HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   ClamAV-clamd av-scanner FAILED: run_av error (http://www.howtoforge.com/forums/showthread.php?t=47096)

datahellas 7th July 2010 09:30

ClamAV-clamd av-scanner FAILED: run_av error
 
Hi I followed the Perfect setup for OpenSuse 11.2 64bit / ISPConfig 3. All went fine except from the clamav thats throughs an error in the log files.

The error message:

Jul 7 09:13:35 hades amavis[21674]: (21674-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 101) line 325.

This folder does not exist: /var/run/clamav/

I restarted clamd and amavis several times. The problem does not solved. I created that folder by hand and restart clamd, nothing. I update/re-install clamav (yast2 -i clamav clamav-db) but the problem remains.

On an other server I have with the same setup (with an older ISPConfig 3.x revision) that folder does not exist but clamd works fine...

Any ideas how to solve this issue?

falko 8th July 2010 14:18

What's in your clamd.conf or clamav.conf in the /etc directory?

datahellas 9th July 2010 18:26

contents of clamd.conf
 
There is no clamav.conf file in /etc directory. There is a clamd.conf and clamav-milter.conf.

Here are the contents of clamd.conf file with the commented text removed.

#LogFile /tmp/clamd.log
#LogFileUnlock yes
#LogFileMaxSize 2M
#LogTime yes
#LogClean yes
LogSyslog yes
LogFacility LOG_MAIL
#LogVerbose yes
PidFile /var/lib/clamav/clamd.pid
#TemporaryDirectory /var/tmp
#DatabaseDirectory /var/lib/clamav
#OfficialDatabaseOnly no
LocalSocket /var/lib/clamav/clamd-socket
#LocalSocketGroup virusgroup
#LocalSocketMode 660
#FixStaleSocket yes
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 127.0.0.1
#MaxConnectionQueueLength 30
#StreamMaxLength 10M
#StreamMinPort 30000
#StreamMaxPort 32000
#MaxThreads 20
# Default: 120
#ReadTimeout 300
#CommandReadTimeout 5
#SendBufTimeout 200
#MaxQueue 200
#IdleTimeout 60
#ExcludePath ^/proc/
#ExcludePath ^/sys/
#MaxDirectoryRecursion 20
#FollowDirectorySymlinks yes
#FollowFileSymlinks yes
#CrossFilesystems yes
#SelfCheck 600
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
User vscan
#AllowSupplementaryGroups no
#ExitOnOOM yes
#Foreground yes
#Debug yes
#LeaveTemporaryFiles yes
#DetectPUA yes
#ExcludePUA NetTool
#ExcludePUA PWTool
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
#AlgorithmicDetection yes
#ScanPE yes
#ScanELF yes
#DetectBrokenExecutables yes

## Documents
#ScanOLE2 yes
#ScanPDF yes
## Mail files
#ScanMail yes
#ScanPartialMessages yes
#PhishingSignatures yes
#PhishingScanURLs yes
#PhishingAlwaysBlockSSLMismatch no
#PhishingAlwaysBlockCloak no
#HeuristicScanPrecedence yes

## Data Loss Prevention (DLP)
#StructuredDataDetection yes
#StructuredMinCreditCardCount 5
#StructuredMinSSNCount 5
#StructuredSSNFormatNormal yes
#StructuredSSNFormatStripped yes

## HTML
#ScanHTML yes

## Archives
#ScanArchive yes
#ArchiveBlockEncrypted no

## Limits
#MaxScanSize 150M
#MaxFileSize 30M
#MaxRecursion 10
#MaxFiles 15000

## Clamuko settings
#ClamukoScanOnAccess yes
#ClamukoScannerCount 3
#ClamukoMaxFileSize 10M
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
#ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/bofh
#Bytecode yes
#BytecodeSecurity TrustSigned
#BytecodeTimeout 60000

falko 10th July 2010 12:40

The socket in clamd.conf is defined as /var/lib/clamav/clamd-socket, so you either change it to /var/run/clamav/clamd, or you change the clamd socket location in your amavisd.conf to /var/lib/clamav/clamd-socket.

datahellas 12th July 2010 13:27

Solved!
 
Thank you very much, problem solved! :)

fredo 15th November 2010 17:27

ClamAV-clamd av-scanner FAILED: run_av error
 
Hello,

I have a similar issue, I followed the tutorial Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 5.3 x86_64).

I have these lines in the log:

(!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20101112T174537-24356/parts: lstat() failed: Permission denied. ERROR\n"
Nov 15 09:33:55 mail1 amavis[24356]: (24356-05) (!)ClamAV-clamd av-scanner FAILED: CODE(0x1b6fda0) unexpected , output="/var/amavis/tmp/amavis-20101112T174537-24356/parts: lstat() failed: Permission denied. ERROR\n" at (eval 48) line 594.


I added the amavis user to the clamav group and vice versa and restarted postfix amavisd clamd
Any suggestions?

falko 16th November 2010 17:24

IS SELinux disabled? What's the output of
Code:

getenforce
?

fredo 17th November 2010 20:21

SELinux is disabled.

mail1 ~ # getenforce
Disabled

I replaced the username of clamd with amavis instead of clamav and everything works fine. Thanks!!

mty620 14th May 2011 19:43

Fredo, what exactly did you do?

cesararnold 23rd August 2011 04:52

Solved to me too!
 
Quote:

Originally Posted by falko (Post 233229)
The socket in clamd.conf is defined as /var/lib/clamav/clamd-socket, so you either change it to /var/run/clamav/clamd, or you change the clamd socket location in your amavisd.conf to /var/lib/clamav/clamd-socket.

Falko is the man.


All times are GMT +2. The time now is 02:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.