Clamd Will Not Start

Discussion in 'Installation/Configuration' started by jonwatson, May 5, 2009.

  1. jonwatson

    jonwatson New Member

    Hi All,

    This morning we started seeing this in the headers of our emails:

    X-Virus-Status: Failed
    X-Virus-Report: /usr/bin/clamdscan error 2
    X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ERROR: Can't connect to clamd: No such file or directory
    Attempts to manually start clamd result in this

    # service clamd start
    Starting Clam AntiVirus Daemon: ERROR: LOCAL: Socket file unix:/var/run/clamav/clamd.sock could not be bound: No such file or directory
    ERROR: Can't unlink the socket file unix:/var/run/clamav/clamd.sock
    What is responsible for creating the socket and how do I make it do so?


  2. jonwatson

    jonwatson New Member

    Anyone have any ideas at all on this? We're running without Anti Virus until this has been sorted.


  3. falko

    falko Super Moderator

    What's the output of
    ls -l /var/run/clamav/clamd.sock
  4. jonwatson

    jonwatson New Member

    That's the problem, there is no such file.

    I tried touching it to create the file, which worked, but evidently wasn't enough for ClamAV to work.

    I have since rebooted the machine and all it well now. I just hate having to do that because it is production so we have to wait until after hours to do it and that means everyone is running without AV all day long.

    If there's some way to create the clamd.sock file properly if it is not being created, I would prefer to do that over rebooting.


  5. falko

    falko Super Moderator

    What's the output of
    ls -la /var/run/
    ? Maybe it's a permissions problem with one of the directories in the path...
  6. www

    www New Member

    I had the same problem. Commenting out
    LocalSocket unix:/var/run/clamav/clamd.sock
    FixStaleSocket yes
    in /etc/clamd.conf allowed clamd to restart.

    Then I noticed that there was a new version of clamd available through yum. Installing that seems to have fixed the problem and clamd now restarts even with the lines above uncommented.
  7. egillette

    egillette New Member

    Worked for me. . .

    Hey, I hate to open an old thread, but I just wanted to say thanks!

    I was having the same issue with clamd on a client's machine, and for whatever reason -- even after an upgrade it still kept giving me the socket permission denied error message.

    I checked the permissions on the file and on the directory and everything seemed to be fine, but still I got the error message.

    Commenting out the two lines mentioned above allowed clamd to start without a hitch!

    root@server [/var]# service clamd start
    Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
    ERROR: LOCAL: Socket file /var/clamd could not be removed: Permission denied
    ERROR: Can't unlink the socket file /var/clamd
    root@server [/var]# nano /etc/clamd.conf
    root@server [/var]# service clamd start
    Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
                                                               [  OK  ]
    root@server [/var]#
    So I'm happy! :)

    - Eric Gillette
  8. rgordey

    rgordey New Member

    I don't want to be a wet blanket, but you haven't fixed the problem, you've ignored it. What you did was to turn off the socket by which 99% of local programs will submit data to be scanned for viruses by clamav. To be perfectly honest, while it is possible to configure clamav to accept submissions via tcp that's not too popular right now.

    Clamav was complaining that either /var/run/clamd/clamd.sock (the bolded directory) didn't exist or it had no rights to read/create/modify etc. in that directory.

    #mkdir /var/run/clamd
    #chown root:<same group name that clamd runs as> /var/run/clamd

    You also might want to un-comment those two lines in clamd.conf.
  9. egillette

    egillette New Member

    An Upgrade Resolved The Issue. . .

    Well, after upgrading ClamAV, clamd now starts fine even with the lines uncommented for the socket.

    So problem was apparently resolved on their end, and as quickly as it started, it's now finished just as quickly!
  10. New Member

    The problem is the new user.

    cat /etc/passwd
    clamav:x:101:103:Clam Anti Virus Checker:/var/clamav:/sbin/nologin
    clam:x:104:106:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin

    Change the permisions back to the user clamav and all will be ok, without commenting the lines.

    # chown -R clamav.clamav /var/log/clamav/
    # chown -R clamav.clamav /var/run/clamav/
    # chown -R clamav.clamav /var/lib/clamav/
: clamd, email

Share This Page