I made the mistake of installing clamav during installation of hestiaCP. Because the server only has 1GB of ram, clamav is automatically turned off. Now I get an email from exim daily. I am hoping there is a way to uninstall or at least fully disable clamav without having to reinstall the server.
exim paniclog /var/log/exim4/paniclog on my-domain-name.com has non-zero size, mail system might be broken. Up to 10 lines are quoted below.
2020-09-20 02:05:19 1kJfMV-001pow-NV malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): No such file or directory
2020-09-20 02:06:20 1kJfNU-001pow-Bt malware acl condition: clamd /var/run/clamav/clamd.ctl : unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): No such file or directory
Check if your clamav service is running, basicly you could try to uninstall clamav and adjust the exim conf - but if you dont know how to do it, reinstall the server and restore backups would be the faster and safer option.
I’m not completely sure, as I haven’t tried it, but isn’t adjusting the exim config just a case of commenting out the CLAMD line in /etc/exim/exim4.conf.template ? #CLAMD = yes
I think all the clam-related bits are written in conditional blocks, which are deactivated when you do this.
That is the actual config, yes, and of course you’d need to restart exim afterwards to apply the changes.
OK, sorry it didn’t work, but it looked like that would do the job: you see these at the top #CLAMD = yes
and then lower down there are conditional blocks like .ifdef CLAMD av_scanner = clamd: /var/run/clamav/clamd.ctl .endif
Which are not loaded if CLAMD is not defined. Anyway, worth a try, and not too hard to roll back if it doesn’t work.
yes, this. if you check the installer you’ll see that this is the only difference/modification done to exims conf in that regard.
as you said you need to restart exim ofc and want to stop clamav then.
you also might want to adjust the hestia.conf file where there is a lin telling which antivrus module is used…
Actually this works. Turns out I kept getting the EXIM paniclog email daily but there is no new entry in the log. I think I just need to delete the paniclog file.