Results 1 to 10 of 10

Thread: Clamavd gone missing

  1. #1
    Ecky NNTP User

    Default Clamavd gone missing


    Spotted errors like these in mail.log:

    Jan 26 14:04:11 beastie amavis[4126]: (04126-07) (!)run_av
    (ClamAV-clamd, built-in i/f): Too many retries to talk to
    /var/run/clamav/clamd (Can't connect to UNIX socket
    /var/run/clamav/clamd: No such file or directory) at (eval 99) line
    310.

    Went for a look to see if the clamavd file was there, and found that
    the /var/run/clamav folder was missing

    According to Yast clamav was still installed but in an attempt to get
    the files back I uninstalled and then reinstalled clamav

    Still no clamavd file or /var/run/clamav folder

    What provides clamavd if it isn't clamav?

    Any ideas on how I get clamavd back appreciated


    --
    Ecky
    ------------------------------------------------------------------------
    Ecky's Profile: http://forums.opensuse.org/member.php?userid=3518
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  2. #2
    Ecky NNTP User

    Default Re: Clamavd gone missing


    Typo there, clamd not clamavd ... doh at me!

    And after re-installing it's in /usr/sbin not /var/run/clamav so I'm
    editing amavisd.conf to suit and seeing how it goes


    --
    Ecky
    ------------------------------------------------------------------------
    Ecky's Profile: http://forums.opensuse.org/member.php?userid=3518
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  3. #3
    Tilman Schmidt NNTP User

    Default Re: Clamavd gone missing

    Ecky schrieb:
    > Typo there, clamd not clamavd ... doh at me!
    >
    > And after re-installing it's in /usr/sbin not /var/run/clamav so I'm
    > editing amavisd.conf to suit and seeing how it goes


    Don't. These are two separate things. /usr/sbin/clamd is the actual
    program, while /var/run/clamav/clamd is the communication socket for
    talking to it. The socket is created by the program once it is running.
    So start clamd by entering (as root)

    /usr/sbin/rcclamd start

    give it a minute or so to get up to speed, and then look again whether
    the socket is there with

    ls -l /var/run/clamav

    If it isn't, look in in the system log (/var/log/messages) for messages
    from clamd telling you why it couldn't start.

    HTH
    T.

  4. #4
    Ecky NNTP User

    Default Re: Clamavd gone missing


    Yeah mate I discovered that didn't make any difference

    Should've realised it was a socket, the clue being where it says Can't
    connect to UNIX socket ... it's been one of those days

    Restarted clamd a few times and it's just not creating /var/run/clamd

    There are no references to anything related to clam in
    /var/log/messages except for some clown on a mongolian ip trying to ssh
    in as a user clamd ... as well as a hundred or so other users

    I'm wondering if maybe clamd has 'lost' the privilege to create the
    socket somehow


    But having said that, when I restart clamd I get this in mail.log

    Jan 26 19:45:36 beastie clamd[13498]: Socket file removed.
    Jan 26 19:45:36 beastie clamd[13498]: Pid file removed.
    Jan 26 19:45:36 beastie clamd[13498]: --- Stopped at Mon Jan 26
    19:45:36 2009
    Jan 26 19:45:41 beastie clamd[16068]: clamd daemon 0.94.2 (OS:
    linux-gnu, ARCH: x86_64, CPU: x86_64)
    Jan 26 19:45:41 beastie clamd[16068]: Running as user root (UID 0, GID
    0)

    It's running as root so it should be able to create it, but it's also
    saying it removed a socket file ... but what socket file

    I haven't changed anything relating to the mailserver or clamav except
    for a couple of blacklist spam regexp's in amavisd.conf and some
    addresses to reject in /etc/postfix/access

    None of which ought to affect clamav in this way as far as I'm aware


    --
    Ecky
    ------------------------------------------------------------------------
    Ecky's Profile: http://forums.opensuse.org/member.php?userid=3518
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  5. #5
    ken yap NNTP User

    Default Re: Clamavd gone missing


    You don't say what version you are running, but on my older openSUSE
    amavis doesn't talk to a clamav socket file. The communication between
    amavis and clamd is via a TCP socket on port 3310, as stated in
    amavis.conf. However to confuse things, that clamd does create a Unix
    socket but it's in /var/lib/clamd.

