Page 1 of 2 12 LastLast
Results 1 to 20 of 26

Thread: malware acl condition: clamd: unable to read from socket

  1. #1
    Join Date
    Jan 2007
    Location
    Netherlands
    Posts
    179

    malware acl condition: clamd: unable to read from socket

    Two of our servers has problems with clamd, seconds after restarting /usr/local/etc/rc.d/clamav-clamd restart
    I get : malware acl condition: clamd: unable to read from socket (Operation timed out) and mail is not sending....

    Does anyone have any ideas, please respond.

    Thanks,
    Robert

  2. #2
    Join Date
    Mar 2006
    Posts
    361
    What are you using for av_scanner in /etc/exim.conf?

  3. #3
    Join Date
    Sep 2007
    Posts
    148
    attempt to restart the clamd again then restart exim.
    tanfwc
    System Administrator
    Singapore Managed Colocation
    Singapore BGP Announcement

  4. #4
    Join Date
    Jan 2007
    Location
    Netherlands
    Posts
    179
    Quote Originally Posted by GXX View Post
    What are you using for av_scanner in /etc/exim.conf?
    av_scanner = clamd:/var/run/clamav/clamd

    Thanks,
    Robert

  5. #5
    Join Date
    Jan 2007
    Location
    Netherlands
    Posts
    179
    Quote Originally Posted by tanfwc View Post
    attempt to restart the clamd again then restart exim.
    When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

    2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

    To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

    Suggestions welcome.

    Note: Everything worked fine for about a year, this problem just occurred last week...

    Thanks,
    Robert

  6. #6
    Join Date
    Sep 2007
    Posts
    148
    Quote Originally Posted by Meesterlijk View Post
    When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

    2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

    To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

    Suggestions welcome.

    Note: Everything worked fine for about a year, this problem just occurred last week...

    Thanks,
    Robert
    Strange, how did you install clamd?

    show me the version as well
    clamd --version
    tanfwc
    System Administrator
    Singapore Managed Colocation
    Singapore BGP Announcement

  7. #7
    Join Date
    Jan 2007
    Location
    Netherlands
    Posts
    179
    Quote Originally Posted by tanfwc View Post
    Strange, how did you install clamd?
    Don't know, was done by someone else...,

    We have >40 servers with this setup and 2 are showing this problem.

    Quote Originally Posted by tanfwc View Post
    show me the version as well
    ClamAV 0.91.1

    Thanks,
    Robert

  8. #8
    Join Date
    Sep 2007
    Posts
    148
    Robert, I guess you have an in-house sysadmin since you have such a huge server base right?

    I suggest you watch /var/log/messages for errors. It might lead you to some useful information.
    tanfwc
    System Administrator
    Singapore Managed Colocation
    Singapore BGP Announcement

  9. #9
    Join Date
    Sep 2003
    Location
    The Netherlands
    Posts
    556
    This problem is something that happens to me as well.
    I've seen this problem on about 4 servers so far.
    However, these servers use the TCP socket instead of the unix socket.

    Can Exim be configured in any way to ignore the fail, and just continue to allow the message (or issue a temp reject instead of a real reject)? .

    Most of the time it can be fixed by rotating the clamav logs, and restarting the clamav daemon. However, that's not a real solution ofcourse.
    Last edited by Icheb; 03-18-2008 at 02:43 AM. Reason: Stop bugging me on IRC

  10. #10
    Join Date
    Feb 2008
    Posts
    17
    Robert, I guess you have an in-house sysadmin since you have such a huge server base right?
    Fair point.

    Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.

  11. #11
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    195
    Robert,
    Mocht je er niet uitkomen neem dan maar even contact op per PM.

    Robert,
    If you cant solve the problem contact me trough PM.

  12. #12
    Join Date
    Jan 2007
    Location
    Netherlands
    Posts
    179
    Quote Originally Posted by blasty View Post
    Fair point.

    Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.
    I believe that the forum is for issues that are hard to solve, even for sysadmins. I posted the log in my first post, /var/log/messages gives nothing that relates to this. Even emptying the clamd.log and restarting clamd is not solving this issue. In earlier post above I allready wrote that my only solution now is to disable clamav to send/receive mail at all. As I did...

    So please read this short thread before you post something, or when you have a possible solution, or else this thread will become unnessesary long wihout any solution. The forum has allready several post about this, without any concrete solution, or the threadstarter forgot to post his solution at the bottom.

    My intensions is to make this thread a knowledge base for other people to return to, who encounter similar problems.

    DutchTSE, thanks. I will PM you now.

    Thanks,
    Robert

  13. #13
    Join Date
    Jan 2007
    Location
    Netherlands
    Posts
    179
    I solved the problem by upgrading clamav to 0.91.2 (thru ports upgrade) and made sure that before this, all clamd/freshclam pids were killed.

    Regards,
    Robert
    Thanks,
    Robert
    www.meesterlijk.nl

  14. #14
    Join Date
    Jul 2005
    Posts
    87
    I am having this same exact problem and I am trying to figure it out right now.

  15. #15
    Join Date
    Mar 2006
    Posts
    123
    Upgrade to the latest version available, and also make sure no other instances of the process are running:

    ps aux | grep clamd


    If they, are kill it

    killall -9 clamd

  16. #16
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    195
    And don't forget to kill freshclam in the same way

  17. #17
    nobaloney's Avatar
    nobaloney is offline NoBaloney Internet Svcs - In Memoriam †
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,122
    If you're using SpamBlocker 3.1-beta, it does do temporary rejects if it can't access ClamAV.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  18. #18
    Join Date
    Apr 2008
    Posts
    8

    Smile a possible solution

    A have had the same problem today but yesterday I've changed the secuence of sending old/frozen emails from 4d to 3d (last 10 lines of exim.conf) and after 24 hours, the clamd error appeard. I only change again the exim.conf to 4d and now works perfectly. Maybe it helps somebody.

  19. #19
    Join Date
    Oct 2008
    Posts
    1
    I have had the same problem too:

    I newly installed a debian system and installed exim4, spammassassin and clamav as I've done several times before.
    When I was finished, I got the same error (malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd.ctl (Connection refused)) evertime I tried to send a mail.

    Here the solution that helped me out (http://www.clamav.net/index.php?s=update)
    Add this mirror to your source.list: deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

    Now do apt-get update and upgrade your clamav packages. That's it

  20. #20
    Join Date
    Apr 2010
    Posts
    2

    malware acl condition: clamd: unable to read from socket

    Dears,

    i 'm a new comer on this forum and my english is not good!
    i've the same problem on my debian 4.0 with exim4 spamassasin...
    since 3 days none we can not receive and send mails.
    i followed this discussion stepby step; but when trying to update clamav 0.84

    i have a kernel error message telling me that you are running a kernel version 2.6.8-2-686 and attem,pting to rełove the same version........this is a potentially disastrous action.......so they advice me to choose No at the following question; remove the running kernel image not recommended (No) and when i choose no ...nothing happens an the problem remains!

    please if you understood what i said help me and please tell me how to upgrade ( step by step from clamav 0.84 to 0.96)
    Thanks

    Tamo

Page 1 of 2 12 LastLast

Similar Threads

  1. ClamAV malware acl condition error
    By turnersloane in forum System-Level Technical Discussion
    Replies: 9
    Last Post: 02-01-2012, 12:34 AM
  2. Multi Server: Unable to open a socket
    By Remco00 in forum General Technical Discussion & Troubleshooting
    Replies: 10
    Last Post: 01-03-2011, 04:04 AM
  3. unable to find diradmin user / unable to read conf
    By mta in forum Installation / System Requirements
    Replies: 8
    Last Post: 01-20-2009, 12:26 PM
  4. Unable to connect to secure socket
    By hans130 in forum System-Level Technical Discussion
    Replies: 0
    Last Post: 04-18-2008, 04:58 AM
  5. Replies: 2
    Last Post: 07-09-2007, 04:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •