Clam AV error

Discussion in 'Server Operation' started by bschultz, Nov 14, 2007.

  1. bschultz

    bschultz Member

    Here's the error I'm getting in the syslog...


    Upon looking in /var/run/clamav/ I have no clamd.ctl file. It used to be there...Any idea what happened, or how to fix this? Without Clamav working, all email is going into the queue.

    Thanks.

    Brian
     
  2. falko

    falko Super Moderator

    Is Clamd running? What's the output of
    Code:
    ps aux | grep -i clam
    ?
     
  3. bschultz

    bschultz Member

    I was having some other email problems anyway, so I re-did all of the postfix steps in the howto and everything seems to be ok now.

    Thanks.
     
  4. bschultz

    bschultz Member

    The error is back...

    Here's that output Falko...

     
  5. chrisruss

    chrisruss New Member

    UNIX socket /var/run/clamav/clamd.ctl: No such file or directory

    I have come to the same problem.

    Any ideas?
     
  6. topdog

    topdog HowtoForge Supporter

    Check your clamd.conf the socket may be pointing elsewhere
     
  7. chrisruss

    chrisruss New Member

    Conf correct

    Hi Topdog.
    Thanks for your fast answer.

    But nope, clamd.conf pointing with LocalSocket to /var/run/clamav/clamd.ctl.

    So no mistake here.
    Now i tried the following (it seems to help, but maybe just temporarily? Have to wait a few days...):
    To guarantee that the scanner has write-access i did:

    chmod -R 750 /var/lib/amavis

    Then i looked whether the amavis and clamav users were in the right groups. It seems that amavis might have some probs in accessing clamav-directories,...

    So i tried to change the user from clamav to amavis:
    In /etc/clamav/clamd.conf i changed User clamav to User amavis.

    And because clamav has files in
    /var/run/clamav
    /var/log/clamav
    /var/lib/clamav
    (if not made other configurations)
    I changed the user and the group:

    chown -R amavis:amavis /var/run/clamav
    (The same with clamav in /var/log and /var/lib.)

    Then I edited the /etc/clamav/freshclam.conf
    DatabaseOwner clamav, changed it to DatabaseOwner amavis.

    For all those who have logrotate: I also had a look at
    /etc/logrotate.d/clamav-daemon
    as well as
    /etc/logrotate.d/clamav-freshclam
    Changes here:
    create 640 clamav adm to create 640 amavis adm

    Then i force-reloaded /etc/init.d/clamav-daemon
    and /etc/init.d/clamav-freshclam

    Now the error seems gone (from 2 A.M. on till now, just a few hours), but i'm not sure whether it re-appears or not.

    Maybe it would be a smarter solution to just add the user amavis to the clamav-group. But didn't try that, because found that "step-by-step"-howto on the net and tried that first. (see http://www200.pair.com/mecham/spam/clamav-amavisd-new.html)

    So maybe it helps someone, maybe not, depends on what will happen to my log-file ;-)
     
  8. topdog

    topdog HowtoForge Supporter

    Changing clamav to run as amavis user is not a good idea.

    Clamd provides for your issue with this config option
    Code:
    AllowSupplementaryGroups yes
    
    That needs to be set to yes and then the amavis user added to the clamav group.

    That will fix the problem.
     
  9. Zous

    Zous New Member

    I too have been plagued by this issue, and have been spending all day trying to debug it.

    It's the exact same error, postfix is sending the mail to amavis which scans it with ClamAV. But instead of it working correctly, amavis throws the "ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory)"

    Yes, ClamAV is running as user clamav, who is in the amavis group (and just in case, vice versa is true, amavis is in the clamav group)

    Yes, I even had found the same page chrisruss found, and tried that to no avail (I have since reverted those changes)

    From what I can tell, the Socket file is never being created. It is not listed in a "netstat -a" call nor is it in the directory it should be in.

    I just found the following in the clamav log.

    Code:
    ERROR: Socket file /var/run/clamav/clamd.ctl could not be bound: Permission denied
    That was before I wiped the configuration and replaced it with a new configuration. I stopped getting that (even though the LocalSocket line didn't change). I've even reverted to the original conf (from the package maintainer) and still am not seeing either a message saying it connected to the socket or an error about it not being able to connect to the socket when I restart.

    And yes, the /var/run/clamav folder is owned by clamav and clamav has all privileges on it.

    I'm at my wits end here, and I would very much like to have a working scanner for my mail server. Any help would be appreciated!
     
  10. topdog

    topdog HowtoForge Supporter

    can you send output of
    Code:
    ls /var/run -l
    
    Code:
    ls /var/run/clamav -l
    
     
  11. Zous

    Zous New Member

    Of course I will, I've been looking at those over and over ;)

    ls -l /var/run

    Code:
    ...
    drwxr-xr-x 2 clamav      clamav      4096 2008-02-13 03:02 clamav
    ...
    ls -l /var/run/clamav

    Code:
    -rwxrw---- 1 clamav clamav 4 2008-02-13 01:48 freshclam.pid
    
    Btw, I was about to repost here as I realized that I stopped seeing comments about the UNIX socket in the log as the default config file turned off LogClean

    With LogClean on, when I restart I see:
    Code:
    Wed Feb 13 03:02:37 2008 -> Unix socket file /var/run/clamav/clamd.ctl
    
    Also, notice that the folder /var/run/clamav got touched at 3:02 as well (even if the ctl file is not there currently, and yes clamd is still running)

    This makes me think that it is getting created, even if it doesn't stay around for long.
     
  12. topdog

    topdog HowtoForge Supporter

    Seems like the socket is being removed do you have FixStaleSocket set to yes ?
     
  13. Zous

    Zous New Member

    Yes, I do. I turned it off. I looked through the clean version of the log for a little more and found the following.

    Code:
    Wed Feb 13 03:02:50 2008 -> Socket file removed.
    I'll probably let it run for a while with FixStaleSocket set to no

    I didn't think that it would remove a socket in 30 seconds...
     
  14. Zous

    Zous New Member

    And now it's back, which is why I let it run last time.

    Loading the database takes a long time (20+ mins). While before it was a permissions issue, once I fixed the permissions I kept changing settings and never gave it enough time to load the database. Only once it loaded the database would it actually create the socket.

    Thanks for your help, hopefully this was just a misunderstanding between me and ClamAV :D
     
  15. chimaster

    chimaster New Member

    Me Too!

    I have this same issue. I took the time to wait for Clamav to spring back to life and email started moving again... for about four hours, then it stopped again.

    Any ideas as to what causes this? How would I initiate a secondary virus scanner to combat this happening?

    I've had a pretty good look through the logs and all I see is that the socket stopped responding.

    Feb 22 18:20:49 ferengi amavis[9734]: (09734-07) (!) run_av: timed out
    Feb 22 18:20:49 ferengi amavis[9734]: (09734-07) (!!) ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan timed out at (eval 44) line 462.
    Feb 22 18:20:49 ferengi amavis[9734]: (09734-07) (!!) TROUBLE in check_mail: virus_scan FAILED: virus_scan: ALL VIRUS SCANNERS FAILED: ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 44) line 268.; ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan timed out at (eval 44) line 462.
    Feb 22 18:20:49 ferengi amavis[9734]: (09734-07) (!) PRESERVING EVIDENCE in /var/lib/amavis/tmp/amavis-20080222T181527-09734
    Feb 22 18:20:50 ferengi amavis[9734]: (09734-08) (!) ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory, retrying (2)
    Feb 22 18:20:51 ferengi amavis[9732]: (09732-08) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 44) line 268.
    Feb 22 18:20:51 ferengi amavis[9732]: (09732-08) (!!) WARN: all primary virus scanners failed, considering backups
    Feb 22 18:20:56 ferengi amavis[9734]: (09734-08) (!!) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 44) line 268.
    Feb 22 18:20:56 ferengi amavis[9734]: (09734-08) (!!) WARN: all primary virus scanners failed, considering backups


    for a little more info.. Clamav.log

    Fri Feb 22 14:44:58 2008 -> ERROR: reload db failed: Unable to lock database directory (try 2)
    Fri Feb 22 14:47:08 2008 -> ERROR: reload db failed: Unable to lock database directory (try 3)
    Fri Feb 22 14:47:08 2008 -> ERROR: reload db failed: Unable to lock database directory
    Fri Feb 22 14:47:08 2008 -> Terminating because of a fatal error.Fri Feb 22 14:47:08 2008 -> Socket file removed.
    Fri Feb 22 14:47:08 2008 -> Pid file removed.
    Fri Feb 22 14:47:08 2008 -> --- Stopped at Fri Feb 22 14:47:08 2008
    Fri Feb 22 18:06:29 2008 -> +++ Started at Fri Feb 22 18:06:29 2008
    Fri Feb 22 18:06:29 2008 -> clamd daemon 0.90.1 (OS: linux-gnu, ARCH: i386, CPU: i486)
    Fri Feb 22 18:06:29 2008 -> Log file size limit disabled.
    Fri Feb 22 18:06:29 2008 -> Reading databases from /var/lib/clamav

    TIA :)
     
  16. topdog

    topdog HowtoForge Supporter

    The problem is that some of your freshclam processes seem to terminate uncleanly leaving the lock in place, (.dbLock). The next update process then cannot "lock" the db because there is already a lock in place.

    This means you have to take a close look at your system to figure out why the update does not finish cleanly, also this issue seems to have affected clamav version 0.90 if you are running that version or something below an upgrade is worth the try.
     

Share This Page