Hallo liebe MailCow Community,
ich benutze seit 2 Wochen Mailcow und bin etwas angetan 😀, sehr cooles Projekt!
Leider dreht mein clamd-mailcow docker etwas am Rad.
Ich bekomme alle 10 Minuten die Meldung vom WatchDog –>
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
connect to address 172.22.1.7 and port 3310: Connection refused
Ich bin mir nicht sicher ob es etwas mit meiner Änderung zu tu hat, hab heute weitere Datenbanken für ClamAV hinzugefügt.
Zusätzlich habe ich knapp 300.000 Objekte via IMAP synchronisiert, was problemlos funktioniert hat.
Die Migration ist abgeschlossen.
Hier mal meine Conf
cat data/conf/clamav/freshclam.conf
#UpdateLogFile /dev/console
LogTime yes
PidFile /run/clamav/freshclam.pid
DatabaseOwner clamav
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror db.uk.clamav.net
DatabaseMirror db.nl.clamav.net
DatabaseMirror db.fr.clamav.net
DatabaseMirror db.ch.clamav.net
MaxAttempts 4
ScriptedUpdates yes
Checks 6
NotifyClamd /etc/clamav/clamd.conf
Foreground yes
ConnectTimeout 20
ReceiveTimeout 90
TestDatabases yes
Bytecode yes
# 27.08.2023 von Christian
# Weitere Datenbanken für ClamAV
# docs.mailcow.email/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/#weitere-datenbanken-fur-clamav
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/habe_ich_ersetzt/securiteinfopdf.hdb
cat data/conf/clamav/clamd.conf
#Debug true
#LogFile /dev/null
LogTime yes
LogClean yes
ExtendedDetectionInfo yes
PidFile /run/clamav/clamd.pid
OfficialDatabaseOnly no
LocalSocket /run/clamav/clamd.sock
TCPSocket 3310
StreamMaxLength 25M
MaxThreads 10
ReadTimeout 10
CommandReadTimeout 3
SendBufTimeout 200
MaxQueue 80
IdleTimeout 20
SelfCheck 3600
User clamav
Foreground yes
DetectPUA yes
# See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md
ExcludePUA PUA.Win.Packer
ExcludePUA PUA.Win.Trojan.Packed
ExcludePUA PUA.Win.Trojan.Molebox
ExcludePUA PUA.Win.Packer.Upx
ExcludePUA PUA.Doc.Packed
#ExcludePUA NetTool
#ExcludePUA PWTool
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
HeuristicAlerts yes
ScanOLE2 yes
AlertOLE2Macros no
ScanPDF yes
ScanSWF yes
ScanXMLDOCS yes
ScanHWP3 yes
ScanMail yes
PhishingSignatures no
PhishingScanURLs no
HeuristicScanPrecedence yes
ScanHTML yes
ScanArchive yes
MaxScanSize 150M
MaxFileSize 100M
MaxRecursion 5
MaxFiles 200
MaxEmbeddedPE 100M
MaxHTMLNormalize 50M
MaxScriptNormalize 50M
MaxZipTypeRcg 50M
Bytecode yes
BytecodeSecurity TrustSigned
BytecodeTimeout 1000
ConcurrentDatabaseReload no
cat data/conf/rspamd/local.d/antivirus.conf
clamav {
# Scan whole message
scan_mime_parts = false;
#scan_text_mime = true;
#scan_image_mime = true;
symbol = "CLAM_VIRUS";
type = "clamav";
log_clean = true;
servers = "clamd:3310";
max_size = 20971520;
timeout = 10;
}
patterns {
# Extra Signatures (Securite) Not shipped with mailcow.
CLAM_SECI_SPAM = "^SecuriteInfo\.com\.Spam.*";
CLAM_SECI_JPG = "^SecuriteInfo\.com\.JPG.*";
CLAM_SECI_PDF = "^SecuriteInfo\.com\.PDF.*";
CLAM_SECI_HTML = "^SecuriteInfo\.com\.HTML.*";
CLAM_SECI_JS = "^SecuriteInfo\.com\.JS.*";
}
Habe mit Timeout und MaxRecursion schon gespielt, schafft leider keine Abhilfe.
Im rspamd sehe ich folgenden Hinweis ziemlich oft:
clamav: failed to scan, maximum retransmits exceed
Nach einem Neustart von clamd-mailcow und rspamd-mailcow sehe ich noch folgenden Hinweis

27.8.2023, 20:37:18 main 1 symcache 99acna cannot find dependency on symbol MAILCOW_WHITE for symbol LOCAL_BL_ASN
27.8.2023, 20:37:18 main 1 lua 99acna cannot add rule: \"patterns\"
27.8.2023, 20:37:18 main 1 lua 99acna unknown antivirus type: patterns
Im clamd-mailcow log sieht es ganz gut aus –>
mailcowdockerized-clamd-mailcow-1 | Cleaning up tmp files...
mailcowdockerized-clamd-mailcow-1 | Copying non-empty whitelist.ign2 to /var/lib/clamav/whitelist.ign2
mailcowdockerized-clamd-mailcow-1 | File: /var/lib/clamav/whitelist.ign2
mailcowdockerized-clamd-mailcow-1 | Size: 190 Blocks: 8 IO Block: 4096 regular file
mailcowdockerized-clamd-mailcow-1 | Device: 801h/2049d Inode: 258656 Links: 1
mailcowdockerized-clamd-mailcow-1 | Access: (0644/-rw-r--r--) Uid: ( 100/ clamav) Gid: ( 101/ clamav)
mailcowdockerized-clamd-mailcow-1 | Access: 2023-08-27 20:35:44.702912253 +0200
mailcowdockerized-clamd-mailcow-1 | Modify: 2023-08-27 20:35:44.706912241 +0200
mailcowdockerized-clamd-mailcow-1 | Change: 2023-08-27 20:35:44.718912203 +0200
mailcowdockerized-clamd-mailcow-1 | Running freshclam...
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:44 2023 -> ClamAV update process started at Sun Aug 27 20:35:44 2023
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:44 2023 -> daily.cld database is up-to-date (version: 27013, sigs: 2040037, f-level: 90, builder: raynman)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:44 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:44 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:44 2023 -> securiteinfo.hdb is up-to-date (version: custom database)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:45 2023 -> securiteinfo.ign2 is up-to-date (version: custom database)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:45 2023 -> javascript.ndb is up-to-date (version: custom database)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:46 2023 -> spam_marketing.ndb is up-to-date (version: custom database)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:46 2023 -> securiteinfohtml.hdb is up-to-date (version: custom database)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:46 2023 -> securiteinfoascii.hdb is up-to-date (version: custom database)
mailcowdockerized-clamd-mailcow-1 | Sun Aug 27 20:35:47 2023 -> securiteinfoandroid.hdb is up-to-date (version: custom database)
Habe ich auch in der config noch einen Fehler, weil rspamd sagt?
cannot add rule: \"patterns\"
Der Server steht bei Hetzner und hat nur 4 GB Memory.
Grüße,
Christian