Clam AV error

[bschultz]

Here's the error I'm getting in the syslog...

Quote:

Nov 13 23:06:55 mail amavis[3264]: (03264-01) (!) ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory, retrying (2)
Nov 13 23:07:01 mail amavis[3264]: (03264-01) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 44) line 268.
Nov 13 23:07:01 mail amavis[3264]: (03264-01) (!!) WARN: all primary virus scanners failed, considering backups

Upon looking in /var/run/clamav/ I have no clamd.ctl file. It used to be there...Any idea what happened, or how to fix this? Without Clamav working, all email is going into the queue.

Thanks.

Brian

[falko]

Is Clamd running? What's the output of

Code:

ps aux | grep -i clam

?

[bschultz]

I was having some other email problems anyway, so I re-did all of the postfix steps in the howto and everything seems to be ok now.

Thanks.

[bschultz]

The error is back...

Here's that output Falko...

Quote:

mail:~# ps aux | grep -i clam
clamav 2458 0.0 0.3 5816 1896 ? Ss Dec03 1:59 /usr/bin/freshclam -d --quiet
amavis 16903 41.1 2.5 20020 14892 ? R 15:22 2:59 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20071209T152239-15531/parts
amavis 16904 41.1 2.5 20020 14888 ? R 15:22 2:59 /usr/bin/clamscan --stdout --disable-summary -r --tempdir=/var/lib/amavis/tmp /var/lib/amavis/tmp/amavis-20071209T152239-15532/parts
clamav 17448 32.9 2.0 17384 11660 ? Rs 15:28 0:35 /usr/sbin/clamd
root 17471 0.0 0.1 2852 708 pts/0 R+ 15:30 0:00 grep -i clam
mail:~#

[chrisruss]

I have come to the same problem.

Any ideas?

[topdog]

Check your clamd.conf the socket may be pointing elsewhere

[chrisruss]

Hi Topdog.
Thanks for your fast answer.

But nope, clamd.conf pointing with LocalSocket to /var/run/clamav/clamd.ctl.

So no mistake here.
Now i tried the following (it seems to help, but maybe just temporarily? Have to wait a few days...):
To guarantee that the scanner has write-access i did:

chmod -R 750 /var/lib/amavis

Then i looked whether the amavis and clamav users were in the right groups. It seems that amavis might have some probs in accessing clamav-directories,...

So i tried to change the user from clamav to amavis:
In /etc/clamav/clamd.conf i changed User clamav to User amavis.

And because clamav has files in
/var/run/clamav
/var/log/clamav
/var/lib/clamav
(if not made other configurations)
I changed the user and the group:

chown -R amavis:amavis /var/run/clamav
(The same with clamav in /var/log and /var/lib.)

Then I edited the /etc/clamav/freshclam.conf
DatabaseOwner clamav, changed it to DatabaseOwner amavis.

For all those who have logrotate: I also had a look at
/etc/logrotate.d/clamav-daemon
as well as
/etc/logrotate.d/clamav-freshclam
Changes here:
create 640 clamav adm to create 640 amavis adm

Then i force-reloaded /etc/init.d/clamav-daemon
and /etc/init.d/clamav-freshclam

Now the error seems gone (from 2 A.M. on till now, just a few hours), but i'm not sure whether it re-appears or not.

Maybe it would be a smarter solution to just add the user amavis to the clamav-group. But didn't try that, because found that "step-by-step"-howto on the net and tried that first. (see http://www200.pair.com/mecham/spam/c...avisd-new.html)

So maybe it helps someone, maybe not, depends on what will happen to my log-file ;-)

[topdog]

Changing clamav to run as amavis user is not a good idea.

Clamd provides for your issue with this config option

Code:

AllowSupplementaryGroups yes

That needs to be set to yes and then the amavis user added to the clamav group.

That will fix the problem.

[Zous]

I too have been plagued by this issue, and have been spending all day trying to debug it.

It's the exact same error, postfix is sending the mail to amavis which scans it with ClamAV. But instead of it working correctly, amavis throws the "ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory)"

Yes, ClamAV is running as user clamav, who is in the amavis group (and just in case, vice versa is true, amavis is in the clamav group)

Yes, I even had found the same page chrisruss found, and tried that to no avail (I have since reverted those changes)

From what I can tell, the Socket file is never being created. It is not listed in a "netstat -a" call nor is it in the directory it should be in.

I just found the following in the clamav log.

Code:

ERROR: Socket file /var/run/clamav/clamd.ctl could not be bound: Permission denied

That was before I wiped the configuration and replaced it with a new configuration. I stopped getting that (even though the LocalSocket line didn't change). I've even reverted to the original conf (from the package maintainer) and still am not seeing either a message saying it connected to the socket or an error about it not being able to connect to the socket when I restart.

And yes, the /var/run/clamav folder is owned by clamav and clamav has all privileges on it.

I'm at my wits end here, and I would very much like to have a working scanner for my mail server. Any help would be appreciated!

[topdog]

can you send output of

Code:

ls /var/run -l

Code:

ls /var/run/clamav -l