Two of our servers has problems with clamd, seconds after restarting /usr/local/etc/rc.d/clamav-clamd restart
I get : malware acl condition: clamd: unable to read from socket (Operation timed out) and mail is not sending....

Does anyone have any ideas, please respond.

Thanks,
Robert

What are you using for av_scanner in /etc/exim.conf?

attempt to restart the clamd again then restart exim.

What are you using for av_scanner in /etc/exim.conf?

av_scanner = clamd:/var/run/clamav/clamd

Thanks,
Robert

attempt to restart the clamd again then restart exim.

When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

Suggestions welcome.

Note: Everything worked fine for about a year, this problem just occurred last week...

Thanks,
Robert

When I do this, mail starts coming in and out, but after 2 minutes I get this message in /var/log/exim/mainlog:

2008-03-17 10:11:38 1JbBNZ-000EAV-8x malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (Connection refused)

To have mail coming in/out I'm forced to completely turn off clamav in exim.conf.

Suggestions welcome.

Note: Everything worked fine for about a year, this problem just occurred last week...

Thanks,
Robert
Strange, how did you install clamd?

show me the version as well
clamd --version

Strange, how did you install clamd?
Don't know, was done by someone else...,

We have >40 servers with this setup and 2 are showing this problem.

show me the version as well
ClamAV 0.91.1

Thanks,
Robert

Robert, I guess you have an in-house sysadmin since you have such a huge server base right?

I suggest you watch /var/log/messages for errors. It might lead you to some useful information.

This problem is something that happens to me as well.
I've seen this problem on about 4 servers so far.
However, these servers use the TCP socket instead of the unix socket.

Can Exim be configured in any way to ignore the fail, and just continue to allow the message (or issue a temp reject instead of a real reject)? ;).

Most of the time it can be fixed by rotating the clamav logs, and restarting the clamav daemon. However, that's not a real solution ofcourse.

Robert, I guess you have an in-house sysadmin since you have such a huge server base right?
Fair point.

Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.

Robert,
Mocht je er niet uitkomen neem dan maar even contact op per PM.

Robert,
If you cant solve the problem contact me trough PM.

Fair point.

Posting some relevant logfile entries might help here. Or perhaps temporarily disabling ClamAV until you've found a solution to the problem.

I believe that the forum is for issues that are hard to solve, even for sysadmins. I posted the log in my first post, /var/log/messages gives nothing that relates to this. Even emptying the clamd.log and restarting clamd is not solving this issue. In earlier post above I allready wrote that my only solution now is to disable clamav to send/receive mail at all. As I did...

So please read this short thread before you post something, or when you have a possible solution, or else this thread will become unnessesary long wihout any solution. The forum has allready several post about this, without any concrete solution, or the threadstarter forgot to post his solution at the bottom.

My intensions is to make this thread a knowledge base for other people to return to, who encounter similar problems.

DutchTSE, thanks. I will PM you now.

Thanks,
Robert

I solved the problem by upgrading clamav to 0.91.2 (thru ports upgrade) and made sure that before this, all clamd/freshclam pids were killed.

Regards,
Robert

I am having this same exact problem and I am trying to figure it out right now.

Upgrade to the latest version available, and also make sure no other instances of the process are running:

ps aux | grep clamd


If they, are kill it

killall -9 clamd

And don't forget to kill freshclam in the same way

If you're using SpamBlocker 3.1-beta, it does do temporary rejects if it can't access ClamAV.

Jeff

A have had the same problem today but yesterday I've changed the secuence of sending old/frozen emails from 4d to 3d (last 10 lines of exim.conf) and after 24 hours, the clamd error appeard. I only change again the exim.conf to 4d and now works perfectly. Maybe it helps somebody.

I have had the same problem too:

I newly installed a debian system and installed exim4, spammassassin and clamav as I've done several times before.
When I was finished, I got the same error (malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd.ctl (Connection refused)) evertime I tried to send a mail.

Here the solution that helped me out (http://www.clamav.net/index.php?s=update)
Add this mirror to your source.list: deb http://volatile.debian.org/debian-volatile etch/volatile main contrib non-free

Now do apt-get update and upgrade your clamav packages. That's it :cool: