Since my power problems that resulted in a re-install I have a problem which
I've failed to locate up to now. The logs show
daily.cld updated (version: 8950, sigs: 72593, f-level: 38, builder: ccordes)
Database updated (510565 signatures) from db.gb.clamav.net (IP: 163.1.3.8)
WARNING: Clamd was NOT notified: Can't connect to clamd through
/tmp/clamd.socket
I've been through the config files, but obviously there is something in the
setup that I've failed to do. Scans are running every night, but
service clamd status
clamd: unrecognized service
It has to be something stupid that I've missed. Can someone kick me in the
right direction? Thanks
Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090206/64d831ce/attachment.sig>
Anne Wilson wrote: Hello,> daily.cld updated (version: 8950, sigs: 72593, f-level: 38, builder: > ccordes)> service clamd status > clamd: unrecognized service> It has to be something stupid that I've missed. Can someone kick me > in the > right direction? Thanksthe following setup is here working. I'm using the clamav packages from "RPMforge RPM Repository for Red Hat Enterprise 5". 1) # rpm -qa | grep clam clamav-0.94.2-1.el5.rf clamav-milter-0.94.2-1.el5.rf # for mail clamav-db-0.94.2-1.el5.rf clamd-0.94.2-1.el5.rf 2) /etc/clamd.conf LogFile /var/log/clamav/clamd.log LogFileMaxSize 0 PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /var/clamav LocalSocket /var/clamav/clamd.socket FixStaleSocket yes MaxConnectionQueueLength 30 MaxThreads 50 ReadTimeout 120 SelfCheck 3600 User clamav AllowSupplementaryGroups yes ScanPE yes ScanELF yes DetectBrokenExecutables yes ScanOLE2 yes ScanPDF yes ScanMail yes PhishingSignatures yes ScanHTML yes ScanArchive yes ArchiveBlockEncrypted no 3) /var/log/clamav/clamd.log [...] Loaded ClamAV 0.94.2/8959/Fri Feb 6 06:58:05 2009 ClamAV: Protecting against 951007 viruses Database correctly reloaded (951007 signatures) Database correctly reloaded (951007 viruses) 4) /var/log/freshclam.log [...] Current working dir is /var/clamav Max retries == 3 ClamAV update process started at Fri Feb 6 10:12:01 2009 Using IPv6 aware code Querying current.cvd.clamav.net TTL: 900 Software version from DNS: 0.94.2 main.cvd version from DNS: 49 Connecting via <MYSERVER> main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven) daily.cvd version from DNS: 8959 Connecting via <MYSERVER> daily.cld is up to date (version: 8959, sigs: 75562, f-level: 38, builder: ccordes) regards Olaf
Anne Wilson wrote:> Since my power problems that resulted in a re-install I have a problem which > I've failed to locate up to now. The logs show > > daily.cld updated (version: 8950, sigs: 72593, f-level: 38, builder: ccordes) > Database updated (510565 signatures) from db.gb.clamav.net (IP: 163.1.3.8) > WARNING: Clamd was NOT notified: Can't connect to clamd through > /tmp/clamd.socket > > I've been through the config files, but obviously there is something in the > setup that I've failed to do. Scans are running every night, but > > service clamd status > clamd: unrecognized service >It's possible chkconfig doesn't know about 'clamd' and fails to start on boot. The scanning of the filesystem is probably driven by scripts. As root try /sbin/chkconfig clamd on then check the service again. I know next to nothing about clamAV. -- Article. VI. Clause 3 of the constitution of the United States states: "The Senators and Representatives before mentioned, and the Members of the several State Legislatures, and all executive and judicial Officers, both of the United States and of the several States, shall be bound by Oath or Affirmation, to support this Constitution; but no religious Test shall ever be required as a Qualification to any Office or public Trust under the United States."
Anne Wilson napsal(a):> Since my power problems that resulted in a re-install I have a problem which > I've failed to locate up to now. The logs show > > daily.cld updated (version: 8950, sigs: 72593, f-level: 38, builder: ccordes) > Database updated (510565 signatures) from db.gb.clamav.net (IP: 163.1.3.8) > WARNING: Clamd was NOT notified: Can't connect to clamd through > /tmp/clamd.socket > > I've been through the config files, but obviously there is something in the > setup that I've failed to do. Scans are running every night, but > > service clamd status > clamd: unrecognized service > > It has to be something stupid that I've missed. Can someone kick me in the > right direction? Thanks > > Anne >Hi, it seems to me to misconfiguration problem. In the first email you wrote:> WARNING: Clamd was NOT notified: Can't connect to clamd through > /tmp/clamd.socketThe second one reads:> LocalSocket /var/clamav/clamd.socketRegards, David Hrb??
Anne Wilson wrote on Fri, 6 Feb 2009 07:50:58 +0000:> WARNING: Clamd was NOT notified: Can't connect to clamd through > /tmp/clamd.socketwell, is it started, does the socket exist? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
>> >> All is still not well. Freshclam still tells me >> >> WARNING: Clamd was NOT notified: Can''t connect to clamd through >> ~/tmp/clamd.socket >> >> Is this relative to root, or where? >> >>AnneAnne, First off you have to decide if you need clamd? If not then all you would need to do is edit freshclam.conf and tell it not to notify clamd. # Send the RELOAD command to clamd. # Default: no #NotifyClamd /path/to/clamd.conf I''m using the non rpm version for MailScanner. but your version activates it automatically. Also in the cron entry "/etc/cron.daily/freshclam" is -- is another entry telling freshclam to notify clamd. If you do need clamd then you can remove your touched socket, edit clamd.conf make sure it points to the right /tmp/clamd.socket. then.. service clamd start I hope that helps. Brian -- Brian http://wx.Tatorz.com Open WebMail Project (http://openwebmail.org) -- Brian http://wx.Tatorz.com Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Anne Wilson wrote on Sat, 14 Feb 2009 12:39:49 +0000:> Freshclam still tells meNo, it''s a new message!> WARNING: Clamd was NOT notified: Can''t connect to clamd through > ~/tmp/clamd.socketthat is userhomedir/tmp/clamd.socket Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
On Saturday 14 February 2009 13:35:19 Mail List wrote:> >> All is still not well. Freshclam still tells me > >> > >> WARNING: Clamd was NOT notified: Can''t connect to clamd through > >> ~/tmp/clamd.socket > >> > >> Is this relative to root, or where? > >> > >>Anne > > Anne, > > First off you have to decide if you need clamd? > If not then all you would need to do is edit freshclam.conf > and tell it not to notify clamd. > > # Send the RELOAD command to clamd. > # Default: no > #NotifyClamd /path/to/clamd.conf > > I''m using the non rpm version for MailScanner. but your version activates > it automatically. Also in the cron entry "/etc/cron.daily/freshclam" is -- > is another entry telling freshclam to notify clamd. If you do need clamd > then you can remove your touched socket, edit clamd.conf make sure it > points to the right /tmp/clamd.socket. then.. > > service clamd start > > I hope that helps. >That might be the best answer. If I''m going to just run scans on a cron job there''s probably no reason for clamd. I''ll make those changes, thanks. All the same, it''s galling that this was working before the power problems :-( Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.centos.org/pipermail/centos/attachments/20090214/e27ccef7/attachment.bin
On Saturday 14 February 2009 15:31:34 Kai Schaetzl wrote:> Anne Wilson wrote on Sat, 14 Feb 2009 12:39:49 +0000: > > Freshclam still tells me > > No, it''s a new message! > > > WARNING: Clamd was NOT notified: Can''t connect to clamd through > > ~/tmp/clamd.socket > > that is userhomedir/tmp/clamd.socket >Kai, I''m lost. That''s what I touch''d, so it does exist. Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.centos.org/pipermail/centos/attachments/20090214/50ed3245/attachment.bin
Anne Wilson wrote:> On Saturday 14 February 2009 15:31:34 Kai Schaetzl wrote: >> Anne Wilson wrote on Sat, 14 Feb 2009 12:39:49 +0000: >>> Freshclam still tells me >> No, it''s a new message! >> >>> WARNING: Clamd was NOT notified: Can''t connect to clamd through >>> ~/tmp/clamd.socket >> that is userhomedir/tmp/clamd.socket >> > Kai, I''m lost. That''s what I touch''d, so it does exist.A "socket" cannot be created by touch(1), afaik. Just start clamd, which should create the socket wherever its config file said to put it. Or if there is not socket, find out why clamd did not create it.
Anne Wilson wrote on Sat, 14 Feb 2009 16:12:47 +0000:> > that is userhomedir/tmp/clamd.socket > > > Kai, I''m lost. That''s what I touch''d, so it does exist.Read again, this is "userhomedir/tmp/clamd.socket" and not "/tmp/clamd.socket". clamd does not use the socket "userhomedir/tmp/clamd.socket" unless you tell it to do so. And freshclam does not try to signal to that socket unless it cannot find the correct clamd.conf or has some other problem that you created. Find out why your freshclam is trying the wrong socket. If you installed clamav from rpmforge, it works out of the box. There is nothing needed to be touched, remove that touched file! Check your clamd.conf that the correct socket gets used, check freshclam.conf that the correct clamd.conf is read and start clamd. There''s nothing else to do. And if you don''t need clamd, there''s no need to install it or signal to it. So, tell it not to signal. Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
Anne Wilson wrote on Sat, 14 Feb 2009 15:38:18 +0000:> If I''m going to just run scans on a cron job > there''s probably no reason for clamd.depends on what yous can. And if you don''t need it why do you install it? Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
On Saturday 14 February 2009 17:35:32 Kai Schaetzl wrote:> Anne Wilson wrote on Sat, 14 Feb 2009 16:12:47 +0000: > > > that is userhomedir/tmp/clamd.socket > > > > Kai, I''m lost. That''s what I touch''d, so it does exist. > > Read again, this is "userhomedir/tmp/clamd.socket" and not > "/tmp/clamd.socket". clamd does not use the socket > "userhomedir/tmp/clamd.socket" unless you tell it to do so. And freshclam > does not try to signal to that socket unless it cannot find the correct > clamd.conf or has some other problem that you created. Find out why your > freshclam is trying the wrong socket. > If you installed clamav from rpmforge, it works out of the box.I am, and the problem is that it didn''t work out of the box. It didn''t when I installed it before, either, although I did eventually get it sorted.> There is nothing needed to be touched, remove that touched file! > Check your clamd.conf that the correct socket gets used, check > freshclam.conf that the correct clamd.conf is read and start clamd. > There''s nothing else to do. > And if you don''t need clamd, there''s no need to install it or signal to > it. So, tell it not to signal. >OK, I understand a bit more about it now, but I really don''t think that I need it. Getting to grips with what you do and don''t need of related packages can be quite a job. Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.centos.org/pipermail/centos/attachments/20090214/2328406a/attachment.bin
On Saturday 14 February 2009 17:35:32 Kai Schaetzl wrote:> Anne Wilson wrote on Sat, 14 Feb 2009 16:12:47 +0000: > > > that is userhomedir/tmp/clamd.socket > > > > Kai, I''m lost. That''s what I touch''d, so it does exist. > > Read again, this is "userhomedir/tmp/clamd.socket" and not > "/tmp/clamd.socket". clamd does not use the socket > "userhomedir/tmp/clamd.socket" unless you tell it to do so. And freshclam > does not try to signal to that socket unless it cannot find the correct > clamd.conf or has some other problem that you created. Find out why your > freshclam is trying the wrong socket. > If you installed clamav from rpmforge, it works out of the box. > There is nothing needed to be touched, remove that touched file! > Check your clamd.conf that the correct socket gets used, check > freshclam.conf that the correct clamd.conf is read and start clamd. > There''s nothing else to do. > And if you don''t need clamd, there''s no need to install it or signal to > it. So, tell it not to signal. >"Clamd successfully notified about the update." I hate being beaten! :-) I simply removed the line that mentioned a local socket. So simple, and so easily missed. Yes, it probably wasn''t enabled by default, but by misunderstanding. Thanks to all who helped. Anne Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.centos.org/pipermail/centos/attachments/20090217/85c4bbe7/attachment.bin
Anne Wilson wrote:> "Clamd successfully notified about the update." > > I hate being beaten! :-) I simply removed the line that mentioned a local > socket. So simple, and so easily missed. Yes, it probably wasn''t enabled by > default, but by misunderstanding. > > Thanks to all who helped. > > AnneAnne, Just for the record, I just installed the base packages of clamav, clamav-db using the rpmforge repo on a test machine. The option ... # Send the RELOAD command to clamd. # Default: no NotifyClamd /etc/clamd.conf Is enabled by default. So you did by no means break it. That is it''s expected behavior. Also please not that in /etc/cron.daily/freshclam you will have the same option enabled, as follows /usr/bin/freshclam \ --quiet \ --datadir="/var/clamav" \ --log="$LOG_FILE" \ --log-verbose \ --daemon-notify="/etc/clamd.conf" So no you did not break it. it was turned on by default. Brian -- http://wx.Tatorz.com Open WebMail Project (http://openwebmail.org) -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Mail List wrote on Tue, 17 Feb 2009 06:41:27 -0500:> So you did by no means break it.She broke it by changing the path for the socket. ;-) Kai -- Kai Sch?tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com
On Tuesday 17 February 2009 12:31:18 Kai Schaetzl wrote:> Mail List wrote on Tue, 17 Feb 2009 06:41:27 -0500: > > So you did by no means break it. > > She broke it by changing the path for the socket. ;-) >Yes. I had understood that I had to give it a suitable place for a local socket. It was, of course, totally unnecessary. When I realised that a socket existed in /var it seemed well worth trying simply commenting the line out. Bingo! A plain misunderstanding on my part. The help I got on this list prompted me to look in the right places for clues. That''s more valuable than a simple instruction that cures it :-) Thanks again, all Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.centos.org/pipermail/centos/attachments/20090217/8976c205/attachment.bin