    None of this may apply to you as you may be running a more recent
    release. But you should look in clamd.conf and amavis.conf to see what
    each service is set up to do, and expect, and why you are getting that
    line in the log file.

    Unfortunately I don't have a recent release to check for you because I
    have put the mailserver upgrade on hold until a kernel with the inotify
    bug fix is officially released.


    --
    ken_yap
    ------------------------------------------------------------------------
    ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  6. #6
    Ecky NNTP User

    Default Re: Clamavd gone missing


    Hi ken

    Clamd.conf does have this entry: TCPSocket 3310

    I can't however find anything matching it in amavisd.conf, here are
    some entries from amavisd.conf that seem related and may give you some
    clue on what I need to do

    (I'm running amavisd-new 2.5.1-102.1-x86_64 btw)

    $unix_socketname = "$MYHOME/amavisd.sock"; # amavisd-release or
    amavis-milter
    # option(s) -p overrides $inet_socket_port and
    $unix_socketname


    $inet_socket_port = 10024; # listen on this local TCP port(s)
    # $inet_socket_port = [10024,10026]; # listen on multiple TCP ports


    The $inet_socket_port = 10024 one perhaps?


    All it has in the @av_scanners = ( section for clamav is this:

    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
    qr/\bOK$/, qr/\bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],


    Other than the @av_scanners_backup = ( entry I can't see anything else
    that might be related to clamav in there


    There is something that seems to indicate it's still scanning even
    though I'm seeing those errors

    On starting amavisd:

    Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan

    Then on mail coming in: Passed CLEAN


    If I'm understanding that correctly it means the primary scanner's
    failing so it falls back on the secondary which works, even though
    they're both clamav?


    --
    Ecky
    ------------------------------------------------------------------------
    Ecky's Profile: http://forums.opensuse.org/member.php?userid=3518
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  7. #7
    ken yap NNTP User

    Default Re: Clamavd gone missing


    The path for clamd's socket is in /etc/clamd.conf, so do look at it.

    The 10024 is for amavis <-> postfix communcation. Not relevant here.

    The primary scanner is the one where amavis talks to clamd as a peer,
    either through a Unix or TCP socket. If that doesn't work, it falls back
    to the secondary scanner, where amavis forks an instance of clamscan for
    each email and attachment. Obviously this is less efficient for large
    volumes so the primary method is preferred.

    It could be a bug in the release (you still haven't said what version)
    that the socket paths don't match up in the configs. Or your config
    files may have been edited.

    PS: Could it be simply that you don't have clamd running?


    --
    ken_yap
    ------------------------------------------------------------------------
    ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  8. #8
    Ecky NNTP User

    Default Re: Clamavd gone missing


    I thought you meant the amavis version, the clamav version is
    0.94.2-1.1

    Just had another quick look in clamd.conf ans well as the tcp port you
    mentioned in your earlier post I found this:

    # Path to a local socket file the daemon will listen on.
    # Default: disabled (must be specified by a user)
    LocalSocket /var/lib/clamav/clamd-socket

    /var/lib/clamav/clamd-socket DOES exist so I'm guessing that's what I
    should be using

    Lo and behold I'd already changed the path in amavisd.conf to that
    before I went out, so I must have been on the right track somewhere!

    Checked the log and there were no errors whilst I was out, have
    restarted everything to be sure and will check again tomorrow

    So far though it's looking like it's sorted


    --
    Ecky
    ------------------------------------------------------------------------
    Ecky's Profile: http://forums.opensuse.org/member.php?userid=3518
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  9. #9
    ken yap NNTP User

    Default Re: Clamavd gone missing


    I meant the version of openSUSE, or did I miss that? Sorry if I did, I
    read too fast for my own good sometimes.

    Strange how 127.0.0.1 port 3310 didn't work, it doesn't matter now.


    --
    ken_yap
    ------------------------------------------------------------------------
    ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


  10. #10
    Ecky NNTP User

    Default Re: Clamavd gone missing


    No more errors when I just checked the log again, there were also
    freshclam errors I was getting that are also sorted now

    It's Suse 11 x86_64

    I still don't know why it stopped working, but hey, can't have
    everything

    You may remember giving me a lot of help getting it all set up in the
    first place ken so once again, many thanks


    --
    Ecky
    ------------------------------------------------------------------------
    Ecky's Profile: http://forums.opensuse.org/member.php?userid=3518
    View this thread: http://forums.opensuse.org/showthread.php?t=406077


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •