ClamAV-clamd: Can't connect to UNIX socket

[rcabana]

I keep seeing this error appear in my logs and after much research cannot find the answer to why it is happening. One posting mentioned file owners. I think these are the mentioned files: clamd.sock, clamd, amavisd. I messed around with some of the files and nothing.

When I email test viruses they are getting rejected and spam is getting tagged **SPAM**

Dec 28 17:34:07 redhat1 amavis[3560]: (03560) (!)ClamAV-clamd: Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory, retrying (2)
Dec 28 17:34:13 redhat1 amavis[3560]: (03560) (!!)ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 55) line 269.
Dec 28 17:34:13 redhat1 amavis[3560]: (03560) (!!)WARN: all primary virus scanners failed, considering backups

When I restart it everything load w/o any errors:

Dec 28 16:42:26 redhat1 clamd[3169]: Daemon started.
Dec 28 16:42:26 redhat1 clamd[3169]: clamd daemon 0.88.7 (OS: linux-gnu, ARCH: i386, CPU: i386)
Dec 28 16:42:26 redhat1 clamd[3169]: Log file size limit disabled.
Dec 28 16:42:26 redhat1 clamd[3169]: Running as user clamav (UID 101, GID 101)
Dec 28 16:42:26 redhat1 clamd[3169]: Reading databases from /var/clamav
Dec 28 16:42:28 redhat1 clamd[3169]: Protecting against 85473 viruses.
Dec 28 16:42:28 redhat1 clamd[3170]: Unix socket file /var/run/clamav/clamd.sock
Dec 28 16:42:28 redhat1 clamd[3170]: Setting connection queue length to 30
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: Archived file size limit set to 10485760 bytes.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: Recursion level limit set to 8.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: Files limit set to 1000.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: Compression ratio limit set to 300.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive support enabled.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: RAR support disabled.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: Blocking encrypted archives.
Dec 28 16:42:28 redhat1 clamd[3170]: Archive: Blocking archives that exceed limits.
Dec 28 16:42:28 redhat1 clamd[3170]: Portable Executable support enabled.
Dec 28 16:42:28 redhat1 clamd[3170]: Detection of broken executables enabled.
Dec 28 16:42:28 redhat1 clamd: clamd startup succeeded
Dec 28 16:42:28 redhat1 clamd[3170]: Mail files support enabled.
Dec 28 16:42:28 redhat1 clamd[3170]: Mail: Recursion level limit set to 64.
Dec 28 16:42:28 redhat1 clamd[3170]: OLE2 support enabled.
Dec 28 16:42:28 redhat1 clamd[3170]: HTML support enabled.
Dec 28 16:42:28 redhat1 clamd[3170]: Self checking every 1800 seconds.

Running: RHEL4; 11.0 RC2

Any thoughts?

Thanks,
Ray

[carlPjohnson]

This will be super easy to fix, simply edit the socket location in the clamd configuration from /var/run/clamav/clamd.sock to /var/run/clamav/clamd OR change the line in the avavis config to match, see below.

** /etc/clamd.conf **

LocalSocket /var/run/clamav/clamd.sock #Must match value in /etc/amavisd.conf

** OR /etc/amavisd.conf **
### http://www.clamav.net/

['ClamAV-clamd',

\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],

qr/\bOK$/, qr/\bFOUND$/,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

[rcabana]

Bingo....that was it

Thanks a bunch!