Back to Community Threads
3
ClamD Errors with (June-15) Build
Problem reported by kevind - 6/25/2023 at 5:35 PM
Submitted
Updated an incoming gateway to Build 8566 (Jun 15, 2023) and running into problems. The number of SMTP IN connections continues to climb until the server stops working.

Looking at the Spam Logs, this message is repeated thousands of times:
[2023.06.25] 20:02:45.220 [12329123 ClamD Checks error: No connection could be made because the target machine actively refused it 127.0.0.1:3310 | error
Everything was working fine with prior build (Feb-2023).  Anyone have any suggestions on how to get it working or should I just disable ClamAV? And why does it call it ClamD in the logs?

18 Replies

Reply to Thread
2
kevind Replied
6/27/2023 at 8:37 AM
Making some progress by following the tips in this old thread:

Updating the paths in the "SmarterMail\Service\Clam\etc\clamd.conf" file seemed to fix it on one server, but still seeing the errors on a 2nd server.
0
Mars _ Replied
7/17/2024 at 8:28 AM
We now have this problem on 2 servers ->
Build 8930 (June 13, 2024) and Build 8846 (March 21, 2024)

17:03:32.184 [22305242] Running SPF check
17:03:32.673 [22305242] Finished SPF check; result = None
17:03:38.004 [20501010] SpamCheck Processing Thread Started
17:03:38.005 [20501010] Filetype Checks started.
17:03:38.005 [20501010] Filetype Checks completed.
17:03:38.005 [20501010] ClamD Checks started.
17:03:42.054 [20501010 ClamD Checks error: No connection could be made because the target machine actively refused it. | error
17:03:42.054 [20501010] ClamD Checks completed.
17:03:42.054 [20501010] Microsoft Defender Checks started.
17:03:42.068 [20501010] Microsoft Defender Checks completed.

It makes no difference if the conf files are configured with 8.3 paths 
C:\PROGRA~2\SMARTE~1\SMARTE~1\
or 
C:\Program Files (x86)\SmarterTools\SmarterMail

I also uninstalled SM, deleted the clam folder and reinstalled.

Also stopping SM and deleting the clam folder and having it recreated brought no success.

Any hints? Thank You!
0
Kyle Kerst Replied
7/17/2024 at 10:38 AM
Employee Post
One thing you could try is disabling ClamAV in SmarterMail and running it manually via the command-line to see if it generates a useable error. You can do that using a command like the one below after doing a CD into the install folder (or the bin64 folder directly):

bin64/clamd.exe -c etc/clamd.conf

That should start ClamAV up the same way we do and point it to the configuration file SmarterMail would use as well, so is a good simulation of how it should be working. If you see any errors there those might help get us pointed in the right direction.
Kyle Kerst IT Coordinator SmarterTools Inc. www.smartertools.com
1
Mars _ Replied
7/18/2024 at 7:10 AM
Hello,

thank you Kyle but running it from the commandline showed no useable error.

But I think I found the problem - until now no more errors in the logs.

I compared the clamd.conf file from a server where all is working and the faulty ones -> 
the first line of clamd.conf was missing "clamd.log"

So I changed 
LogFile C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\log
to
LogFile C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\log\clamd.log

and now it's working!

Thank you!
0
Tony Scholz Replied
7/18/2024 at 8:45 AM
Employee Post
Glad to hear that you got that up and running. 
Tony Scholz System/Network Administrator SmarterTools Inc. www.smartertools.com
0
Nick Tsif Replied
7/19/2024 at 1:20 PM
i have the same error after updrage to 
SmarterMail Enterprise
Build 8965 (Jul 18, 2024)

A failure has occurred attempting to connect to ClamAV on 127.0.0.1:3310

Part of the log
Fri Jul 19 23:21:10 2024 -> +++ Started at Fri Jul 19 23:21:10 2024
Fri Jul 19 23:21:10 2024 -> Received 0 file descriptor(s) from systemd.
Fri Jul 19 23:21:10 2024 -> clamd daemon 1.3.1 (OS: Windows, ARCH: AMD64, CPU: AMD64)
Fri Jul 19 23:21:10 2024 -> Log file size limited to 1048576 bytes.
Fri Jul 19 23:21:10 2024 -> Reading databases from C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav
Fri Jul 19 23:21:10 2024 -> Not loading PUA signatures.
Fri Jul 19 23:21:10 2024 -> Bytecode: Security mode set to "TrustSigned".
Fri Jul 19 23:21:34 2024 -> Loaded 8783527 signatures.
Fri Jul 19 23:21:39 2024 -> TCP: Bound to [127.0.0.1]:3310
Fri Jul 19 23:21:39 2024 -> TCP: Setting connection queue length to 30
Fri Jul 19 23:21:39 2024 -> Limits: Global time limit set to 120000 milliseconds.
Fri Jul 19 23:21:39 2024 -> Limits: Global size limit set to 419430400 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: File size limit set to 104857600 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: Recursion level limit set to 17.
Fri Jul 19 23:21:39 2024 -> Limits: Files limit set to 10000.
Fri Jul 19 23:21:39 2024 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Fri Jul 19 23:21:39 2024 -> Limits: MaxPartitions limit set to 50.
Fri Jul 19 23:21:39 2024 -> Limits: MaxIconsPE limit set to 100.
Fri Jul 19 23:21:39 2024 -> Limits: MaxRecHWP3 limit set to 16.
Fri Jul 19 23:21:39 2024 -> Limits: PCREMatchLimit limit set to 100000.
Fri Jul 19 23:21:39 2024 -> Limits: PCRERecMatchLimit limit set to 2000.
Fri Jul 19 23:21:39 2024 -> Limits: PCREMaxFileSize limit set to 104857600.
Fri Jul 19 23:21:39 2024 -> Archive support enabled.
Fri Jul 19 23:21:39 2024 -> AlertExceedsMax heuristic detection disabled.
Fri Jul 19 23:21:39 2024 -> Heuristic alerts enabled.
Fri Jul 19 23:21:39 2024 -> Portable Executable support enabled.
Fri Jul 19 23:21:39 2024 -> ELF support enabled.
Fri Jul 19 23:21:39 2024 -> Mail files support enabled.
Fri Jul 19 23:21:39 2024 -> OLE2 support enabled.
Fri Jul 19 23:21:39 2024 -> PDF support enabled.
Fri Jul 19 23:21:39 2024 -> SWF support enabled.
Fri Jul 19 23:21:39 2024 -> HTML support enabled.
Fri Jul 19 23:21:39 2024 -> XMLDOCS support enabled.
Fri Jul 19 23:21:39 2024 -> HWP3 support enabled.
Fri Jul 19 23:21:39 2024 -> OneNote support enabled.
Fri Jul 19 23:21:39 2024 -> Self checking every 1800 seconds.
0
Stefan Mössner Replied
7/19/2024 at 2:16 PM
I have exactly the same issue since updating SmarterMail to build 8965 as @Nick Tsif described.

The clamd.exe process is starting and after a short time it is stopped. Then it starts again and after a shorter time it stopps again. Then it won't be started again.

This is the log file:

Fri Jul 19 23:04:12 2024 -> +++ Started at Fri Jul 19 23:04:12 2024
Fri Jul 19 23:04:12 2024 -> Received 0 file descriptor(s) from systemd.
Fri Jul 19 23:04:12 2024 -> clamd daemon 1.3.1 (OS: Windows, ARCH: AMD64, CPU: AMD64)
Fri Jul 19 23:04:12 2024 -> Log file size limited to 1048576 bytes.
Fri Jul 19 23:04:12 2024 -> Reading databases from C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav
Fri Jul 19 23:04:12 2024 -> Not loading PUA signatures.
Fri Jul 19 23:04:12 2024 -> Bytecode: Security mode set to "TrustSigned".
Fri Jul 19 23:04:42 2024 -> +++ Started at Fri Jul 19 23:04:42 2024
Fri Jul 19 23:04:42 2024 -> Received 0 file descriptor(s) from systemd.
Fri Jul 19 23:04:42 2024 -> clamd daemon 1.3.1 (OS: Windows, ARCH: AMD64, CPU: AMD64)
Fri Jul 19 23:04:42 2024 -> Log file size limited to 1048576 bytes.
Fri Jul 19 23:04:42 2024 -> Reading databases from C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam\share\clamav
Fri Jul 19 23:04:42 2024 -> Not loading PUA signatures.
Fri Jul 19 23:04:42 2024 -> Bytecode: Security mode set to "TrustSigned".
Fri Jul 19 23:05:00 2024 -> Loaded 8696347 signatures.
Fri Jul 19 23:05:04 2024 -> TCP: Bound to [127.0.0.1]:3310
Fri Jul 19 23:05:04 2024 -> TCP: Setting connection queue length to 30
Fri Jul 19 23:05:04 2024 -> Limits: Global time limit set to 120000 milliseconds.
Fri Jul 19 23:05:04 2024 -> Limits: Global size limit set to 419430400 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: File size limit set to 104857600 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: Recursion level limit set to 17.
Fri Jul 19 23:05:04 2024 -> Limits: Files limit set to 10000.
Fri Jul 19 23:05:04 2024 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Fri Jul 19 23:05:04 2024 -> Limits: MaxPartitions limit set to 50.
Fri Jul 19 23:05:04 2024 -> Limits: MaxIconsPE limit set to 100.
Fri Jul 19 23:05:04 2024 -> Limits: MaxRecHWP3 limit set to 16.
Fri Jul 19 23:05:04 2024 -> Limits: PCREMatchLimit limit set to 100000.
Fri Jul 19 23:05:04 2024 -> Limits: PCRERecMatchLimit limit set to 2000.
Fri Jul 19 23:05:04 2024 -> Limits: PCREMaxFileSize limit set to 104857600.
Fri Jul 19 23:05:04 2024 -> Archive support enabled.
Fri Jul 19 23:05:04 2024 -> AlertExceedsMax heuristic detection disabled.
Fri Jul 19 23:05:04 2024 -> Heuristic alerts enabled.
Fri Jul 19 23:05:04 2024 -> Portable Executable support enabled.
Fri Jul 19 23:05:04 2024 -> ELF support enabled.
Fri Jul 19 23:05:04 2024 -> Mail files support enabled.
Fri Jul 19 23:05:04 2024 -> OLE2 support enabled.
Fri Jul 19 23:05:04 2024 -> PDF support enabled.
Fri Jul 19 23:05:04 2024 -> SWF support enabled.
Fri Jul 19 23:05:04 2024 -> HTML support enabled.
Fri Jul 19 23:05:04 2024 -> XMLDOCS support enabled.
Fri Jul 19 23:05:04 2024 -> HWP3 support enabled.
Fri Jul 19 23:05:04 2024 -> OneNote support enabled.
Fri Jul 19 23:05:04 2024 -> Self checking every 1800 seconds.
Running clamd.exe by command line has no issue and SmarterMail can connect ClamAV. But only for a while because ClamAV ist stopping, too:

