Clamav: no route to host

Help! (Home for newbies)
1
SYSTEM INFORMATION
OS type and version Ubuntu 24.04
Virtualmin version 7.30.8

I want to setup a remote server that runs clamav and spamassassin. I followed this guide to setup the server exactly as prescribed but when I send a mail to an account on my server, I get this error in the logs

ERROR: Could not connect to clamd on [IP of ClamAV Server]: No route to host

and same error is returned by spamd. I have opened port 783 and 3310 in the firewall and in webmin’s Firewalld as well on both servers.

What am I doing wrong?

2

Silly me. I didn’t reload FirewallD after adding the rules. After reload, the connection can be established for spamd however clamav is stil not working.

telnet [IP of server] 3310 returns error “Connection refused”.

I’m not sure what’s blocking the connection.

3

We have NO idea what the remote server is running. Clam av could be working with a socket instead of a port for all we know.

4

According to the instructions in the guide that I linked to, I setup a fresh server (ubuntu 24.04) and installed virtualmin on it. And did the changes in clamd.conf.

Can you please tell me how I can diagnose this issue?

5

Hmm… Doesn’t match well with my install.
try
netstat -ap |grep clam

If it isn’t listening on the correct port

systemctl restart clamav-daemon
then
systemctl status clamav-daemon

It would seem it isn’t listening on the correct port or there is maybe an intervening firewall not on either machine?

6

This is the output of that command

unix  3      [ ]         STREAM     CONNECTED     7636     693/clamd            
unix  2      [ ACC ]     STREAM     LISTENING     6964     1/init               /run/clamav/clamd.ctl
unix  3      [ ]         STREAM     CONNECTED     8786     1012/freshclam

Is 6964 the port?

The output of the status command after running restart is this

clamav-daemon.service - Clam AntiVirus userspace daemon
     Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/clamav-daemon.service.d
             └─extend.conf
     Active: active (running) since Tue 2025-06-03 21:20:06 IST; 7s ago
TriggeredBy: ● clamav-daemon.socket
       Docs: man:clamd(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
    Process: 34741 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
    Process: 34742 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
   Main PID: 34744 (clamd)
      Tasks: 1 (limit: 2268)
     Memory: 1.2G (peak: 1.2G)
        CPU: 7.148s
     CGroup: /system.slice/clamav-daemon.service
             └─34744 /usr/sbin/clamd --foreground=true

I’m only aware of 2 firewalls, one is the cloud one (provided by Linode) and other is FirewallD in Virtualmin. On both, I have opened 783 and 3310 ports. And like I said, spamd is working. Is there any other firewall on a fresh install?

7

I believe you are still on a socket and not port 3310.
This is my Debian clam.conf, well top of it.

#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible

I think we need to see your modified file on the second machine. Note, I am running on a socket, not a port.

8

Here’s my clamd.conf file

#Automatically Generated by clamav-daemon postinst
#To reconfigure clamd run #dpkg-reconfigure clamav-daemon
#Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
# TemporaryDirectory is not set to its default /tmp here to make overriding
# the default with environment variables TMPDIR/TMP/TEMP possible
User clamav
ScanMail true
ScanArchive true
ArchiveBlockEncrypted false
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
LogSyslog false
LogRotate true
LogFacility LOG_LOCAL6
LogClean false
LogVerbose false
PreludeEnable no
PreludeAnalyzerName ClamAV
DatabaseDirectory /var/lib/clamav
OfficialDatabaseOnly false
SelfCheck 3600
Foreground false
Debug false
ScanPE true
MaxEmbeddedPE 10M
ScanOLE2 true
ScanPDF true
ScanHTML true
MaxHTMLNormalize 10M
MaxHTMLNoTags 2M
MaxScriptNormalize 5M
MaxZipTypeRcg 1M
ScanSWF true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
ScanELF true
IdleTimeout 30
CrossFilesystems true
PhishingSignatures true
PhishingScanURLs true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
PartitionIntersection false
DetectPUA false
ScanPartialMessages false
HeuristicScanPrecedence false
StructuredDataDetection false
CommandReadTimeout 30
SendBufTimeout 200
MaxQueue 100
ExtendedDetectionInfo true
OLE2BlockMacros false
AllowAllMatchScan true
ForceToDisk false
DisableCertCheck false
DisableCache false
MaxScanTime 120000
MaxScanSize 100M
MaxFileSize 25M
MaxRecursion 16
MaxFiles 10000
MaxPartitions 50
MaxIconsPE 100
PCREMatchLimit 10000
PCRERecMatchLimit 5000
PCREMaxFileSize 25M
ScanXMLDOCS true
ScanHWP3 true
MaxRecHWP3 16
StreamMaxLength 25M
LogFile /var/log/clamav/clamav.log
LogTime true
LogFileUnlock false
LogFileMaxSize 0
Bytecode true
BytecodeSecurity TrustSigned
BytecodeTimeout 60000
OnAccessMaxFileSize 5M
TCPSocket 3310

I only added the last line to it as per the guide. I think the guide may be outdated.

One more thing. I used ss -ltn command to list listening ports and I don’t see 3310 listed here. I do see 783 listed.

9

My guess is that since the socket is created first, that is what is used. My guess, and it is only a guess, is that it would work if you comment out the first 4 lines. It looks like that is where the socket is created.

LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
LocalSocketGroup clamav
LocalSocketMode 666
10

Didn’t work.

I then tried this (see last post) on another fresh install - lets call it server 3 - and now I seem to have clamd listening on 3310.

On my original server that needs to use clamd, I entered the IP address of server 3 and it has accepted it. I rechecked virtualmin configuration and it reports that clamav is installed and running.

How do I test it though?

11

@Jamie @Joe Guys, can you please check if this guide is up to date for Ubuntu 24 and are these the only steps required to make clamav work on a remote server? Or is there something missing or implied?

I ask because there were differences in spam assassin’s instructions but I got it working fairly easily. Clamav is giving a lot of pain though. I’ve done these on fresh installs but its not working.

12

That output shows clamd is only listening on a Unix socket. Try adding TCPAddr 0.0.0.0 to your clamd.conf file and restart the service.

Also, do you have port 3310/TCP opened on both servers?

13

Added the IP. I get this error on main server when configuring clamav to use remote server:

The selected virus scanning command does not work : No virus report produced - perhaps this is not a ClamAV program?

The ports are open as far as I can tell.

14

Thanks for the heads-up! We have updated the instructions to ensure they mention systems with systemd socket activation.

1 Like
15

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.