ClamAV-clamd av-scanner FAILED: run_av error

[datahellas]

Hi I followed the Perfect setup for OpenSuse 11.2 64bit / ISPConfig 3. All went fine except from the clamav thats throughs an error in the log files.

The error message:

Jul 7 09:13:35 hades amavis[21674]: (21674-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 101) line 325.

This folder does not exist: /var/run/clamav/

I restarted clamd and amavis several times. The problem does not solved. I created that folder by hand and restart clamd, nothing. I update/re-install clamav (yast2 -i clamav clamav-db) but the problem remains.

On an other server I have with the same setup (with an older ISPConfig 3.x revision) that folder does not exist but clamd works fine...

Any ideas how to solve this issue?

[falko]

What's in your clamd.conf or clamav.conf in the /etc directory?

[datahellas]

There is no clamav.conf file in /etc directory. There is a clamd.conf and clamav-milter.conf.

Here are the contents of clamd.conf file with the commented text removed.

#LogFile /tmp/clamd.log
#LogFileUnlock yes
#LogFileMaxSize 2M
#LogTime yes
#LogClean yes
LogSyslog yes
LogFacility LOG_MAIL
#LogVerbose yes
PidFile /var/lib/clamav/clamd.pid
#TemporaryDirectory /var/tmp
#DatabaseDirectory /var/lib/clamav
#OfficialDatabaseOnly no
LocalSocket /var/lib/clamav/clamd-socket
#LocalSocketGroup virusgroup
#LocalSocketMode 660
#FixStaleSocket yes
# TCP port address.
# Default: no
TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
TCPAddr 127.0.0.1
#MaxConnectionQueueLength 30
#StreamMaxLength 10M
#StreamMinPort 30000
#StreamMaxPort 32000
#MaxThreads 20
# Default: 120
#ReadTimeout 300
#CommandReadTimeout 5
#SendBufTimeout 200
#MaxQueue 200
#IdleTimeout 60
#ExcludePath ^/proc/
#ExcludePath ^/sys/
#MaxDirectoryRecursion 20
#FollowDirectorySymlinks yes
#FollowFileSymlinks yes
#CrossFilesystems yes
#SelfCheck 600
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
User vscan
#AllowSupplementaryGroups no
#ExitOnOOM yes
#Foreground yes
#Debug yes
#LeaveTemporaryFiles yes
#DetectPUA yes
#ExcludePUA NetTool
#ExcludePUA PWTool
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
#AlgorithmicDetection yes
#ScanPE yes
#ScanELF yes
#DetectBrokenExecutables yes

## Documents
#ScanOLE2 yes
#ScanPDF yes
## Mail files
#ScanMail yes
#ScanPartialMessages yes
#PhishingSignatures yes
#PhishingScanURLs yes
#PhishingAlwaysBlockSSLMismatch no
#PhishingAlwaysBlockCloak no
#HeuristicScanPrecedence yes

## Data Loss Prevention (DLP)
#StructuredDataDetection yes
#StructuredMinCreditCardCount 5
#StructuredMinSSNCount 5
#StructuredSSNFormatNormal yes
#StructuredSSNFormatStripped yes

## HTML
#ScanHTML yes

## Archives
#ScanArchive yes
#ArchiveBlockEncrypted no

## Limits
#MaxScanSize 150M
#MaxFileSize 30M
#MaxRecursion 10
#MaxFiles 15000

## Clamuko settings
#ClamukoScanOnAccess yes
#ClamukoScannerCount 3
#ClamukoMaxFileSize 10M
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
#ClamukoIncludePath /home
#ClamukoIncludePath /students
#ClamukoExcludePath /home/bofh
#Bytecode yes
#BytecodeSecurity TrustSigned
#BytecodeTimeout 60000

[falko]

The socket in clamd.conf is defined as /var/lib/clamav/clamd-socket, so you either change it to /var/run/clamav/clamd, or you change the clamd socket location in your amavisd.conf to /var/lib/clamav/clamd-socket.

[datahellas]

Thank you very much, problem solved!

[fredo]

Hello,

I have a similar issue, I followed the tutorial Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 5.3 x86_64).

I have these lines in the log:

(!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20101112T174537-24356/parts: lstat() failed: Permission denied. ERROR\n"
Nov 15 09:33:55 mail1 amavis[24356]: (24356-05) (!)ClamAV-clamd av-scanner FAILED: CODE(0x1b6fda0) unexpected , output="/var/amavis/tmp/amavis-20101112T174537-24356/parts: lstat() failed: Permission denied. ERROR\n" at (eval 48) line 594.

I added the amavis user to the clamav group and vice versa and restarted postfix amavisd clamd
Any suggestions?

[falko]

IS SELinux disabled? What's the output of

Code:

getenforce

?

[fredo]

SELinux is disabled.

mail1 ~ # getenforce
Disabled

I replaced the username of clamd with amavis instead of clamav and everything works fine. Thanks!!

[mty620]

Fredo, what exactly did you do?

[cesararnold]

Quote:

Originally Posted by falko

The socket in clamd.conf is defined as /var/lib/clamav/clamd-socket, so you either change it to /var/run/clamav/clamd, or you change the clamd socket location in your amavisd.conf to /var/lib/clamav/clamd-socket.

Falko is the man.