C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam>bin64\clamd.exe -c etc\clamd.conf
WARNING: Ignoring deprecated option AllowSupplementaryGroups at etc\clamd.conf:20
WARNING: Ignoring deprecated option MailFollowURLs at etc\clamd.conf:25
Fri Jul 19 23:11:25 2024 -> Limits: Global time limit set to 120000 milliseconds.
Fri Jul 19 23:11:25 2024 -> Limits: Global size limit set to 419430400 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: File size limit set to 104857600 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: Recursion level limit set to 17.
Fri Jul 19 23:11:25 2024 -> Limits: Files limit set to 10000.
Fri Jul 19 23:11:25 2024 -> Limits: MaxEmbeddedPE limit set to 41943040 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: MaxHTMLNormalize limit set to 41943040 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: MaxHTMLNoTags limit set to 8388608 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: MaxScriptNormalize limit set to 20971520 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Fri Jul 19 23:11:25 2024 -> Limits: MaxPartitions limit set to 50.
Fri Jul 19 23:11:25 2024 -> Limits: MaxIconsPE limit set to 100.
Fri Jul 19 23:11:25 2024 -> Limits: MaxRecHWP3 limit set to 16.
Fri Jul 19 23:11:25 2024 -> Limits: PCREMatchLimit limit set to 100000.
Fri Jul 19 23:11:25 2024 -> Limits: PCRERecMatchLimit limit set to 2000.
Fri Jul 19 23:11:25 2024 -> Limits: PCREMaxFileSize limit set to 104857600.
Fri Jul 19 23:11:25 2024 -> Archive support enabled.
Fri Jul 19 23:11:25 2024 -> AlertExceedsMax heuristic detection disabled.
Fri Jul 19 23:11:25 2024 -> Heuristic alerts enabled.
Fri Jul 19 23:11:25 2024 -> Portable Executable support enabled.
Fri Jul 19 23:11:25 2024 -> ELF support enabled.
Fri Jul 19 23:11:25 2024 -> Mail files support enabled.
Fri Jul 19 23:11:25 2024 -> OLE2 support enabled.
Fri Jul 19 23:11:25 2024 -> PDF support enabled.
Fri Jul 19 23:11:25 2024 -> SWF support enabled.
Fri Jul 19 23:11:25 2024 -> HTML support enabled.
Fri Jul 19 23:11:25 2024 -> XMLDOCS support enabled.
Fri Jul 19 23:11:25 2024 -> HWP3 support enabled.
Fri Jul 19 23:11:25 2024 -> OneNote support enabled.
Fri Jul 19 23:11:25 2024 -> Self checking every 1800 seconds.
Then I tried the same with the 8.3 names of the pathes of ClamAV but this doesn't work either:

