Clamd Will Not Start

Discussion in 'Installation/Configuration' started by jonwatson, May 5, 2009.

  1. jonwatson

    jonwatson New Member

    Hi All,

    This morning we started seeing this in the headers of our emails:

    X-Virus-Status: Failed
    X-Virus-Report: /usr/bin/clamdscan error 2
    X-Virus-Checker-Version: clamassassin 1.2.4 with clamdscan / ERROR: Can't connect to clamd: No such file or directory
    Attempts to manually start clamd result in this

    # service clamd start
    Starting Clam AntiVirus Daemon: ERROR: LOCAL: Socket file unix:/var/run/clamav/clamd.sock could not be bound: No such file or directory
    ERROR: Can't unlink the socket file unix:/var/run/clamav/clamd.sock
    What is responsible for creating the socket and how do I make it do so?


  2. jonwatson

    jonwatson New Member

    Anyone have any ideas at all on this? We're running without Anti Virus until this has been sorted.


  3. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    ls -l /var/run/clamav/clamd.sock
  4. jonwatson

    jonwatson New Member

    That's the problem, there is no such file.

    I tried touching it to create the file, which worked, but evidently wasn't enough for ClamAV to work.

    I have since rebooted the machine and all it well now. I just hate having to do that because it is production so we have to wait until after hours to do it and that means everyone is running without AV all day long.

    If there's some way to create the clamd.sock file properly if it is not being created, I would prefer to do that over rebooting.


  5. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    ls -la /var/run/
    ? Maybe it's a permissions problem with one of the directories in the path...
  6. www

    www New Member

    I had the same problem. Commenting out
    LocalSocket unix:/var/run/clamav/clamd.sock
    FixStaleSocket yes
    in /etc/clamd.conf allowed clamd to restart.

    Then I noticed that there was a new version of clamd available through yum. Installing that seems to have fixed the problem and clamd now restarts even with the lines above uncommented.
  7. egillette

    egillette New Member

    Worked for me. . .

    Hey, I hate to open an old thread, but I just wanted to say thanks!

    I was having the same issue with clamd on a client's machine, and for whatever reason -- even after an upgrade it still kept giving me the socket permission denied error message.

    I checked the permissions on the file and on the directory and everything seemed to be fine, but still I got the error message.

    Commenting out the two lines mentioned above allowed clamd to start without a hitch!

    [email protected] [/var]# service clamd start
    Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
    ERROR: LOCAL: Socket file /var/clamd could not be removed: Permission denied
    ERROR: Can't unlink the socket file /var/clamd
    [email protected] [/var]# nano /etc/clamd.conf
    [email protected] [/var]# service clamd start
    Starting Clam AntiVirus Daemon: Bytecode: Security mode set to "TrustSigned".
                                                               [  OK  ]
    [email protected] [/var]#
    So I'm happy! :)

    - Eric Gillette
  8. rgordey

    rgordey New Member

    I don't want to be a wet blanket, but you haven't fixed the problem, you've ignored it. What you did was to turn off the socket by which 99% of local programs will submit data to be scanned for viruses by clamav. To be perfectly honest, while it is possible to configure clamav to accept submissions via tcp that's not too popular right now.

    Clamav was complaining that either /var/run/clamd/clamd.sock (the bolded directory) didn't exist or it had no rights to read/create/modify etc. in that directory.

    #mkdir /var/run/clamd
    #chown root:<same group name that clamd runs as> /var/run/clamd

    You also might want to un-comment those two lines in clamd.conf.
  9. egillette

    egillette New Member

    An Upgrade Resolved The Issue. . .

    Well, after upgrading ClamAV, clamd now starts fine even with the lines uncommented for the socket.

    So problem was apparently resolved on their end, and as quickly as it started, it's now finished just as quickly!
  10. New Member

    The problem is the new user.

    cat /etc/passwd
    clamav:x:101:103:Clam Anti Virus Checker:/var/clamav:/sbin/nologin
    clam:x:104:106:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin

    Change the permisions back to the user clamav and all will be ok, without commenting the lines.

    # chown -R clamav.clamav /var/log/clamav/
    # chown -R clamav.clamav /var/run/clamav/
    # chown -R clamav.clamav /var/lib/clamav/
  11. muekno

    muekno Member HowtoForge Supporter

    Had same problem, same solution as Dani above, but clamav rund on user vscan, may be suse specific
  12. hajivitra

    hajivitra New Member

  13. muekno

    muekno Member HowtoForge Supporter

    New problem of till now running server? Linux distribution and Vserion? I found out there are quit some differences, so the tutorials not always work 1:1

  14. KungFuMonkey

    KungFuMonkey New Member

    I like many were using the 13.1 howto to apply to 13.2 setup, in 13.2 you can just forget creating the link and remove any socket file if it is even there. Then just give the vscan user the permission to the directory: chown vscan:vscan -Rv /var/run/clamav
    (That's because the clamd config [/etc/clamd.conf] has vscan set as default user in 13.2)
    Then you can just start the service and it will create the socket.
    That's it, plain and simple.
  15. muekno

    muekno Member HowtoForge Supporter

    @KungFuMonkey I like 13.1 because it is al Long Term version, so longer support
  16. Hi!

    I had the same problem today.

    Well, let's just say that during the installation process, I just got a hint: If you're a ubuntu user (and I guess I might say any other Linux distro user), then check out if daemon package is installed.

    If It's not, install the package and clamd.clt is going to show up into the /var/run/clamav directory.

    It goes as simple as that.

Share This Page