ClamAV Fatal Error Mail stops processing

Questions and answers about how to do stuff
Post Reply
peter.munnelly
Posts: 23
Joined: 25 Nov 2015 16:31

ClamAV Fatal Error Mail stops processing

Post by peter.munnelly »

Hi,

ClamAV keeps giving these errors, and then stops, so mail doesn't get processed and the queue builds up. Restarting clamd service resolves issue for an hour or two then the issue is present again. These are the errors, how can I resolve?

Fri Jan 26 17:03:19 2018 -> /var/spool/MailScanner/incoming/17662/C8B9B100392.A7B0C/nmsg-17662-381.txt: Can't create new file ERROR
Fri Jan 26 17:03:19 2018 -> /var/spool/MailScanner/incoming/17662/C8B9B100392.A7B0C/nmsg-17662-382.html: Can't open file or directory ERROR
Fri Jan 26 17:03:19 2018 -> WARNING: lstat() failed on: /var/spool/MailScanner/incoming/17854
Fri Jan 26 17:03:21 2018 -> /var/spool/MailScanner/incoming/17662/8B842100399.A358C.header: Can't open file or directory ERROR
Fri Jan 26 17:03:21 2018 -> /var/spool/MailScanner/incoming/17662/8B842100399.A358C/nmsg-17662-383.txt: Can't create new file ERROR

Fri Jan 26 17:05:19 2018 -> Reading databases from /var/lib/clamav
Fri Jan 26 17:05:19 2018 -> ERROR: reload db failed: Can't duplicate file descriptor
Fri Jan 26 17:05:19 2018 -> Terminating because of a fatal error.
Fri Jan 26 17:05:19 2018 -> Pid file removed.
Fri Jan 26 17:05:19 2018 -> --- Stopped at Fri Jan 26 17:05:19 2018
Fri Jan 26 17:05:19 2018 -> Socket file removed.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: ClamAV Fatal Error Mail stops processing

Post by shawniverson »

Disk space or underlying storage problem?
sebastian.savard
Posts: 6
Joined: 29 Jan 2018 13:34

Re: ClamAV Fatal Error Mail stops processing

Post by sebastian.savard »

I saw the same exact stuff on Friday, January 26th, as well. The interesting thing is, we have two EFA boxes and they both encountered the same exact issue within an hour of each other. Is it possible that there was a bad ClamAV update, or an exploit someone used that day across the web? We saw our first box impacted at 8:32 am EST, and the second one at 9:21 AM EST. We have had no additional issues or outages since.
Post Reply