is enabled. This keeps it started accross system reboots:
 
# Connect to your server via SSH.
# Execute the following commands:
# <code>systemctl status clamd</code>
#: This should result in an output like this:
#: [[File:Clamav-status.png]]
# If the output shows a "disabled" status instead, issue the following command:
#: <code>systemctl enable clamd</code>
 
Next, restart the ClamAV deamon:
# Execute the following command:
#: <code>systemctl restart clamd</code>
#: (This may take some seconds)
# If the command succeeded (no output), check the status of the service with:
#: <code>systemctl status clamd</code>
 
If the ClamAV service failed to start, check the following sections.


'''Click to see detailed instructions ...'''
====ClamAV failed to start with "Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory"====
This may occur if the ClamAV virus definitions were not updated successfully during an automatic update. Follow these steps to repair the definitions:
# Connect to your server via SSH.
# Execute the following commands:
#:<code>systemctl stop clamd</code>
#:<code>rm /var/lib/clamav/daily.*</code>
#:<code>rm /var/lib/clamav/main.*</code>
#:<code>freshclam</code>
#:<code>systemctl start clamd</code>
# Check the ClamAV service status:
#:<code>systemctl status clamd</code>


== Symptom: ==
====ClamAV failed to start with "Job for clamd.service failed because a timeout was exceeded."====
The clamd service cannot be started
This occurs if the clamd service runs into a timeout while starting. Follow these steps to increase the timeout to 900 seconds:
== Cause: ==
# Insert the line '''TimeoutSec=900''' in the File '''/usr/lib/systemd/system/clamd.service''' beneath the [Service] tag:
This occurs if the clamd service runs into a timeout
#: [[File:51970799.png]]
== Solution: ==
#: WinSCP can also be used to edit the file: ([https://winscp.net/eng/download.php https://winscp.net/eng/download.php])   
Follow these steps to increase the timeout to 900 seconds:
#: [[File:51970805.png]]
Insert the line '''TimeoutSec=900''' in the File '''/usr/lib/systemd/system/clamd.service''' beneath the [Service] tag:
# Execute the following commands:
[[File:51970799.png]]
#: <code>systemctl daemon-reload</code>
WinSCP can also be used to edit the file: ([https://winscp.net/eng/download.php https://winscp.net/eng/download.php])   
#: <code>systemctl start clamd</code>
 
[[File:51970805.png]]

Version vom 20. Dezember 2022, 10:41 Uhr

Applies to:

All Linux-based Cryptshare Servers using "ClamAV" antivirus as pre-processing command ("clamscan" or "clamdscan").

Symptoms:

Several users report that after the file upload has finished, the following message is shown:

48136607.png

The following warnings may be shown in the logs: 

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory

Cause:

This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. This leads to all files of all transfers with pre-processing enabled being rejected.

Solutions:

Check if minimum system requirements are met

Please check if your Cryptshare Server host system meets the following requirements, especially the amount of memory. Too few available memory is a well-known cause of ClamAV crashes.

Check if your distribution is up-to-date

Usually, the ClamAV packages are updated together with the Linux distribution. Please check if all your packages are up-to-date.

Cryptshare Appliance:

  1. Login to the Cryptshare Administration Interface.
  2. Open "Operating System" in the main menu.
  3. Check if a distribution upgrade is provided there.
    1. If yes, perform the distribution upgrade using the Administration Interface. See this section for details.
    2. If not, proceed with the following steps.
  4. Connect to your Cryptshare Appliance via SSH (as root).
  5. Execute the following command:
    zypper update -y
  6. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.


Other Linux distributions:

The actual update process depends on your Linux distribution. For example, on Debian/Ubuntu:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    sudo apt update
    sudo apt upgrade -y
  3. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.

Restart ClamAV service

The following commands assume that your Linux distribution uses "systemd", like Debian, Ubuntu or openSUSE (Cryptshare Appliances).Furthermore, it is assumed that the service is called "clamd" - in some distributions this is "clamav-daemon" instead.

First, check if the service is enabled. This keeps it started accross system reboots:

  1. Connect to your server via SSH.
  2. Execute the following commands:
  3. systemctl status clamd
    This should result in an output like this:
    Clamav-status.png
  4. If the output shows a "disabled" status instead, issue the following command:
    systemctl enable clamd

Next, restart the ClamAV deamon:

  1. Execute the following command:
    systemctl restart clamd
    (This may take some seconds)
  2. If the command succeeded (no output), check the status of the service with:
    systemctl status clamd

If the ClamAV service failed to start, check the following sections.

ClamAV failed to start with "Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory"

This may occur if the ClamAV virus definitions were not updated successfully during an automatic update. Follow these steps to repair the definitions:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    systemctl stop clamd
    rm /var/lib/clamav/daily.*
    rm /var/lib/clamav/main.*
    freshclam
    systemctl start clamd
  3. Check the ClamAV service status:
    systemctl status clamd

ClamAV failed to start with "Job for clamd.service failed because a timeout was exceeded."

This occurs if the clamd service runs into a timeout while starting. Follow these steps to increase the timeout to 900 seconds:

  1. Insert the line TimeoutSec=900 in the File /usr/lib/systemd/system/clamd.service beneath the [Service] tag:
    51970799.png
    WinSCP can also be used to edit the file: (https://winscp.net/eng/download.php)
    51970805.png
  2. Execute the following commands:
    systemctl daemon-reload
    systemctl start clamd
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CKB:File_pre-processing_errors_with_ClamAV&oldid=29031