Solved

Clamd was NOT notified: ... connect(): Connection refused

Posted on 2014-03-17
13
1,732 Views
Last Modified: 2014-03-20
I've just installed CLAMAV on Linux. freshclam gives me the message:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused

Why?

ls -l /var/run/clam*
srw-rw---- 1 root root 0 2014-03-15 02:50 /var/run/clamav-milter.socket=
srw-rw-rw- 1 root root 0 2014-03-15 02:47 /var/run/clamd.socket=

Open in new window

0
Comment
Question by:jmarkfoley
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39936146
You get Connection refused (ECONNREFUSED) when no-one is listening on the remote address. Could it be that Clamd is not running? (or clamd, not sure of capitalization)
0
 
LVL 61

Accepted Solution

by:
btan earned 215 total points
ID: 39936724
It seems similar to this forum sharing as it also started off to run the ps -ef|grep clamd to see if clamd is running, later drill down to patch is not latest and causing the issue. The troubleshooting step in the forum can be useful leads

http://www.linuxquestions.org/questions/linux-server-73/can%27t-connect-to-unix-socket-var-run-clamav-clamd-ctl-connection-refused-856847/

...needed to update the clamav-daemon (clamd) in addition to updating clamav.

Then run apt-get update; apt-get install clamav
If you need clamd, you may also want to run apt-get install clamav-daemon

Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39937272
clamd is running and is trapping viruses. I'll check out the Linux questions link and reinstall the latest version of clamd and see if that fixes the problem.
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 142 total points
ID: 39940579
usually there is some script to run freshclam as good user to update virus data and notify virus...
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39940630
> usually there is some script to run freshclam as good user to update virus data and notify virus...

Yes, that is running and freshclam is the one issuing the warning.

Have not had a chance to re-install clamd yet.
0
 
LVL 61

Expert Comment

by:gheist
ID: 39940681
telling which linux and where you got clamav from usually helps, otherwise we can just give general outline on how to approach problem.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941537
Clamav was 0.97.8, I just updated to 0.98.1 from http://www.clamav.net/lang/en/download/sources/

Linux Slackware distro, version 13.37.0, kernel version 2.6.37.6

So, I just got the most recent stable clamav from the above listed site and I still get the message from freshclam:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941552
Wait ... maybe it *is* working. I'll post back after some experimenting.
0
 
LVL 61

Expert Comment

by:btan
ID: 39941554
/var/run/clamd.socket should be an empty file, the clamd process will attach to it and listen for commands. Probably look at your /etc/clamd.conf file, and look for the LocalSocket definition. I am suspecting the file is not probably created or the filename is not correct...

Some of the other may have it as in /var/run/clamav/clamd.sock. So when they do a ls -l on that full path socket file, you will see "srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket. If all is correct, the clamav client (including freshclam) should be able to open this socket when they wish to write (send) commands to the clamd server.... if nothing of this is as mentioned, either the package is buggy else changing path to re-create or verify the .conf to see if it helps

Sometimes may be the clamav and clamd is not started...pls see this
0
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 143 total points
ID: 39941736
/var/run/clamd.socket should be a socket. That is not the same as an empty file, it is a special kind of file system entity.
Programs that use Unix sockets are duty bound to unlink them on program termination. Should a program crash, this may not get done.
0
 
LVL 61

Expert Comment

by:btan
ID: 39941841
Thanks yap as explain in my earlier sharing

"srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39943417
It is working! I was running freshclam --quiet, so it was not putting any additional message is my stdout/errout log file. I kept looking at an early log when clamd was not running thinking it was the most recent freshclam results!
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 39943429
Thanks all
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now