Thank you Jeff and Remo for the tips. Do I have the wrong clam installed? I am trying to stay vanilla to qmailtoaster. I am thinking something is wrong with the packages that are installed.
[root@mta01 system]# yum search clam Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * base: mirror.sfo12.us.leaseweb.net * epel: mirror.sfo12.us.leaseweb.net * extras: mirrors.ocf.berkeley.edu * updates: sjc.edge.kernel.org 20 packages excluded due to repository priority protections =========================================================================================================== N/S matched: clam =========================================================================================================== clamav.x86_64 : End-user tools for the Clam Antivirus scanner clamav-data.noarch : Virus signature data for the Clam Antivirus scanner clamav-devel.x86_64 : Header files and libraries for the Clam Antivirus scanner clamav-filesystem.noarch : Filesystem structure for clamav clamav-lib.x86_64 : Dynamic libraries for the Clam Antivirus scanner clamav-milter.x86_64 : Milter module for the Clam Antivirus scanner clamav-unofficial-sigs.noarch : Scripts to download unofficial clamav signatures clamav-update.x86_64 : Auto-updater for the Clam Antivirus scanner data-files clamd.x86_64 : The Clam AntiVirus Daemon clamsmtp.x86_64 : A SMTP virus scanning system Name and summary matches only, use "search all" for everything. [root@mta01 system]# rpm -qa | grep clam clamav-update-0.103.2-1.el7.x86_64 clamd-0.103.2-1.el7.x86_64 clamav-filesystem-0.103.2-1.el7.noarch clamav-0.103.2-1.el7.x86_64 clamav-lib-0.103.2-1.el7.x86_64 [root@mta01 system]# ls /etc/yum.repos.d/ CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo epel.repo qmt-mirrorlist-current qmt-mirrorlist-testing CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo CentOS-x86_64-kernel.repo epel-testing.repo qmt-mirrorlist-development qmt.repo On Thu, May 13, 2021 at 5:53 PM Jeff Koch <[email protected]> wrote: > Clamd runs quite differently when the epel version is installed > > daemon is controlled with: > > systemctl status clamd@scan > > and to get better logging > > Add SIMSCAN_DEBUG="5" to /etc/tcprules.d/tcp.smtp as in: > > > :allow,SIMSCAN_DEBUG="5",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="25" > > The you'll see detailed clamdscan logging in /var/log/qmail/smtp and > submission but make sure clamdscan is running > > systemctl status clamd@scan > > we got qq soft-rejects when the kernel ran out of memory and clamav has > stopped. We found an entry in /var/log/messages: > > Nov 18 15:10:13 machine kernel: Out of memory: Kill process 803 (clamd) > score 165 or sacrifice child > > > Jeff > > On 5/13/2021 4:16 PM, Benjamin Baez wrote: > > I forgot to revisit that. I noticed that clamd never came back up after > the update. Is there a different log now? > > [root@mta01 ~]# cat /var/log/clamd/clamd.log > Sat Mar 27 11:23:30 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:33:30 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:43:30 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:53:31 2021 -> SelfCheck: Database status OK. > Sat Mar 27 11:56:20 2021 -> Waiting for all threads to finish > Sat Mar 27 11:56:23 2021 -> Shutting down the main socket. > Sat Mar 27 11:56:23 2021 -> ERROR: Can't unlink the pid file > /var/run/clamav/clamd.pid > Sat Mar 27 11:56:23 2021 -> --- Stopped at Sat Mar 27 11:56:23 2021 > Sat Mar 27 11:56:23 2021 -> Closing the main socket. > Sat Mar 27 11:56:23 2021 -> Socket file removed. > > [root@mta01 ~]# toaststat > > Status of toaster services > send: up (pid 32338) 15907 seconds > smtp: up (pid 32335) 15907 seconds > submission: up (pid 32336) 15907 seconds > send/log: up (pid 32340) 15907 seconds > smtp/log: up (pid 32339) 15907 seconds > submission/log: up (pid 32337) 15907 seconds > > systemd service: clamav-freshclam: [ OK ] > systemd service: spamd: [ OK ] > systemd service: dovecot: [ OK ] > systemd service: mariadb: [ OK ] > systemd service: httpd: [ OK ] > systemd service: named: [ OK ] > systemd service: ntpd: [ OK ] > systemd service: sshd: [ OK ] > systemd service: network: [ OK ] > systemd service: crond: [ OK ] > systemd service: acpid: [ OK ] > systemd service: atd: [ OK ] > systemd service: autofs: [ OK ] > systemd service: smartd: [ OK ] > systemd service: irqbalance: [ OK ] > > On Thu, May 13, 2021 at 1:03 PM Jeff Koch <[email protected]> > wrote: > >> Did you check the clamav log? >> >> Jeff >> >> On 5/13/2021 12:30 PM, Benjamin Baez wrote: >> >> >> Hi, >> >> How do I troubleshoot this further? In the past it would be something to >> do with clamav or simscan, but don't have a lead this time. >> >> [root@mta01 ~]# tail -f /var/log/qmail/submission/current >> @40000000609d4c9217d2d2d4 tcpserver: status: 0/100 >> @40000000609d52200e3031cc tcpserver: status: 1/100 >> @40000000609d52200e39615c tcpserver: pid 1598 from 75.53.9.111 >> @40000000609d52200e3a920c tcpserver: ok 1598 >> mta01.biospectra.com:75.53.9.76:587 >> :75.53.9.111::61177 >> @40000000609d52201bf23a6c CHKUSER accepted sender: from >> <[email protected]:bbaez:> <[email protected]:bbaez:> remote >> <[10.16.1.123]:unknown:75.53.9.111> rcpt <> : sender accepted >> @40000000609d522027921aa4 CHKUSER relaying rcpt: from >> <[email protected]:bbaez:> <[email protected]:bbaez:> remote >> <[10.16.1.123]:unknown:75.53.9.111> rcpt <[email protected]> : client >> allowed to relay >> @40000000609d52202792265c policy_check: local bbaez -> remote >> [email protected] (AUTHENTICATED SENDER) >> @40000000609d522027922a44 policy_check: policy allows transmission >> @40000000609d52202925ce4c qmail-smtpd: qq soft reject (mail server >> temporarily rejected message (#4.3.0)): MAILFROM:<[email protected]> >> RCPTTO:[email protected] >> @40000000609d52230a71f14c tcpserver: end 1598 status 0 >> @40000000609d52230a71f91c tcpserver: status: 0/100 >> >> [root@mta01 ~]# tail -f cat /var/log/maillog >> May 13 09:21:15 mta01 spamdyke[1592]: >> ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable nameserver >> found: 2600:1700:4a30:5b40::1 >> May 13 09:21:42 mta01 vpopmail[1599]: vchkpw-submission: (CRAM-MD5) login >> success [email protected]:75.53.9.111 >> >> I don't think the IPv6 error is related but including it. >> >> Thanks! >> >> >> >
