Mailing List Archive

ClamClient errors
Hello,

Any idea why I get these error messages over and over?
Running on standalone RHEL8 server.

ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
ClamClient: Connection to clamd re-established.
ClamMisc: Unexpected issue; Daemon failed to scan: various file names





Thanks,
Jeff Hoevenaar
Re: ClamClient errors [ In reply to ]
Hi there,

On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:

> Any idea why I get these error messages over and over?
> Running on standalone RHEL8 server.
>
> ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
> ClamClient: Connection to clamd re-established.
> ClamMisc: Unexpected issue; Daemon failed to scan: various file names

What is ClamClient?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
ClamClient errors [ In reply to ]
ClamClient appears in the clamonacc log file.

I am running clamd and clamonacc.

Thanks,
Jeff Hoevenaar

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: Thursday, June 3, 2021 11:00 AM
To: Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: EXT: Re: [clamav-users] ClamClient errors

Hi there,

On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:

> Any idea why I get these error messages over and over?
> Running on standalone RHEL8 server.
>
> ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
> ClamClient: Connection to clamd re-established.
> ClamMisc: Unexpected issue; Daemon failed to scan: various file names

What is ClamClient?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamClient errors [ In reply to ]
Hello again,

On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:
> G.W. Haywood wrote:
> > On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:
> >
> >> Any idea why I get these error messages over and over?
> >> Running on standalone RHEL8 server.
> >>
> >> ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
> >> ClamClient: Connection to clamd re-established.
> >> ClamMisc: Unexpected issue; Daemon failed to scan: various file names
> >
> > What is ClamClient?
>
> ClamClient appears in the clamonacc log file.
>
> I am running clamd and clamonacc.

Ah - disclaimer: I don't use on-access scanning so I'm groping a bit.

Have you set

OnAccessRetryAttempts

in clamd.conf? It defaults to zero, and you might just get away with
it if you set it to some low value. But it seems to me that there may
be more than one issue. Have you checked whether the clamd daemon is
running reliably? That would be my first concern, as it takes quite a
while for it to start up - and if for some reason it dies frequently
while you're doing a filesystem scan or if you're scanning many files
on access then you might expect failures while it's starting back up.
Having said that, I've found clamd extremely reliable, at least in the
ways that I use it (purely for scanning mail, which is nothing like so
intensively as scanning filesystems, nor even as on-access scanning in
an active filesystem).

It would probably help if we could see your configuration. What parts
of the filesystem are you scanning on access? Are you scanning both
on-access and (concurrently) otherwise?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
ClamClient errors [ In reply to ]
I modified this: OnAccessRetryAttempts 3

On Access is running. Not running any other scans currently.

# ps -ef|grep clam
clamscan 286345 1 13 13:35 ? 00:00:55 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 286357 1 0 13:35 ? 00:00:02 /usr/sbin/clamonacc --fdpass --log=/var/log/clamonacc -F --config-file=/etc/clamd.d/scan.conf --move=/var/tmp/clamav-quarantine


[root@rhel8avtest log]# cd /etc/clamd.d/
[root@rhel8avtest clamd.d]# pwd
/etc/clamd.d
[root@rhel8avtest clamd.d]# cat scan.conf|grep -v ^#|grep -v ^$
LogSyslog yes
LogVerbose no
LogRotate yes
LocalSocket /run/clamd.scan/clamd.sock
ReadTimeout 300
CommandReadTimeout 120
CrossFilesystems no
User clamscan
OnAccessMountPath /
OnAccessMountPath /boot
OnAccessMountPath /home
OnAccessMountPath /opt
OnAccessMountPath /tmp
OnAccessMountPath /var
OnAccessMountPath /var/tmp
OnAccessMountPath /var/log
OnAccessMountPath /var/log/audit
OnAccessExcludeUname clamscan
OnAccessRetryAttempts 3

Thanks,
Jeff Hoevenaar

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of G.W. Haywood via clamav-users
Sent: Thursday, June 3, 2021 1:11 PM
To: Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: EXT: Re: [clamav-users] ClamClient errors

Hello again,

On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:
> G.W. Haywood wrote:
> > On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:
> >
> >> Any idea why I get these error messages over and over?
> >> Running on standalone RHEL8 server.
> >>
> >> ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
> >> ClamClient: Connection to clamd re-established.
> >> ClamMisc: Unexpected issue; Daemon failed to scan: various file
> >> names
> >
> > What is ClamClient?
>
> ClamClient appears in the clamonacc log file.
>
> I am running clamd and clamonacc.

Ah - disclaimer: I don't use on-access scanning so I'm groping a bit.

Have you set

OnAccessRetryAttempts

in clamd.conf? It defaults to zero, and you might just get away with it if you set it to some low value. But it seems to me that there may be more than one issue. Have you checked whether the clamd daemon is running reliably? That would be my first concern, as it takes quite a while for it to start up - and if for some reason it dies frequently while you're doing a filesystem scan or if you're scanning many files on access then you might expect failures while it's starting back up.
Having said that, I've found clamd extremely reliable, at least in the ways that I use it (purely for scanning mail, which is nothing like so intensively as scanning filesystems, nor even as on-access scanning in an active filesystem).

It would probably help if we could see your configuration. What parts of the filesystem are you scanning on access? Are you scanning both on-access and (concurrently) otherwise?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: ClamClient errors [ In reply to ]
Hello again,

On Thu, 3 Jun 2021, Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users wrote:

> # ps -ef|grep clam
> clamscan 286345 1 13 13:35 ? 00:00:55 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
> root 286357 1 0 13:35 ? 00:00:02 /usr/sbin/clamonacc --fdpass --log=/var/log/clamonacc -F --config-file=/etc/clamd.d/scan.conf --move=/var/tmp/clamav-quarantine

Hopefully you'll see the same PIDs until you deliberately restart the daemons.

> ... cat scan.conf|grep -v ^#|grep -v ^$
> ...
> OnAccessMountPath /

Are you *sure* you want to do that?

> ...
> OnAccessMountPath /var
> OnAccessMountPath /var/tmp
> OnAccessMountPath /var/log
> OnAccessMountPath /var/log/audit
> ...

Are these four separate filesystems? If they're all on the same
filesystem at least three of those lines would seem to be superfluous.

Again, I'd urge caution in what you require of the scanner. Although
it's not impossible that criminals might seek to hide malicious things
in some of those places, if they do that they'll probably also make
sure you (and clamd) can't see them. It really isn't likely that your
logs will pose any great threat; they're constantly being written, and
clamd will be working overtime on them for probably no added value.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml