1
ClamAV stops working after server move
Question asked by Robbie Wright - 4/13/2015 at 8:02 AM
Unanswered
Relocated SM to another server. Everything went fairly smooth, except this:
 
Unable to run Clam virus checks: System.Net.Sockets.SocketException (0x80004005): No connection could be made because the target machine actively refused it 127.0.0.1:3310
 
Any ideas? 127 is setup is an IP in the list of IP addresses from the server. Also tried changing the ClamAV settings to use the local IP instead of 127 but it didn't get fixed.

16 Replies

Reply to Thread
0
Steve Reid Replied
is the service for clamd running?
 
0
Robbie Wright Replied
What's the name of the service? I didn't know it had its own dedicated one. Nothing under clam* in the services list.
0
Steve Reid Replied
Mine shows as ClamAV - clamd
0
Robbie Wright Replied
Strange, I've got nothing. This is in your service list on the Windows server you have running SM? We started with a brand new clean install of SM 13.3...
0
Steve Reid Replied
Yeah it shows up after enabling clamav
0
Robbie Wright Replied
Yeah, no joy. ClamAV is enabled, as is real-time and I have no clamav services listed in my clean install of Sm 13.3 on Server 2012 R2. Anyone else seen something like this or have a KB article on installing clamav on Windows?
0
Steve Reid Replied
Smartermail installs it automatically. You may need to open a ticket
1
Chris Denning Replied
I had the same problem myself on a fresh install.
 
Checking the clamd log at:
  "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\Log\clamd.log"
showed errors each time it tried to start
 
Sat Apr 18 11:00:38 2015 -> +++ Started at Sat Apr 18 11:00:38 2015
Sat Apr 18 11:00:38 2015 -> clamd daemon 0.97.6 (OS: win32, ARCH: i386, CPU: i386)
Sat Apr 18 11:00:38 2015 -> Log file size limited to 1048576 bytes.
Sat Apr 18 11:00:38 2015 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Sat Apr 18 11:00:38 2015 -> Not loading PUA signatures.
Sat Apr 18 11:00:38 2015 -> Bytecode: Security mode set to "TrustSigned".
Sat Apr 18 11:00:38 2015 -> ERROR: Can't open file or directory
 
 
Running clamd manually in debug mode with the following command:
C:\"Program Files (x86)"\SmarterTools\SmarterMail\Service\Clam\bin\clamd --debug -c "C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\etc\clamd.conf"
Gave an error saying there were no database files, and sure enough the configured directory Clam\Share\ClamAV was empty.
 
I downloaded the database files from from http //database.clamav.net/main.cvd and daily.cvd to the ClamAV directory, and clamd started okay after that.
 
I don't know why the SmarterMail install didn't install the database files
0
Robbie Wright Replied
Chris, thanks for the hint. Looking through the logs, I'm getting this:

ERROR: NotifyClamd: No communication socket specified in C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\etc\clamd.conf
ERROR: Can't send to clamd: Not a socket

Can anyone else look at their working clamd.conf and see what they have listed for a communication socket?
0
Steve Reid Replied
LogFile C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\log\clamd.log
LogFileMaxSize 1M
LogTime yes
LogFileUnlock yes
TemporaryDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\tmp
DatabaseDirectory C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
StreamMaxLength 5M
MaxQueue 200
MaxThreads 100
ReadTimeout 60
IdleTimeout 60
MaxDirectoryRecursion 15
FollowDirectorySymlinks yes
FollowFileSymlinks yes
SelfCheck 1800
AllowSupplementaryGroups yes
ExitOnOOM yes
ScanPE yes
ScanOLE2 yes
ScanMail yes
MailFollowURLs no
ScanHTML yes
ScanArchive yes
 
0
Robbie Wright Replied
tried this config (after updating the paths) and still no joy. I guess I have a full reinstall ahead of me.
0
Steve Reid Replied
Use Joe's updated files
0
Bruce Barnes Replied
Do you have the windows firewall enabled to block outbound traffic?
 
I've seen that on at least one other brand new server install.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Amit Choudhary Replied
It seems to me that some config is incorrect.
Could you share your clamd.conf file and freshclam.conf file.
Or
validate your conf file as below,

clamd.conf
TCPAddr 127.0.0.1
TCPSocket 3310
MaxThreads 2
LogTime true
LogFile c:\ClamAV-x64\log\clamd.log
DatabaseDirectory C:\ClamAV-x64\db

freshclam.conf
DatabaseDirectory "C:/Program Files/ClamAV-x64/db/"
DatabaseMirror database.clamav.net
MaxAttempts 3
NotifyClamd C:/Program Files/ClamAV-x64/clamd.conf
LogFileMaxSize 20480000
LogTime true
UpdateLogFile C:/Program Files/ClamAV-x64/log/freshclam.log

Run freshclam.exe first and then start clamd.exe
0
Amit Choudhary Replied
It seems to me that some config is incorrect.
Could you share your clamd.conf file and freshclam.conf file.
Or
validate your conf file as below,
clamd.conf
TCPAddr 127.0.0.1
TCPSocket 3310
MaxThreads 2
LogTime true
LogFile c:\ClamAV-x64\log\clamd.log
DatabaseDirectory C:\ClamAV-x64\db
freshclam.conf
DatabaseDirectory "C:/Program Files/ClamAV-x64/db/"
DatabaseMirror database.clamav.net
MaxAttempts 3
NotifyClamd C:/Program Files/ClamAV-x64/clamd.conf
LogFileMaxSize 20480000
LogTime true
UpdateLogFile C:/Program Files/ClamAV-x64/log/freshclam.log
 
Run freshclam.exe first and then start clamd.exe
 
0
ActorMike Replied
In my case, the folders were wrong in the clamd.conf, so I manually updated them and clam started running again.

TemporaryDirectory D:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\tmp
DatabaseDirectory D:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav

Reply to Thread