clamav error - ORF Forums

clamav error RSS Back to forum

1

Hello!

I installed clamav, the services are started but in the error log :
External Agent "ClamAV for Windows" reported error (exit code 2, comment "ClamAV error"). Taking no action.
How do I fix it?

by Maximiliano 11 months ago
2

Hello Maximiliano,

Could you send me the whole error message, please? I believe the "agent output" information is missing. Just double-click the relevant log record in the Log Viewer and see/copy the "Message" details.

Thank you!

by Daniel Novak (Vamsoft) 11 months ago
3

@Daniel Novak (Vamsoft): Thank you for the answer, Daniel.

Message External Agent "ClamAV for Windows" reported error (exit code 2, comment "ClamAV error"). Taking no action.
Details Filtering Point On Arrival
Event Class System Event
Severity Warning
Show Less Details...

Server
Event Source Microsoft® Exchange Server
HELO Domain (not available)
Message ID (not available)
Log Mode Verbose

by Maximiliano 11 months ago
(in reply to this post)

4

Thank you for the additional details. Could you try to add the localhost IP 127.0.0.1 to the clamd.conf file (which can be found in the ClamAV directory) to see whether that solves the issue? Make sure to save the clamd.conf file after editing it, though. Unfortunately, the error message does not tell us much, but the error could be caused by a connectivity issue between clamdscan and the clamD service and this could fix it.

by Daniel Novak (Vamsoft) 11 months ago
5

@Daniel Novak (Vamsoft): Hello,Daniel! Thank you for the answer! I added the IP address to the clamd.conf file, and this error was fixed, but now a new error notification has appeared on the system.

Summary
An operation has failed unexpectedly - recommended to investigate this event.
Time 31 may 2018 г. 11:52:36 GMT+0600
Sender Email ;

Recipient Emails •

Related IP
Action (not available)
Email Subject test message
Message
Timeout waiting for External Agent "ClamAV for Windows" to finish.

by Maximiliano 11 months ago
(in reply to this post)

6

@Maximiliano: Hello Maximiliano,

Unless you see this error logged for each tested email, there is nothing to worry about, really. The message simply indicates that the ClamAV command line scanner failed to complete the scan of an .eml file within the timespan allowed in the ORF configuration (Blacklists > Clam AV for Windows > Run tab) - which can be normal.

However, if this is recurring issue, you should:

1) Make sure that the "Path to temporary files" path on the 'Blacklists > External Agents' page points to a directory that exists and(!) is excluded from any anti-virus filtering - otherwise the .eml file may be erased/locked before it could be scanned by ORF.

2) Try to increase the "Timeout" value set for ClamAV by 5-10 seconds to see if that solves the problem (ORF Administration Tool: External Agents > ClamAV for Windows (double-click) > Run tab > Timeout Control).

by Daniel Novak (Vamsoft) 11 months ago
(in reply to this post)

7

hmm. I got this error too.

I've added 127.0.0.1 to clamd.conf to fix it.

so it looks like this now
---
TCPSocket 3310
TCPAddr 127.0.0.1
MaxThreads 2
LogFile c:\Clamav\clamd.log
DatabaseDirectory c:\clamav\db

by Chrisloup 3 months ago
8

Just set this up and had to do the same, probably should be added to the install steps/tutorial.

by kcit 3 months ago
9

@kcit: Thank you for the suggestion, we will consider adding this bit to the ClamAV guides.

by Daniel Novak (Vamsoft) 2 months ago
(in reply to this post)

10

Just setup and had to do the same thing ... don't see the error anymore.

by shooker 1 month ago
11

Same issue.

Adding "TCPAddr 127.0.0.1" to clamd.conf fixed it as well.

by aeleus 2 days ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2