CKB:File pre-processing errors with ClamAV: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
(→‎Solutions:: Added --fdpass)
 
(5 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 
== Applies to: ==
== Applies to: ==
{{NoteBox|title=|content=All Cryptshare Appliances
{{NoteBox|title=|content=All Linux-based Cryptshare Servers
}}
}}


-----
== Symptoms: ==
== Purpose: ==
Several users report that after the file upload has finished, the following message is shown:
In case files are removed from transfers, or warnings concerning ClamAV are shown in the Cryptshare logs, please follow the steps below.
-----
== Solution: ==
=== 1. Checking if minimum system requirements are met ===
 
'''Click to see detailed instructions ...'''
 
Please check if your Appliance meets the following requirements:
[https://wiki.cryptshare.com/x/LYMP https://wiki.cryptshare.com/x/LYMP]
 
=== 2. Restarting ClamAV service ===


'''Click to see detailed instructions ...'''
[[File:48136607.png]]


== Symptom: ==
Several users report that after the file upload has finished, the following message is shown:
'''[[File:48136607.png]]'''
== Cause: ==
This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. 
The following warnings may be shown in the logs:
The following warnings may be shown in the logs:
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused
   
   
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory
  WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory
== Solution: ==
Follow these steps:
* Log in as '''root''' on your appliance
* Execute the following commands:
rccryptshare stop
systemctl stop clamd.service
systemctl start clamd.service
rccryptshare start
* Perform a test transfer. The message should no longer appear. If it does, apply Solution 3 below.


=== 3. Resetting ClamAV virus definitions ===
== Cause: ==
This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. This leads to all files of all transfers with pre-processing enabled being rejected.


'''Click to see detailed instructions ...'''
== Solutions: ==
=== Check if minimum system requirements are met ===
Please check if your Cryptshare Server host system meets the following requirements, especially the amount of memory. Too few available memory is a well-known cause of ClamAV crashes.
* For Cryptshare Appliances: See [https://documentation.cryptshare.com/w/CSSCurrent_en:Requirements_for_Appliances this section for details].
* For other Linux-based installations: See [https://documentation.cryptshare.com/w/CSSCurrent_en:Requirements_for_Self_Installed_Systems  this section for details].
{{NoteBox|title=|content=In addition, please make sure that an appropriate amount of swap space is available, to cover peak memory loads. See the documentation of your Linux distribution for more details, e.g. for Ubuntu: https://help.ubuntu.com/community/SwapFaq or OpenSUSE: https://en.opensuse.org/SDB:Partitioning#The_swap_partition_type}}


== Symptom: ==
=== Check if your distribution is up-to-date ===
ClamAV is not running and cannot be started anymore. The following warning is shown: '''Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory'''
Usually, the ClamAV packages are updated together with the Linux distribution. Please check if all your packages are up-to-date.
== Cause: ==
 
This occurs if the ClamAV virus definitions were not updated successfully during an automatic update.
'''Cryptshare Appliance:'''
== Solution: ==
# Login to the Cryptshare Administration Interface.
Follow these steps to repair the definitions:
# Open "Operating System" in the main menu.
* Log in on your Cryptshare appliance via SSH
# Check if a distribution upgrade is provided there.
* Run the following commands:
## If yes, perform the distribution upgrade using the Administration Interface. See [https://documentation.cryptshare.com/w/CSSCurrent_en:Operating_System_Upgrade  this section for details].
systemctl stop clamd.service
## If not, proceed with the following steps.
rm /var/lib/clamav/daily.*
# Connect to your Cryptshare Appliance via SSH (as '''root''').
rm /var/lib/clamav/main.*
# Execute the following command:
freshclam
#: <code>zypper update -y</code>
systemctl start clamd.service
# Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.
* Check the ClamAV daemon status
 
systemctl status clamd.service
 
'''Other Linux distributions:'''
 
The actual update process depends on your Linux distribution. For example, on Debian/Ubuntu:
# Connect to your server via SSH.
# Execute the following commands:
#: <code>sudo apt update</code>
#: <code>sudo apt upgrade -y</code>
# Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.
 
=== Restart ClamAV service ===
{{NoteBox|title=|content=The following commands assume that your Linux distribution uses "systemd", like Debian, Ubuntu or openSUSE (Cryptshare Appliances). Furthermore, it is assumed that the service is called '''"clamd"''' - in some distributions this is '''"clamav-daemon"''' instead.}}
 
First, check if the service is enabled. This keeps it started accross system reboots:
 
# Connect to your server via SSH.
# Execute the following commands:
# <code>systemctl status clamd</code>
#: This should result in an output like this:
#: [[File:Clamav-status.png]]
# If the output shows a "disabled" status instead, issue the following command:
#: <code>systemctl enable clamd</code>
 
Next, restart the ClamAV deamon:
# Execute the following command:
#: <code>systemctl restart clamd</code>
#: (This may take some seconds)
# If the command succeeded (no output), check the status of the service with:
#: <code>systemctl status clamd</code>
 
If the ClamAV service failed to start, check the following sections.


=== 4. (optional) Increase timeout of clamd.service ===
====ClamAV failed to start with "Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory"====
This may occur if the ClamAV virus definitions were not updated successfully during an automatic update. Follow these steps to repair the definitions:
# Connect to your server via SSH.
# Execute the following commands:
#:<code>systemctl stop clamd</code>
#:<code>rm /var/lib/clamav/daily.*</code>
#:<code>rm /var/lib/clamav/main.*</code>
#:<code>freshclam</code>
#:<code>systemctl start clamd</code>
# Check the ClamAV service status:
#:<code>systemctl status clamd</code>


'''Click to see detailed instructions ...'''
====ClamAV failed to start with "Job for clamd.service failed because a timeout was exceeded."====
This occurs if the clamd service runs into a timeout while starting. Follow these steps to increase the timeout to 900 seconds:
# Insert the line '''TimeoutSec=900''' in the File '''/usr/lib/systemd/system/clamd.service''' beneath the [Service] tag:
#: [[File:51970799.png]]
#: WinSCP can also be used to edit the file: ([https://winscp.net/eng/download.php https://winscp.net/eng/download.php]) 
#: [[File:51970805.png]]
# Execute the following commands:
#: <code>systemctl daemon-reload</code>
#: <code>systemctl start clamd</code>


== Symptom: ==
=== In Case The Issue Persists ===
The clamd service cannot be started
In case the issue persists we can try adding the --fdpass flag to ClamAV within the Cryptshare. For this navigate to "Transfer Processing" -> "Pre-Processing". Here add the flag within the third input field and then click the "+" button on the right side. Then save changes. '''Please repeat these steps for any policies in use.'''
== Cause: ==
[[Datei:ClamAV set --fdpass.png|rahmenlos|800x800px]]
This occurs if the clamd service runs into a timeout
== Solution: ==
Follow these steps to increase the timeout to 900 seconds:
Insert the line '''TimeoutSec=900''' in the File '''/usr/lib/systemd/system/clamd.service''' beneath the [Service] tag:
[[File:51970799.png]] 
WinSCP can also be used to edit the file: ([https://winscp.net/eng/download.php https://winscp.net/eng/download.php]) 
 
[[File:51970805.png]]

Aktuelle Version vom 15. Dezember 2023, 13:14 Uhr

Applies to:

All Linux-based Cryptshare Servers

Symptoms:

Several users report that after the file upload has finished, the following message is shown:

48136607.png

The following warnings may be shown in the logs: 

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory

Cause:

This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. This leads to all files of all transfers with pre-processing enabled being rejected.

Solutions:

Check if minimum system requirements are met

Please check if your Cryptshare Server host system meets the following requirements, especially the amount of memory. Too few available memory is a well-known cause of ClamAV crashes.

In addition, please make sure that an appropriate amount of swap space is available, to cover peak memory loads. See the documentation of your Linux distribution for more details, e.g. for Ubuntu: https://help.ubuntu.com/community/SwapFaq or OpenSUSE: https://en.opensuse.org/SDB:Partitioning#The_swap_partition_type

Check if your distribution is up-to-date

Usually, the ClamAV packages are updated together with the Linux distribution. Please check if all your packages are up-to-date.

Cryptshare Appliance:

  1. Login to the Cryptshare Administration Interface.
  2. Open "Operating System" in the main menu.
  3. Check if a distribution upgrade is provided there.
    1. If yes, perform the distribution upgrade using the Administration Interface. See this section for details.
    2. If not, proceed with the following steps.
  4. Connect to your Cryptshare Appliance via SSH (as root).
  5. Execute the following command:
    zypper update -y
  6. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.


Other Linux distributions:

The actual update process depends on your Linux distribution. For example, on Debian/Ubuntu:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    sudo apt update
    sudo apt upgrade -y
  3. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.

Restart ClamAV service

The following commands assume that your Linux distribution uses "systemd", like Debian, Ubuntu or openSUSE (Cryptshare Appliances). Furthermore, it is assumed that the service is called "clamd" - in some distributions this is "clamav-daemon" instead.

First, check if the service is enabled. This keeps it started accross system reboots:

  1. Connect to your server via SSH.
  2. Execute the following commands:
  3. systemctl status clamd
    This should result in an output like this:
    Clamav-status.png
  4. If the output shows a "disabled" status instead, issue the following command:
    systemctl enable clamd

Next, restart the ClamAV deamon:

  1. Execute the following command:
    systemctl restart clamd
    (This may take some seconds)
  2. If the command succeeded (no output), check the status of the service with:
    systemctl status clamd

If the ClamAV service failed to start, check the following sections.

ClamAV failed to start with "Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory"

This may occur if the ClamAV virus definitions were not updated successfully during an automatic update. Follow these steps to repair the definitions:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    systemctl stop clamd
    rm /var/lib/clamav/daily.*
    rm /var/lib/clamav/main.*
    freshclam
    systemctl start clamd
  3. Check the ClamAV service status:
    systemctl status clamd

ClamAV failed to start with "Job for clamd.service failed because a timeout was exceeded."

This occurs if the clamd service runs into a timeout while starting. Follow these steps to increase the timeout to 900 seconds:

  1. Insert the line TimeoutSec=900 in the File /usr/lib/systemd/system/clamd.service beneath the [Service] tag:
    51970799.png
    WinSCP can also be used to edit the file: (https://winscp.net/eng/download.php)
    51970805.png
  2. Execute the following commands:
    systemctl daemon-reload
    systemctl start clamd

In Case The Issue Persists

In case the issue persists we can try adding the --fdpass flag to ClamAV within the Cryptshare. For this navigate to "Transfer Processing" -> "Pre-Processing". Here add the flag within the third input field and then click the "+" button on the right side. Then save changes. Please repeat these steps for any policies in use. ClamAV set --fdpass.png

Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=CKB:File_pre-processing_errors_with_ClamAV&oldid=38541