ClamAV-clamd av-scanner FAILED: run_av error

Discussion in 'Installation/Configuration' started by datahellas, Jul 7, 2010.

  1. datahellas

    datahellas New Member

    Hi I followed the Perfect setup for OpenSuse 11.2 64bit / ISPConfig 3. All went fine except from the clamav thats throughs an error in the log files.

    The error message:

    Jul 7 09:13:35 hades amavis[21674]: (21674-01) (!!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 101) line 325.

    This folder does not exist: /var/run/clamav/

    I restarted clamd and amavis several times. The problem does not solved. I created that folder by hand and restart clamd, nothing. I update/re-install clamav (yast2 -i clamav clamav-db) but the problem remains.

    On an other server I have with the same setup (with an older ISPConfig 3.x revision) that folder does not exist but clamd works fine...

    Any ideas how to solve this issue?
     
    Last edited: Jul 7, 2010
  2. falko

    falko Super Moderator ISPConfig Developer

    What's in your clamd.conf or clamav.conf in the /etc directory?
     
  3. datahellas

    datahellas New Member

    contents of clamd.conf

    There is no clamav.conf file in /etc directory. There is a clamd.conf and clamav-milter.conf.

    Here are the contents of clamd.conf file with the commented text removed.

    #LogFile /tmp/clamd.log
    #LogFileUnlock yes
    #LogFileMaxSize 2M
    #LogTime yes
    #LogClean yes
    LogSyslog yes
    LogFacility LOG_MAIL
    #LogVerbose yes
    PidFile /var/lib/clamav/clamd.pid
    #TemporaryDirectory /var/tmp
    #DatabaseDirectory /var/lib/clamav
    #OfficialDatabaseOnly no
    LocalSocket /var/lib/clamav/clamd-socket
    #LocalSocketGroup virusgroup
    #LocalSocketMode 660
    #FixStaleSocket yes
    # TCP port address.
    # Default: no
    TCPSocket 3310
    # TCP address.
    # By default we bind to INADDR_ANY, probably not wise.
    # Enable the following to provide some degree of protection
    # from the outside world.
    # Default: no
    TCPAddr 127.0.0.1
    #MaxConnectionQueueLength 30
    #StreamMaxLength 10M
    #StreamMinPort 30000
    #StreamMaxPort 32000
    #MaxThreads 20
    # Default: 120
    #ReadTimeout 300
    #CommandReadTimeout 5
    #SendBufTimeout 200
    #MaxQueue 200
    #IdleTimeout 60
    #ExcludePath ^/proc/
    #ExcludePath ^/sys/
    #MaxDirectoryRecursion 20
    #FollowDirectorySymlinks yes
    #FollowFileSymlinks yes
    #CrossFilesystems yes
    #SelfCheck 600
    #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
    User vscan
    #AllowSupplementaryGroups no
    #ExitOnOOM yes
    #Foreground yes
    #Debug yes
    #LeaveTemporaryFiles yes
    #DetectPUA yes
    #ExcludePUA NetTool
    #ExcludePUA PWTool
    #IncludePUA Spy
    #IncludePUA Scanner
    #IncludePUA RAT
    #AlgorithmicDetection yes
    #ScanPE yes
    #ScanELF yes
    #DetectBrokenExecutables yes

    ## Documents
    #ScanOLE2 yes
    #ScanPDF yes
    ## Mail files
    #ScanMail yes
    #ScanPartialMessages yes
    #PhishingSignatures yes
    #PhishingScanURLs yes
    #PhishingAlwaysBlockSSLMismatch no
    #PhishingAlwaysBlockCloak no
    #HeuristicScanPrecedence yes

    ## Data Loss Prevention (DLP)
    #StructuredDataDetection yes
    #StructuredMinCreditCardCount 5
    #StructuredMinSSNCount 5
    #StructuredSSNFormatNormal yes
    #StructuredSSNFormatStripped yes

    ## HTML
    #ScanHTML yes

    ## Archives
    #ScanArchive yes
    #ArchiveBlockEncrypted no

    ## Limits
    #MaxScanSize 150M
    #MaxFileSize 30M
    #MaxRecursion 10
    #MaxFiles 15000

    ## Clamuko settings
    #ClamukoScanOnAccess yes
    #ClamukoScannerCount 3
    #ClamukoMaxFileSize 10M
    #ClamukoScanOnOpen yes
    #ClamukoScanOnClose yes
    #ClamukoScanOnExec yes
    #ClamukoIncludePath /home
    #ClamukoIncludePath /students
    #ClamukoExcludePath /home/bofh
    #Bytecode yes
    #BytecodeSecurity TrustSigned
    #BytecodeTimeout 60000
     
  4. falko

    falko Super Moderator ISPConfig Developer

    The socket in clamd.conf is defined as /var/lib/clamav/clamd-socket, so you either change it to /var/run/clamav/clamd, or you change the clamd socket location in your amavisd.conf to /var/lib/clamav/clamd-socket.
     
  5. datahellas

    datahellas New Member

    Solved!

    Thank you very much, problem solved! :)
     
  6. fredo

    fredo New Member

    Hello,

    I have a similar issue, I followed the tutorial Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (CentOS 5.3 x86_64).

    I have these lines in the log:

    (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20101112T174537-24356/parts: lstat() failed: Permission denied. ERROR\n"
    Nov 15 09:33:55 mail1 amavis[24356]: (24356-05) (!)ClamAV-clamd av-scanner FAILED: CODE(0x1b6fda0) unexpected , output="/var/amavis/tmp/amavis-20101112T174537-24356/parts: lstat() failed: Permission denied. ERROR\n" at (eval 48) line 594.


    I added the amavis user to the clamav group and vice versa and restarted postfix amavisd clamd
    Any suggestions?
     
  7. falko

    falko Super Moderator ISPConfig Developer

    IS SELinux disabled? What's the output of
    Code:
    getenforce
    ?
     
  8. fredo

    fredo New Member

    SELinux is disabled.

    mail1 ~ # getenforce
    Disabled

    I replaced the username of clamd with amavis instead of clamav and everything works fine. Thanks!!
     
  9. mty620

    mty620 New Member

    Fredo, what exactly did you do?
     
  10. cesararnold

    cesararnold New Member

    Solved to me too!

    Falko is the man.
     
  11. rwheindl

    rwheindl Member

    Where did you change this setting? A config file or permissions on a directory? What worked?
     
  12. m0b1us

    m0b1us New Member

    Hi
    i got same error message

    Feb 4 10:24:23 us1 amavis[16189]: (16189-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: 111
    Feb 4 10:24:24 us1 amavis[16189]: (16189-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: Connection refused
    Feb 4 10:24:24 us1 amavis[16189]: (16189-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock, retrying (2)
    Feb 4 10:24:30 us1 amavis[16189]: (16189-01) (!)connect to /var/spool/amavisd/clamd.sock failed, attempt #1: Can't connect to UNIX socket /var/spool/amavisd/clamd.sock: Connection refused
    Feb 4 10:24:30 us1 amavis[16189]: (16189-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/spool/amavisd/clamd.sock (All attempts (1) failed connecting to /var/spool/amavisd/clamd.sock) at (eval 113) line 600.\n
    Feb 4 10:24:30 us1 amavis[16189]: (16189-01) (!)WARN: all primary virus scanners failed, considering backups
    Feb 4 10:24:42 us1 postfix/smtpd[16673]: connect from unknown[127.0.0.1]
    Feb 4 10:24:42 us1 postfix/smtpd[16673]: 718191C475F: client=unknown[127.0.0.1]

    after i reboot then it works.
    my amavisd.conf is
    amavisd.conf

    use strict;
    $max_servers = 2;
    $daemon_user = 'amavis';
    $daemon_group = 'amavis';
    $mydomain = 'pusatwebhosting.com';

    $MYHOME = '/var/spool/amavisd';
    $TEMPBASE = "$MYHOME/tmp";
    $ENV{TMPDIR} = $TEMPBASE;
    $QUARANTINEDIR = undef;
    $db_home = "$MYHOME/db";
    $lock_file = "/var/run/amavisd/amavisd.lock"; # -L
    $pid_file = "/var/run/amavisd/amavisd.pid"; # -P
    $log_level = 0;
    $log_recip_templ = undef;
    $do_syslog = 1;
    $syslog_facility = 'mail';
    $enable_db = 1;
    $nanny_details_level = 2;
    $enable_dkim_verification = 1;
    $enable_dkim_signing = 1;
    @local_domains_maps = (read_hash('/etc/amavisd/local_domains'));

    @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
    10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

    $unix_socketname = "$MYHOME/amavisd.sock";
    $inet_socket_port = 10024;

    please advise thanks
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The error was caused by clamav which was not started, so its nothing in your amavisd configuration. instead of rebooting the server, you could just start clamav (clamd).
     

Share This Page