on my private UTM (V9.315-2) there is a strange problem regarding the malware and virus
protection. Symtoms like "all mails are quarantained" or the smtp-communication is dropped with "temporarely not availabe".
Workaround disabling AV-Scanner and malware-detection [:(]
Analysing the logs:
"Fallback messages" with Avira-Scanner:
2015:09:04-17:53:56 asl1 [daemon:info] cssd[17344]: [ (nil)] main (cssd.c:335) starting up...
2015:09:04-17:53:56 asl1 [daemon:info] cssd[17344]: [ (nil)] read_config (cssd.c:115) reading config
2015:09:04-17:53:56 asl1 [daemon:info] cssd[17344]: [ (nil)] main (cssd.c:345) initializing Avira virus scanner engine
2015:09:04-17:53:56 asl1 [daemon:info] cssd[17344]: [ (nil)] avira_init (avira.c:79) failed to load Avira engine: aviraglue_init() failed to load: /var/pattern/avira3/libsavapi3.so: cannot open shared object file: File name too long
2015:09:04-17:53:56 asl1 [daemon:info] cssd[17344]: [ (nil)] main (cssd.c:358) virus scanner initialization finished
2015:09:04-17:54:36 asl1 [daemon:info] cssd[17491]: [ (nil)] main (cssd.c:335) starting up...
2015:09:04-17:54:36 asl1 [daemon:info] cssd[17491]: [ (nil)] read_config (cssd.c:115) reading config
2015:09:04-17:54:36 asl1 [daemon:info] cssd[17491]: [ (nil)] main (cssd.c:345) initializing Avira virus scanner engine
2015:09:04-17:54:36 asl1 [daemon:info] cssd[17491]: [ (nil)] avira_init (avira.c:79) failed to load Avira engine: aviraglue_init() failed to load: /var/pattern/avira3/libsavapi3.so: cannot open shared object file: File name too long
2015:09:04-17:54:36 asl1 [daemon:info] cssd[17491]: [ (nil)] main (cssd.c:358) virus scanner initialization finished
"Selfmonitoring-log" when sending a mail through gateway:
2015:09:04-17:52:06 asl1 selfmonng[3677]: W actionCmd(+): '/var/mdw/scripts/cssd restart'
2015:09:04-17:52:06 asl1 selfmonng[3677]: W child returned status: exit='0' signal='0'
2015:09:04-17:53:46 asl1 selfmonng[3677]: I check Failed increment cssd_running counter 1 - 3
2015:09:04-17:53:51 asl1 selfmonng[3677]: I check Failed increment cssd_running counter 2 - 3
2015:09:04-17:53:56 asl1 selfmonng[3677]: W check Failed increment cssd_running counter 3 - 3
2015:09:04-17:53:56 asl1 selfmonng[3677]: W triggerAction: 'cmd'
2015:09:04-17:53:56 asl1 selfmonng[3677]: W actionCmd(+): '/var/mdw/scripts/cssd restart'
2015:09:04-17:53:56 asl1 selfmonng[3677]: W child returned status: exit='0' signal='0'
2015:09:04-17:54:26 asl1 selfmonng[3677]: I check Failed increment cssd_running counter 1 - 3
2015:09:04-17:54:31 asl1 selfmonng[3677]: I check Failed increment cssd_running counter 2 - 3
2015:09:04-17:54:36 asl1 selfmonng[3677]: W check Failed increment cssd_running counter 3 - 3
2015:09:04-17:54:36 asl1 selfmonng[3677]: W triggerAction: 'cmd'
2015:09:04-17:54:36 asl1 selfmonng[3677]: W actionCmd(+): '/var/mdw/scripts/cssd restart'
2015:09:04-17:54:36 asl1 selfmonng[3677]: W child returned status: exit='0' signal='0'
Is there a problem with av-/malware-updates on sophos-site, or is this a local
problem on my site?
How to debug this problem? Any ideas?
greets
silent
EDIT: Its only when Avira scanner or both scanners is enabled. Disabling Avira with scan-engine=Sophos
and "Single scan" fixes the problem. It seems there is only a problem with avira. When reading the avira-error in log: Is it possible to delete all patterns for avira? So that avira-scanner reloads all patterns automaticly?
EDIT2: I'am getting near to the problem: the symlink /var/pattern/avira3 targeting to /var/pattern/avira3-9-11841. This folder doesnt't exist! Problem found! How to fix this?
thx
This thread was automatically locked due to age.
