LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 08-01-2008, 05:20 AM   #1
ganick
LQ Newbie
 
Registered: Jan 2006
Posts: 19

Rep: Reputation: 0
Can't connect to UNIX socket /var/run/clamav/clamd.socket


Hi all,

My configuration is:

kernel: 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:39:22 EDT 2006 x86_64 x86_64 x86_64 GNU/Linux
postfix: 2.3.3-2
dovecot: 1.0-1.1.rc15.fc6
amavisd-new: 2.4.4-2.fc6
clamav: 0.90.1-26.fc6.at

After being up and running for 2 years, or so,
suddenly I get this error message (/var/log/maillog):
...
Aug 1 13:44:42 collaboration amavis[8698]: (08698-02-40) Using (ClamAV-clamd) on dir: CONTSCAN /var/spool/amavisd/tmp/amavis-20080801T134442-08698/parts\n
Aug 1 13:44:42 collaboration amavis[8698]: (08698-02-40) ClamAV-clamd: Sending CONTSCAN /var/spool/amavisd/tmp/amavis-20080801T134442-08698/parts\n to UNIX socket /var/run/clamav/clamd.socket
Aug 1 13:44:42 collaboration amavis[8698]: (08698-02-40) ClamAV-clamd: Can't send to socket /var/run/clamav/clamd.socket:no such file or directory
...

Have checked the configuration and looks OK.
/etc/amavisd/amavisd.conf:
...
# ### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ]
...
/etc/clamd.conf:
...
PidFile /var/run/clamav/clamd.pid
LocalSocket /var/run/clamav/clamd.socket
User amavis
...

When I run:
/etc/init.d/clamav start
it start the clamd daemon but there is no
"clamd.pid" nor "clamd.socket" file in /var/run/clamav
only "freshclam.pid".

Running /etc/init.d/clamav status gives me
"clamd {pid 9073} is running" !!!

Where can be the "clamad.pid" and "clamd.socket" located ??

Any ideas for solving this situation ??
 
Old 08-01-2008, 08:34 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Quote:
Originally Posted by ganick View Post
Where can be the "clamad.pid" and "clamd.socket" located ??
From a running process you could try 'lsof -w -n -p 15799' to see everything, 'lsof -w -n -p 15799 -a -d 0-9' for only file descriptors or if you suspect the socket to be in /var try 'lsof -w -n -p 15799 -a +D /var' else try 'netstat -A unix'. But since it did work, are there any errors in the logs?
 
Old 08-01-2008, 09:05 AM   #3
ganick
LQ Newbie
 
Registered: Jan 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
But since it did work, are there any errors in the logs?
Which log ? Do you mean clamav log ? It is not turned on.
 
Old 08-01-2008, 09:39 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Could you at least enable logging for testing purposes?
 
Old 08-01-2008, 12:00 PM   #5
ganick
LQ Newbie
 
Registered: Jan 2006
Posts: 19

Original Poster
Rep: Reputation: 0
clamav log

It seems that clamd daemon starts but the
"clamd.pid" and "clamd.socket" files are created after a huge delay.

clamd.log :
+++ Started at Fri Aug 1 20:09:10 2008
clamd daemon 0.90.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Reading database from ...

Did anyone encountered this behaviour ?
 
Old 08-01-2008, 12:20 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,451
Blog Entries: 54

Rep: Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893Reputation: 2893
Yes and that's one of the reasons clamd is a daemon process. If you would strace startup you'd see it spends most of its time in reading signatures from the databases and you know how big those are.
 
Old 08-01-2008, 12:31 PM   #7
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
This is a known problem with version .90.x of ClamAV. Upgrade (you are WAY behind) and clamd will make the socket available significantly faster.

Last edited by Mr. C.; 08-01-2008 at 01:23 PM.
 
Old 08-01-2008, 12:50 PM   #8
ganick
LQ Newbie
 
Registered: Jan 2006
Posts: 19

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
If you would strace startup you'd see it spends most of its time in reading signatures from the databases and you know how big those are.
Is there any way to speed up this process ?
Upgrade clamav or use of another AV ?

The top command shows 97-100 % use of the CPU!!!
Mostly by multiple (amavis) clamscan command and (amavis) clamd.

I don't understand why clamscan is running... Is it called
by amavis daemon as secondary AV program ?
 
Old 08-01-2008, 01:22 PM   #9
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
clamscan is called when clamd is not available to amavis.

As I mentioned, the .90.x versions of clamd took a long time (minutes sometimes) to create the socket.

Amavis falls back to clamscan, further slowing down the creation of the socket as the processor is now more loaded with clamd starting and clamscan(s) running.

Either update clamav, or don't start amavis until clamd has created the socket.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysq mimique Linux - Software 23 08-14-2012 06:14 AM
connection between java socket and unix socket sathishkumar Programming 1 01-10-2006 03:21 PM
Unable to connect to UNIX socket /tmp/.esd/socket error while using grip dr_zayus69 Linux - Software 4 08-23-2005 07:28 PM
Can't connect to UNIX socket /var/run/clamav/clamd shitoryu Linux - Software 1 07-25-2005 12:52 AM
Losing clamd-socket carlmarshall Linux - General 0 02-14-2005 04:02 AM


All times are GMT -5. The time now is 07:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration