3
ClamAV Not Working v14
Problem reported by Scarab - 6/10/2015 at 10:33 AM
Submitted
Last night we installed v14.0.5637 of SmarterMail Enterprise using the MSI Installer. Apparently no 64-bit version was installed, Clam is not running, and SECURITY > ANTIVIRUS shows ClamAV stuck on "Updating" for it's virus definitions. All executables in Smartermail\Service\Clam\Bin are 32-bit version 0.97.6 last modified 2/25/2014. I have the following in my logs:
 
Clamd.log
 
Tue Jun 09 11:04:03 2015 -> +++ Started at Tue Jun 09 11:04:03 2015
Tue Jun 09 11:04:03 2015 -> clamd daemon 0.97.6 (OS: win32, ARCH: i386, CPU: i386)
Tue Jun 09 11:04:03 2015 -> Log file size limited to 10485760 bytes.
Tue Jun 09 11:04:03 2015 -> Reading databases from D:\SMARTERMAIL\Service\Clam\share\clamav
Tue Jun 09 11:04:03 2015 -> Not loading PUA signatures.
Tue Jun 09 11:04:03 2015 -> Bytecode: Security mode set to "TrustSigned".
Tue Jun 09 11:04:03 2015 -> Disabling URL based phishing detection.
Tue Jun 09 11:04:20 2015 -> Loaded 4576696 signatures.
Tue Jun 09 11:04:21 2015 -> TCP: Bound to address 127.0.0.1 on port 3310
Tue Jun 09 11:04:21 2015 -> TCP: Setting connection queue length to 30
Tue Jun 09 11:04:21 2015 -> Limits: Global size limit set to 104857600 bytes.
Tue Jun 09 11:04:21 2015 -> Limits: File size limit set to 26214400 bytes.
Tue Jun 09 11:04:21 2015 -> Limits: Recursion level limit set to 16.
Tue Jun 09 11:04:21 2015 -> Limits: Files limit set to 10000.
Tue Jun 09 11:04:21 2015 -> Archive support enabled.
Tue Jun 09 11:04:21 2015 -> Algorithmic detection enabled.
Tue Jun 09 11:04:21 2015 -> Portable Executable support enabled.
Tue Jun 09 11:04:21 2015 -> ELF support enabled.
Tue Jun 09 11:04:21 2015 -> Mail files support enabled.
Tue Jun 09 11:04:21 2015 -> OLE2 support enabled.
Tue Jun 09 11:04:21 2015 -> PDF support enabled.
Tue Jun 09 11:04:21 2015 -> HTML support enabled.
Tue Jun 09 11:04:21 2015 -> Self checking every 1800 seconds.
 
Freshclam.log
 
ClamAV update process started at Tue Jun 09 10:57:05 2015
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.6 Recommended version: 0.98.7
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-20558.cdiff [100%]
daily.cld updated (version: 20558, sigs: 1423119, f-level: 63, builder: neo)
Can't query daily.20558.67.1.1.168.143.19.95.ping.clamav.net
bytecode.cld is up to date (version: 256, sigs: 45, f-level: 63, builder: dgoddard)
Database updated (3847389 signatures) from database.clamav.net (IP: 168.143.19.95)
Clamd successfully notified about the update.
 
Delivery.log
 
[2015.06.10] 10:25:22 [83776] Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 127.0.0.1:3310
[2015.06.10]    at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
[2015.06.10]    at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
[2015.06.10]    at MailStore.Spam.ClamDClient.CheckScan()
 
Windows Server 2008R2 Enterprise SP1 64-bit, Dual Socket Quad Core Xeon X3450 CPU, 16GB ECC RDIMM, Smartermail Enterprise v14 running on NTFS volume with 8dot3 filenames disabled. TCP Port 3310 opened in Windows Firewall, and all Ports opened for SmarterMail in Windows Firewall (just to be sure).

12 Replies

Reply to Thread
1
Steve Reid Replied
During one of the Betas I was experiencing something similar.
 
I uninstalled and deleted the contents of C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\
 
I rebooted and installed again and it began working as expected.
 
One thing to note is that the 64bit versions are located in C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin64
0
Scarab Replied
Thx Steve. I just have \Clam\bin currently after uninstalling v13 and installing v14. I'll give that a try tonight.
1
Steve Reid Replied
My problems no doubt stemmed from my manual updating of ClamAV using the method posted by Joe.
 
If you were trying that then perhaps a permissions issue has stopped the installer from writing to that location.
 
Either way the method above should get you going.
 
And just to be certain I just confirmed that on a 64bit machine, clamAV is definitely running from the bin64 folder.
1
ScottF Replied
Hello,
 
We are also having problems with ClamAV on a 14.x server. We're getting "Unable to run Clam virus checks" errors in the delivery log. Definitions are updating. ClamAV does not show up in the Task Mgr. under Processes.
 
We have another SmarterMail 14.x server that is running ClamAV fine. The server that is working has the 64bit version of the Visual 2010 c++ Redistributable installed. I read in one of the versions of the release notes that ClamAV requires Visual 2010 c++ Redistributable to run. Can someone confirm that the 64bit version of ClamAV requires the 64 bit version of Visual 2010 c++ Redistributable?
 
I plan on installing the 64bit Visual 2010 c++ Redistributable on the problem server tomorrow morning.
 
Thanks,
Scott F.
0
ScottF Replied
Update. I upgraded to 14.0.5637 by uninstalling previous version plus deleted everything in C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam. I did not install the 64bit version of Visual 2010 c++ Redistributable.
 
ClamAV started and ran for a few minutes and then crashed. Application error in the event log:
 
Faulting application name: clamd.exe, version: 0.98.6.0, time stamp: 0x54948664
Faulting module name: MSVCR100.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000135
Fault offset: 0x00000000000ec180
Faulting process id: 0xe00
Faulting application start time: 0x01d0a424494b569b
Faulting application path: C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\bin64\clamd.exe
Faulting module path: MSVCR100.dll
Report Id: 87016bdb-1017-11e5-80c2-000d3a0092d4
Faulting package full name: 
Faulting package-relative application ID: 
1
Bruce Barnes Replied
I believe that in the initial tests of ClamAV 64, by Joe Wolf, it was determined that the installation of the 64 bit version of Visual 2010 C++ redistributable was an absolute requirement for the 64 bit version of Clam AV to work.
 
Joe, can you jump in on this and comment?
 
 - Bruce
 
 
 
Note Matt Petty's comments in the last line:
 
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
1
Steve Reid Replied
I just install the latest version 14 on a server that did not have smartermail before. The installer told me both 64 and 32 bit versions of Visual 2010 C++ redistributable where required and it took care of installing them for me.
 
ClamAV is running and ClamSup is working perfectly.
0
Bruce Barnes Replied
Scott Forsythe appears to have blocked the 64 bit version of Visual C++ redistributable from installing.  Here's his opening comment:
 
Forsythe Comment
 
I suspect the lack of the 64 bit version of Visual C++ redistributable is causing his errors.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
ScottF Replied
I installed the 64 bit version of Visual C++ redistributable and ClamAV is running fine now. I didn't intend to block the installation of the 64bit version. Not sure what happened but glad it is fixed.
0
Dennis A. Replied
Awesome, thanks Bruce! Clam started working again on my 2012 R2 server after installing C++ 2010 x64. Strange, because it worked perfectly in the previous version of SmarterMail...
0
Steve Reid Replied
ClamAV was updated to use a 64 bit version. You may have had the 32 bit C++ 2010 only.
0
Dave Stuart Replied
Yes, I had the same issue today after moving my Smarter Mail to a different server. You need both 32 and 64 bit versions of VC C++ Redistributable.
Best Regards Dave Stuart MCSD

Reply to Thread