Fri Jul 19 23:27:26 2024 -> +++ Started at Fri Jul 19 23:27:26 2024
Fri Jul 19 23:27:26 2024 -> Received 0 file descriptor(s) from systemd.
Fri Jul 19 23:27:26 2024 -> clamd daemon 1.3.1 (OS: Windows, ARCH: AMD64, CPU: AMD64)
Fri Jul 19 23:27:26 2024 -> Log file size limited to 1048576 bytes.
Fri Jul 19 23:27:26 2024 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Fri Jul 19 23:27:26 2024 -> Not loading PUA signatures.
Fri Jul 19 23:27:26 2024 -> Bytecode: Security mode set to "TrustSigned".
Fri Jul 19 23:27:46 2024 -> +++ Started at Fri Jul 19 23:27:46 2024
Fri Jul 19 23:27:46 2024 -> Received 0 file descriptor(s) from systemd.
Fri Jul 19 23:27:46 2024 -> clamd daemon 1.3.1 (OS: Windows, ARCH: AMD64, CPU: AMD64)
Fri Jul 19 23:27:46 2024 -> Log file size limited to 1048576 bytes.
Fri Jul 19 23:27:46 2024 -> Reading databases from C:\PROGRA~2\SMARTE~1\SMARTE~1\Service\Clam\share\clamav
Fri Jul 19 23:27:46 2024 -> Not loading PUA signatures.
Fri Jul 19 23:27:46 2024 -> Bytecode: Security mode set to "TrustSigned".
0
Stefan Mössner Replied
7/24/2024 at 12:28 AM
With build 8971 which was released today there's no change regarding this issue :-(.
0
Mars _ Replied
7/24/2024 at 2:25 AM
Upgraded an server from 8601 to Build 8965 (Jul 18, 2024) yesterday - 
same problem again.
The conf files from the working server and faulty are identical.
The only difference I can see is that under Settings - Antivirus the last update time/date is missing (e.g. "Virus definitions last updated 7/24/24 at 10:15 AM.")
0
Patrick Jeski Replied
7/24/2024 at 7:59 AM
I just updated to 8971. I just started getting this error after updating. I don't think it's related to the issue from a while back that kevind pointed to above.
0
Patrick Jeski Replied
7/24/2024 at 8:16 AM
OK, I turned on "ClamAV is on a remote server" with (127.0.0.1, 3310) and sent an email:
11:12:25.565 [11688001] Delivery started for [me] at 11:12:25 AM
11:12:28.572 [11688001] Added to SpamCheckQueue (1 queued; 0/30 processing)
11:12:28.572 [11688001] [SpamCheckQueue] Begin Processing.
11:12:28.574 [11688001] Blocked Sender Checks started.
11:12:28.637 Detected successful ClamAV result. ClamAV is marked as functional.
11:12:28.656 [11688001] Spam Checks started.
11:12:28.656 [11688001] Spam Checks skipped: User authenticated
11:12:28.656 [11688001] Spam Checks completed.
11:12:28.656 [11688001] Removed from SpamCheckQueue (0 queued or processing)

So ClamAV worked. Then I set it back to local and sent the same email:
11:13:34.786 [11688003] ClamD Checks error: No connection could be made because the target machine actively refused it. | error


When you set remote server on, you get a warning:
Unable to obtain virus definitions for a disabled or remote ClamAV server.
0
Matt Petty Replied
7/24/2024 at 12:49 PM
Employee Post
We've got a fix for Clam on Windows when using "local". Our update yesterday did not cause this issue. It will be in the next update.

We've got code that will automatically reboot clam if we detect too many issues and that's what is causing the restarting behavior mentioned above.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Stefan Mössner Replied
7/24/2024 at 1:22 PM
But after some restarts ClamAV won' tbe started any more.
2
Stefan Mössner Replied
7/26/2024 at 9:02 AM
With build 8972 (25.07.2024) the ClamAV seems to be solved. So far I have no issues :-).
0
Nick Tsif Replied
7/28/2024 at 12:52 AM
For me also no more problems of clamav with Build 8972 (Jul 25, 2024).

Thanks you support team
0
Stefan Mössner Replied
8/2/2024 at 8:26 AM
And with build 8979 (Aug. 1, 2024) ClamAV has the same issue again :-(.
0
Patrick Jeski Replied
8/2/2024 at 12:08 PM
I'm not seeing clam issues with 8979.
0
Stefan Mössner Replied
8/5/2024 at 1:01 PM
I now reinstalled SmarterMail and deleted the ClamAV folder C:\Program Files (x86)\SmarterTools\SmarterMail\Service\Clam before installing SmarterMail.

For now, ClamAV is running. I will see if this will be a stable situation.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

ClamAV 3310 Errors in Delivery LogsSmarterMail > Troubleshooting
Reducing ClamAV False PositivesSmarterMail > Troubleshooting
Messages to Yahoo! Emails are Temporarily DeferredSmarterMail > Troubleshooting
Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
500 Error After Upgrading to the Latest BuildSmarterMail > Troubleshooting