malware acl condition: clamd: unable to read from socket

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
Two of our servers has problems with clamd, seconds after restarting /usr/local/etc/rc.d/clamav-clamd restart
I get : malware acl condition: clamd: unable to read from socket (Operation timed out) and mail is not sending....

Does anyone have any ideas, please respond.

Thanks,
Robert
 
What are you using for av_scanner in /etc/exim.conf?
 
attempt to restart the clamd again then restart exim.

When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

Suggestions welcome.

Note: Everything worked fine for about a year, this problem just occurred last week...

Thanks,
Robert
 
When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

Suggestions welcome.

Note: Everything worked fine for about a year, this problem just occurred last week...

Thanks,
Robert
Strange, how did you install clamd?

show me the version as well
clamd --version
 
Robert, I guess you have an in-house sysadmin since you have such a huge server base right?

I suggest you watch /var/log/messages for errors. It might lead you to some useful information.
 
This problem is something that happens to me as well.
I've seen this problem on about 4 servers so far.
However, these servers use the TCP socket instead of the unix socket.

Can Exim be configured in any way to ignore the fail, and just continue to allow the message (or issue a temp reject instead of a real reject)? ;).

Most of the time it can be fixed by rotating the clamav logs, and restarting the clamav daemon. However, that's not a real solution ofcourse.
 
Last edited:
Robert, I guess you have an in-house sysadmin since you have such a huge server base right?
Fair point.

Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.
 
Robert,
Mocht je er niet uitkomen neem dan maar even contact op per PM.

Robert,
If you cant solve the problem contact me trough PM.
 
Fair point.

Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.

I believe that the forum is for issues that are hard to solve, even for sysadmins. I posted the log in my first post, /var/log/messages gives nothing that relates to this. Even emptying the clamd.log and restarting clamd is not solving this issue. In earlier post above I allready wrote that my only solution now is to disable clamav to send/receive mail at all. As I did...

So please read this short thread before you post something, or when you have a possible solution, or else this thread will become unnessesary long wihout any solution. The forum has allready several post about this, without any concrete solution, or the threadstarter forgot to post his solution at the bottom.

My intensions is to make this thread a knowledge base for other people to return to, who encounter similar problems.

DutchTSE, thanks. I will PM you now.

Thanks,
Robert
 
I solved the problem by upgrading clamav to 0.91.2 (thru ports upgrade) and made sure that before this, all clamd/freshclam pids were killed.

Regards,
Robert
 
I am having this same exact problem and I am trying to figure it out right now.
 
Upgrade to the latest version available, and also make sure no other instances of the process are running:

ps aux | grep clamd


If they, are kill it

killall -9 clamd
 
If you're using SpamBlocker 3.1-beta, it does do temporary rejects if it can't access ClamAV.

Jeff
 
a possible solution

A have had the same problem today but yesterday I've changed the secuence of sending old/frozen emails from 4d to 3d (last 10 lines of exim.conf) and after 24 hours, the clamd error appeard. I only change again the exim.conf to 4d and now works perfectly. Maybe it helps somebody.
 
I have had the same problem too:

I newly installed a debian system and installed exim4, spammassassin and clamav as I've done several times before.
When I was finished, I got the same error (malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd.ctl (Connection refused)) evertime I tried to send a mail.

Here the solution that helped me out (http://www.clamav.net/index.php?s=update)
Add this mirror to your source.list: deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

Now do apt-get update and upgrade your clamav packages. That's it :cool:
 
Dears,

i 'm a new comer on this forum and my english is not good!
i've the same problem on my debian 4.0 with exim4 spamassasin...
since 3 days none we can not receive and send mails.
i followed this discussion stepby step; but when trying to update clamav 0.84

i have a kernel error message telling me that you are running a kernel version 2.6.8-2-686 and attem,pting to reùove the same version........this is a potentially disastrous action.......so they advice me to choose No at the following question; remove the running kernel image not recommended (No) and when i choose no ...nothing happens an the problem remains!

please if you understood what i said help me and please tell me how to upgrade ( step by step from clamav 0.84 to 0.96)
Thanks

Tamo
 
Back
Top