SOLVED [CPANEL-28012] Incomplete ClamAV Plugin Uninstall

gramzon

Member
Dec 4, 2017
19
3
3
Croatia
cPanel Access Level
Root Administrator
After uninstalling ClamAV plugin my Exim logs are flooded with messages like this:
Code:
malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): No such file or directory
I tried to comment out the av_scanner line from /etc/exim.conf but then a different message started filling the logs:
Code:
malware acl condition: sophie /var/run/sophie : unable to connect to UNIX socket (/var/run/sophie)
I can not find any option under Exim Configuration Manager that disables scanning
 

gramzon

Member
Dec 4, 2017
19
3
3
Croatia
cPanel Access Level
Root Administrator
I was making changes to Exim routers and transport today via "Exim Configuration Manager" under advanced settings (setting up ESET mail scanner), and after saving changes the message no longer appears in the logs.
Maybe the problem was that I restarted Exim with systemctl after commenting out av_scanner line from /etc/exim.conf, and not via the interface. I also noticed that now the line av_scanner is no longer present in the conf file (not even as a comment)
On a side note, each incoming email shows up twice in "Mail Delivery Reports" since activating ESET mail scanner. Is this normal behavior?
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,910
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @gramzon,

Thanks for the additional information. I was able to reproduce the issue

Internal case CPANEL-28012 is now open to address an issue where uninstalling the ClamAV plugin does not result in the removal of the "av_scanner = clamd:/var/clamd" line from /etc/exim.conf until the next time the Exim configuration file is built. This can lead to the following error seen in /var/log/exim_mainlog:

malware acl condition: clamd /var/clamd : unable to connect to UNIX socket (/var/clamd): No such file or directory
The temporary workaround is to manually execute the following command immediately following the ClamAV uninstallation:

Code:
/scripts/buildeximconf
I'll monitor the case and update this thread with more information on it's status as it becomes available.

Thank you.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,910
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello,

To update, this was fixed as part of the update to ClamAV in cPanel & WHM version 82.0.10:

Fixed case CPANEL-28735: Update rpm.versions for cpanel-clamav 0.101.3-1.cp1180.

Let us know if the issue persists after updating to Panel & WHM version 82.0.10 or newer.

Thank you.