Hi there.
I need some help with narrowing down and fix some problem(s) with my Endian
FW. (Community Release 2.1)
First off, it has been working perfectly for a long time but recently there
has been some strange problems.
Description of the problem(s):
--------------------------------------------------------------------------------------------------------------------
1) I discovered that the EFW ran out of diskspace. The "/dev/hda4 /var"
mount/device was full, resulting in NDR's for my mail, saying "Relaying
Denied".
2) I checked the logs and found messages indicating that the ClamAV was a
potential candidate for the problem.
freshclam[4308]: WARNING: Your ClamAV installation is OUTDATED!
freshclam[4308]: WARNING: Current functionality level = 10, recommended
= 15
freshclam[4308]: DON'T PANIC! Read http://www.clamav.net/faq.html
3) I tried the suggested link to the ClamAV FAQ (wich by the way is wrong)
and started reading the FAQ and WIKI. As I am not a Linux guru (and didn't
think I would have to be when running EFW) I found myself scratching my
head, thinking that these FAQ/WIKI's is not written for beginners...
4) Searched the "Endian Firewall" and "efw-user" forums here on Nabble and
found out that it is not just me, but several persons that is wondering how
to upgrade the ClamAV. I also found some posts from "Thomas Heimann" where
he posts about new ClamAV versions for EFW. Sadly, there is no information
for us Linux beginners on how to get started with these upgrades...
5) Back at my out-of-disk problem, I found a KB article (
http://kb.endian.com/entry/31/ ) that describes my problem, but not all of
the symptoms. Connecting to my EFW via SSH through Putty, I managed to find
that the files that was filling up my disk was ClamAV virus definition
update files: /var/amavis # clamav-*
6) As I couldn't find any information about what to do, I took a chance on
that the solution in the KB article would work in this case too. So I
managed to delete all the hundreds of "clamav-*" files filling up the disk
(was this a misstake?). After deleting them, I discovered that the
"/dev/hda4 /var" mount/device was only ~100 MB again.
Rebooted the EFW and tried sending mails, wich worked fine again.
Problem Solved, I thought.
Wrong.
7) After this, I discovered that the EFW settings was screwed up.
- SSH Enabled was unchecked, even though I could connect with putty
without any problems.
- SMTP Proxy was unchecked, even though SMTP traffic worked. (All of the
configured domains was still there)
- Some more, similar settings were also screwed, dont remember them
though...
(Rebooting again didn't change anything)
8) I checked and reconfigured all my EFW settings and configuration and
rebooted again.
This time all settings where as they should.
9) After this, everything was fine for a week, until today when the SMTP
proxy didn't respond anymore.
Tried logging on to the WEB GUI and check, but the WEB GUI didn't respond
either.
Rebooted the EFW got the SMTP proxy working and I could also log on to the
WEB GUI.
10) When checking the logs, i can see that same message that the ClamAV is
outdated.
11) Checking the Mailqueue I can see:
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing,
id=03544-05-3, virus_scan FAILED: virus_scan:
ALL VIRUS SCANNERS FAILED: Clam Antivirus - clamscan av-scanner FAILED:
/usr/bin/clamscan timed out at
(eval 40) line 466.; Clam Antivirus - clamscan av-scanner FAILED:
/usr/bin/clamscan timed out at (eval 40)
line 466. (in reply to end of DATA command))
12) As of now, the EFW is extremely slow and the disk activity wont stop.
All mails are getting queued at the EFW.
My thoughts is that it is the ClamAV that is the problem and needs to be
reinstalled or upgraded.
I have no idéa on how to proceed with this though...
--------------------------------------------------------------------------------------------------------------------
Any assistance would be appriciated.
BR.
rune
--
View this message in context:
http://www.nabble.com/ClamAV-problems-causing-strange-EFW-behaviour-tf3715117.html#a10392349
Sent from the efw-user mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
