LinuxQuestions.org - [SOLVED] Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused

Page 1 of 2

Show 50 post(s) from this thread on one page

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused (https://www.linuxquestions.org/questions/linux-server-73/cant-connect-to-unix-socket-var-run-clamav-clamd-ctl-connection-refused-856847/)

williatf

01-17-2011 10:44 AM

Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused

Hi!

I'm having trouble getting clamav to work. I believe the issue is related to permissions, but thus far my attempts to find and correct the problem (via google) have been unsuccessful.

I keep getting the following error in my mail.err log:
Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused

Any help would be appreciated.

Regards,
williatf

bathory

01-17-2011 12:11 PM

Hi and welcome to LQ,

Make sure clamd is running:

Code:

ps -ef|grep clamd

If it's running but there is no socket created, you should uncomment the LocalSocke option by remove the # in front of it.
Also you should give more details about your linux distribution, the clamav version and how you've installed it

Regards

williatf

01-17-2011 12:32 PM

bathory - Thanks for the quick reply.

I'm running Debian Lenny.
clamav was installed using 'apt-get install clamav'
Version is: ClamAV 0.96.3/12534/Mon Jan 17 04:39:00 2011

ps -ef|grep clam shows:

amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet
amavis 30682 29855 62 12:29 ? 00:00:01 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20110117T122905-29855/parts
amavis 30683 29809 62 12:29 ? 00:00:01 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20110117T122904-29809/parts
root 30685 20345 0 12:29 pts/0 00:00:00 grep clam

Regards,
williatf

bathory

01-17-2011 12:46 PM

From the ps output looks like clamd (them clamav daemon) is not running. Try to start it using:

Code:

sudo/etc/init.d/clamav-daemon start

and check if it started using ps again.
If it's running then restart amavisd.

williatf

01-17-2011 12:58 PM

bathory - thanks again...

Here's output from clamav.log after running "/etc/init.d/clamav-daemon start"

Mon Jan 17 12:50:00 2011 -> +++ Started at Mon Jan 17 12:50:00 2011
Mon Jan 17 12:50:00 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
Mon Jan 17 12:50:00 2011 -> Log file size limit disabled.
Mon Jan 17 12:50:00 2011 -> Reading databases from /var/lib/clamav
Mon Jan 17 12:50:00 2011 -> Not loading PUA signatures.
Mon Jan 17 12:50:48 2011 -> Loaded 869456 signatures.
Mon Jan 17 12:50:48 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl
Mon Jan 17 12:50:48 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Jan 17 12:50:48 2011 -> LOCAL: Setting connection queue length to 15
Mon Jan 17 12:50:48 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Jan 17 12:50:48 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Jan 17 12:50:48 2011 -> Limits: Recursion level limit set to 16.
Mon Jan 17 12:50:48 2011 -> Limits: Files limit set to 10000.
Mon Jan 17 12:50:48 2011 -> Archive support enabled.
Mon Jan 17 12:50:48 2011 -> Algorithmic detection enabled.
Mon Jan 17 12:50:48 2011 -> Portable Executable support enabled.
Mon Jan 17 12:50:48 2011 -> ELF support enabled.
Mon Jan 17 12:50:48 2011 -> Mail files support enabled.
Mon Jan 17 12:50:48 2011 -> OLE2 support enabled.
Mon Jan 17 12:50:48 2011 -> PDF support enabled.
Mon Jan 17 12:50:48 2011 -> HTML support enabled.
Mon Jan 17 12:50:48 2011 -> Self checking every 3600 seconds.

and output from "ps -ef|grep clam" reveals:

amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet
amavis 31199 1 0 12:50 ? 00:00:00 /usr/sbin/clamd
root 31207 20345 0 12:53 pts/0 00:00:00 grep clam

So, it appears clamd is running, which makes me wonder why it wasn't running before.

Upon further inspection, running "ps -ef|grep clam" again reveals:

server:/etc/clamav# ps -ef|grep clam
amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet
root 31255 20345 0 12:56 pts/0 00:00:00 grep clam

Interesting... doesn't appear to be running anymore.

Thoughts?

williatf

bathory

01-17-2011 01:17 PM

Quote:

Interesting... doesn't appear to be running anymore.

Indeed, it looks like it dies somehow.
Check the logs under /var/log to see what's written there.

williatf

01-17-2011 01:57 PM

I've checked all recently updated logs under /var/log/ and there's nothing related to clam* in them, except for mail.* logs which show all the connection errors to clamav.

other thoughts?

williatf

bathory

01-17-2011 02:25 PM

Check clamd.conf for LogFile to see where clamd writes its logs (default /var/log/clamav/clamav.log) . If there is a # at the beginning you should remove it. You might also set LogVerbose to yes for more info. After that try to start the daemon again and start watching the log using:

Code:

tail -f /var/log/clamav/clamav.log

williatf

01-17-2011 02:44 PM

I changed "LogVerbose" to true, started clamd again, and watched the log file using "tail" as suggested.

Here's the output of "clamav.log" after the start.

Code:

Mon Jan 17 14:34:12 2011 -> +++ Started at Mon Jan 17 14:34:12 2011

Mon Jan 17 14:34:12 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)

Mon Jan 17 14:34:12 2011 -> Log file size limit disabled.

Mon Jan 17 14:34:12 2011 -> Reading databases from /var/lib/clamav

Mon Jan 17 14:34:12 2011 -> Not loading PUA signatures.

Mon Jan 17 14:35:27 2011 -> Loaded 869949 signatures.

Mon Jan 17 14:35:29 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl

Mon Jan 17 14:35:29 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl

Mon Jan 17 14:35:29 2011 -> LOCAL: Setting connection queue length to 15

Mon Jan 17 14:35:29 2011 -> Limits: Global size limit set to 104857600 bytes.

Mon Jan 17 14:35:29 2011 -> Limits: File size limit set to 26214400 bytes.

Mon Jan 17 14:35:29 2011 -> Limits: Recursion level limit set to 16.

Mon Jan 17 14:35:29 2011 -> Limits: Files limit set to 10000.

Mon Jan 17 14:35:29 2011 -> Limits: Core-dump limit is 0.

Mon Jan 17 14:35:29 2011 -> Archive support enabled.

Mon Jan 17 14:35:29 2011 -> Algorithmic detection enabled.

Mon Jan 17 14:35:29 2011 -> Portable Executable support enabled.

Mon Jan 17 14:35:29 2011 -> ELF support enabled.

Mon Jan 17 14:35:29 2011 -> Mail files support enabled.

Mon Jan 17 14:35:29 2011 -> OLE2 support enabled.

Mon Jan 17 14:35:29 2011 -> PDF support enabled.

Mon Jan 17 14:35:29 2011 -> HTML support enabled.

Mon Jan 17 14:35:29 2011 -> Self checking every 3600 seconds.

Mon Jan 17 14:35:29 2011 -> Listening daemon: PID: 4012

Mon Jan 17 14:35:29 2011 -> MaxQueue set to: 100

Regards,
williatf

williatf

01-17-2011 03:08 PM

Could it be this:

http://www.iredmail.org/forum/topic1...-crashing.html

williatf

bathory

01-17-2011 05:11 PM

Quote:

Originally Posted by williatf (Post 4227873)

Could it be this:

http://www.iredmail.org/forum/topic1...-crashing.html

williatf

Could be, but without details it's difficult to make a guess.
Did it crashed again? And if yes what was logged? If the logs look like those from the debian bug report, you can try the fix:

Quote:

The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.

and see if it helps

Regards

williatf

01-18-2011 07:16 AM

bathory,

It continued to crash, so I turned clamav off by commenting out the following in the amavis config file: /etc/amavis/conf.d/15-content_filter_mode

Quote:

#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Upon doing that, postfix seemed to start working normally again and the queue manager emptied the email backlog.

So, for now, I have no virus scanning.

The logs don't show anything other than what I've posted above, which doesn't give many clues. I don't know how to do anything more sophisticated to trace program errors, so at the moment I'm at a loss.

Suggestions?

Regards,
williatf

bathory

01-18-2011 10:20 AM

Hi,

If it crashes there should be something written in clamav.log after the startup logs you've posted earlier.
Anyway try the workaround

Quote:

The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.

,or update to the latest clamav

Regards

williatf

01-18-2011 11:09 AM

I tried the solution:

Quote:

The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.

But, it didn't appear to work.

Specifically, here's what I did:

Rename bytecode.cld (I didn't want to delete for fear of losing something important.)

Code:

mv /var/lib/clamav/bytecode.cld /var/lib/clamav/bytecode.cld.disabled

Changed Bytecode from "true" to "off" in /etc/clamav/freshclam.conf

Code:

Bytecode off

Re-enabled clamav in /etc/amavis/conf.d/15-content_filter_mode

Code:

@bypass_virus_checks_maps = (

  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

Restarted everything

Code:

/etc/init.d/clamav-freshclam restart

/etc/init.d/clamav-daemon start

/etc/init.d/amavis restart

Same errors in /var/log/mail.err

Code:

Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309.

Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)WARN: all primary virus scanners failed, considering backups

Jan 18 08:40:27 server amavis[25863]: (25863-01) (!!)ClamAV-clamscan av-scanner FAILED: run_av error: run_av: Exceeded allowed time at (eval 89) line 516.

Jan 18 08:40:27 server amavis[25863]: (25863-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309.; ClamAV-clamscan av-scanner FAILED: run_av error: run_av: Exceeded allowed time at (eval 89) line 516.

Thoughts?

Regards,
williatf

williatf

01-18-2011 11:41 AM

I think this one is solved. Turns out, I believe, I needed to update the clamav-daemon (clamd) in addition to updating clamav.

http://www.clamav.net/lang/en/downlo...ackages-linux/

Quote:

Then run apt-get update; apt-get install clamav
If you need clamd, you may also want to run apt-get install clamav-daemon

I had updated clamav to 0.96.5, but clamd was still running 0.96.3!

Go figure.

Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now.

Thanks for the help!

Regards,
williatf

All times are GMT -5. The time now is 08:27 PM.

Page 1 of 2

Show 50 post(s) from this thread on one page