clamav error RSS

1

Hello!

I installed clamav, the services are started but in the error log :
External Agent "ClamAV for Windows" reported error (exit code 2, comment "ClamAV error"). Taking no action.
How do I fix it?

by Maximiliano 4 months ago
2

Hello Maximiliano,

Could you send me the whole error message, please? I believe the "agent output" information is missing. Just double-click the relevant log record in the Log Viewer and see/copy the "Message" details.

Thank you!

by Daniel Novak (Vamsoft) 4 months ago
3

@Daniel Novak (Vamsoft): Thank you for the answer, Daniel.

Message External Agent "ClamAV for Windows" reported error (exit code 2, comment "ClamAV error"). Taking no action.
Details Filtering Point On Arrival
Event Class System Event
Severity Warning
Show Less Details...

Server
Event Source Microsoft® Exchange Server
HELO Domain (not available)
Message ID (not available)
Log Mode Verbose

by Maximiliano 4 months ago
(in reply to this post)

4

Thank you for the additional details. Could you try to add the localhost IP 127.0.0.1 to the clamd.conf file (which can be found in the ClamAV directory) to see whether that solves the issue? Make sure to save the clamd.conf file after editing it, though. Unfortunately, the error message does not tell us much, but the error could be caused by a connectivity issue between clamdscan and the clamD service and this could fix it.

by Daniel Novak (Vamsoft) 4 months ago
5

@Daniel Novak (Vamsoft): Hello,Daniel! Thank you for the answer! I added the IP address to the clamd.conf file, and this error was fixed, but now a new error notification has appeared on the system.

Summary
An operation has failed unexpectedly - recommended to investigate this event.
Time 31 may 2018 г. 11:52:36 GMT+0600
Sender Email ;

Recipient Emails •

Related IP
Action (not available)
Email Subject test message
Message
Timeout waiting for External Agent "ClamAV for Windows" to finish.

by Maximiliano 4 months ago
(in reply to this post)

6

@Maximiliano: Hello Maximiliano,

Unless you see this error logged for each tested email, there is nothing to worry about, really. The message simply indicates that the ClamAV command line scanner failed to complete the scan of an .eml file within the timespan allowed in the ORF configuration (Blacklists > Clam AV for Windows > Run tab) - which can be normal.

However, if this is recurring issue, you should:

1) Make sure that the "Path to temporary files" path on the 'Blacklists > External Agents' page points to a directory that exists and(!) is excluded from any anti-virus filtering - otherwise the .eml file may be erased/locked before it could be scanned by ORF.

2) Try to increase the "Timeout" value set for ClamAV by 5-10 seconds to see if that solves the problem (ORF Administration Tool: External Agents > ClamAV for Windows (double-click) > Run tab > Timeout Control).

by Daniel Novak (Vamsoft) 4 months ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed