ClamAV-daemon not starting

Hello, dear friends!
I did a clean installation and the ClamAV-daemon antivirus service does not starting

I studied topics on the forum where it says to update the database manually. Then the console shows the status running.

The service still does not start in the HCP interface.

Tell me, colleagues, where to look for a solution.

Thank you

Hi @MrMax,

Take a look to this post:

Basically, do you have a /etc/sysconfig/ dir?

Yes, this catalog exists

And that is the reason for the fail check. Dir /etc/sysconfig/ is not a default dir neither for Debian nor Ubuntu and Hestia relies on it to check Clamav from one way or another.

Options:

1.- Remove or change the dir name. I’ve no idea what dir and those files do in your system so if you modify it, your system could break.

2.- Ignore the failed service because it is working fine.

3.- Edit the script that checks the services /usr/local/hestia/bin/v-list-sys-services

And replace this:

# Checking MAIL ANTIVIRUS
if [ -n "$ANTIVIRUS_SYSTEM" ] && [ "$ANTIVIRUS_SYSTEM" != 'remote' ]; then
        if [ -d "/etc/sysconfig" ]; then
                if [ "$ANTIVIRUS_SYSTEM" == 'clamav' ]; then
                        ANTIVIRUS_SYSTEM='clamd'
                fi
                get_srv_state "$ANTIVIRUS_SYSTEM"
        else
                if [ "$ANTIVIRUS_SYSTEM" == 'clamav-daemon' ]; then
                        proc_name='clamd'
                fi
                get_srv_state "$ANTIVIRUS_SYSTEM" "$proc_name"
        fi
        data="$data\nNAME='$ANTIVIRUS_SYSTEM' SYSTEM='email anti-virus'"
        data="$data STATE='$state' CPU='$cpu' MEM='$mem' RTIME='$rtime'"
        proc_name=''
fi

By this:

# Checking MAIL ANTIVIRUS
if [ -n "$ANTIVIRUS_SYSTEM" ] && [ "$ANTIVIRUS_SYSTEM" != 'remote' ]; then
        if [ "$ANTIVIRUS_SYSTEM" == 'clamav-daemon' ]; then
                proc_name='clamd'
        fi
        get_srv_state "$ANTIVIRUS_SYSTEM" "$proc_name"
        data="$data\nNAME='$ANTIVIRUS_SYSTEM' SYSTEM='email anti-virus'"
        data="$data STATE='$state' CPU='$cpu' MEM='$mem' RTIME='$rtime'"
        proc_name=''
fi

My friend! You are simply a magician!
Life needs such specialists! And kind-hearted guys!
I want to express my great gratitude to you!
Accept the wishes of peace, goodness and all the best!

This is the first time I did a clean install on Ubuntu 22.04
The installation always goes smoothly without any problems, today is the first time.

I would also like to ask about the netplan utility.
When I did a new installation, at the beginning there was a warning to start with the --force key to do further.
Otherwise, install netplan first.
I did as always with the --force key without installing netplan.

Now, after rebooting the server, the iptables service does not start automatically and you have to start it manually.

Please tell me is this related to the installation of netplan or do we need to look for another reason why we have to manually start this service iptable after rebooting the server.

Thank you,
Sincerely,

What service is not starting and how are you starting it?

Show the output of these commands:

systemctl status hestia-iptables.service --no-pager -l
journalctl -b -u hestia-iptables.service
iptables -S

image

iptables is working fine. The problem regarding hestia-iptables service is again because of /etc/sysconfig/ dir.

Edit this file /usr/local/hestia/bin/v-update-firewall

And replace this:

# Clean up and saving rules to the master iptables file
if [ -d "/etc/sysconfig" ]; then
        /sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' > /etc/sysconfig/iptables
else
        /sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' > /etc/iptables.rules
        iptablesversion="$(iptables --version | head -1 | awk '{print $2}' | cut -f -2 -d .)"
        sd_unit="/lib/systemd/system/hestia-iptables.service"
        if [ ! -e "$sd_unit" ]; then
                echo "[Unit]" >> $sd_unit
                echo "Description=Loading Hestia firewall rules" >> $sd_unit
                echo "DefaultDependencies=no" >> $sd_unit
                echo "Wants=network-pre.target local-fs.target" >> $sd_unit
                echo "Before=network-pre.target" >> $sd_unit
                echo "After=local-fs.target" >> $sd_unit
                echo "" >> $sd_unit
                echo "[Service]" >> $sd_unit
                echo "Type=oneshot" >> $sd_unit
                echo "RemainAfterExit=yes" >> $sd_unit
                echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset load" >> $sd_unit
                if [ "$iptablesversion" = "v1.6" ]; then
                        echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >> $sd_unit
                else
                        echo "ExecStart=/sbin/iptables-restore --wait=10 /etc/iptables.rules" >> $sd_unit
                fi
                echo "" >> $sd_unit
                echo "[Install]" >> $sd_unit
                echo "WantedBy=multi-user.target" >> $sd_unit
                systemctl -q daemon-reload
        fi
        systemctl -q is-enabled hestia-iptables 2> /dev/null || systemctl -q enable hestia-iptables
fi

By this:

# Clean up and saving rules to the master iptables file
/sbin/iptables-save | sed -e 's/[[0-9]\+:[0-9]\+]/[0:0]/g' -e '/^-A fail2ban-[A-Z]\+ -s .\+$/d' >/etc/iptables.rules
iptablesversion="$(iptables --version | head -1 | awk '{print $2}' | cut -f -2 -d .)"
sd_unit="/lib/systemd/system/hestia-iptables.service"
if [ ! -e "$sd_unit" ]; then
        echo "[Unit]" >>$sd_unit
        echo "Description=Loading Hestia firewall rules" >>$sd_unit
        echo "DefaultDependencies=no" >>$sd_unit
        echo "Wants=network-pre.target local-fs.target" >>$sd_unit
        echo "Before=network-pre.target" >>$sd_unit
        echo "After=local-fs.target" >>$sd_unit
        echo "" >>$sd_unit
        echo "[Service]" >>$sd_unit
        echo "Type=oneshot" >>$sd_unit
        echo "RemainAfterExit=yes" >>$sd_unit
        echo "ExecStartPre=-${HESTIA}/bin/v-update-firewall-ipset load" >>$sd_unit
        if [ "$iptablesversion" = "v1.6" ]; then
                echo "ExecStart=/sbin/iptables-restore /etc/iptables.rules" >>$sd_unit
        else
                echo "ExecStart=/sbin/iptables-restore --wait=10 /etc/iptables.rules" >>$sd_unit
        fi
        echo "" >>$sd_unit
        echo "[Install]" >>$sd_unit
        echo "WantedBy=multi-user.target" >>$sd_unit
        systemctl -q daemon-reload
fi
systemctl -q is-enabled hestia-iptables 2>/dev/null || systemctl -q enable hestia-iptables

Thank you very much for your work and I really appreciate your help!
Now I will carefully study and compare these files so that I can understand the difference at the level of sensations.

Please tell me, maybe by chance you had to deal with such a question.
Configuring HCP Server PHP 8.1
Domain settings backend PHP are “defaulted”
As far as logic tells me, the site should work on the system version of PHP,
namely PHP 8.1

I check the information about the PHP version through the info.php file

<?php phpinfo(); ?>

and see that version 8.0

In the HCP settings, sites are listed that they are on HCP 8.1
At this time, checking the site itself by launching Phpinfo returns version 8.0

Thank you
Sincerely,

Show the output of these commands (replace YourUser and YourDomain with the actual data):

grep -r '\/php' /home/YourUser/conf/web/YourDomain/
v-list-web-domain YourUser YourDomain json | jq -r '.[]|.BACKEND'
php -v

Thanks for your advice regarding iptables
replaced the code in the file according to the instructions.
Same.
iptables does not start automatically after a reboot.
Only after manual start

Thank you,
Sincerely,

Your site is using PHP 8.0. If the default is 8.1 and your site is configured to use the default php, then you need to rebuild the web domain.

v-rebuild-web-domain admin profi-host.ru yes

How do you check it and how do you manually “start” it?

You are absolutely right!
Thanks a lot!
I restored the backup to a clean installation.
This server was launched back in 2019, there were intrusions with mailings.
It should have been reinstalled a long time ago.
So I found the time and got busy.

Thank you for helping me solve this pain)

1 Like

I went into the console and rebooted “reboot”

Then I entered the HCP again and hurray!
All services started automatically!
I can’t even believe it, I was tormented all weekend, what a problem.
And now everything is decided! Thank you from the bottom of my heart))

image

Sorry, may I ask in this thread, do I have one more question?

**ERROR:** Please disable the **open_basedir** setting to continue.
**ERROR:** The PHP exec() function must be enabled.

I read that you need to create an additional template. Could you please provide a link to instructions on how to do this?

Thank you,
Sincerely,

For this you should create a new php template in /usr/local/hestia/data/templates/web/php-fpm/ do the modifications you need and assig that new php template you your web domain.

It is not recommended to disable open_basedir, it’s a security risk.

For this you should edit the php.ini used by the php fpm version your site is using, for example, if your site is using php 8.1, then edit this file: /etc/php/8.1/fpm/php.ini and remove exec from disable_functions directive, once done, you should restart it, systemctl restart php8.1-fpm

But again, removing exec function from disable_functions directive is a security risk.

Thanks, dear friend!
Your answers are a lifesaver. If we assume how long independent experience can take, then it becomes clear what a real specialist is.
I want to say that solving a problem is a real pleasure, on the one hand, and I feel obligated.
Please accept my sincere gratitude for your help!

Thank you,
Sincerely,

1 Like