[Solved] ClamAV + C-ICAP (Registry 'virus_scan::engines' does not exist!)

[hbc]

I have to reopen this issue: https://forum.opnsense.org/index.php?topic=5988.0

New 19.1.6 installation, plugins clamav and c-icap installed. Even when I try this timing delay, I get error when starting c-icap.

Code Select Expand

root@fw01:/var/log/c-icap # /usr/local/etc/rc.d/clamav-clamd start
Starting clamav_clamd.
WARNING: Ignoring deprecated option AllowSupplementaryGroups at /usr/local/etc/clamd.conf:14
root@fw01:/var/log/c-icap # sleep 5
root@fw01:/var/log/c-icap # /usr/local/etc/rc.d/c-icap restart
c_icap not running? (check /var/run/c-icap/c-icap.pid).
Starting c_icap.


/var/log/c-icap/server.log

Code Select Expand

Fri Apr 26 13:11:58 2019, main proc, clamd_init: Not valid response from server:
Fri Apr 26 13:11:58 2019, main proc, Registry 'virus_scan::engines' does not exist!
Fri Apr 26 13:12:18 2019, 41119/689028864, Registry 'virus_scan::engines' does not exist!
Fri Apr 26 13:12:18 2019, 41119/689028864, Registry 'virus_scan::engines' does not exist!
Fri Apr 26 13:13:08 2019, 41119/689028864, Registry 'virus_scan::engines' does not exist!
Fri Apr 26 13:13:08 2019, 41119/689028864, Registry 'virus_scan::engines' does not exist!
Fri Apr 26 13:14:00 2019, 41119/689028864, Registry 'virus_scan::engines' does not exist!
Fri Apr 26 13:14:00 2019, 41119/689028864, Registry 'virus_scan::engines' does not exist!


Since no connection to clamav, all eicar downloads pass.

[mimugmail]

I thought I had removed this already ... do you something on console when starting OPN?

[hbc]

I thought I had removed this already ... do you something on console when starting OPN?

Sorry, don't get it. What shall I do in console? I activated services and rebooted. Problem exists.
I secured shelled into opnsense and applied

Code Select Expand


#!/bin/sh

/usr/local/etc/rc.d/clamav-clamd start
sleep 5
/usr/local/etc/rc.d/c-icap restart

like in issue https://github.com/opnsense/plugins/issues/276.

Can a machine be too powerful for opnsense? Too much memory, cores, etc.? It is pretty strange. I have less powerful machines without problems. ATM I have this issue and no firewall live view and I did not apply any manual tweaks. Configuration is not so special. ok, many 10g interfaces and chelsio cards.

I just loaded ioat module (I/O advanced technology), but this should not cause issues, could it?

[mimugmail]

Sorry, was focused only on the AllowSupplementaryGroup warning ...

[hbc]

Sorry, was focused only on the AllowSupplementaryGroup warning ...

Well, think that warning is easy to fix. Just remove config entry in next release. Had this warning on other clamav installations. Comment that # fix it.

But any ideas about this missing registry?

[mimugmail]

Yep, fixed it already: https://github.com/opnsense/plugins/pull/1314

So with your sleep 5 it works again or still doesn't work?

[hbc]

The hint about deprecated option is just a warning. Should not have any influence on the function. My problem is the registry error. The 5s sleep does not help.

[hbc]

I found the problem. Too much tuning.

Code Select Expand


# Enable the optimized version of the soreceive() kernel socket interface for
# stream (TCP) sockets. NOTE: disable net.inet.tcp.soreceive_stream when using
# rndc to update BIND DNS records otherwise the following error will trigger,
# "rndc: recv failed: host unreachable".
#
#net.inet.tcp.soreceive_stream="1"  # (default 0)

it needs to stay '0' (default). Seems as the new socket version is not supported by this daemon.

[mimugmail]

Nice finding :)

[hboxhorn]

Maybe I have a brainfart but which file needs to be changed ?

[hbc]

If you manually changed net.inet.tcp.soreceive_stream to another value than 0, you have to revert it in the file where you added this setting.
If you did not manually add this option to any file, no file needs to be changed.