ClamAV stops working after server move
Question asked by Robbie Wright - April 13, 2015 at 8:02 AM
Relocated SM to another server. Everything went fairly smooth, except this:
Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it
Any ideas? 127 is setup is an IP in the list of IP addresses from the server. Also tried changing the ClamAV settings to use the local IP instead of 127 but it didn't get fixed.

5 Replies

Reply to Thread
Steve Reid Replied
April 14, 2015 at 6:29 AM
is the service for clamd running?
Chris Denning Replied
April 18, 2015 at 9:20 AM
I had the same problem myself on a fresh install.
Checking the clamd log at:
  "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\Log\clamd.log"
showed errors each time it tried to start
Sat Apr 18 11:00:38 2015 -> +++ Started at Sat Apr 18 11:00:38 2015
Sat Apr 18 11:00:38 2015 -> clamd daemon 0.97.6 (OS: win32, ARCH: i386, CPU: i386)
Sat Apr 18 11:00:38 2015 -> Log file size limited to 1048576 bytes.
Sat Apr 18 11:00:38 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sat Apr 18 11:00:38 2015 -> Not loading PUA signatures.
Sat Apr 18 11:00:38 2015 -> Bytecode: Security mode set to "TrustSigned".
Sat Apr 18 11:00:38 2015 -> ERROR: Can't open file or directory
Running clamd manually in debug mode with the following command:
C:\"Program Files (x86)"\SmarterTools\SmarterMail\Service\Clam\bin\clamd --debug -c "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf"
Gave an error saying there were no database files, and sure enough the configured directory Clam\Share\ClamAV was empty.
I downloaded the database files from from http //database.clamav.net/main.cvd and daily.cvd to the ClamAV directory, and clamd started okay after that.
I don't know why the SmarterMail install didn't install the database files
Steve Reid Replied
April 24, 2015 at 5:16 AM
LogFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\log\clamd.log
LogFileMaxSize 1M
LogTime yes
LogFileUnlock yes
TemporaryDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\tmp
DatabaseDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
FixStaleSocket yes
TCPSocket 3310
MaxConnectionQueueLength 30
StreamMaxLength 5M
MaxQueue 200
MaxThreads 100
ReadTimeout 60
IdleTimeout 60
MaxDirectoryRecursion 15
FollowDirectorySymlinks yes
FollowFileSymlinks yes
SelfCheck 1800
AllowSupplementaryGroups yes
ExitOnOOM yes
ScanPE yes
ScanOLE2 yes
ScanMail yes
MailFollowURLs no
ScanHTML yes
ScanArchive yes
Bruce Barnes Replied
May 1, 2015 at 7:44 PM
Do you have the windows firewall enabled to block outbound traffic?
I've seen that on at least one other brand new server install.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Amit Choudhary Replied
July 22, 2016 at 1:10 AM
It seems to me that some config is incorrect.
Could you share your clamd.conf file and freshclam.conf file.
validate your conf file as below,
TCPSocket 3310
MaxThreads 2
LogTime true
LogFile c:\ClamAV-x64\log\clamd.log
DatabaseDirectory C:\ClamAV-x64\db
DatabaseDirectory "C:/Program Files/ClamAV-x64/db/"
DatabaseMirror database.clamav.net
MaxAttempts 3
NotifyClamd C:/Program Files/ClamAV-x64/clamd.conf
LogFileMaxSize 20480000
LogTime true
UpdateLogFile C:/Program Files/ClamAV-x64/log/freshclam.log
Run freshclam.exe first and then start clamd.exe

Reply to Thread