LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-17-2011, 10:44 AM   #1
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Rep: Reputation: 0
Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused


Hi!

I'm having trouble getting clamav to work. I believe the issue is related to permissions, but thus far my attempts to find and correct the problem (via google) have been unsuccessful.

I keep getting the following error in my mail.err log:
Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused

Any help would be appreciated.

Regards,
williatf
 
Old 01-17-2011, 12:11 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Hi and welcome to LQ,

Make sure clamd is running:
Code:
ps -ef|grep clamd
If it's running but there is no socket created, you should uncomment the LocalSocke option by remove the # in front of it.
Also you should give more details about your linux distribution, the clamav version and how you've installed it

Regards
 
1 members found this post helpful.
Old 01-17-2011, 12:32 PM   #3
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
bathory - Thanks for the quick reply.

I'm running Debian Lenny.
clamav was installed using 'apt-get install clamav'
Version is: ClamAV 0.96.3/12534/Mon Jan 17 04:39:00 2011

ps -ef|grep clam shows:

amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet
amavis 30682 29855 62 12:29 ? 00:00:01 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20110117T122905-29855/parts
amavis 30683 29809 62 12:29 ? 00:00:01 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20110117T122904-29809/parts
root 30685 20345 0 12:29 pts/0 00:00:00 grep clam

Regards,
williatf
 
Old 01-17-2011, 12:46 PM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
From the ps output looks like clamd (them clamav daemon) is not running. Try to start it using:
Code:
sudo/etc/init.d/clamav-daemon start
and check if it started using ps again.
If it's running then restart amavisd.
 
Old 01-17-2011, 12:58 PM   #5
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
bathory - thanks again...

Here's output from clamav.log after running "/etc/init.d/clamav-daemon start"


Mon Jan 17 12:50:00 2011 -> +++ Started at Mon Jan 17 12:50:00 2011
Mon Jan 17 12:50:00 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
Mon Jan 17 12:50:00 2011 -> Log file size limit disabled.
Mon Jan 17 12:50:00 2011 -> Reading databases from /var/lib/clamav
Mon Jan 17 12:50:00 2011 -> Not loading PUA signatures.
Mon Jan 17 12:50:48 2011 -> Loaded 869456 signatures.
Mon Jan 17 12:50:48 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl
Mon Jan 17 12:50:48 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Jan 17 12:50:48 2011 -> LOCAL: Setting connection queue length to 15
Mon Jan 17 12:50:48 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Jan 17 12:50:48 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Jan 17 12:50:48 2011 -> Limits: Recursion level limit set to 16.
Mon Jan 17 12:50:48 2011 -> Limits: Files limit set to 10000.
Mon Jan 17 12:50:48 2011 -> Archive support enabled.
Mon Jan 17 12:50:48 2011 -> Algorithmic detection enabled.
Mon Jan 17 12:50:48 2011 -> Portable Executable support enabled.
Mon Jan 17 12:50:48 2011 -> ELF support enabled.
Mon Jan 17 12:50:48 2011 -> Mail files support enabled.
Mon Jan 17 12:50:48 2011 -> OLE2 support enabled.
Mon Jan 17 12:50:48 2011 -> PDF support enabled.
Mon Jan 17 12:50:48 2011 -> HTML support enabled.
Mon Jan 17 12:50:48 2011 -> Self checking every 3600 seconds.

and output from "ps -ef|grep clam" reveals:

amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet
amavis 31199 1 0 12:50 ? 00:00:00 /usr/sbin/clamd
root 31207 20345 0 12:53 pts/0 00:00:00 grep clam

So, it appears clamd is running, which makes me wonder why it wasn't running before.

Upon further inspection, running "ps -ef|grep clam" again reveals:

server:/etc/clamav# ps -ef|grep clam
amavis 28625 1 0 10:34 ? 00:00:00 /usr/bin/freshclam -d --quiet
root 31255 20345 0 12:56 pts/0 00:00:00 grep clam

Interesting... doesn't appear to be running anymore.

Thoughts?

williatf
 
Old 01-17-2011, 01:17 PM   #6
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Quote:
Interesting... doesn't appear to be running anymore.
Indeed, it looks like it dies somehow.
Check the logs under /var/log to see what's written there.
 
Old 01-17-2011, 01:57 PM   #7
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
I've checked all recently updated logs under /var/log/ and there's nothing related to clam* in them, except for mail.* logs which show all the connection errors to clamav.

other thoughts?

williatf
 
Old 01-17-2011, 02:25 PM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Check clamd.conf for LogFile to see where clamd writes its logs (default /var/log/clamav/clamav.log) . If there is a # at the beginning you should remove it. You might also set LogVerbose to yes for more info. After that try to start the daemon again and start watching the log using:
Code:
tail -f /var/log/clamav/clamav.log
 
Old 01-17-2011, 02:44 PM   #9
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
I changed "LogVerbose" to true, started clamd again, and watched the log file using "tail" as suggested.

Here's the output of "clamav.log" after the start.

Code:
Mon Jan 17 14:34:12 2011 -> +++ Started at Mon Jan 17 14:34:12 2011
Mon Jan 17 14:34:12 2011 -> clamd daemon 0.96.3 (OS: linux-gnu, ARCH: i386, CPU: i486)
Mon Jan 17 14:34:12 2011 -> Log file size limit disabled.
Mon Jan 17 14:34:12 2011 -> Reading databases from /var/lib/clamav
Mon Jan 17 14:34:12 2011 -> Not loading PUA signatures.
Mon Jan 17 14:35:27 2011 -> Loaded 869949 signatures.
Mon Jan 17 14:35:29 2011 -> LOCAL: Removing stale socket file /var/run/clamav/clamd.ctl
Mon Jan 17 14:35:29 2011 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Mon Jan 17 14:35:29 2011 -> LOCAL: Setting connection queue length to 15
Mon Jan 17 14:35:29 2011 -> Limits: Global size limit set to 104857600 bytes.
Mon Jan 17 14:35:29 2011 -> Limits: File size limit set to 26214400 bytes.
Mon Jan 17 14:35:29 2011 -> Limits: Recursion level limit set to 16.
Mon Jan 17 14:35:29 2011 -> Limits: Files limit set to 10000.
Mon Jan 17 14:35:29 2011 -> Limits: Core-dump limit is 0.
Mon Jan 17 14:35:29 2011 -> Archive support enabled.
Mon Jan 17 14:35:29 2011 -> Algorithmic detection enabled.
Mon Jan 17 14:35:29 2011 -> Portable Executable support enabled.
Mon Jan 17 14:35:29 2011 -> ELF support enabled.
Mon Jan 17 14:35:29 2011 -> Mail files support enabled.
Mon Jan 17 14:35:29 2011 -> OLE2 support enabled.
Mon Jan 17 14:35:29 2011 -> PDF support enabled.
Mon Jan 17 14:35:29 2011 -> HTML support enabled.
Mon Jan 17 14:35:29 2011 -> Self checking every 3600 seconds.
Mon Jan 17 14:35:29 2011 -> Listening daemon: PID: 4012
Mon Jan 17 14:35:29 2011 -> MaxQueue set to: 100
Regards,
williatf
 
Old 01-17-2011, 03:08 PM   #10
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
Could it be this:

http://www.iredmail.org/forum/topic1...-crashing.html

williatf
 
Old 01-17-2011, 05:11 PM   #11
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Quote:
Originally Posted by williatf View Post
Could be, but without details it's difficult to make a guess.
Did it crashed again? And if yes what was logged? If the logs look like those from the debian bug report, you can try the fix:
Quote:
The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.
and see if it helps

Regards
 
Old 01-18-2011, 07:16 AM   #12
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
bathory,

It continued to crash, so I turned clamav off by commenting out the following in the amavis config file: /etc/amavis/conf.d/15-content_filter_mode


Quote:
#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
Upon doing that, postfix seemed to start working normally again and the queue manager emptied the email backlog.

So, for now, I have no virus scanning.

The logs don't show anything other than what I've posted above, which doesn't give many clues. I don't know how to do anything more sophisticated to trace program errors, so at the moment I'm at a loss.

Suggestions?

Regards,
williatf
 
Old 01-18-2011, 10:20 AM   #13
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 12,566

Rep: Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794Reputation: 1794
Hi,

If it crashes there should be something written in clamav.log after the startup logs you've posted earlier.
Anyway try the workaround
Quote:
The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.
,or update to the latest clamav

Regards
 
Old 01-18-2011, 11:09 AM   #14
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
I tried the solution:

Quote:
The easiest solution is to delete /var/lib/clamav/bytecode.cld and specify "Bytecode off" in /etc/clamav/freshclam.conf. This way the JIT has no definition and PAX doesn't kick in.
But, it didn't appear to work.

Specifically, here's what I did:

Rename bytecode.cld (I didn't want to delete for fear of losing something important.)
Code:
mv /var/lib/clamav/bytecode.cld /var/lib/clamav/bytecode.cld.disabled
Changed Bytecode from "true" to "off" in /etc/clamav/freshclam.conf
Code:
Bytecode off
Re-enabled clamav in /etc/amavis/conf.d/15-content_filter_mode
Code:
@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
Restarted everything
Code:
/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon start
/etc/init.d/amavis restart
Same errors in /var/log/mail.err
Code:
Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309.
Jan 18 08:40:17 server amavis[25863]: (25863-01) (!!)WARN: all primary virus scanners failed, considering backups
Jan 18 08:40:27 server amavis[25863]: (25863-01) (!!)ClamAV-clamscan av-scanner FAILED: run_av error: run_av: Exceeded allowed time at (eval 89) line 516.
Jan 18 08:40:27 server amavis[25863]: (25863-01) (!!)TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused) at (eval 89) line 309.; ClamAV-clamscan av-scanner FAILED: run_av error: run_av: Exceeded allowed time at (eval 89) line 516.
Thoughts?

Regards,
williatf
 
Old 01-18-2011, 11:41 AM   #15
williatf
LQ Newbie
 
Registered: Jan 2011
Posts: 9

Original Poster
Rep: Reputation: 0
I think this one is solved. Turns out, I believe, I needed to update the clamav-daemon (clamd) in addition to updating clamav.

http://www.clamav.net/lang/en/downlo...ackages-linux/

Quote:
Then run apt-get update; apt-get install clamav
If you need clamd, you may also want to run apt-get install clamav-daemon
I had updated clamav to 0.96.5, but clamd was still running 0.96.3!

Go figure.

Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now.

Thanks for the help!

Regards,
williatf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' Burningmace Linux - Server 5 09-06-2012 01:29 AM
error: unable to connect to socket: Connection refused (111) ; Mukiri Linux - Newbie 1 05-04-2009 03:27 AM
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/my.. Goce Linux - Server 3 11-30-2008 09:57 PM
Can't connect to UNIX socket /var/run/clamav/clamd.socket ganick Linux - Server 8 08-01-2008 01:22 PM
Can't connect to UNIX socket /var/run/clamav/clamd shitoryu Linux - Software 1 07-25-2005 12:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration