ClamAV "ERROR: Can't write to temporary directory"

Virtualmin
1

Setting up Virtualmin GPS on a new vps server and when I do the final check, I get:

The ClamAV program clamscan does not appear to be working properly :

ERROR: Can’t write to temporary directory

----------- SCAN SUMMARY -----------
Known viruses: 2205557
Engine version: 0.97.6
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 6.477 sec (0 m 6 s)
. Either change the program on the spam and virus scanners page, or disable this feature.

Looking in clamd.conf (am I in the right file?) - it looks like the temporary directory is /var/tmp

and that directories permissions are: drwxrwxrwt

Any thoughts on how to fix this?

Thanks,

Chris

2

Howdy,

What is the output of these two commands:

mount df -h
3

Hi, I’ve got:

# mount /dev/sda on / type ext4 (rw,grpquota,errors=remount-ro,usrquota) none on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

and

# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda 20G 1.6G 18G 9% / none 246M 0 246M 0% /dev/shm
4

Formatting :slight_smile: Always a little different than expected here!

5

Just checking back in on this in case you have any thoughts -

6

Howdy,

I don’t see anything unusual with your drive, the mount flags, or the available space. And the permissions appear correct.

So it’s tough to say what might be going wrong there…

As a test, you could always try changing the temporary directory to /tmp, restart ClamAV, and then see if that works properly.

-Eric

7

Hi Eric,

Changed to /tmp and rebooted but no difference.

This is on a brand new centOS 6 vps from digitalocean.com, an outfit I have never heard of before but was trying out because their prices look really good.

Would you like the address and root password to take a look? All that’s been done with it is the CentOS and Virtualmin GPL install.

Up to you, just thought you might be curious. If you don’t want to, perhaps I’ll just delete it all and try installing again from scratch and see if the same thing happens.

Chris

8

hmm, just tried reinstalling from scratch with a new Centos 6.4 X64 image and same thing happened.

9

That’s all very strange! What output do you receive if you run this command:

rpm -qa | grep clam

10

I get

clamav-db-0.97.6-1.el6.x86_64 clamd-0.97.6-1.el6.x86_64 clamav-0.97.6-1.el6.x86_64
11

The same happens with Ubuntu 12.04 LTS

12

That’s all very odd! I haven’t seen that behavior before.

In Email Messages -> Spam and Virus Scanning, what is “Virus scanning program” set to?

And I believe you mentioned using a VPS… do you know what type of VPS it is?

-Eric

13

When I installed Virtualmin this second time I left everything at the default settings. Currently “Virus scanning program” is set to: Standalone scanner (clamscan).

14

If I attempt to enable ClamAV server, I get:

Configuring and enabling the ClamAV scanning server …
Starting ClamAV server and enabling at boot …
… failed to start : Starting Clam AntiVirus Daemon: [FAILED]
… all done

15

I’m checking on the vps type, let you know when I get an answer -

16

For vps type, DigitalOcean support says:: Linux KVM technology

Is that what you were asking for?

I told them I was having some trouble setting up Virtualmin and they asked for a “list of possible values?,” but I’m not sure what they are looking for. Probably easier if we work it out here :slight_smile:

17

Eric, would you like me to send you a log in so you can take a look? If so, just let me know how to send it your way,

Chris

18

Howdy,

If you look in /var/log/maillog and /var/log/messages after trying to start ClamAV, do you see any errors or unusual messages?

Also, does the command line scanner work when you run it manually?

You can determine that by running this command:

clamscan -v /etc/issue

-Eric

19

Hi Eric,

I get:

# clamscan -v /etc/issue Scanning /etc/issue /etc/issue: OK

----------- SCAN SUMMARY -----------
Known viruses: 2268914
Engine version: 0.97.6
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 6.183 sec (0 m 6 s)

There’s nothing that I see related in var/log/maillog,

but in var/log/messages, I’m getting:

May 9 20:23:46 jazz freshclam[24299]: ClamAV update process started at Thu May 9 20:23:46 2013 May 9 20:23:46 jazz freshclam[24299]: Your ClamAV installation is OUTDATED! May 9 20:23:46 jazz freshclam[24299]: Local version: 0.97.6 Recommended version: 0.97.8 May 9 20:23:46 jazz freshclam[24299]: DON'T PANIC! Read http://www.clamav.net/support/faq May 9 20:23:46 jazz freshclam[24299]: main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven) May 9 20:23:46 jazz freshclam[24299]: daily.cld is up to date (version: 17172, sigs: 1229899, f-level: 63, builder: jesler) May 9 20:23:46 jazz freshclam[24299]: bytecode.cvd is up to date (version: 214, sigs: 41, f-level: 63, builder: neo) May 9 20:25:10 jazz clamd[24430]: clamd daemon 0.97.6 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) May 9 20:25:10 jazz clamd[24430]: Running as user clam (UID 497, GID 498) May 9 20:25:10 jazz clamd[24430]: Log file size limited to -1 bytes. May 9 20:25:10 jazz clamd[24430]: Reading databases from /var/lib/clamav May 9 20:25:10 jazz clamd[24430]: Not loading PUA signatures. May 9 20:25:10 jazz clamd[24430]: Bytecode: Security mode set to "TrustSigned". May 9 20:25:15 jazz clamd[24430]: Loaded 2268914 signatures. May 9 20:25:16 jazz clamd[24430]: TCP: Bound to address 127.0.0.1 on port 3310 May 9 20:25:16 jazz clamd[24430]: TCP: Setting connection queue length to 30 May 9 20:25:16 jazz clamd[24430]: LOCAL: Unix socket file /var/run/clamav/clamd.sock May 9 20:25:16 jazz clamd[24430]: LOCAL: Setting connection queue length to 30 May 9 20:25:16 jazz clamd[24430]: daemonize() failed: Cannot allocate memory May 9 20:25:16 jazz clamd[24430]: Socket file removed.
20

Hmm, that “daemonize() failed: Cannot allocate memory” error is a bit troubling.

What output do you get if you run this command:

free -m