SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0004162: clamd crash, tcp socket should be monitored - MantisBT
MantisBT - Endian Firewall
View Issue Details
0004162Endian FirewallProxy HTTPpublic2011-09-20 09:302013-04-23 14:17
luca-endian 
ardit-endian 
normalmajorrandom
resolvedno change required 
2.4.1 
 
0004162: clamd crash, tcp socket should be monitored
Hi Guys,

this happens randomly:

Sep 2 09:19:46 xxx havp[3818]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://www.google.it/ [^])
Sep 2 09:19:47 xxx havp[3824]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:20:45 xxx havp[3813]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:20:45 xxx havp[3811]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl [^])
Sep 2 09:21:06 xxx havp[4051]: Clamd: Could not connect to scanner! Scanner down?
Sep 2 09:21:06 xxx havp[4034]: Scanner errors: Clamd: Could not connect to scanner socket (lasturl: http://check.sanasecurity.com/ [^])
Sep 2 09:21:06 xxx havp[4034]: 127.0.0.1 POST 200 http://check.sanasecurity.com/ [^] 264+495 SCANERROR Clamd: Could not connect to scanner socket

**POSSIBLE SOLUTION**

We should check the clamd socket with monit, which is pretty easy since monit support the CLAMAV protocol!

root@xxx:/etc/monit.d # cat clamd.conf
 check process clamd with pidfile /var/run/clamav/clamd.pid
   group virus
   start program = "/etc/init.d/clamd start"
   stop program = "/etc/init.d/clamd stop"
   if failed host 127.0.0.1 port 3310 protocol CLAMAV for 5 cycle then restart
   if 5 restarts within 5 cycles then timeout
   depends on clamavd_bin
   mode manual

 check file clamavd_bin with path /usr/sbin/clamd
   group virus
   if failed checksum then unmonitor
   if failed permission 755 then unmonitor
   if failed uid root then unmonitor
   if failed gid root then unmonitor
   mode manual

This would increase reliability for http proxy and smtp proxy as well!
What you think?
purple
related to 0003476confirmed peter-endian Endian Firewall clamd crashed 
Issue History
2011-09-20 09:30luca-endianNew Issue
2011-09-20 09:36luca-endianTag Attached: purple
2011-09-20 09:36luca-endianRelationship addedrelated to 0003080
2011-09-20 09:36luca-endianRelationship addedrelated to 0003476
2013-04-23 14:16ardit-endianNote Added: 0008426
2013-04-23 14:17ardit-endianNote Added: 0008427
2013-04-23 14:17ardit-endianStatusnew => resolved
2013-04-23 14:17ardit-endianResolutionopen => no change required
2013-04-23 14:17ardit-endianAssigned To => ardit-endian

Notes
(0008426)
ardit-endian   
2013-04-23 14:16   
this happens also on 2.5 full up to date, after dedicated tests :D and monitoring the problem is caused *somehow* by the updates, if the updates are weekley happens but if are set to daily doesn't happen anymore.
(0008427)
ardit-endian   
2013-04-23 14:17   
set the update to daily for the antivirus and will not happen