?
Solved

Clamd was NOT notified: ... connect(): Connection refused

Posted on 2014-03-17
13
Medium Priority
?
1,969 Views
Last Modified: 2014-03-20
I've just installed CLAMAV on Linux. freshclam gives me the message:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused

Why?

ls -l /var/run/clam*
srw-rw---- 1 root root 0 2014-03-15 02:50 /var/run/clamav-milter.socket=
srw-rw-rw- 1 root root 0 2014-03-15 02:47 /var/run/clamd.socket=

Open in new window

0
Comment
Question by:jmarkfoley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 39936146
You get Connection refused (ECONNREFUSED) when no-one is listening on the remote address. Could it be that Clamd is not running? (or clamd, not sure of capitalization)
0
 
LVL 64

Accepted Solution

by:
btan earned 860 total points
ID: 39936724
It seems similar to this forum sharing as it also started off to run the ps -ef|grep clamd to see if clamd is running, later drill down to patch is not latest and causing the issue. The troubleshooting step in the forum can be useful leads

http://www.linuxquestions.org/questions/linux-server-73/can%27t-connect-to-unix-socket-var-run-clamav-clamd-ctl-connection-refused-856847/

...needed to update the clamav-daemon (clamd) in addition to updating clamav.

Then run apt-get update; apt-get install clamav
If you need clamd, you may also want to run apt-get install clamav-daemon

Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39937272
clamd is running and is trapping viruses. I'll check out the Linux questions link and reinstall the latest version of clamd and see if that fixes the problem.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 568 total points
ID: 39940579
usually there is some script to run freshclam as good user to update virus data and notify virus...
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39940630
> usually there is some script to run freshclam as good user to update virus data and notify virus...

Yes, that is running and freshclam is the one issuing the warning.

Have not had a chance to re-install clamd yet.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39940681
telling which linux and where you got clamav from usually helps, otherwise we can just give general outline on how to approach problem.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941537
Clamav was 0.97.8, I just updated to 0.98.1 from http://www.clamav.net/lang/en/download/sources/

Linux Slackware distro, version 13.37.0, kernel version 2.6.37.6

So, I just got the most recent stable clamav from the above listed site and I still get the message from freshclam:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941552
Wait ... maybe it *is* working. I'll post back after some experimenting.
0
 
LVL 64

Expert Comment

by:btan
ID: 39941554
/var/run/clamd.socket should be an empty file, the clamd process will attach to it and listen for commands. Probably look at your /etc/clamd.conf file, and look for the LocalSocket definition. I am suspecting the file is not probably created or the filename is not correct...

Some of the other may have it as in /var/run/clamav/clamd.sock. So when they do a ls -l on that full path socket file, you will see "srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket. If all is correct, the clamav client (including freshclam) should be able to open this socket when they wish to write (send) commands to the clamd server.... if nothing of this is as mentioned, either the package is buggy else changing path to re-create or verify the .conf to see if it helps

Sometimes may be the clamav and clamd is not started...pls see this
0
 
LVL 35

Assisted Solution

by:Duncan Roe
Duncan Roe earned 572 total points
ID: 39941736
/var/run/clamd.socket should be a socket. That is not the same as an empty file, it is a special kind of file system entity.
Programs that use Unix sockets are duty bound to unlink them on program termination. Should a program crash, this may not get done.
0
 
LVL 64

Expert Comment

by:btan
ID: 39941841
Thanks yap as explain in my earlier sharing

"srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39943417
It is working! I was running freshclam --quiet, so it was not putting any additional message is my stdout/errout log file. I kept looking at an early log when clamd was not running thinking it was the most recent freshclam results!
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 39943429
Thanks all
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question