malware acl condition: clamd: unable to read from socket

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
Two of our servers has problems with clamd, seconds after restarting /usr/local/etc/rc.d/clamav-clamd restart
I get : malware acl condition: clamd: unable to read from socket (Operation timed out) and mail is not sending....

Does anyone have any ideas, please respond.

Thanks,
Robert
 

GXX

Verified User
Joined
Mar 25, 2006
Messages
361
What are you using for av_scanner in /etc/exim.conf?
 

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
attempt to restart the clamd again then restart exim.
When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

Suggestions welcome.

Note: Everything worked fine for about a year, this problem just occurred last week...

Thanks,
Robert
 

tanfwc

Verified User
Joined
Sep 6, 2007
Messages
148
When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

Suggestions welcome.

Note: Everything worked fine for about a year, this problem just occurred last week...

Thanks,
Robert
Strange, how did you install clamd?

show me the version as well
clamd --version
 

tanfwc

Verified User
Joined
Sep 6, 2007
Messages
148
Robert, I guess you have an in-house sysadmin since you have such a huge server base right?

I suggest you watch /var/log/messages for errors. It might lead you to some useful information.
 

Icheb

Verified User
Joined
Sep 15, 2003
Messages
556
Location
The Netherlands
This problem is something that happens to me as well.
I've seen this problem on about 4 servers so far.
However, these servers use the TCP socket instead of the unix socket.

Can Exim be configured in any way to ignore the fail, and just continue to allow the message (or issue a temp reject instead of a real reject)? ;).

Most of the time it can be fixed by rotating the clamav logs, and restarting the clamav daemon. However, that's not a real solution ofcourse.
 
Last edited:

blasty

Verified User
Joined
Feb 28, 2008
Messages
17
Robert, I guess you have an in-house sysadmin since you have such a huge server base right?
Fair point.

Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.
 

myH2Oservers

Verified User
Joined
Mar 13, 2006
Messages
239
Location
Netherlands
Robert,
Mocht je er niet uitkomen neem dan maar even contact op per PM.

Robert,
If you cant solve the problem contact me trough PM.
 

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
Fair point.

Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.
I believe that the forum is for issues that are hard to solve, even for sysadmins. I posted the log in my first post, /var/log/messages gives nothing that relates to this. Even emptying the clamd.log and restarting clamd is not solving this issue. In earlier post above I allready wrote that my only solution now is to disable clamav to send/receive mail at all. As I did...

So please read this short thread before you post something, or when you have a possible solution, or else this thread will become unnessesary long wihout any solution. The forum has allready several post about this, without any concrete solution, or the threadstarter forgot to post his solution at the bottom.

My intensions is to make this thread a knowledge base for other people to return to, who encounter similar problems.

DutchTSE, thanks. I will PM you now.

Thanks,
Robert
 

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
I solved the problem by upgrading clamav to 0.91.2 (thru ports upgrade) and made sure that before this, all clamd/freshclam pids were killed.

Regards,
Robert
 

smoked1

Verified User
Joined
Jul 5, 2005
Messages
87
I am having this same exact problem and I am trying to figure it out right now.
 

evil_smurf

Verified User
Joined
Mar 3, 2006
Messages
123
Upgrade to the latest version available, and also make sure no other instances of the process are running:

ps aux | grep clamd


If they, are kill it

killall -9 clamd
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
If you're using SpamBlocker 3.1-beta, it does do temporary rejects if it can't access ClamAV.

Jeff
 

tom3000

Verified User
Joined
Apr 1, 2008
Messages
8
a possible solution

A have had the same problem today but yesterday I've changed the secuence of sending old/frozen emails from 4d to 3d (last 10 lines of exim.conf) and after 24 hours, the clamd error appeard. I only change again the exim.conf to 4d and now works perfectly. Maybe it helps somebody.
 

pixl

New member
Joined
Oct 16, 2008
Messages
1
I have had the same problem too:

I newly installed a debian system and installed exim4, spammassassin and clamav as I've done several times before.
When I was finished, I got the same error (malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd.ctl (Connection refused)) evertime I tried to send a mail.

Here the solution that helped me out (http://www.clamav.net/index.php?s=update)
Add this mirror to your source.list: deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

Now do apt-get update and upgrade your clamav packages. That's it :cool:
 

TAMO

New member
Joined
Apr 16, 2010
Messages
2
Dears,

i 'm a new comer on this forum and my english is not good!
i've the same problem on my debian 4.0 with exim4 spamassasin...
since 3 days none we can not receive and send mails.
i followed this discussion stepby step; but when trying to update clamav 0.84

i have a kernel error message telling me that you are running a kernel version 2.6.8-2-686 and attem,pting to reùove the same version........this is a potentially disastrous action.......so they advice me to choose No at the following question; remove the running kernel image not recommended (No) and when i choose no ...nothing happens an the problem remains!

please if you understood what i said help me and please tell me how to upgrade ( step by step from clamav 0.84 to 0.96)
Thanks

Tamo
 
Top