Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused
Hi!
I'm having trouble getting clamav to work. I believe the issue is related to permissions, but thus far my attempts to find and correct the problem (via google) have been unsuccessful. I keep getting the following error in my mail.err log: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused Any help would be appreciated. Regards, williatf |
Hi and welcome to LQ,
Make sure clamd is running: Code:
ps -ef|grep clamd Also you should give more details about your linux distribution, the clamav version and how you've installed it Regards |
bathory - Thanks for the quick reply.
I'm running Debian Lenny. clamav was installed using 'apt-get install clamav' Version is: ClamAV 0.96.3/12534/Mon Jan 17 04:39:00 2011 ps -ef|grep clam shows: amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet amavis 30682 29855 62 12:29 ? 00:00:01 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20110117T122905-29855/parts amavis 30683 29809 62 12:29 ? 00:00:01 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20110117T122904-29809/parts root 30685 20345 0 12:29 pts/0 00:00:00 grep clam Regards, williatf |
From the ps output looks like clamd (them clamav daemon) is not running. Try to start it using:
Code:
sudo/etc/init.d/clamav-daemon start If it's running then restart amavisd. |
bathory - thanks again...
Here's output from clamav.log after running "/etc/init.d/clamav-daemon start" Mon Jan 17 12:50:00 2011 -> +++ Started at Mon Jan 17 12:50:00 2011 Mon Jan 17 12:50:00 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486) Mon Jan 17 12:50:00 2011 -> Log file size limit disabled. Mon Jan 17 12:50:00 2011 -> Reading databases from /var/lib/clamav Mon Jan 17 12:50:00 2011 -> Not loading PUA signatures. Mon Jan 17 12:50:48 2011 -> Loaded 869456 signatures. Mon Jan 17 12:50:48 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl Mon Jan 17 12:50:48 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl Mon Jan 17 12:50:48 2011 -> LOCAL: Setting connection queue length to 15 Mon Jan 17 12:50:48 2011 -> Limits: Global size limit set to 104857600 bytes. Mon Jan 17 12:50:48 2011 -> Limits: File size limit set to 26214400 bytes. Mon Jan 17 12:50:48 2011 -> Limits: Recursion level limit set to 16. Mon Jan 17 12:50:48 2011 -> Limits: Files limit set to 10000. Mon Jan 17 12:50:48 2011 -> Archive support enabled. Mon Jan 17 12:50:48 2011 -> Algorithmic detection enabled. Mon Jan 17 12:50:48 2011 -> Portable Executable support enabled. Mon Jan 17 12:50:48 2011 -> ELF support enabled. Mon Jan 17 12:50:48 2011 -> Mail files support enabled. Mon Jan 17 12:50:48 2011 -> OLE2 support enabled. Mon Jan 17 12:50:48 2011 -> PDF support enabled. Mon Jan 17 12:50:48 2011 -> HTML support enabled. Mon Jan 17 12:50:48 2011 -> Self checking every 3600 seconds. and output from "ps -ef|grep clam" reveals: amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet amavis 31199 1 0 12:50 ? 00:00:00 /usr/sbin/clamd root 31207 20345 0 12:53 pts/0 00:00:00 grep clam So, it appears clamd is running, which makes me wonder why it wasn't running before. Upon further inspection, running "ps -ef|grep clam" again reveals: server:/etc/clamav# ps -ef|grep clam amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet root 31255 20345 0 12:56 pts/0 00:00:00 grep clam Interesting... doesn't appear to be running anymore. Thoughts? williatf |
Quote:
Check the logs under /var/log to see what's written there. |
I've checked all recently updated logs under /var/log/ and there's nothing related to clam* in them, except for mail.* logs which show all the connection errors to clamav.
other thoughts? williatf |
Check clamd.conf for LogFile to see where clamd writes its logs (default /var/log/clamav/clamav.log) . If there is a # at the beginning you should remove it. You might also set LogVerbose to yes for more info. After that try to start the daemon again and start watching the log using:
Code:
tail -f /var/log/clamav/clamav.log |
I changed "LogVerbose" to true, started clamd again, and watched the log file using "tail" as suggested.
Here's the output of "clamav.log" after the start. Code:
Mon Jan 17 14:34:12 2011 -> +++ Started at Mon Jan 17 14:34:12 2011 williatf |
|
Quote:
Did it crashed again? And if yes what was logged? If the logs look like those from the debian bug report, you can try the fix: Quote:
Regards |
bathory,
It continued to crash, so I turned clamav off by commenting out the following in the amavis config file: /etc/amavis/conf.d/15-content_filter_mode Quote:
So, for now, I have no virus scanning. The logs don't show anything other than what I've posted above, which doesn't give many clues. I don't know how to do anything more sophisticated to trace program errors, so at the moment I'm at a loss. Suggestions? Regards, williatf |
Hi,
If it crashes there should be something written in clamav.log after the startup logs you've posted earlier. Anyway try the workaround Quote:
Regards |
I tried the solution:
Quote:
Specifically, here's what I did: Rename bytecode.cld (I didn't want to delete for fear of losing something important.) Code:
mv /var/lib/clamav/bytecode.cld /var/lib/clamav/bytecode.cld.disabled Code:
Bytecode off Code:
@bypass_virus_checks_maps = ( Code:
/etc/init.d/clamav-freshclam restart Code:
Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309. Regards, williatf |
I think this one is solved. Turns out, I believe, I needed to update the clamav-daemon (clamd) in addition to updating clamav.
http://www.clamav.net/lang/en/downlo...ackages-linux/ Quote:
Go figure. Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now. Thanks for the help! Regards, williatf |
All times are GMT -5. The time now is 08:27 PM. |