Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
On Thu, 2018-02-01 at 07:51 -0800, Dennis Peterson wrote: > Use the nc tool to connect to that port. If you get a connection then > type PING. > It should return PONG and disconnect. If that doesn't happen you have > a config > misunderstanding. > > dp > Dennis, Reindl, Benny, Kris - It's working now. On start of sudo clamav-daemon start I see in my syslog TCP: Received AF_INET SOCK_STREAM socket from systemd I believe the changes I made to /etc/systemd/system/clamav- daemon.socket.d/extend.conf made the difference which were shown here - https://serverfault.com/questions/798587/debian-8-cant-get-clamav-to- listen-on-tcp-3310 fixed it. [Socket] ListenStream=/var/lib/clamav/clamd.socket ListenStream=127.0.0.1:3310 SocketUser=clamav SocketGroup=clamav And these changes to /lib/systemd/system/clamav-daemon.socket [Unit] Description=Socket for Clam AntiVirus userspace daemon Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang /en/doc/ # Check for database existence ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} [Socket] #ListenStream=/run/clamav/clamd.ctl #ListenStream=/var/lib/clamav/clamd.socket #ListenStream=127.0.0.1:3310 SocketUser=clamav SocketGroup=clamav RemoveOnStop=True [Install] WantedBy=sockets.target And when running the check for the SaneSecurity unofficial sigs after downloading updates it's back to reloading the database. = Update(s) detected, reloaded ClamAV databases = I want to thank all of you for chiming in with what to check and possible fixes. Not sure why this upgrade went south this time it should have been as all the others, just upgrade, restart and you're back to running again. > On 2/1/18 6:49 AM, Chris wrote: > > > > First of all regarding my previous post - "Cannot connect to unix > > socket '/var/lib/clamav/clamd.socket': connect: No such file or > > directory" on Tuesday, I at least have that working. However, now > > whenever an update is done to a database I'm seeing - ERROR: > > NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection > > refused. This is: > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 16:47:58 up 21 min, 1 user, load average: 0.96, 0.88, 1.48 Description:Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic signature.asc Description: This is a digitally signed message part ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Am 01.02.2018 um 19:49 schrieb Chris: I'm not sure if that's correct or not since I never had a reason to monitor the start of the clamav-daemon before. Doing more Googling I came across https://serverfault.com/questions/798587/debian-8-cant-get- clamav-to-listen-on-tcp-3310 which is somewhat like my issue. It mentions "Comment out all ListenStream= in /lib/systemd/system/clamav- daemon.socket." why don't you just disable all the socket-activation stuff and just ordinary enable and start apure clamd-service as it is? given that clamd needs a lot of time at startup to initialize the signatures what is the point of socket-activation at all?! ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Chris wrote: Using nc -l 3310 in one terminal and nc 127.0.0.1 3310 I get: nc -l 3310 test this is a test nc 127.0.0.1 3310 test this is a test So, IIUC I can talk to port 3310 with 127.0.0.1 or am I incorrect? nc -l should have returned an error if clamd was actually listening on that port. TCP communication is working, but based on this log line from your earlier post: Jan 30 19:12:39 localhost clamd[22830]: TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd. you have an issue with how clamd is started from systemd - basically, systemd needs to be told to set up a TCP socket as well as (instead of? don't know if it's possible to use both) the local UNIX socket. -kgd ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
On Thu, 2018-02-01 at 18:28 +0100, Reindl Harald wrote: > > Am 01.02.2018 um 18:23 schrieb Chris: > > > > nc -zv 127.0.0.1 3300-3400 > > nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused > > nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused > > > > Odd that in all the years I've run ClamAV with the same settings > > I've > > not had this problem. > > > > Using nc -l 3310 in one terminal and nc 127.0.0.1 3310 I get: > > > > nc -l 3310 > > test > > this is a test > smells like SELinux preventing the client to connect to a non- > default > port while it still don't explain teh different results of "nc" I see this in syslog when restarting the daemon with sudo /etc/init.d/clamav-daemon restart: TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd. LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd. I'm not sure if that's correct or not since I never had a reason to monitor the start of the clamav-daemon before. Doing more Googling I came across https://serverfault.com/questions/798587/debian-8-cant-get- clamav-to-listen-on-tcp-3310 which is somewhat like my issue. It mentions "Comment out all ListenStream= in /lib/systemd/system/clamav- daemon.socket." [Unit] Description=Socket for Clam AntiVirus userspace daemon Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang /en/doc/ # Check for database existence ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc} ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc} [Socket] #ListenStream=/run/clamav/clamd.ctl #ListenStream=/var/lib/clamav/clamd.socket #ListenStream=127.0.0.1:3310 SocketUser=clamav SocketGroup=clamav RemoveOnStop=True [Install] WantedBy=sockets.target Then Add your own ListenStream= line(s) in /etc/systemd/system/clamav- daemon.socket.d/extend.conf [Socket] ListenStream=/var/lib/clamav/clamd.socket ListenStream=127.0.0.1:3310 SocketUser=clamav SocketGroup=clamav Not sure if this change will work or not as I'm waiting now for either an update from freshclam or from the unofficial rules site. -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 12:35:34 up 1 day, 19:18, 1 user, load average: 0.89, 0.60, 0.48 Description:Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic signature.asc Description: This is a digitally signed message part ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
If you can successfully run nc -l 3310 then clamd is not using the port. Check lsof -i |grep clam and examine the clamd.conf file. Something you're sure of is wrong. dp On 2/1/18 9:23 AM, Chris wrote: On Thu, 2018-02-01 at 07:51 -0800, Dennis Peterson wrote: Use the nc tool to connect to that port. If you get a connection then type PING. It should return PONG and disconnect. If that doesn't happen you have a config misunderstanding. dp Thanks Dennis, I used nc -zv to try and connect to port 3310 with 127.0.0.1 as per my settings: nc -zv 127.0.0.1 3300-3400 nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused Odd that in all the years I've run ClamAV with the same settings I've not had this problem. Using nc -l 3310 in one terminal and nc 127.0.0.1 3310 I get: nc -l 3310 test this is a test nc 127.0.0.1 3310 test this is a test So, IIUC I can talk to port 3310 with 127.0.0.1 or am I incorrect? On 2/1/18 6:49 AM, Chris wrote: First of all regarding my previous post - "Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory" on Tuesday, I at least have that working. However, now whenever an update is done to a database I'm seeing - ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused. This is: ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Chris skrev den 2018-02-01 18:23: nc -zv 127.0.0.1 3300-3400 nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused clamd does not listen by default on inet, its default only unix socket if you want both, configure it :=) see clamd.conf more help ?, clamconf output for clamd.conf ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Am 01.02.2018 um 18:23 schrieb Chris: nc -zv 127.0.0.1 3300-3400 nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused Odd that in all the years I've run ClamAV with the same settings I've not had this problem. Using nc -l 3310 in one terminal and nc 127.0.0.1 3310 I get: nc -l 3310 test this is a test smells like SELinux preventing the client to connect to a non-default port while it still don't explain teh different results of "nc" ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
On Thu, 2018-02-01 at 07:51 -0800, Dennis Peterson wrote: > Use the nc tool to connect to that port. If you get a connection then > type PING. > It should return PONG and disconnect. If that doesn't happen you have > a config > misunderstanding. > > dp Thanks Dennis, I used nc -zv to try and connect to port 3310 with 127.0.0.1 as per my settings: nc -zv 127.0.0.1 3300-3400 nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused Odd that in all the years I've run ClamAV with the same settings I've not had this problem. Using nc -l 3310 in one terminal and nc 127.0.0.1 3310 I get: nc -l 3310 test this is a test nc 127.0.0.1 3310 test this is a test So, IIUC I can talk to port 3310 with 127.0.0.1 or am I incorrect? > > On 2/1/18 6:49 AM, Chris wrote: > > > > First of all regarding my previous post - "Cannot connect to unix > > socket '/var/lib/clamav/clamd.socket': connect: No such file or > > directory" on Tuesday, I at least have that working. However, now > > whenever an update is done to a database I'm seeing - ERROR: > > NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection > > refused. This is: > > > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 11:12:38 up 1 day, 17:55, 1 user, load average: 0.63, 0.86, 1.18 Description:Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic signature.asc Description: This is a digitally signed message part ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Use the nc tool to connect to that port. If you get a connection then type PING. It should return PONG and disconnect. If that doesn't happen you have a config misunderstanding. dp On 2/1/18 6:49 AM, Chris wrote: First of all regarding my previous post - "Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory" on Tuesday, I at least have that working. However, now whenever an update is done to a database I'm seeing - ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused. This is: ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
First of all regarding my previous post - "Cannot connect to unix socket '/var/lib/clamav/clamd.socket': connect: No such file or directory" on Tuesday, I at least have that working. However, now whenever an update is done to a database I'm seeing - ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused. This is: apt-cache policy clamav clamav: Installed: 0.99.3+addedllvm-0ubuntu0.16.04.1 Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1 apt-cache policy clamav-daemon clamav-daemon: Installed: 0.99.3+addedllvm-0ubuntu0.16.04.1 Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1 apt-cache policy clamav-freshclam clamav-freshclam: Installed: 0.99.3+addedllvm-0ubuntu0.16.04.1 Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1 Here are all my configuration files: https://pastebin.com/f5xfDRHv Any assistance would be appreciated. -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 08:00:30 up 1 day, 14:43, 1 user, load average: 0.76, 0.81, 1.15 Description:Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic signature.asc Description: This is a digitally signed message part ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml