Problem with Clamd

M

Mattpl

Verified User
Joined
Jun 28, 2017
Messages
84
Location
ZS
Hi guys! I have problem on my Deb with DA. Today i found this error message

Code: 
exim paniclog /var/log/exim/paniclog on xxx.xxx.com has non-zero size, mail system might be broken. The last 10 lines are quoted below.

2017-06-27 07:45:25 1dPjJJ-0003JV-IR malware acl condition: clamd [127.0.0.1]:3310 : unable to read from socket (Connection timed out)

I'm looking for help with this problem. For now:
restart exim
restart clamd

clear paniclog

in /etc/exim.clamav.load.conf have only
Code: 
av_scanner = clamd:127.0.0.1 3310
 
Probably for some reason clamd wasn't running, you may need to check for clmad logs to see why it stopped and maybe rebuild it from CB, DA should take care to check if it's running and restart it if it's not.

Best regards
 
thanks for tips. I will check it.

Another error
Code: 
run-parts: /etc/cron.daily/exim exited with return code 123
 
SeLLeRoNe said:
They seems to be correct: https://intodns.com/szukampracy.pl
Click to expand...
Thank you! I have last problem ClamAv and Exim -

Code: 
exim paniclog /var/log/exim/paniclog on serwer.kylos.net.pl has non-zero size, mail system might be broken. The last 10 lines are quoted below.

2017-07-06 08:18:04 1dT06q-0000mv-Dl malware acl condition: clamd [127.0.0.1]:3310 : unable to read from socket (Connection timed out)

ps xa|grep -i clam show that only one proces of clamav is runing.

Code: 
20128 ?        Ssl    0:05 /usr/local/sbin/clamd --foreground=yes
20171 ?        Ss     0:00 /usr/local/bin/freshclam -d
20185 pts/0    S+     0:00 grep -i clam

In my exim.clamav.load.conf av_scanner is set to av_scanner = clamd:127.0.0.1 3310
In clamd.conf TCPSocekt is the same 3310 and IP is 127.0.0.1 and i clamd.conf I have removed # from LocalSocket /tmp/clamd. (like in this topic http://forum.directadmin.com/showthread.php?t=24792&page=2 )

netstat -ntpl | grep clam -clamd runing
Code: 
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      20128/clamd

but command clam /clamd status give
Code: 
ERROR: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
ERROR: LOCAL: Socket file /tmp/clamd.socket is in use by another process.
 
SeLLeRoNe said:
They seems to be correct: https://intodns.com/szukampracy.pl
Click to expand...


SeLLeRoNe said:
They seems to be correct: https://intodns.com/szukampracy.pl
Click to expand...
Thank you! I have last problem ClamAv and Exim -

Code: 
exim paniclog /var/log/exim/paniclog on serwer.kylos.net.pl has non-zero size, mail system might be broken. The last 10 lines are quoted below.

2017-07-06 08:18:04 1dT06q-0000mv-Dl malware acl condition: clamd [127.0.0.1]:3310 : unable to read from socket (Connection timed out)

ps xa|grep -i clam show that only one proces of clamav is runing.

Code: 
20128 ?        Ssl    0:05 /usr/local/sbin/clamd --foreground=yes
20171 ?        Ss     0:00 /usr/local/bin/freshclam -d
20185 pts/0    S+     0:00 grep -i clam

In my exim.clamav.load.conf av_scanner is set to av_scanner = clamd:127.0.0.1 3310
In clamd.conf TCPSocekt is the same 3310 and IP is 127.0.0.1 and i clamd.conf I have removed # from LocalSocket /tmp/clamd. (like in this topic http://forum.directadmin.com/showthread.php?t=24792&page=2 )

netstat -ntpl | grep clam -clamd runing
Code: 
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      20128/clamd

but command clam /clamd status give
Code: 
ERROR: TCP: Cannot bind to [127.0.0.1]:3310: Address already in use
ERROR: LOCAL: Socket file /tmp/clamd.socket is in use by another process.
 
Well it say "Address already in use" so something else it is using that port, are you sure you don't have two copies of ClamAV?
How did you install it? Using OS repository AND CustomBuild?

If so, remove the OS one (ex for CentOS: yum remove clamav* freshclam*) and reinstall the CB one (./build clamav)

This may fix your problem.
Another way would be to kill the running process (20128) with killall -9 clamd and restart it again.

Best regards
 
You must log in or register to reply here.
Back
Top