malware acl condition: clamd: unable to read from socket

Please, especially when resurrecting old topics, don't just say you've followed the instructions; that doesn't give any of us who'd like to help enough specific information to go on.

Exactly what did you do?

Did that kernel update warning come up only after you tried to update ClamAV? If so, exactly how did you update ClamAV. Yes, you could end up completely disabling your underlying Linux OS if somehow you ever do actually end up removing that version, so it's important to know exctly what's triggering that.

We always install ClamAV from scratch, and you'll need to make sure your exim.conf file calls ClamAV as it expects to be called.

Jeff
 
Please, especially when resurrecting old topics, don't just say you've followed the instructions; that doesn't give any of us who'd like to help enough specific information to go on.

Exactly what did you do?

Did that kernel update warning come up only after you tried to update ClamAV? If so, exactly how did you update ClamAV. Yes, you could end up completely disabling your underlying Linux OS if somehow you ever do actually end up removing that version, so it's important to know exctly what's triggering that.

We always install ClamAV from scratch, and you'll need to make sure your exim.conf file calls ClamAV as it expects to be called.

Jeff

One quick note to add:

I've seen the error rise (again), and it is a problem in the /etc/clamd.conf .
The entry of:


# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd


Is commented out.

so you need to uncomment the line:


LocalSocket /tmp/clamd

(Remove the # from the beginning of the line) and then restart clamd.

I don't know why it is not showing with the # sign.

Usually the update.script does a complete installation, but I've seen sometimes a problem with that entry.
HTH

-Alon.
 
I noticed /etc/clamd.conf is overwritten everytime you upgrade (it's a compile from source), since 0.96

Also noticed that a restart of clamd will not kill freshclam, so you'll end up with two freshclam pids.

Below some code when using update.script I make myself sure I clean the dir, since update.script changes it structure often.

Code:
rm -rf /usr/local/updatescript/*; cd /usr/local/updatescript; wget http://tools.web4host.net/update.script; chmod 755 update.script

cd /usr/local/updatescript; ./update.script CLEAN; ./update.script UPDATEME; cd /usr/local/updatescript; ./update.script CLAMAV

perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf; killall -9 freshclam; /etc/init.d/clamd restart; tail -f /var/log/exim/mainlog
 
I noticed /etc/clamd.conf is overwritten everytime you upgrade (it's a compile from source), since 0.96

Also noticed that a restart of clamd will not kill freshclam, so you'll end up with two freshclam pids.

Below some code when using update.script I make myself sure I clean the dir, since update.script changes it structure often.

Code:
rm -rf /usr/local/updatescript/*; cd /usr/local/updatescript; wget http://tools.web4host.net/update.script; chmod 755 update.script

cd /usr/local/updatescript; ./update.script CLEAN; ./update.script UPDATEME; cd /usr/local/updatescript; ./update.script CLAMAV

perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf; killall -9 freshclam; /etc/init.d/clamd restart; tail -f /var/log/exim/mainlog

Good call on the freshclam double process, I also had this, forgot to mentioned it. I'll shoot Wael a msg to incorporate it if possible into the update.script.

thanks,

-Alon.
 
I noticed /etc/clamd.conf is overwritten everytime you upgrade (it's a compile from source), since 0.96

Also noticed that a restart of clamd will not kill freshclam, so you'll end up with two freshclam pids.

Below some code when using update.script I make myself sure I clean the dir, since update.script changes it structure often.

Code:
rm -rf /usr/local/updatescript/*; cd /usr/local/updatescript; wget http://tools.web4host.net/update.script; chmod 755 update.script

cd /usr/local/updatescript; ./update.script CLEAN; ./update.script UPDATEME; cd /usr/local/updatescript; ./update.script CLAMAV

perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf; killall -9 freshclam; /etc/init.d/clamd restart; tail -f /var/log/exim/mainlog

ya this good if you want use LocalSocket /tmp/clamd only
my script ready for 127.0.0.1:3310

so in exim.conf you can use
av_scanner = 127.0.0.1:3310
if you use
Code:
perl -pi -e 's/#LocalSocket/LocalSocket/' /etc/clamd.conf
av_scanner = /tmp/clamd

my script ready for 127.0.0.1:3310 and this good for scan file in ftp with clamav ;)

Wael
 
why freshclam double ?
cuz i cant use killall freshclam -9 in freshclam script
if and one edit freshclam script with killall freshclam script kill them self too.
only use freshclam script for start freshclam if down.
ill try to fix both script clamd and freshclam soon.

thanks again Alon
 
Last edited:
Back
Top