Recently I noticed that on all my new installs of Virtualmin I am unable to enable ClamAV server scanner (clamd). When I click the run clamAV server scanner button during the initial setup it takes longer than usual, then it pops up this error message

A problem occurred testing the ClamAV server scanner :
ERROR: Clamd is not configured properly.

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)

The only way around it that I can think of right now is just disabling clamd and moving on.

Patrick

Hi Patrick – what distro is it that you’re using?

-Eric

Sorry for the delayed response, I am using this with the latest version of CentOS 5.

Patrick

Okay, so when attempting to launch ClamAV, what errors show up in your mail log – that’s in /var/log/maillog?

Also, what do you get when typing this:

rpm -qa | grep clamav

Running through virtualmin postinstall I got stuck at the following after trying to enable clamd.

A problem occurred testing the ClamAV server scanner :
ERROR: Clamd is not configured properly.

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)

I also tried the following command at the command line: /etc/init.d/clamd-virtualmin start
I got the following output from it:
Starting clamd.virtualmin: ERROR: Please define server type (local and/or TCP).

After performing the above here is the output from maillog on this new install

May 26 16:06:08 localhost dovecot: Dovecot v1.0.7 starting up
May 26 16:06:08 localhost dovecot: Generating Diffie-Hellman parameters for the first time. This may take a while…
May 26 16:06:09 localhost spamd[2476]: logger: removing stderr method
May 26 16:06:09 localhost sendmail[2495]: alias database /etc/aliases rebuilt by root
May 26 16:06:09 localhost sendmail[2495]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
May 26 16:06:09 localhost sendmail[2500]: starting daemon (8.13.8): SMTP+queueing@01:00:00
May 26 16:06:09 localhost sm-msp-queue[2514]: starting daemon (8.13.8): queueing@01:00:00
May 26 16:06:10 localhost spamd[2478]: Error creating a DNS resolver socket: Network is unreachable at /usr/lib/perl5/vendor_perl/5.8.8/Mail/SpamAssassin/DnsResolver.pm line 234.
May 26 16:06:10 localhost spamd[2478]: spamd: server started on port 783/tcp (running version 3.2.5)
May 26 16:06:10 localhost spamd[2478]: spamd: server pid: 2478
May 26 16:06:10 localhost spamd[2478]: spamd: server successfully spawned child process, pid 2529
May 26 16:06:10 localhost spamd[2478]: spamd: server successfully spawned child process, pid 2530
May 26 16:06:10 localhost spamd[2478]: prefork: child states: II
May 26 16:06:25 localhost dovecot: ssl-build-param: SSL parameters regeneration completed
May 26 16:12:32 localhost spamd[2478]: spamd: server killed by SIGTERM, shutting down
May 26 16:12:32 localhost dovecot: Killed with signal 15
May 26 16:13:59 newserver dovecot: Dovecot v1.0.7 starting up
May 26 16:13:59 newserver spamd[2388]: logger: removing stderr method
May 26 16:13:59 newserver sendmail[2407]: alias database /etc/aliases rebuilt by root
May 26 16:13:59 newserver sendmail[2407]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
May 26 16:13:59 newserver sendmail[2412]: starting daemon (8.13.8): SMTP+queueing@01:00:00
May 26 16:13:59 newserver sm-msp-queue[2420]: starting daemon (8.13.8): queueing@01:00:00
May 26 16:14:01 newserver spamd[2390]: spamd: server started on port 783/tcp (running version 3.2.5)
May 26 16:14:01 newserver spamd[2390]: spamd: server pid: 2390
May 26 16:14:01 newserver spamd[2390]: spamd: server successfully spawned child process, pid 2512
May 26 16:14:01 newserver spamd[2390]: spamd: server successfully spawned child process, pid 2513
May 26 16:14:01 newserver spamd[2390]: prefork: child states: II
May 26 16:17:47 newserver postfix/postfix-script: starting the Postfix mail system
May 26 16:17:47 newserver postfix/master[7051]: daemon started – version 2.3.3, configuration /etc/postfix
May 26 16:18:09 newserver postfix/smtpd[8164]: connect from localhost[127.0.0.1]
May 26 16:18:09 newserver postfix/smtpd[8164]: F18DC53E012A: client=localhost[127.0.0.1]
May 26 16:18:09 newserver postfix/cleanup[8167]: F18DC53E012A: message-id=mailman.0.1274905088.8055.mailman@newserver.newserver.com
May 26 16:18:10 newserver postfix/qmgr[7055]: F18DC53E012A: from=mailman-bounces@newserver.newserver.com, size=2153, nrcpt=1 (queue active)
May 26 16:18:10 newserver postfix/smtpd[8164]: disconnect from localhost[127.0.0.1]
May 26 16:18:10 newserver postfix/local[8168]: F18DC53E012A: to=root@newserver.newserver.com, relay=local, delay=0.45, delays=0.1/0.01/0/0.34, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
May 26 16:18:10 newserver postfix/qmgr[7055]: F18DC53E012A: removed
May 26 16:21:10 newserver postfix/pickup[7054]: A414353E012C: uid=0 from=
May 26 16:21:10 newserver postfix/cleanup[14542]: A414353E012C: message-id=20100526202110.A414353E012C@newserver.newserver.com
May 26 16:21:10 newserver postfix/qmgr[7055]: A414353E012C: from=root@newserver.newserver.com, size=1015, nrcpt=1 (queue active)
May 26 16:21:11 newserver postfix/local[14578]: A414353E012C: to=root@newserver.newserver.com, orig_to=, relay=local, delay=3.5, delays=2.7/0/0/0.77, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
May 26 16:21:11 newserver postfix/qmgr[7055]: A414353E012C: removed

Output from requested command: rpm -qa | grep clamav

clamav-filesystem-0.96-1.vm.el5
clamav-0.96-1.vm.el5
clamav-server-sysv-0.96-1.vm.el5
clamav-data-0.96-1.vm.el5
clamav-server-0.96-1.vm.el5
clamav-update-0.96-1.vm.el5
clamav-lib-0.96-1.vm.el5

Thanks!

For your viewing pleasure I have repasted the output from maillog on pastebin as it didn’t come out too pretty in the forum.

http://pastebin.com/sZ5Tqurb

Poking around on Google, this seems to come up with recently upgraded ClamAV instances. I’m not sure why it didn’t come up previously, perhaps a default changed along the way

However, ClamAV wants to to be told where exactly to listen it seems like…

In your /etc/clamav.conf file, what is “LocalSocket” set to?

-Eric

There isn’t a clamav.conf but there is a clamd.conf. Here is what I found relating to LockSocket in that file

Path to a local socket file the daemon will listen on.

Default: disabled (must be specified by a user)

#LocalSocket /var/run/clamd.virtualmin/clamd.sock

Sets the group ownership on the unix socket.

Default: disabled (the primary group of the user running clamd)

#LocalSocketGroup virusgroup

Sets the permissions on the unix socket to the specified mode.

Default: disabled (socket is world accessible)

#LocalSocketMode 660

Try uncommenting those lines related to the LocalSocket, and then restart ClamAV… does it launch with an error at that point?

-Eric

Uncomenting those lines gives me the following error in virtualmin

A problem occurred testing the ClamAV server scanner :
ERROR: Can’t connect to clamd: Connection refused

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)

Trying to start it from command line I get this error
/etc/init.d/clamd-virtualmin start
Starting clamd.virtualmin: ERROR: Unknown group virusgroup
[FAILED]

So I changed the group from virusgroup to clamav (which does exist) then I get this error

/etc/init.d/clamd-virtualmin start
Starting clamd.virtualmin: ERROR: Failed to change socket ownership to group clamav

                                                       [FAILED]

I changed it back to virusgroup for now

Hi,

I uncommented these 2 lines:

And it started working…

That did the trick, thanks!! Is there anyway we can get this incorporated into the installer’s procedure to save time? Currently I have to get all the way to that step and let it generate the clamav.conf before I can modify it.