Mailing List Archive

On 17/06/2021 13:30, Jigar via clamav-users wrote:
> Hello,
>
> Suddenly, we are getting the following error in clamd.log file
>
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> Can't create new file ERROR
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> Can't open file or directory ERROR
>
> We have checked up all the permission and ownership. There is no change in it.
>
> We still have the old version of clamav - 0.99 on our mail server. We
> are in the process of upgrading with a new server. Meanwhile, we need
> to run the
> server without any issue. We request kind help.
>
Have you checked that whatever file system contains
"/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not
run out of space?

Cheers,
Gary B-)

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hello,
Following is disk space status. It appears no issue with disk space.

/dev/sda3 75G 50G 22G 71% /

With Regards

Jigar Raval



On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt <grschmidt@acm.org> wrote:
>
> On 17/06/2021 13:30, Jigar via clamav-users wrote:
> > Hello,
> >
> > Suddenly, we are getting the following error in clamd.log file
> >
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> > Can't create new file ERROR
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> > Can't open file or directory ERROR
> >
> > We have checked up all the permission and ownership. There is no change in it.
> >
> > We still have the old version of clamav - 0.99 on our mail server. We
> > are in the process of upgrading with a new server. Meanwhile, we need
> > to run the
> > server without any issue. We request kind help.
> >
> Have you checked that whatever file system contains
> "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts" has not
> run out of space?
>
> Cheers,
> Gary B-)
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Thu, 17 Jun 2021, Jigar via clamav-users wrote:

> We still have the old version of clamav - 0.99 on our mail server.

As I said to you in April, if you are using vulnerable software, patch
it. Upgrade ClamAV immediately. ClamAV version 0.99 is well past its
End Of Life, and aside from some well-publicized security issues, for
some months the database servers have prevented 0.99 from updating its
copies of the signature databases. New malware signatures are being
added at an average a rate of at least one hundred per day, so you may
expect that by now you are missing more than ten thousand very recent
virus signatures.

> ... we need to run the server without any issue.

So does everyone else.

The latest version of ClamAV is 0.103.2. ClamaV 0.100 was released on
April 9, 2018, so you are running security software which has now been
outdated for more than three years. You have been subscribed to this
list since at least April 2021, what have you been doing since then?

When you do not take security seriously you become part of the problem.
You have been part of the problem for at least three years and everyone
here would welcome you if you pulled up your socks. It isn't difficult
to upgrade ClamAV, but you will need some of the supporting software to
be relatively recent. Presumably your mail server's other software is
in need of upgrades too. From the earlier correspondence, I guess also
your workstations:

https://marc.info/?l=clamav-users&m=161746896209362&w=2

On Thu, 17 Jun 2021, Jigar via clamav-users wrote:
> On Thu, Jun 17, 2021 at 9:06 AM Gary R. Schmidt <grschmidt@acm.org> wrote:
> > On 17/06/2021 13:30, Jigar via clamav-users wrote:
> > >
> > > Suddenly, we are getting the following error in clamd.log file
> > >
> > > Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001: Can't create new file ERROR
> > > Thu Jun 17 08:52:49 2021 -> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002: Can't open file or directory ERROR
> > >
> > > We have checked up all the permission and ownership. There is no change in it.
> >
> > Have you checked that whatever file system contains
> > "/var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts"
> > has not run out of space?
>
> Following is disk space status. It appears no issue with disk space.
>
> /dev/sda3 75G 50G 22G 71% /

In 2021 those numbers look small for any server but it is not clear to
me from the output of the command you have posted that the directories

/var/amavis/tmp/*

are in fact on the root partition. You need to check that first. But
it could be that there's some other problem. For example there might
have been an error resulting in parts of the filesystem being remounted
read-only. I'm just guessing here, we need a lot more information. If
you can create (and then delete) a fairly large test file in the amavis
directory, at least that will tell you that there is free space there
and that it's writeable. If you can do it as the user which is running
the relevant process(es) that will tell you a bit more.

What operating systems and mail server software are you using?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

On 2021-06-17 09:00:09, Jigar via clamav-users wrote:
> Hello,
>
> Suddenly, we are getting the following error in clamd.log file
>
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> Can't create new file ERROR
> Thu Jun 17 08:52:49 2021 ->
> /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> Can't open file or directory ERROR
>
> We have checked up all the permission and ownership. There is no change in it.
>

If you are (or can be) using a local socket to communicate with clamd,
then I would suggest changing the way that amavisd invokes the virus
scanner in amavisd.conf:

# Use clamdscan with the --fdpass option so that the "clamav" user
# doesn't need to be able to read amavis's private working
# directory.
@av_scanners = (
['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}",
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
);

This is now the way that amavisd recommends, and assumes that your
clamd socket is writable by the amavis user.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi all,

It's also talked about in this thread
CVD version 26199 causes the following error in ClamAV version 0.99.2:

Can't open file or directory ERROR

We have identified the signature of the problem in CVD version 26199.

Win.Loader.Boxter-9870959-0

If you ignore this signature, you can scan without errors.
If possible, exclude this signature or modify it.

Please help us.

Best regards
T.O

On Thu, 17 Jun 2021 09:41:38 -0400
Michael Orlitzky via clamav-users <clamav-users@lists.clamav.net> wrote:

> On 2021-06-17 09:00:09, Jigar via clamav-users wrote:
> > Hello,
> >
> > Suddenly, we are getting the following error in clamd.log file
> >
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> > Can't create new file ERROR
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> > Can't open file or directory ERROR
> >
> > We have checked up all the permission and ownership. There is no change in it.
> >
>
> If you are (or can be) using a local socket to communicate with clamd,
> then I would suggest changing the way that amavisd invokes the virus
> scanner in amavisd.conf:
>
> # Use clamdscan with the --fdpass option so that the "clamav" user
> # doesn't need to be able to read amavis's private working
> # directory.
> @av_scanners = (
> ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}",
> [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
> );
>
> This is now the way that amavisd recommends, and assumes that your
> clamd socket is writable by the amavis user.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Sat, 26 Jun 2021, Tsutomu Oyamada wrote:

> It's also talked about in this thread
> CVD version 26199 causes the following error in ClamAV version 0.99.2:
>
> Can't open file or directory ERROR
>
> We have identified the signature of the problem in CVD version 26199.
>
> Win.Loader.Boxter-9870959-0
>
> If you ignore this signature, you can scan without errors.
> If possible, exclude this signature or modify it.
>
> Please help us.
>
> Best regards
> T.O
> ...

I have been unable to find the thread to which you seem to be trying
to refer, and your message does not make it clear, at least to me,
whether you are asking a question or making a contribution to the
discussion. Please follow recognized practices when composing your
messages to a mailing list so that they do not cause unnecessary
confusion. A link to the referenced thread would help enormously.
There is no need to quote extensively from it in your message.

https://marc.info/?l=clamav-users&w=2&r=1&s=ClamAV+version+0.99.2&q=b
https://marc.info/?l=clamav-users&w=2&r=1&s=Win.Loader.Boxter&q=b

If you are asking for help with an old version of ClamAV, the advice
must be to upgrade to a supported version, preferably the most recent.

At the date of this message, the most recent version is 0.103.3.

At the date of this message, version 26199 of the 'daily' database is
two weeks old.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml