1
ClamAV stops working after server move
Question asked by Robbie Wright - April 13, 2015 at 8:02 AM
Unanswered
Relocated SM to another server. Everything went fairly smooth, except this:
 
Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 127.0.0.1:3310
 
Any ideas? 127 is setup is an IP in the list of IP addresses from the server. Also tried changing the ClamAV settings to use the local IP instead of 127 but it didn't get fixed.

5 Replies

Reply to Thread
0
Steve Reid Replied
April 14, 2015 at 6:29 AM
is the service for clamd running?
 
1
Chris Denning Replied
April 18, 2015 at 9:20 AM
I had the same problem myself on a fresh install.
 
Checking the clamd log at:
  "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\Log\clamd.log"
showed errors each time it tried to start
 
Sat Apr 18 11:00:38 2015 -> +++ Started at Sat Apr 18 11:00:38 2015
Sat Apr 18 11:00:38 2015 -> clamd daemon 0.97.6 (OS: win32, ARCH: i386, CPU: i386)
Sat Apr 18 11:00:38 2015 -> Log file size limited to 1048576 bytes.
Sat Apr 18 11:00:38 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sat Apr 18 11:00:38 2015 -> Not loading PUA signatures.
Sat Apr 18 11:00:38 2015 -> Bytecode: Security mode set to "TrustSigned".
Sat Apr 18 11:00:38 2015 -> ERROR: Can't open file or directory
 
 
Running clamd manually in debug mode with the following command:
C:\"Program Files (x86)"\SmarterTools\SmarterMail\Service\Clam\bin\clamd --debug -c "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf"
Gave an error saying there were no database files, and sure enough the configured directory Clam\Share\ClamAV was empty.
 
I downloaded the database files from from http //database.clamav.net/main.cvd and daily.cvd to the ClamAV directory, and clamd started okay after that.
 
I don't know why the SmarterMail install didn't install the database files
0
Steve Reid Replied
April 24, 2015 at 5:16 AM
LogFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\log\clamd.log
LogFileMaxSize 1M
LogTime yes
LogFileUnlock yes
TemporaryDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\tmp
DatabaseDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
StreamMaxLength 5M
MaxQueue 200
MaxThreads 100
ReadTimeout 60
IdleTimeout 60
MaxDirectoryRecursion 15
FollowDirectorySymlinks yes
FollowFileSymlinks yes
SelfCheck 1800
AllowSupplementaryGroups yes
ExitOnOOM yes
ScanPE yes
ScanOLE2 yes
ScanMail yes
MailFollowURLs no
ScanHTML yes
ScanArchive yes
 
0
Bruce Barnes Replied
May 1, 2015 at 7:44 PM
Do you have the windows firewall enabled to block outbound traffic?
 
I've seen that on at least one other brand new server install.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Amit Choudhary Replied
July 22, 2016 at 1:10 AM
It seems to me that some config is incorrect.
Could you share your clamd.conf file and freshclam.conf file.
Or
validate your conf file as below,
clamd.conf
TCPAddr 127.0.0.1
TCPSocket 3310
MaxThreads 2
LogTime true
LogFile c:\ClamAV-x64\log\clamd.log
DatabaseDirectory C:\ClamAV-x64\db
freshclam.conf
DatabaseDirectory "C:/Program Files/ClamAV-x64/db/"
DatabaseMirror database.clamav.net
MaxAttempts 3
NotifyClamd C:/Program Files/ClamAV-x64/clamd.conf
LogFileMaxSize 20480000
LogTime true
UpdateLogFile C:/Program Files/ClamAV-x64/log/freshclam.log
 
Run freshclam.exe first and then start clamd.exe
 

Reply to Thread