Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Amavis + ClamAV can't connect to socket
clamav-users at lists
Apr 23, 2023, 5:47 AM
Post #1 of 7 (387 views)
Permalink
I finally got Amavis working without ClamAV working after moving to Fedora
38.

I'm trying to implement ClamAV for scanning incoming mail.

I tested ClamAV standalone and it works.

Out of the box, I got this error and haven't been able to change the
behavior:

Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)connect to
/run/clamd.scan/clamd.sock failed, attempt #1: Can't connect to a UNIX
socket /run/clamd.scan/clamd.sock: Permission denied
Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)ClamAV-clamd: All attempts
(1) failed connecting to /run/clamd.scan/clamd.sock, retrying (2)

Info:

# ls -al /run/clamd.amavisd/
total 4
drwxrwx--- 2 amavis clamupdate 80 Apr 22 10:22 .
drwxr-xr-x 52 root root 1480 Apr 22 10:07 ..
-rw-r--r-- 1 root root 6 Apr 22 10:21 clamd.pid
srw-rw-rw- 1 amavis amavis 0 Apr 22 10:22 clamd.sock

ls -al /run/clamd.scan/
total 0
drwxrwx--- 2 clamscan virusgroup 40 Apr 22 05:29 .
drwxr-xr-x 52 root root 1480 Apr 22

I've changed Amavisd.conf in /etc/clamd.d

Original file had
TCPSocket 3310
User Clamscan

I tried commenting out TCPSocket and user Amavis to no avail.

Additional: On Clamd@scan:

pr 23 06:46:06 mcq clamd[12680]: Loaded 8662532 signatures.
Apr 23 06:46:10 mcq clamd[12680]: TCP: Cannot bind to []:3310: Address
already in use
Apr 23 06:46:10 mcq clamd[12680]: TCP: Cannot bind to []:3310: Address
already in use
Apr 23 06:46:10 mcq clamd[12680]: LOCAL: Socket file
/run/clamd.scan/clamd.sock is in use by another process.
Apr 23 06:46:10 mcq clamd[12685]: Received 0 file descriptor(s) from
systemd.
Apr 23 06:46:10 mcq clamd[12685]: clamd daemon 1.0.1 (OS: Linux, ARCH:
x86_64, CPU: x86_64)
Apr 23 06:46:10 mcq clamd[12685]: Log file size limited to 2097152 bytes.
Apr 23 06:46:10 mcq clamd[12685]: Reading databases from /var/lib/clamav
Apr 23 06:46:10 mcq clamd[12685]: Not loading PUA signatures.
Apr 23 06:46:10 mcq clamd[12685]: Not loading phishing signatures.
Apr 23 06:46:10 mcq clamd[12685]: Bytecode: Security mode set to
"TrustSigned".
Apr 23 06:46:10 mcq clamd[12685]: Disabling URL based phishing detection.


# stat /run/clamd.scan/

File: /run/clamd.scan/
Size: 40 Blocks: 0 IO Block: 4096 directory
Device: 0,25 Inode: 1568 Links: 2
Access: (0710/drwx--x---) Uid: ( 981/clamscan) Gid: ( 974/virusgroup)
Access: 2023-04-23 08:22:44.511473195 -0400
Modify: 2023-04-23 06:55:52.128161474 -0400
Change: 2023-04-23 06:55:52.128161474 -0400
Birth: 2023-04-23 05:21:39.015948197 -0400


cat clamd@scan.service
[Unit]
Description = clamd scanner (%i) daemon
Documentation=man:clamd(8) man:clamd.conf(5)
https://www.clamav.net/documents/
After = syslog.target nss-lookup.target network.target

[Service]
Type = forking
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/%i.conf
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
Restart = on-failure
TimeoutStartSec=420

[Install]
WantedBy = multi-user.target


Clam based services running is clam-freshclam, clamav-freshclam, clamd,
clamd@amavisd, clamd@scan

Where did I go wrong???


Regards,

Wayne



_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Amavis + ClamAV can't connect to socket [ In reply to ]
clamav-users at lists
Apr 23, 2023, 11:10 PM
Post #2 of 7 (386 views)
Permalink
> Out of the box, I got this error and haven't been able to change the
> behavior:
>
> Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)connect to
> /run/clamd.scan/clamd.sock failed, attempt #1: Can't connect to a UNIX
> socket /run/clamd.scan/clamd.sock: Permission denied
> Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)ClamAV-clamd: All attempts
> (1) failed connecting to /run/clamd.scan/clamd.sock, retrying (2)

A Fedora 38 Amavis+ClamAV setup does not use "ClamAV-clamd" but
"ClamAV-clamdscan" inside [1], which works out-of-the-box with the
clamd@amavisd service in my local test.

[1] /etc/amavisd/amavisd.conf
Re: [clamav-users] Amavis + ClamAV can't connect to socket [ In reply to ]
clamav-users at lists
Apr 24, 2023, 3:14 AM
Post #3 of 7 (385 views)
Permalink
Thank you Damian,



So in Amavisd.conf I have:





@av_scanners_backup = (



### http://www.clamav.net/ - backs up clamd or Mail::ClamAV

['ClamAV-clamscan', 'clamscan',

"--stdout --no-summary -r --tempdir=$TEMPBASE {}",

[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],



# ### http://www.clamav.net/ - using remote clamd scanner as a backup

# ['ClamAV-clamdscan', 'clamdscan',

# "--stdout --no-summary --config-file=/etc/clamd-client.conf {}",

# [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],





Do I remove the quote marks (“) out of the first group?



Do I turn anything else off?





From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Damian via clamav-users
Sent: Monday, April 24, 2023 2:10 AM
To: clamav-users@lists.clamav.net
Cc: Damian <clamav-users@arcsin.de>
Subject: Re: [clamav-users] Amavis + ClamAV can't connect to socket



Out of the box, I got this error and haven't been able to change the
behavior:

Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)connect to
/run/clamd.scan/clamd.sock failed, attempt #1: Can't connect to a UNIX
socket /run/clamd.scan/clamd.sock: Permission denied
Apr 22 10:35:42 mcq amavis[22581]: (22581-01) (!)ClamAV-clamd: All attempts
(1) failed connecting to /run/clamd.scan/clamd.sock, retrying (2)

A Fedora 38 Amavis+ClamAV setup does not use "ClamAV-clamd" but "ClamAV-clamdscan" inside [1], which works out-of-the-box with the clamd@amavisd service in my local test.

[1] /etc/amavisd/amavisd.conf
Re: [clamav-users] Amavis + ClamAV can't connect to socket [ In reply to ]
clamav-users at lists
Apr 24, 2023, 3:40 AM
Post #4 of 7 (385 views)
Permalink
> @av_scanners_backup = (
>
>   ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
>
>   [.'ClamAV-clamscan', 'clamscan',
>
>     "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
>
>     [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>
> # ### http://www.clamav.net/ - using remote clamd scanner as a backup
>
> # ['ClamAV-clamdscan', 'clamdscan',
>
> #   "--stdout --no-summary --config-file=/etc/clamd-client.conf {}",
>
> #   [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>
> Do I remove the quote marks (“) out of the first group?
>
No, the backup scanner is fine. The Fedora-shipped primary scanner
config begins with

> @av_scanners = (
>
> # ClamAV (clamdscan)
> #
> # http://www.clamav.net/
> #
> # This is recommended way to use clamav:
> #
> # * The use of clamd eliminates the startup time associated with loading
> #   the databases into clamscan (without the 'd').
> #
> # * The use of clamdscan eliminates the need for you to know the path to
> #   the clamd communication socket or its low-level protocol details.
> #
> # * The --fdpass option opens the files to be scanned as the amavis user,
> #   but then scans them as the clamav user. This avoids the permission
> #   problems that result when you ask clamd to scan the files itself.
> #
> # * By dropping the --fdpass option, this command is easily adapted for
> #   use with a network socket (clamd running elsewhere).
> #
>   [.'ClamAV-clamdscan', 'clamdscan',
>    "--config-file=/etc/clamd.d/amavisd.conf --fdpass --stdout
> --no-summary {}",
>    [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
>
> # ### http://www.clamav.net/ and CPAN  (memory-hungry! clamd is preferred)

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Amavis + ClamAV can't connect to socket [ In reply to ]
clamav-users at lists
Apr 24, 2023, 3:47 AM
Post #5 of 7 (385 views)
Permalink
You are a genius, thank you Damian.

Does Freshclam run its self and if so, which service should be running Clam-Freshclam or Clamav-Freshclam?

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Damian via clamav-users
Sent: Monday, April 24, 2023 6:40 AM
To: clamav-users@lists.clamav.net
Cc: Damian <clamav-users@arcsin.de>
Subject: Re: [clamav-users] Amavis + ClamAV can't connect to socket

> @av_scanners_backup = (
>
> ### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
>
> [.'ClamAV-clamscan', 'clamscan',
>
> "--stdout --no-summary -r --tempdir=$TEMPBASE {}",
>
> [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m
> ],
>
> # ### http://www.clamav.net/ - using remote clamd scanner as a backup
>
> # ['ClamAV-clamdscan', 'clamdscan',
>
> # "--stdout --no-summary --config-file=/etc/clamd-client.conf {}",
>
> # [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m
> ],
>
> Do I remove the quote marks (“) out of the first group?
>
No, the backup scanner is fine. The Fedora-shipped primary scanner config begins with

> @av_scanners = (
>
> # ClamAV (clamdscan)
> #
> # http://www.clamav.net/
> #
> # This is recommended way to use clamav:
> #
> # * The use of clamd eliminates the startup time associated with
> loading # the databases into clamscan (without the 'd').
> #
> # * The use of clamdscan eliminates the need for you to know the path
> to # the clamd communication socket or its low-level protocol details.
> #
> # * The --fdpass option opens the files to be scanned as the amavis
> user, # but then scans them as the clamav user. This avoids the
> permission # problems that result when you ask clamd to scan the files itself.
> #
> # * By dropping the --fdpass option, this command is easily adapted
> for # use with a network socket (clamd running elsewhere).
> #
> [.'ClamAV-clamdscan', 'clamdscan',
> "--config-file=/etc/clamd.d/amavisd.conf --fdpass --stdout
> --no-summary {}",
> [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m
> ],
>
> # ### http://www.clamav.net/ and CPAN (memory-hungry! clamd is
> preferred)

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: [clamav-users] Amavis + ClamAV can't connect to socket [ In reply to ]
clamav-users at lists
Apr 24, 2023, 3:56 AM
Post #6 of 7 (385 views)
Permalink
> which service should be running Clam-Freshclam or Clamav-Freshclam?
I only see a clamav-freshclam.service
Re: [clamav-users] Amavis + ClamAV can't connect to socket [ In reply to ]
clamav-users at lists
Apr 24, 2023, 3:59 AM
Post #7 of 7 (385 views)
Permalink
Thank you



From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Damian via clamav-users
Sent: Monday, April 24, 2023 6:56 AM
To: clamav-users@lists.clamav.net
Cc: Damian <clamav-users@arcsin.de>
Subject: Re: [clamav-users] Amavis + ClamAV can't connect to socket



which service should be running Clam-Freshclam or Clamav-Freshclam?

I only see a clamav-freshclam.service

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal