CKB:File pre-processing errors with ClamAV

Aus Cryptshare Documentation
Version vom 24. Januar 2023, 16:12 Uhr von Erhardts (Diskussion | Beiträge) (Added link for OpenSUSE swap partitions)
Wechseln zu:Navigation, Suche

Applies to:

All Linux-based Cryptshare Servers

Symptoms:

Several users report that after the file upload has finished, the following message is shown:

48136607.png

The following warnings may be shown in the logs:

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on 127.0.0.1: Connection refused

WARN  yyyy-mm-dd hh:MM:SS FileProcessorService - ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd-socket: No such file or directory

Cause:

This behaviour may be caused by an unresponsive ClamAV daemon which fails to process incoming files. This leads to all files of all transfers with pre-processing enabled being rejected.

Solutions:

Check if minimum system requirements are met

Please check if your Cryptshare Server host system meets the following requirements, especially the amount of memory. Too few available memory is a well-known cause of ClamAV crashes.

In addition, please make sure that an appropriate amount of swap space is available, to cover peak memory loads. See the documentation of your Linux distribution for more details, e.g. for Ubuntu: https://help.ubuntu.com/community/SwapFaq or OpenSUSE: https://en.opensuse.org/SDB:Partitioning#The_swap_partition_type

Check if your distribution is up-to-date

Usually, the ClamAV packages are updated together with the Linux distribution. Please check if all your packages are up-to-date.

Cryptshare Appliance:

  1. Login to the Cryptshare Administration Interface.
  2. Open "Operating System" in the main menu.
  3. Check if a distribution upgrade is provided there.
    1. If yes, perform the distribution upgrade using the Administration Interface. See this section for details.
    2. If not, proceed with the following steps.
  4. Connect to your Cryptshare Appliance via SSH (as root).
  5. Execute the following command:
    zypper update -y
  6. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.


Other Linux distributions:

The actual update process depends on your Linux distribution. For example, on Debian/Ubuntu:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    sudo apt update
    sudo apt upgrade -y
  3. Proceed with solution "Restart ClamAV service" to assert that ClamAV is running correctly.

Restart ClamAV service

The following commands assume that your Linux distribution uses "systemd", like Debian, Ubuntu or openSUSE (Cryptshare Appliances). Furthermore, it is assumed that the service is called "clamd" - in some distributions this is "clamav-daemon" instead.

First, check if the service is enabled. This keeps it started accross system reboots:

  1. Connect to your server via SSH.
  2. Execute the following commands:
  3. systemctl status clamd
    This should result in an output like this:
    Clamav-status.png
  4. If the output shows a "disabled" status instead, issue the following command:
    systemctl enable clamd

Next, restart the ClamAV deamon:

  1. Execute the following command:
    systemctl restart clamd
    (This may take some seconds)
  2. If the command succeeded (no output), check the status of the service with:
    systemctl status clamd

If the ClamAV service failed to start, check the following sections.

ClamAV failed to start with "Can't connect to clamd through /var/run/clamav/clamd-socket: No such file or directory"

This may occur if the ClamAV virus definitions were not updated successfully during an automatic update. Follow these steps to repair the definitions:

  1. Connect to your server via SSH.
  2. Execute the following commands:
    systemctl stop clamd
    rm /var/lib/clamav/daily.*
    rm /var/lib/clamav/main.*
    freshclam
    systemctl start clamd
  3. Check the ClamAV service status:
    systemctl status clamd

ClamAV failed to start with "Job for clamd.service failed because a timeout was exceeded."

This occurs if the clamd service runs into a timeout while starting. Follow these steps to increase the timeout to 900 seconds:

  1. Insert the line TimeoutSec=900 in the File /usr/lib/systemd/system/clamd.service beneath the [Service] tag:
    51970799.png
    WinSCP can also be used to edit the file: (https://winscp.net/eng/download.php)
    51970805.png
  2. Execute the following commands:
    systemctl daemon-reload
    systemctl start clamd