Solved

Clamd was NOT notified: ... connect(): Connection refused

Posted on 2014-03-17
13
1,845 Views
Last Modified: 2014-03-20
I've just installed CLAMAV on Linux. freshclam gives me the message:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused

Why?

ls -l /var/run/clam*
srw-rw---- 1 root root 0 2014-03-15 02:50 /var/run/clamav-milter.socket=
srw-rw-rw- 1 root root 0 2014-03-15 02:47 /var/run/clamd.socket=

Open in new window

0
Comment
Question by:jmarkfoley
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 34

Expert Comment

by:Duncan Roe
ID: 39936146
You get Connection refused (ECONNREFUSED) when no-one is listening on the remote address. Could it be that Clamd is not running? (or clamd, not sure of capitalization)
0
 
LVL 63

Accepted Solution

by:
btan earned 215 total points
ID: 39936724
It seems similar to this forum sharing as it also started off to run the ps -ef|grep clamd to see if clamd is running, later drill down to patch is not latest and causing the issue. The troubleshooting step in the forum can be useful leads

http://www.linuxquestions.org/questions/linux-server-73/can%27t-connect-to-unix-socket-var-run-clamav-clamd-ctl-connection-refused-856847/

...needed to update the clamav-daemon (clamd) in addition to updating clamav.

Then run apt-get update; apt-get install clamav
If you need clamd, you may also want to run apt-get install clamav-daemon

Once I upgraded clamd to the latest version and reset everything back to normal, it appears to be working fine now.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39937272
clamd is running and is trapping viruses. I'll check out the Linux questions link and reinstall the latest version of clamd and see if that fixes the problem.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 142 total points
ID: 39940579
usually there is some script to run freshclam as good user to update virus data and notify virus...
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39940630
> usually there is some script to run freshclam as good user to update virus data and notify virus...

Yes, that is running and freshclam is the one issuing the warning.

Have not had a chance to re-install clamd yet.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39940681
telling which linux and where you got clamav from usually helps, otherwise we can just give general outline on how to approach problem.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941537
Clamav was 0.97.8, I just updated to 0.98.1 from http://www.clamav.net/lang/en/download/sources/

Linux Slackware distro, version 13.37.0, kernel version 2.6.37.6

So, I just got the most recent stable clamav from the above listed site and I still get the message from freshclam:

WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamd.socket
connect(): Connection refused
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39941552
Wait ... maybe it *is* working. I'll post back after some experimenting.
0
 
LVL 63

Expert Comment

by:btan
ID: 39941554
/var/run/clamd.socket should be an empty file, the clamd process will attach to it and listen for commands. Probably look at your /etc/clamd.conf file, and look for the LocalSocket definition. I am suspecting the file is not probably created or the filename is not correct...

Some of the other may have it as in /var/run/clamav/clamd.sock. So when they do a ls -l on that full path socket file, you will see "srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket. If all is correct, the clamav client (including freshclam) should be able to open this socket when they wish to write (send) commands to the clamd server.... if nothing of this is as mentioned, either the package is buggy else changing path to re-create or verify the .conf to see if it helps

Sometimes may be the clamav and clamd is not started...pls see this
0
 
LVL 34

Assisted Solution

by:Duncan Roe
Duncan Roe earned 143 total points
ID: 39941736
/var/run/clamd.socket should be a socket. That is not the same as an empty file, it is a special kind of file system entity.
Programs that use Unix sockets are duty bound to unlink them on program termination. Should a program crash, this may not get done.
0
 
LVL 63

Expert Comment

by:btan
ID: 39941841
Thanks yap as explain in my earlier sharing

"srw-rw-rw-"... Notice the leading "s" in the ls output indicating that it is a socket.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39943417
It is working! I was running freshclam --quiet, so it was not putting any additional message is my stdout/errout log file. I kept looking at an early log when clamd was not running thinking it was the most recent freshclam results!
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 39943429
Thanks all
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question