Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Clamd was NOT notified: ... connect(): Connection refused

Posted on 2014-03-17
13
Medium Priority
?
2,072 Views
Last Modified: 2014-03-20
I've just installed CLAMAV on Linux. freshclam gives me the message:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused

Why?

ls -l /var/run/clam*
srw-rw---- 1 root root 0 2014-03-15 02:50 /var/run/clamav-milter.socket=
srw-rw-rw- 1 root root 0 2014-03-15 02:47 /var/run/clamd.socket=

Open in new window

0
Comment
Question by:jmarkfoley
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 39936146
You get Connection refused (ECONNREFUSED) when no-one is listening on the remote address. Could it be that Clamd is not running? (or clamd, not sure of capitalization)
0
 
LVL 65

Accepted Solution

by:
btan earned 860 total points
ID: 39936724
It seems similar to this forum sharing as it also started off to run the ps -ef|grep clamd to see if clamd is running, later drill down to patch is not latest and causing the issue. The troubleshooting step in the forum can be useful leads

http://www.linuxquestions.org/questions/linux-server-73/can%27t-connect-to-unix-socket-var-run-clamav-clamd-ctl-connection-refused-856847/

...needed to update the clamav-daemon (clamd) in addition to updating clamav.

Then run apt-get update; apt-get install clamav
If you need clamd, you may also want to run apt-get install clamav-daemon

Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39937272
clamd is running and is trapping viruses. I'll check out the Linux questions link and reinstall the latest version of clamd and see if that fixes the problem.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 568 total points
ID: 39940579
usually there is some script to run freshclam as good user to update virus data and notify virus...
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39940630
> usually there is some script to run freshclam as good user to update virus data and notify virus...

Yes, that is running and freshclam is the one issuing the warning.

Have not had a chance to re-install clamd yet.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39940681
telling which linux and where you got clamav from usually helps, otherwise we can just give general outline on how to approach problem.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941537
Clamav was 0.97.8, I just updated to 0.98.1 from http://www.clamav.net/lang/en/download/sources/

Linux Slackware distro, version 13.37.0, kernel version 2.6.37.6

So, I just got the most recent stable clamav from the above listed site and I still get the message from freshclam:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941552
Wait ... maybe it *is* working. I'll post back after some experimenting.
0
 
LVL 65

Expert Comment

by:btan
ID: 39941554
/var/run/clamd.socket should be an empty file, the clamd process will attach to it and listen for commands. Probably look at your /etc/clamd.conf file, and look for the LocalSocket definition. I am suspecting the file is not probably created or the filename is not correct...

Some of the other may have it as in /var/run/clamav/clamd.sock. So when they do a ls -l on that full path socket file, you will see "srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket. If all is correct, the clamav client (including freshclam) should be able to open this socket when they wish to write (send) commands to the clamd server.... if nothing of this is as mentioned, either the package is buggy else changing path to re-create or verify the .conf to see if it helps

Sometimes may be the clamav and clamd is not started...pls see this
0
 
LVL 35

Assisted Solution

by:Duncan Roe
Duncan Roe earned 572 total points
ID: 39941736
/var/run/clamd.socket should be a socket. That is not the same as an empty file, it is a special kind of file system entity.
Programs that use Unix sockets are duty bound to unlink them on program termination. Should a program crash, this may not get done.
0
 
LVL 65

Expert Comment

by:btan
ID: 39941841
Thanks yap as explain in my earlier sharing

"srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39943417
It is working! I was running freshclam --quiet, so it was not putting any additional message is my stdout/errout log file. I kept looking at an early log when clamd was not running thinking it was the most recent freshclam results!
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 39943429
Thanks all
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Fine Tune your automatic Updates for Ubuntu / Debian
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question