[SOLVED] Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Hi!
I'm having trouble getting clamav to work. I believe the issue is related to permissions, but thus far my attempts to find and correct the problem (via google) have been unsuccessful.
I keep getting the following error in my mail.err log:
Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused
If it's running but there is no socket created, you should uncomment the LocalSocke option by remove the # in front of it.
Also you should give more details about your linux distribution, the clamav version and how you've installed it
Here's output from clamav.log after running "/etc/init.d/clamav-daemon start"
Mon Jan 17 12:50:00 2011 -> +++ Started at Mon Jan 17 12:50:00 2011
Mon Jan 17 12:50:00 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
Mon Jan 17 12:50:00 2011 -> Log file size limit disabled.
Mon Jan 17 12:50:00 2011 -> Reading databases from /var/lib/clamav
Mon Jan 17 12:50:00 2011 -> Not loading PUA signatures.
Mon Jan 17 12:50:48 2011 -> Loaded 869456 signatures.
Mon Jan 17 12:50:48 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl
Mon Jan 17 12:50:48 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Jan 17 12:50:48 2011 -> LOCAL: Setting connection queue length to 15
Mon Jan 17 12:50:48 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Jan 17 12:50:48 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Jan 17 12:50:48 2011 -> Limits: Recursion level limit set to 16.
Mon Jan 17 12:50:48 2011 -> Limits: Files limit set to 10000.
Mon Jan 17 12:50:48 2011 -> Archive support enabled.
Mon Jan 17 12:50:48 2011 -> Algorithmic detection enabled.
Mon Jan 17 12:50:48 2011 -> Portable Executable support enabled.
Mon Jan 17 12:50:48 2011 -> ELF support enabled.
Mon Jan 17 12:50:48 2011 -> Mail files support enabled.
Mon Jan 17 12:50:48 2011 -> OLE2 support enabled.
Mon Jan 17 12:50:48 2011 -> PDF support enabled.
Mon Jan 17 12:50:48 2011 -> HTML support enabled.
Mon Jan 17 12:50:48 2011 -> Self checking every 3600 seconds.
I've checked all recently updated logs under /var/log/ and there's nothing related to clam* in them, except for mail.* logs which show all the connection errors to clamav.
Check clamd.conf for LogFile to see where clamd writes its logs (default /var/log/clamav/clamav.log) . If there is a # at the beginning you should remove it. You might also set LogVerbose to yes for more info. After that try to start the daemon again and start watching the log using:
I changed "LogVerbose" to true, started clamd again, and watched the log file using "tail" as suggested.
Here's the output of "clamav.log" after the start.
Code:
Mon Jan 17 14:34:12 2011 -> +++ Started at Mon Jan 17 14:34:12 2011
Mon Jan 17 14:34:12 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
Mon Jan 17 14:34:12 2011 -> Log file size limit disabled.
Mon Jan 17 14:34:12 2011 -> Reading databases from /var/lib/clamav
Mon Jan 17 14:34:12 2011 -> Not loading PUA signatures.
Mon Jan 17 14:35:27 2011 -> Loaded 869949 signatures.
Mon Jan 17 14:35:29 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl
Mon Jan 17 14:35:29 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Jan 17 14:35:29 2011 -> LOCAL: Setting connection queue length to 15
Mon Jan 17 14:35:29 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Jan 17 14:35:29 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Jan 17 14:35:29 2011 -> Limits: Recursion level limit set to 16.
Mon Jan 17 14:35:29 2011 -> Limits: Files limit set to 10000.
Mon Jan 17 14:35:29 2011 -> Limits: Core-dump limit is 0.
Mon Jan 17 14:35:29 2011 -> Archive support enabled.
Mon Jan 17 14:35:29 2011 -> Algorithmic detection enabled.
Mon Jan 17 14:35:29 2011 -> Portable Executable support enabled.
Mon Jan 17 14:35:29 2011 -> ELF support enabled.
Mon Jan 17 14:35:29 2011 -> Mail files support enabled.
Mon Jan 17 14:35:29 2011 -> OLE2 support enabled.
Mon Jan 17 14:35:29 2011 -> PDF support enabled.
Mon Jan 17 14:35:29 2011 -> HTML support enabled.
Mon Jan 17 14:35:29 2011 -> Self checking every 3600 seconds.
Mon Jan 17 14:35:29 2011 -> Listening daemon: PID: 4012
Mon Jan 17 14:35:29 2011 -> MaxQueue set to: 100
Could be, but without details it's difficult to make a guess.
Did it crashed again? And if yes what was logged? If the logs look like those from the debian bug report, you can try the fix:
Quote:
The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.
Upon doing that, postfix seemed to start working normally again and the queue manager emptied the email backlog.
So, for now, I have no virus scanning.
The logs don't show anything other than what I've posted above, which doesn't give many clues. I don't know how to do anything more sophisticated to trace program errors, so at the moment I'm at a loss.
If it crashes there should be something written in clamav.log after the startup logs you've posted earlier.
Anyway try the workaround
Quote:
The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.
The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.
But, it didn't appear to work.
Specifically, here's what I did:
Rename bytecode.cld (I didn't want to delete for fear of losing something important.)
Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309.
Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)WARN: all primary virus scanners failed, considering backups
Jan 18 08:40:27 server amavis[25863]: (25863-01) (!!)ClamAV-clamscan av-scanner FAILED: run_av error: run_av: Exceeded allowed time at (eval 89) line 516.
Jan 18 08:40:27 server amavis[25863]: (25863-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309.; ClamAV-clamscan av-scanner FAILED: run_av error: run_av: Exceeded allowed time at (eval 89) line 516.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.