ClamAv Upgrade and Intallation Problem
This is the my problem.From the beginnig to now.
i have some problems on my web server. Firstly i must say that, i noticed some of trojans and viruses effect my server. Ä° saw that when loading my web pages, i saw a foreign link in the status bar while pages loading. When i search this pages, i saw that some codes that insert a hidden iframe with connected some other sites. This is iframe injection problem.
And after search i saw that this codes are infect most of index.php, index.html, index.htm and footer.php, footer.htm and footer.html pages on my server.
After this i clean all the infected files and activate the php safe mode that is OFF before. And i disable some system functions from php.ini
But more important than this, i realize that my ClamAv antivirus out of date. But when i want to update ClamAv with yum update clamav, i faced some errors about yum. And i take a help from my hosting firm to solve this problem.
And after this, i update my ClamAv 0.88 to ClamAv 0.92. And after this installation i scan my system with clamscan and remove 1250-1300 trojan and viruses from users mail directories
After this clean operation, i scaned the system again and no other trjans or viruses found.
But, after the ClamAv update to ClamAv 092 version there is a big problem again.
When a mail user sent a mail to anyone, everyhing is shown normal on mail program (Outlook, Thunderbird…) as sent, but mail is not delivered to recipient. And at the same time a clamav… directory is created in the /tmp directory. And this directories fill the user’s mailbox quota. When i clean this directory from /tmp directory the quota turn to normal size. This problem occurs most of the mail users traffic. But this problem is begun after the ClamAv update process
But this problem is not shown all mail accounts.
This clamav… directory that is created in /tmp directory have 4 files: main.db, mainmdb, main.ndb and copying files.
And the message that is returned from user that mail quota’s exceeded is shown below.
And some times message is not return.
< mail_address> (expanded from
Â Â Â < mail_address>): can’t create user output file. Command
Â Â Â output: LibClamAV Error: cli_untgz: Wrote 0 instead of 512
Â Â Â (/tmp/clamav-d342a5c0705d099fd95b1b0793092e0b/main.ndb) LibClamAV Error:
Â Â Â cli_cvdload(): Can’t unpack CVD file. LibClamAV Error: Can’t load
Â Â Â /var/clamav/main.cvd: CVD extraction failure ERROR: CVD extraction failure
Â Â Â procmail: Error while writing to “/var/log/procmail.log” procmail: Quota
Â Â Â exceeded while writing
Â Â Â “/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_0.ns1.site.com.tr”
Â Â Â procmail: Quota exceeded while writing
Â Â Â “/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_1.ns1.site.com.tr”
Â Â Â Time:1209623791 From: To: User: mail_adresi Size:248
Â Â Â Dest:/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamscan Mode:None
Shortly, after updating of ClamAv on my server, all the mails in server mail traffic has a clamav… directory in /tmp directory and this directories have main.db, main.mdb,main.ndb and copying files.
What is the wrong, or what must i do to solve this?
if i remove Clamav from system, everything turn to normal in the mail traffic.
Also i install chkrootkit and scaned the system. There is no bad result shown. All results said â