Clamdscan in CentOS 7


I have a problem regarding clam scan of our emails. Information about my system:

CentOS Linux release 7.0.1406 (Core) 

In Virtualmin configuration I have clamdscan as active option. It seems that clamdscan (wrapper) try to scan every mail, but in procmail logs I see this line at every incoming mail:
ERROR: Could not lookup (null): Servname not supported for ai_socktype

As far I understand this error is regarding clam scan, but I don’t know how to solve it.

Thank you for your time,
Catalin Bucur.


Is ClamAV working, and just producing that as a notice when it runs? Or is that an error that’s preventing it from working properly?


hi, i have the same problem on CentOS 7, at the moment you can choose the standalone (clamscan)

the server (clamdscan) doesn’t work, instead

If I click Save on “Spam and Virus Scanning”
it returns
STDIN: noreply from clamd…

so in procmail there is the error “ERROR: Could not lookup (null): Servname not supported for ai_socktype” while standalone has no issues… and regularly reports “Mode:Virus” as expected instead of “Mode:none”…

@andreychek: clamdscan it’s working if I run it from command line. But from procmail (in virtualmin solution) it gives me that error and it’s not scanning any message.

@7stars: I’ll try later standalone solution.

Thank you


We were talking to 7stars in IRC, and I believe he’s saying this is working now after restarting ClamAV.

b1cata, could you perhaps restart ClamAV, and/or issue a reboot? I’d be curious if that helps in your case.

If not, what is the output of this command:

ls -l /var/run/clamd.scan

hey, it’s not clear why this happens…
try to do this:

  1. Spam and Virus Scanning

  2. choose “Standalone scanner (clamscan)” and Save…

  3. Disable ClamAV Server

  4. Reenable ClamAV Server

  5. choose “Server scanner (clamdscan)” and Save…

let me know if this works for you
to me now it’s working and when someone sends a virus
you will see this on procmail.log:

procmail: Program failure (1) of “/etc/webmin/virtual-server/”
and then the rest with “Mode:Virus”

you can test the EICAR here

hope this helps

Hello again,

@7stars: I have done the same steps and you are right, now it’s working. I hope that procmail error message does not affect anything else. Last night I have tried clamscan option and it’s working too.

@andreychek: I have restarted many times, reboot etc, no effect. No I have finished another server in the same configuration. I was curious if I encounter the same error, and yes - it’s the same behaviour.

# ls -l /var/run/clamd.scan
total 0
srw-rw-rw- 1 clamscan clamscan 0 Jan 16 18:12 clamd.sock

I guess it’s a bug, but thank you for your help to solve this.

Catalin Bucur.

i did a little php script until someone understands what’s the source of the issue

so, if needed, first empty your procmail.log


<?php $string = "ai_socktype"; $file = "/var/log/procmail.log"; $content = file_get_contents($file);

if (strpos($content,$string) != false) {
//echo “yes”;
$to = “”;
$subject = “ClamAV not working”;
$message = “clamd is not working now, please do the steps you know”;
$headers = ‘From:’ . “\r\n” .
‘Reply-To:’ . “\r\n” .
‘X-Mailer: PHP/’ . phpversion();

mail($to, $subject, $message, $headers);
//alert me by email
//echo “not found”;


edit with your email account, save it as e.g. “ifclamerr.php”, upload it where you want, put this in crontab to be executed once a day (maybe in early morning, so when you wake up fix it easily…i think that’s enough) if you don’t want to be emailed by the crontab but from the script only when it finds the error, add >/dev/null 2>&1 at the end of the crontab line…

if clamd is not working you know what to do…


keep attention… it happens after every ClamAV update here on CentOS 7, tested now…

now running clamav-0.98.6-1.el7.x86_64

I was alerted by my script :wink: and had to do again…

I’m having the same problem on my fresh install on centos 7.
What I found is that I don’t need to do all the steps of the procedure describes by 7stars here , I just need to restart clamAV service and everything works fine !
But if I reboot the whole server, then it’s back to the previous behaviour. I’ll have to restart clamAV again to get it check emails.
What is strange is that everything looks fine after a server reboot, clamd is launched and healthy…

[root@ns1 ~]# ps ax | grep clamd
25029 ? Ssl 0:36 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes

So I don’t know why i get this in procmail log :

From Wed May 6 22:32:23 2015
Subject: DNSstuff Mail Server Test Center Anti-Virus Test Message [TestID 1]
Folder: /home/sam/Maildir/new/ 2875
Time:1430944345 User:sam Size:2931 Dest:/home/sam/Maildir/new/ Mode:None
ERROR: Could not lookup : Servname not supported for ai_socktype

But after a ClamAV restart I get what it should be :

From Fri May 8 22:27:44 2015
Subject: DNSstuff Mail Server Test Center Anti-Virus Test Message [TestID 1]
Folder: /home/sam/Maildir/.Virus/new/ 2561
Time:1431116866 User:sam Size:2618 Dest:/home/sam/Maildir/.Virus/new/ Mode:Virus
procmail: Program failure (1) of “/etc/webmin/virtual-server/”

Does anybody found something to solve this ? I’m a bit stuck to this point with my little knowledge, but I can do more investigation if someone can tell me a bit more where to search :wink:

ok, I can confirm that’s enough to restart the ClamAv server from Status…
but the issue is always there, after a clamav update or rebooted server…
nobody knows what’s the cause?

I think I have resolved this with:

# touch /var/run/clamd.scan/clamd.sock

chown clamscan: /var/run/clamd.scan/clamd.sock

chmod 660 /var/run/clamd.virtualmin/clamd.sock

then uncommented these lines in /etc/clamd.d/scan.conf:

PidFile /var/run/clamd.scan/
LocalSocket /var/run/clamd.scan/clamd.sock

this one is more specific: I have a Virtual Server for my server hostname and had to modify on /etc/postfix/ this line:

mydestination = $myhostname, localhost.$mydomain, localhost, servername

(‘servername’ is the short version of your hostname)


mydestination = localhost.$mydomain, localhost, servidor2

This is because “$myhostname” is already present in the Virtual Server so is already a local domain and having it on $mydestination var was causing issues.

for last:

systemctl restart postfix
systemctl restart clamd@scan.service

I could test this with:

clamdscan -c /etc/clamd.d/scan.conf /etc/hosts

prior the fix:

ERROR: Could not lookup (null): Servname not supported for ai_socktype

after the fix:

/etc/hosts: OK



Removing “$myhostname” from $mydestination variable, caused all the incoming messages to bounce back! Actually, I had to revert it to original string. The warning in the postfix logs are just because I had a Virtual Server with the same name of my server’s hostname. Since I’m not receiving e-mail on this domain, all I had to do was select the virtual server in Virtual > Edit Virtual Server > disabled Mail, Virus Scan, Spam scan, Mailman, then Save. This removed “” from the virtual alias table and the error in Postfix log gone away, and e-mail remained working fine! I hope it helps.

I had the same problem today, fresh installed system (Centos 7), didn’t touch anything,
yum update / disable selinux / reboot and
I just wget the install file and ran it.

On the step asking about ClamAV it was crashing with the same error.
“ERROR: Could not lookup (null): Servname not supported for ai_socktype”

Digging clam conf without luck.

After erasing all lines for ipv6 in /etc/hosts and made something like this:
ip-of-server hostname.domain hostname

it worked.

(Of course I don’t know which of these two really made the trick, the server line or erasing the IPv6 lines).

Anyway, that’s a fix, but I don’t know what happens if someone wants ipv6 :slight_smile:

This trick doesn’t work in my case…
I commented IPV6 lines in /etc/hosts and my line “ ns1” was already there…Rebooted and same behaviour : clamd running but not working (ai_socktype error)…Restarted clamd only and then eveything is working fine.
So I just need to remember to restart clamd after each reboot, that is my working trick since I have no other idea of what to do :wink:

I am bit lost here… I am on the same boat (Centos7)

Is there a permanent fix for this found or not yet?

Right, I believe I’ve solved this. I can’t guarantee that the root cause of this issue is the same on everyone’s server, so the same symptoms may not always require the same cure, but here was what was going on with two of my servers.

The symptom: When you run virus scanning on incoming email, and use clamd to scan rather than the standalone scanner, it fails to scan. You see the following entry in procmail.log: “ERROR: Could not lookup : Servname not supported for ai_socktype”
The trigger: Having fixed the problem, two things cause it to recur - (i) a server reboot, (ii) yum updating clamscan etc to a new version. (Simply restarting clamd@scan.service did not cause the problem, neither did updating the ClamAV signature files).
The way to get it working again: As in a post further up this thread. All in Virtualmin > Email Messages > Spam and Virus Scanning: (i) Set scanning back to the standalone; (ii) disable ClamAV server; (iii) enable ClamAV server; (iv) set scanning to use the “server scanner”.
The actual cause: Permissions. The socket for clamd is stored at /var/run/clamd.scan/clamd.sock. When you configure ClamAV for the first time, or reboot the server, the folder /var/run/clamd.scan is set to have permissions of 710. You can set the actual socket permissions in /etc/clam.d/scan.conf, but not the permissions for its containing folder. procmail will pass its scanning process to be run by the user of the mailbox receiving the message (i.e., Linux user username.domain). Unless that user is a member of the clamscan group, it won’t be able to enter the /var/run/clamd.scan folder, so it can’t access the socket. The painful route would be to add all mailbox users to the clamscan group. But the better solution is to set /var/run/clamd.scan to 755. The trouble is, a server reboot sees the folder permission revert to 710. [Why?]. Re-enabling “server scanner” in VirtualMin will reset the folder permissions to 755, but doing it manually is enough to get scanning working again.

I’ve just found this: Bug 1284253 - permissions on /var/run/clamd.scan directory should be 755 not 710

The above lengthy post explained the problem in some detail. For those wanting a TL;DR solution (with the usual warranty that I’m only pointing you in the right direction, and only you are responsible for what you do on your server :wink: ), run these two lines:

chmod 755 /var/run/clamd.scan
sed ‘s/710/755/’ /usr/lib/tmpfiles.d/clamd.scan.conf > /etc/tmpfiles.d/clamd.scan.conf

I have the same problem, during Post-Installation Wizard

I have a fresh latest Centos7.2 installation with the latest Virtualmin, and this problem is under Post-Installation Wizard.

How to fix it? any idea? Above solutions not working.


Just tested Debian with Virtualmin, and there is no problem with clamAV, so why Centos have tham problem? any idea?