malware acl condition: clamd: unable to read from socket

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Please, especially when resurrecting old topics, don't just say you've followed the instructions; that doesn't give any of us who'd like to help enough specific information to go on.

Exactly what did you do?

Did that kernel update warning come up only after you tried to update ClamAV? If so, exactly how did you update ClamAV. Yes, you could end up completely disabling your underlying Linux OS if somehow you ever do actually end up removing that version, so it's important to know exctly what's triggering that.

We always install ClamAV from scratch, and you'll need to make sure your exim.conf file calls ClamAV as it expects to be called.

Jeff
 

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
352
Please, especially when resurrecting old topics, don't just say you've followed the instructions; that doesn't give any of us who'd like to help enough specific information to go on.

Exactly what did you do?

Did that kernel update warning come up only after you tried to update ClamAV? If so, exactly how did you update ClamAV. Yes, you could end up completely disabling your underlying Linux OS if somehow you ever do actually end up removing that version, so it's important to know exctly what's triggering that.

We always install ClamAV from scratch, and you'll need to make sure your exim.conf file calls ClamAV as it expects to be called.

Jeff
One quick note to add:

I've seen the error rise (again), and it is a problem in the /etc/clamd.conf .
The entry of:


# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd


Is commented out.

so you need to uncomment the line:


LocalSocket /tmp/clamd

(Remove the # from the beginning of the line) and then restart clamd.

I don't know why it is not showing with the # sign.

Usually the update.script does a complete installation, but I've seen sometimes a problem with that entry.
HTH

-Alon.
 

Meesterlijk

Verified User
Joined
Jan 19, 2007
Messages
179
Location
Netherlands
I noticed /etc/clamd.conf is overwritten everytime you upgrade (it's a compile from source), since 0.96

Also noticed that a restart of clamd will not kill freshclam, so you'll end up with two freshclam pids.

Below some code when using update.script I make myself sure I clean the dir, since update.script changes it structure often.

Code:
rm -rf /usr/local/updatescript/*; cd /usr/local/updatescript; wget http://tools.web4host.net/update.script; chmod 755 update.script

cd /usr/local/updatescript; ./update.script CLEAN; ./update.script UPDATEME; cd /usr/local/updatescript; ./update.script CLAMAV

perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf; killall -9 freshclam; /etc/init.d/clamd restart; tail -f /var/log/exim/mainlog
 

SupermanInNY

Verified User
Joined
Sep 28, 2004
Messages
352
I noticed /etc/clamd.conf is overwritten everytime you upgrade (it's a compile from source), since 0.96

Also noticed that a restart of clamd will not kill freshclam, so you'll end up with two freshclam pids.

Below some code when using update.script I make myself sure I clean the dir, since update.script changes it structure often.

Code:
rm -rf /usr/local/updatescript/*; cd /usr/local/updatescript; wget http://tools.web4host.net/update.script; chmod 755 update.script

cd /usr/local/updatescript; ./update.script CLEAN; ./update.script UPDATEME; cd /usr/local/updatescript; ./update.script CLAMAV

perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf; killall -9 freshclam; /etc/init.d/clamd restart; tail -f /var/log/exim/mainlog
Good call on the freshclam double process, I also had this, forgot to mentioned it. I'll shoot Wael a msg to incorporate it if possible into the update.script.

thanks,

-Alon.
 

@how@

Verified User
Joined
Mar 2, 2005
Messages
962
Location
Kingdom of Bahrain
I noticed /etc/clamd.conf is overwritten everytime you upgrade (it's a compile from source), since 0.96

Also noticed that a restart of clamd will not kill freshclam, so you'll end up with two freshclam pids.

Below some code when using update.script I make myself sure I clean the dir, since update.script changes it structure often.

Code:
rm -rf /usr/local/updatescript/*; cd /usr/local/updatescript; wget http://tools.web4host.net/update.script; chmod 755 update.script

cd /usr/local/updatescript; ./update.script CLEAN; ./update.script UPDATEME; cd /usr/local/updatescript; ./update.script CLAMAV

perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf; killall -9 freshclam; /etc/init.d/clamd restart; tail -f /var/log/exim/mainlog
ya this good if you want use LocalSocket /tmp/clamd only
my script ready for 127.0.0.1:3310

so in exim.conf you can use
av_scanner = 127.0.0.1:3310
if you use
Code:
perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf
av_scanner = /tmp/clamd

my script ready for 127.0.0.1:3310 and this good for scan file in ftp with clamav ;)

Wael
 

@how@

Verified User
Joined
Mar 2, 2005
Messages
962
Location
Kingdom of Bahrain
why freshclam double ?
cuz i cant use killall freshclam -9 in freshclam script
if and one edit freshclam script with killall freshclam script kill them self too.
only use freshclam script for start freshclam if down.
ill try to fix both script clamd and freshclam soon.

thanks again Alon
 
Last edited:
Top