[BlueOnyx:21703] Re: Clam update errors.

Michael Stauber mstauber at blueonyx.it
Wed Jan 31 11:44:12 -05 2018 

Hi all,

> I have updated the clamav and now we are getting this in the maillog (and users complaining!)
> 
> Jan 31 09:43:46 server1 sendmail[7257]: w0V9hkpS007257: Milter (clamav): local socket name /var/run/clamav/clamav-milter.sock unsafe
> Jan 31 09:43:46 server1 sendmail[7257]: w0V9hkpS007257: Milter (clamav): to error state
> Jan 31 09:43:46 server1 sendmail[7257]: w0V9hkpS007257: Milter: initialization failed, temp failing commands
> 
> I have restarted avspam ... no better.
> Rebooted server ... no better.
> 
> Currently left clamav disabled. ☹
> 
> AV-Spam 6.1.0-9 on 5207R

The 6.1.0 is pretty ancient (+3 years of thereabouts?). The most recent
is 6.3.2-1. Newer AV-SPAMs have a better Active Monitor integration and
also the script /usr/sausalito/sbin/av_spam.pl which can be used to
check the status and issue a restart of all related services. The whole
integration of the components into the OS and the GUI is simply better
as well and contributes to a higher reliability.

Recently several critical vulnerabilities were detected in all Clam AV
versions prior to 0.99.3 and 0.99.3 was released to fix that. The
vulnerabilities were so bad that I chose to make Clam AV available via
YUM even to clients with expired support subscription.

However, it *does* appear that 0.99.3 might have been strung together
with a hot needle. The prior version of Clam AV was rock solid and
hardly ever failed on its own. Compared to that 0.99.3 behaves a bit
more quirky and I'm expecting that we'll see another fixed version
emerge upstream within the next few days which addresses these issues.

With such a quirky Clam AV the better Active Monitor integration of the
newer AV-SPAM is quite helpful, as it will catch and fix these issues,
whereas an ancient AV-SPAM such as 6.1.0 might not.

My suggestion would be: If you're running an older AV-SPAM, then please
consider upgrading to the latest version. Short of that: If Clam AV
0.99.3 causes too many issues, you might want to consider to turn it off
until a more stable version of Clam AV becomes available again.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list