Jan 26 14:04:11 beastie amavis[4126]: (04126-07) (!)run_av (ClamAV-clamd, built-in i/f): Too many retries to talk to /var/run/clamav/clamd (Can’t connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 99) line 310.
Went for a look to see if the clamavd file was there, and found that the /var/run/clamav folder was missing
According to Yast clamav was still installed but in an attempt to get the files back I uninstalled and then reinstalled clamav
Ecky schrieb:
> Typo there, clamd not clamavd … doh at me!
>
> And after re-installing it’s in /usr/sbin not /var/run/clamav so I’m
> editing amavisd.conf to suit and seeing how it goes
Don’t. These are two separate things. /usr/sbin/clamd is the actual
program, while /var/run/clamav/clamd is the communication socket for
talking to it. The socket is created by the program once it is running.
So start clamd by entering (as root)
/usr/sbin/rcclamd start
give it a minute or so to get up to speed, and then look again whether
the socket is there with
ls -l /var/run/clamav
If it isn’t, look in in the system log (/var/log/messages) for messages
from clamd telling you why it couldn’t start.
Yeah mate I discovered that didn’t make any difference
Should’ve realised it was a socket, the clue being where it says Can’t connect to UNIX socket … it’s been one of those days
Restarted clamd a few times and it’s just not creating /var/run/clamd
There are no references to anything related to clam in /var/log/messages except for some clown on a mongolian ip trying to ssh in as a user clamd … as well as a hundred or so other users
I’m wondering if maybe clamd has ‘lost’ the privilege to create the socket somehow
But having said that, when I restart clamd I get this in mail.log
Jan 26 19:45:36 beastie clamd[13498]: Socket file removed.
Jan 26 19:45:36 beastie clamd[13498]: Pid file removed.
Jan 26 19:45:36 beastie clamd[13498]: — Stopped at Mon Jan 26 19:45:36 2009
Jan 26 19:45:41 beastie clamd[16068]: clamd daemon 0.94.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Jan 26 19:45:41 beastie clamd[16068]: Running as user root (UID 0, GID 0)
It’s running as root so it should be able to create it, but it’s also saying it removed a socket file … but what socket file
I haven’t changed anything relating to the mailserver or clamav except for a couple of blacklist spam regexp’s in amavisd.conf and some addresses to reject in /etc/postfix/access
None of which ought to affect clamav in this way as far as I’m aware
You don’t say what version you are running, but on my older openSUSE amavis doesn’t talk to a clamav socket file. The communication between amavis and clamd is via a TCP socket on port 3310, as stated in amavis.conf. However to confuse things, that clamd does create a Unix socket but it’s in /var/lib/clamd.
None of this may apply to you as you may be running a more recent release. But you should look in clamd.conf and amavis.conf to see what each service is set up to do, and expect, and why you are getting that line in the log file.
Unfortunately I don’t have a recent release to check for you because I have put the mailserver upgrade on hold until a kernel with the inotify bug fix is officially released.
I can’t however find anything matching it in amavisd.conf, here are some entries from amavisd.conf that seem related and may give you some clue on what I need to do
(I’m running amavisd-new 2.5.1-102.1-x86_64 btw)
$unix_socketname = “$MYHOME/amavisd.sock”; # amavisd-release or amavis-milter
# option(s) -p overrides $inet_socket_port and $unix_socketname
$inet_socket_port = 10024; # listen on this local TCP port(s)
$inet_socket_port = [10024,10026]; # listen on multiple TCP ports
The $inet_socket_port = 10024 one perhaps?
All it has in the @av_scanners = ( section for clamav is this:
Other than the @av_scanners_backup = ( entry I can’t see anything else that might be related to clamav in there
There is something that seems to indicate it’s still scanning even though I’m seeing those errors
On starting amavisd:
Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Then on mail coming in: Passed CLEAN
If I’m understanding that correctly it means the primary scanner’s failing so it falls back on the secondary which works, even though they’re both clamav?
The path for clamd’s socket is in /etc/clamd.conf, so do look at it.
The 10024 is for amavis <-> postfix communcation. Not relevant here.
The primary scanner is the one where amavis talks to clamd as a peer, either through a Unix or TCP socket. If that doesn’t work, it falls back to the secondary scanner, where amavis forks an instance of clamscan for each email and attachment. Obviously this is less efficient for large volumes so the primary method is preferred.
It could be a bug in the release (you still haven’t said what version) that the socket paths don’t match up in the configs. Or your config files may have been edited.
PS: Could it be simply that you don’t have clamd running?
I thought you meant the amavis version, the clamav version is 0.94.2-1.1
Just had another quick look in clamd.conf ans well as the tcp port you mentioned in your earlier post I found this:
Path to a local socket file the daemon will listen on.
Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd-socket
/var/lib/clamav/clamd-socket DOES exist so I’m guessing that’s what I should be using
Lo and behold I’d already changed the path in amavisd.conf to that before I went out, so I must have been on the right track somewhere!
Checked the log and there were no errors whilst I was out, have restarted everything to be sure and will check again tomorrow
On restarting I have this in mail.log
Jan 27 03:09:14 beastie amavis[9754]: Using primary internal av scanner code for ClamAV-clamd
Jan 27 03:09:14 beastie amavis[9754]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jan 27 03:09:14 beastie amavis[9754]: Creating db in /var/spool/amavis/db/; BerkeleyDB 0.34, libdb 4.5
It looks more like what I should be seeing, so let’s hope it’s sorted
