Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] CLAMAD - Connecting to socket failed
clamav-users at lists
Apr 27, 2021, 3:17 AM
Post #1 of 6 (668 views)
Permalink
Hello everyone,

I have installed clamav for use with samba vfs virus filter.
I want to be able to scan files as soon as they are opened.

Operating System: CentOS Linux release 7.9.2009 (Core)

The clamd@scan and smb services have no errors at boot time.

As soon as a file is opened, an error appears in the logs and the file is not scanned :

# samba_audit.log
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 10:36:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680,  0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 10:36:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed

# clamd.log
Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND
Apr 27 10:32:16 X clamd[8433]: Consumed entire command
Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Finished scanthread
Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8

# smbd.log
Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710,  0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log)
Apr 27 10:31:22 X smbd[8446]:  do_log() failed to get vfs_handle->data!

The socket clamd is good :

[root@X ~]# netstat --listen
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags       Type       State         I-Node   Chemin
unix  2      [ ACC ]     STREAM     LISTENING     32185    /run/clamd.scan/clamd.sock

Do you have any ideas please?
Thank you in advance !

Best Regards,
Zami3l

Attached Files:

Re: [clamav-users] CLAMAD - Connecting to socket failed [ In reply to ]
eero.volotinen at iki
Apr 27, 2021, 3:29 AM
Post #2 of 6 (668 views)
Permalink
is the clamdscan working correctly? what is selinux status? is it running
on permissive mode?

Eero

On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hello everyone,
>
> I have installed clamav for use with samba vfs virus filter.
> I want to be able to scan files as soon as they are opened.
>
> Operating System: CentOS Linux release 7.9.2009 (Core)
>
> The clamd@scan and smb services have no errors at boot time.
>
> As soon as a file is opened, an error appears in the logs and the file is
> not scanned :
>
> # samba_audit.log
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: %: Aucun fichier ou dossier de ce type
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/matrice.xlsx: Initializing scanner failed
>
> # clamd.log
> Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx
> (95, 5), argument: /data/smb2/matrice.xlsx
> Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
> Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer
> MODE_COMMAND
> Apr 27 10:32:16 X clamd[8433]: Consumed entire command
> Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: Finished scanthread
> Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8
>
> # smbd.log
> Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446]
> ../../source3/modules/vfs_full_audit.c:624(do_log)
> Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data!
>
> The socket clamd is good :
>
> [root@X ~]# netstat --listen
> Sockets du domaine UNIX actives(seulement serveurs)
> Proto RefCnt Flags Type State I-Node Chemin
> unix 2 [ ACC ] STREAM LISTENING 32185
> /run/clamd.scan/clamd.sock
>
> Do you have any ideas please?
> Thank you in advance !
>
> Best Regards,
> Zami3l
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] CLAMAD - Connecting to socket failed [ In reply to ]
clamav-users at lists
Apr 27, 2021, 6:46 AM
Post #3 of 6 (667 views)
Permalink
Selinux is disabled.

No problem with clamdscan when I run a scan.

I performed further testing and noticed that:

If I restart clamdscan and then smb everything seems to work.
For example, if I try to open eicar.com (test virus), it detects malware and removes it.
I can then easily open xls, doc, etc. files. Everything is correct.

However, after a few minutes of use, for no apparent reason, I get this in the smb logs:

Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed

After that, nothing works anymore. I am then forced to restart smb.

So the problem seems to become with samba and vfs_virusfilter.....

Thank you for answer.

Best Regards,
Zami3l

April 27, 2021 12:29:08 PM CEST Eero Volotinen <eero.volotinen@iki.fi> wrote:
is the clamdscan working correctly? what is selinux status? is it running on permissive mode?

Eero

On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <clamav-users@lists.clamav.net> wrote:

Hello everyone,

I have installed clamav for use with samba vfs virus filter.
I want to be able to scan files as soon as they are opened.

Operating System: CentOS Linux release 7.9.2009 (Core)

The clamd@scan and smb services have no errors at boot time.

As soon as a file is opened, an error appears in the logs and the file is not scanned :

# samba_audit.log
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 10:36:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680,  0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 10:36:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed

# clamd.log
Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND
Apr 27 10:32:16 X clamd[8433]: Consumed entire command
Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: lstat() failed on: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: Finished scanthread
Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8

# smbd.log
Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710,  0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log)
Apr 27 10:31:22 X smbd[8446]:  do_log() failed to get vfs_handle->data!

The socket clamd is good :

[root@X ~]# netstat --listen
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags       Type       State         I-Node   Chemin
unix  2      [ ACC ]     STREAM     LISTENING     32185    /run/clamd.scan/clamd.sock

Do you have any ideas please?
Thank you in advance !

Best Regards,
Zami3l
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] CLAMAD - Connecting to socket failed [ In reply to ]
eero.volotinen at iki
Apr 27, 2021, 6:56 AM
Post #4 of 6 (667 views)
Permalink
Is there enough memory on server?

check out the clamd* logs.

Eero

On Tue, Apr 27, 2021 at 4:47 PM Zami3l via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Selinux is disabled.
>
> No problem with clamdscan when I run a scan.
>
> I performed further testing and noticed that:
>
> If I restart clamdscan and then smb everything seems to work.
> For example, if I try to open eicar.com (test virus), it detects malware
> and removes it.
> I can then easily open xls, doc, etc. files. Everything is correct.
>
> However, after a few minutes of use, for no apparent reason, I get this in
> the smb logs:
>
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
>
> After that, nothing works anymore. I am then forced to restart smb.
>
> So the problem seems to become with samba and vfs_virusfilter.....
>
> Thank you for answer.
>
> Best Regards,
> Zami3l
>
>
> April 27, 2021 12:29:08 PM CEST Eero Volotinen <eero.volotinen@iki.fi>
> wrote:
>
> is the clamdscan working correctly? what is selinux status? is it running
> on permissive mode?
>
> Eero
>
> On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Hello everyone,
>
> I have installed clamav for use with samba vfs virus filter.
> I want to be able to scan files as soon as they are opened.
>
> Operating System: CentOS Linux release 7.9.2009 (Core)
>
> The clamd@scan and smb services have no errors at boot time.
>
> As soon as a file is opened, an error appears in the logs and the file is
> not scanned :
>
> # samba_audit.log
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: %: Aucun fichier ou dossier de ce type
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/matrice.xlsx: Initializing scanner failed
>
> # clamd.log
> Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx
> (95, 5), argument: /data/smb2/matrice.xlsx
> Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
> Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer
> MODE_COMMAND
> Apr 27 10:32:16 X clamd[8433]: Consumed entire command
> Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: lstat() failed on: /data/smb2/matrice.xlsx
> Apr 27 10:32:16 X clamd[8433]: Finished scanthread
> Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8
>
> # smbd.log
> Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446]
> ../../source3/modules/vfs_full_audit.c:624(do_log)
> Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data!
>
> The socket clamd is good :
>
> [root@X ~]# netstat --listen
> Sockets du domaine UNIX actives(seulement serveurs)
> Proto RefCnt Flags Type State I-Node Chemin
> unix 2 [ ACC ] STREAM LISTENING 32185
> /run/clamd.scan/clamd.sock
>
> Do you have any ideas please?
> Thank you in advance !
>
> Best Regards,
> Zami3l
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] CLAMAD - Connecting to socket failed [ In reply to ]
clamav-users at lists
Apr 27, 2021, 7:36 AM
Post #5 of 6 (667 views)
Permalink
Yes, I think so

RAM 2Go and Swap 4Go

There are only interesting things in the smb logs.Nothing special in those of clamd :(

Thank you for answer.

Best Regards,
Zami3l

April 27, 2021 3:56:21 PM CEST Eero Volotinen <eero.volotinen@iki.fi> wrote:
Is there enough memory on server?

check out the clamd* logs.

Eero

On Tue, Apr 27, 2021 at 4:47 PM Zami3l via clamav-users <clamav-users@lists.clamav.net> wrote:

Selinux is disabled.

No problem with clamdscan when I run a scan.

I performed further testing and noticed that:

If I restart clamdscan and then smb everything seems to work.
For example, if I try to open eicar.com (test virus), it detects malware and removes it.
I can then easily open xls, doc, etc. files. Everything is correct.

However, after a few minutes of use, for no apparent reason, I get this in the smb logs:

Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed

After that, nothing works anymore. I am then forced to restart smb.

So the problem seems to become with samba and vfs_virusfilter.....

Thank you for answer.

Best Regards,
Zami3l

April 27, 2021 12:29:08 PM CEST Eero Volotinen <eero.volotinen@iki.fi> wrote:
is the clamdscan working correctly? what is selinux status? is it running on permissive mode?

Eero

On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <clamav-users@lists.clamav.net> wrote:

Hello everyone,

I have installed clamav for use with samba vfs virus filter.
I want to be able to scan files as soon as they are opened.

Operating System: CentOS Linux release 7.9.2009 (Core)

The clamd@scan and smb services have no errors at boot time.

As soon as a file is opened, an error appears in the logs and the file is not scanned :

# samba_audit.log
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 10:36:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680,  0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 10:36:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed

# clamd.log
Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND
Apr 27 10:32:16 X clamd[8433]: Consumed entire command
Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: lstat() failed on: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: Finished scanthread
Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8

# smbd.log
Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710,  0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log)
Apr 27 10:31:22 X smbd[8446]:  do_log() failed to get vfs_handle->data!

The socket clamd is good :

[root@X ~]# netstat --listen
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags       Type       State         I-Node   Chemin
unix  2      [ ACC ]     STREAM     LISTENING     32185    /run/clamd.scan/clamd.sock

Do you have any ideas please?
Thank you in advance !

Best Regards,
Zami3l
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] CLAMAD - Connecting to socket failed [ In reply to ]
eero.volotinen at iki
Apr 27, 2021, 7:40 AM
Post #6 of 6 (667 views)
Permalink
Sorry to say, but 2G is too low memory for clamav. I think it crashes for
out of memory reason.

Upgrade server memory at least to 8G. Memory chips are so cheap..

Eero

On Tue, Apr 27, 2021 at 5:38 PM Zami3l via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Yes, I think so
> RAM 2Go and Swap 4Go
>
> There are only interesting things in the smb logs. Nothing special in
> those of clamd :(
>
> Thank you for answer.
>
> Best Regards,
> Zami3l
>
> April 27, 2021 3:56:21 PM CEST Eero Volotinen <eero.volotinen@iki.fi>
> wrote:
>
> Is there enough memory on server?
>
> check out the clamd* logs.
>
> Eero
>
> On Tue, Apr 27, 2021 at 4:47 PM Zami3l via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Selinux is disabled.
>
> No problem with clamdscan when I run a scan.
>
> I performed further testing and noticed that:
>
> If I restart clamdscan and then smb everything seems to work.
> For example, if I try to open eicar.com (test virus), it detects malware
> and removes it.
> I can then easily open xls, doc, etc. files. Everything is correct.
>
> However, after a few minutes of use, for no apparent reason, I get this in
> the smb logs:
>
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
> Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public
> NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: #020?U: Aucun fichier ou dossier de ce type
> Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732, 0, pid=14938]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
>
> After that, nothing works anymore. I am then forced to restart smb.
>
> So the problem seems to become with samba and vfs_virusfilter.....
>
> Thank you for answer.
>
> Best Regards,
> Zami3l
>
>
> April 27, 2021 12:29:08 PM CEST Eero Volotinen <eero.volotinen@iki.fi>
> wrote:
>
> is the clamdscan working correctly? what is selinux status? is it running
> on permissive mode?
>
> Eero
>
> On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <
> clamav-users@lists.clamav.net> wrote:
>
> Hello everyone,
>
> I have installed clamav for use with samba vfs virus filter.
> I want to be able to scan files as soon as they are opened.
>
> Operating System: CentOS Linux release 7.9.2009 (Core)
>
> The clamd@scan and smb services have no errors at boot time.
>
> As soon as a file is opened, an error appears in the logs and the file is
> not scanned :
>
> # samba_audit.log
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446]
> ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
> Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd:
> Connecting to socket failed: %: Aucun fichier ou dossier de ce type
> Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446]
> ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
> Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error:
> /data/smb2/matrice.xlsx: Initializing scanner failed
>
> # clamd.log
> Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx
> (95, 5), argument: /data/smb2/matrice.xlsx
> Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
> Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer
> MODE_COMMAND
> Apr 27 10:32:16 X clamd[8433]: Consumed entire command
> Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: lstat() failed on: /data/smb2/matrice.xlsx
> Apr 27 10:32:16 X clamd[8433]: Finished scanthread
> Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low
> threshold -> signaling
> Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold
> -> signaling
> Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8
>
> # smbd.log
> Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446]
> ../../source3/modules/vfs_full_audit.c:624(do_log)
> Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data!
>
> The socket clamd is good :
>
> [root@X ~]# netstat --listen
> Sockets du domaine UNIX actives(seulement serveurs)
> Proto RefCnt Flags Type State I-Node Chemin
> unix 2 [ ACC ] STREAM LISTENING 32185
> /run/clamd.scan/clamd.sock
>
> Do you have any ideas please?
> Thank you in advance !
>
> Best Regards,
> Zami3l
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal