Back to Community Threads
2
Unable to run Clam virus checks
Problem reported by ellisfr - 4/8/2015 at 2:15 AM
Submitted
Hello,
 
I do have a lot of messages like this in my delivery.log :
 
10:58:02 [94756] Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): Aucune connexion n’a pu être établie car l’ordinateur cible l’a expressément refusée 127.0.0.1:3310
   à System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   à System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
   à MailStore.Spam.ClamDClient.CheckScan()
10:58:03 Calls to ClamAV have failed many times.  Restarting the clamd process...
 
In english it means something like : connection couldn't be established because the target computer refused it 127.0.0.1:3310
 
I also have a lot of failed connections when I look at the ClamAV Trend report :
 
Day Avg.
Active
Connections		 Connections Failed
Connections
4/2/2015 - 20683 8276
4/3/2015 - 23405 15
4/4/2015 - 9966 2
4/5/2015 - 8253 -
4/6/2015 - 10863 1
4/7/2015 - 24415 4632
4/8/2015 - 6904 2929
Total 0 104489 15855
Average 0 14927 2265
 
I don't know if both are related.
 
Any idea how I can try to fix this ?
 
Thanks !
 

16 Replies

Reply to Thread
0
Bruce Barnes Replied
4/8/2015 at 3:43 AM
What version of SmarterMail?
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
CCWH Replied
4/8/2015 at 4:10 AM
Is your Clam standard, i.e. not the ClamSup change?
0
ellisfr Replied
4/8/2015 at 4:53 AM
SmarterMail v11.7.5318
0
ellisfr Replied
4/8/2015 at 4:55 AM
I use the ClamSup change since yesterday but I had these problems long before. And I didn't change the ClamAV, only got the new signatures.
0
Matt Petty Replied
4/8/2015 at 8:23 AM
Employee Post
When you check your processes do you see clamd.exe running?
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
ellisfr Replied
4/8/2015 at 11:57 AM
Yes, clamd.exe is running, and I got new virus in the quarantine.
0
Steve Reid Replied
4/9/2015 at 5:49 AM
Try updating you clamAV setup as per http://portal.smartertools.com/community/a2583/how-to-greatly-improve-clamav-even-zero-hour-style-protection-for-free.aspx
0
ellisfr Replied
4/9/2015 at 6:27 AM
Thanks Steve, but I'm using this "ClamSup" setup already.
0
Steve Reid Replied
4/9/2015 at 6:29 AM
Joe also gives instructions on updating the ClamAV program.
0
ellisfr Replied
4/9/2015 at 6:31 AM
You're right, but I'm kind of afraid to update to the 64bits version for now !
0
ellisfr Replied
4/9/2015 at 6:34 AM
I now have more failed connections than normal connections !
 
09/04/2015 - connections 7255
failed connections 11461  
 
I looked at my 2 other SmarterMail servers, same version, same ClamAV, same settings and no errors.
 
Maybe something to do with the network settings, I'll look further.
 
I'll also try to disable hourly update of the ClamSup settings for the day, to see if it has something to do with the time clamd is restarted after updates...
0
Steve Reid Replied
4/9/2015 at 6:35 AM
I'm running windows 2012 r2. I made a backup of the program folder, installed C++ Redistributable Package 2010 x64, and copied our two config file to the bin folder. After that all I had to do was overwrite the program files with Joes zip. It was all working perfectly.
0
Webio Replied
4/9/2015 at 12:45 PM
5 cents from my environment.
 
I have 3 incoming gateways (date - connections - failed connections):
 
1:
 
2015-04-04 - 23633 1
2015-04-05 - 23656 2
2015-04-06 - 24449 5
2015-04-07 - 48733 2458
2015-04-08 - 48725 4208
2015-04-09 - 49959 4132
 
2:
 
2015-04-04 - 20378 82
2015-04-05 - 20411 1066
2015-04-06 - 22401 203
2015-04-07 - 28732 17922
2015-04-08 - 16507 32997
2015-04-09 - 34141 15344
 
3:
 
2015-04-04 - 10758 -
2015-04-05 - 13523 1
2015-04-06 - 14475 2
2015-04-07 - 25278 6
2015-04-08 - 19854 368
2015-04-09 - 24318 9
 
 
On gateway number 1 I'm observing situation where 10 clamd.exe processes are running. On gateway 2 and 3 only one clamd.exe process is running. I'm using clamav provided by Joe with ClamSup updates being runned manyally once per day. I'm wondering maybe this failed connections are caused by some kind of failed AV DB update.
 
0
ellisfr Replied
4/9/2015 at 1:50 PM
I tried a lot of things today, disabling ClamSup updates, removing some signatures files, changing spool Delivery Delay, changing ClamAV Timeout in Antivirus Administration, with several stop/start of the SmarterMail service (waiting for clamd32 to exit), but the failed connection kept rising, and not a single new connection.
 
Then I simply unchecked "Enable ClamAV" in Antivirus Administration, waited for the failed connection to stop increasing, and enabled ClamAV again. It started to work again...
 
I'll keep monitoring the connection/failed connection count and see if it stays ok.
 
0
Joe Wolf Replied
4/9/2015 at 6:53 PM
Run netstat -anb from a command prompt and make sure clamd.exe is listening on TCP 3310. This actually sounds like more of a .net problem to me.
Thanks, -Joe
0
Matthias Maass Replied
5/3/2016 at 6:59 AM
Hi
 
I have the same problem with a brand new installed server. Did you find a solution to fix this problem?
 
Thanks
Matthias
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Microsoft Defender Antivirus and Virus Scanner ExceptionsSmarterMail > Troubleshooting
Reducing ClamAV False PositivesSmarterMail > Troubleshooting
Completely Uninstall SmarterMailSmarterMail > Server Configuration and Management
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Cannot Send Email MessagesSmarterMail > Troubleshooting