maldet -d && maldet -u
Es kann sein das über die Aktualisierung auch Clamav rules geändert wurden oder es gab heute morgen eventl. ein freshclam was nicht passt.
Das System läuft mit clamav-milter bereits 2 Jahre, es wurde auch nichts an den Configs geändert.
Sobald ich clamav-milter wieder in der Postfix main.cf einbinde crasht clamav-daemon und clamav-milter ...
Wie kann das Problem gelöst werden?
main.cf
Code: Alles auswählen
non_smtpd_milters = unix:/spamass/spamass.sock, unix:/clamav/clamav-milter.ctl
smtpd_milters = unix:/spamass/spamass.sock, unix:/clamav/clamav-milter.ctl
Code: Alles auswählen
● clamav-milter.service - LSB: ClamAV virus milter
Loaded: loaded (/etc/init.d/clamav-milter; generated)
Active: active (running) since Wed 2021-02-17 14:04:11 CET; 3min 14s ago
Docs: man:systemd-sysv-generator(8)
Process: 24483 ExecStop=/etc/init.d/clamav-milter stop (code=exited, status=0/SUCCESS)
Process: 24626 ExecStart=/etc/init.d/clamav-milter start (code=exited, status=0/SUCCESS)
Tasks: 6 (limit: 4915)
CGroup: /system.slice/clamav-milter.service
└─24751 /usr/sbin/clamav-milter --config-file=/etc/clamav/clamav-milter.conf
Feb 17 14:04:11 host3 systemd[1]: Starting LSB: ClamAV virus milter...
Feb 17 14:04:11 host3 clamav-milter[24626]: * Starting Sendmail milter plugin for ClamAV clamav-milter
Feb 17 14:04:11 host3 clamav-milter[24750]: +++ Started at Wed Feb 17 14:04:11 2021
Feb 17 14:04:11 host3 clamav-milter[24626]: ...done.
Feb 17 14:04:11 host3 systemd[1]: Started LSB: ClamAV virus milter.
Feb 17 14:07:24 host3 clamav-milter[24751]: Connection closed while reading from socket
Feb 17 14:07:24 host3 clamav-milter[24751]: No reply from clamd
● clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/clamav-daemon.service.d
└─extend.conf
Active: failed (Result: signal) since Wed 2021-02-17 14:07:24 CET; 28s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 24271 ExecStart=/usr/sbin/clamd --foreground=true (code=killed, signal=ABRT)
Process: 24270 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
Process: 24269 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
Main PID: 24271 (code=killed, signal=ABRT)
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> OLE2 support enabled.
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> PDF support enabled.
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> SWF support enabled.
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> HTML support enabled.
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> XMLDOCS support enabled.
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> HWP3 support enabled.
Feb 17 14:03:48 host3 clamd[24271]: Wed Feb 17 14:03:48 2021 -> Self checking every 3600 seconds.
Feb 17 14:07:24 host3 clamd[24271]: clamd: yara_exec.c:177: yr_execute_code: Assertion `sp == 0' failed.
Feb 17 14:07:24 host3 systemd[1]: clamav-daemon.service: Main process exited, code=killed, status=6/ABRT
Feb 17 14:07:24 host3 systemd[1]: clamav-daemon.service: Failed with result 'signal'.
debug:
Code: Alles auswählen
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 9460 duplicate identifier "eleonore_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 10312 duplicate identifier "eleonore_jar2"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 10338 duplicate identifier "eleonore_jar3"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 10363 duplicate identifier "eleonore_js"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 10392 duplicate identifier "eleonore_js2"
LibClamAV Error: yyerror(): /var/lib/clamav/rfxn.yara line 10423 duplicate identifier "eleonore_js3"
LibClamAV Warning: load_oneyara: yara rule contains too many subsigs (104, max: 64), skipping YARA.fragus_htm
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/rfxn.yara, successfully loaded 776 rules.
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Sakura.yar line 31 duplicate identifier "sakura_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Sakura.yar line 62 duplicate identifier "sakura_jar2"
LibClamAV Warning: cli_loadyara: failed to parse or load 2 yara rules from file /var/lib/clamav/EK_Sakura.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 22 duplicate identifier "AnglerEKredirector"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 50 duplicate identifier "angler_flash"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 78 duplicate identifier "angler_flash2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 108 duplicate identifier "angler_flash4"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 134 duplicate identifier "angler_flash5"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 165 duplicate identifier "angler_flash_uncompressed"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 197 duplicate identifier "angler_html"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 229 duplicate identifier "angler_html2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 252 duplicate identifier "angler_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Angler.yar line 283 duplicate identifier "angler_js"
LibClamAV Warning: cli_loadyara: failed to parse or load 10 yara rules from file /var/lib/clamav/EK_Angler.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Zerox88.yar line 25 duplicate identifier "zerox88_js2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Zerox88.yar line 55 duplicate identifier "zerox88_js3"
LibClamAV Warning: cli_loadyara: failed to parse or load 2 yara rules from file /var/lib/clamav/EK_Zerox88.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 32 duplicate identifier "zeroaccess_css"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 57 duplicate identifier "zeroaccess_css2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 87 duplicate identifier "zeroaccess_htm"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 119 duplicate identifier "zeroaccess_js"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 151 duplicate identifier "zeroaccess_js2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 180 duplicate identifier "zeroaccess_js3"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_ZeroAcces.yar line 211 duplicate identifier "zeroaccess_js4"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/EK_ZeroAcces.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Zeus.yar line 28 duplicate identifier "zeus_js"
LibClamAV Warning: cli_loadyara: failed to parse or load 1 yara rules from file /var/lib/clamav/EK_Zeus.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 31 duplicate identifier "blackhole2_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 57 duplicate identifier "blackhole2_jar2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 83 duplicate identifier "blackhole2_jar3"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 115 duplicate identifier "blackhole2_pdf"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 119 duplicate identifier "blackhole1_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 170 duplicate identifier "blackhole2_css"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 206 duplicate identifier "blackhole2_htm"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 243 duplicate identifier "blackhole2_htm10"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 276 duplicate identifier "blackhole2_htm11"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 312 duplicate identifier "blackhole2_htm12"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 331 duplicate identifier "blackhole2_htm3"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 361 duplicate identifier "blackhole2_htm4"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 395 duplicate identifier "blackhole2_htm5"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 425 duplicate identifier "blackhole2_htm6"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Blackhole.yar line 453 duplicate identifier "blackhole2_htm8"
LibClamAV Warning: cli_loadyara: failed to parse or load 15 yara rules from file /var/lib/clamav/EK_Blackhole.yar, successfully loaded 1 rules.
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 23 duplicate identifier "phoenix_html"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 54 duplicate identifier "phoenix_html10"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 86 duplicate identifier "phoenix_html11"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 117 duplicate identifier "phoenix_html2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 149 duplicate identifier "phoenix_html3"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 176 duplicate identifier "phoenix_html4"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 206 duplicate identifier "phoenix_html5"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 237 duplicate identifier "phoenix_html6"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 268 duplicate identifier "phoenix_html7"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 298 duplicate identifier "phoenix_html8"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 330 duplicate identifier "phoenix_html9"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 354 duplicate identifier "phoenix_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 382 duplicate identifier "phoenix_jar2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 405 duplicate identifier "phoenix_jar3"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 431 duplicate identifier "phoenix_pdf"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 458 duplicate identifier "phoenix_pdf2"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Phoenix.yar line 483 duplicate identifier "phoenix_pdf3"
LibClamAV Warning: cli_loadyara: failed to parse or load 17 yara rules from file /var/lib/clamav/EK_Phoenix.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Crimepack.yar line 24 duplicate identifier "crimepack_jar"
LibClamAV Error: yyerror(): /var/lib/clamav/EK_Crimepack.yar line 49 duplicate identifier "crimepack_jar3"
LibClamAV Warning: cli_loadyara: failed to parse or load 2 yara rules from file /var/lib/clamav/EK_Crimepack.yar, successfully loaded 0 rules.
LibClamAV Warning: cli_loadyara: empty database file