Discussion:
[clamav-users] ERROR: NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection refused
Chris
2018-02-01 14:49:06 UTC
Permalink
First of all regarding my previous post - "Cannot connect to unix
socket '/var/lib/clamav/clamd.socket': connect: No such file or
directory" on Tuesday, I at least have that working. However, now
whenever an update is done to a database I'm seeing - ERROR:
NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection
refused. This is:

apt-cache policy clamav
clamav:
  Installed: 0.99.3+addedllvm-0ubuntu0.16.04.1
  Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1

apt-cache policy clamav-daemon
clamav-daemon:
  Installed: 0.99.3+addedllvm-0ubuntu0.16.04.1
  Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1

apt-cache policy clamav-freshclam
clamav-freshclam:
  Installed: 0.99.3+addedllvm-0ubuntu0.16.04.1
  Candidate: 0.99.3+addedllvm-0ubuntu0.16.04.1

Here are all my configuration files:

https://pastebin.com/f5xfDRHv

Any assistance would be appreciated.
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
08:00:30 up 1 day, 14:43, 1 user, load average: 0.76, 0.81, 1.15
Description: Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic
Dennis Peterson
2018-02-01 15:51:51 UTC
Permalink
Use the nc tool to connect to that port. If you get a connection then type PING.
It should return PONG and disconnect. If that doesn't happen you have a config
misunderstanding.

dp
Post by Chris
First of all regarding my previous post - "Cannot connect to unix
socket '/var/lib/clamav/clamd.socket': connect: No such file or
directory" on Tuesday, I at least have that working. However, now
NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact
Chris
2018-02-01 17:23:24 UTC
Permalink
Post by Dennis Peterson
Use the nc tool to connect to that port. If you get a connection then
type PING. 
It should return PONG and disconnect. If that doesn't happen you have
a config 
misunderstanding.
dp
Thanks Dennis, I used nc -zv to try and connect to port 3310 with
127.0.0.1 as per my settings:

nc -zv 127.0.0.1 3300-3400
nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused

Odd that in all the years I've run ClamAV with the same settings I've 
not had this problem. 

Using nc -l 3310 in one terminal and nc 127.0.0.1 3310 I get:

nc -l 3310
test
this is a test

 nc 127.0.0.1 3310
test
this is a test

So, IIUC I can talk to port 3310 with 127.0.0.1 or am I incorrect?
Post by Dennis Peterson
Post by Chris
First of all regarding my previous post - "Cannot connect to unix
socket '/var/lib/clamav/clamd.socket': connect: No such file or
directory" on Tuesday, I at least have that working. However, now
NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
11:12:38 up 1 day, 17:55, 1 user, load average: 0.63, 0.86, 1.18
Description: Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic
Reindl Harald
2018-02-01 17:28:11 UTC
Permalink
Post by Chris
nc -zv 127.0.0.1 3300-3400
nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused
Odd that in all the years I've run ClamAV with the same settings I've
not had this problem.
nc -l 3310
test
this is a test
smells like SELinux preventing the client to connect to a non-default
port while it still don't explain teh different results of "nc"
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Chris
2018-02-01 18:49:56 UTC
Permalink
Post by Reindl Harald
Post by Chris
nc -zv 127.0.0.1 3300-3400
nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused
Odd that in all the years I've run ClamAV with the same settings I've
not had this problem.
nc -l 3310
test
this is a test
smells like SELinux preventing the client to connect to a non-
default 
port while it still don't explain teh different results of "nc"
I see this in syslog when restarting the daemon with sudo
/etc/init.d/clamav-daemon restart:

TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket received from systemd.
LOCAL: Received AF_UNIX SOCK_STREAM socket from systemd.

I'm not sure if that's correct or not since I never had a reason to
monitor the start of the clamav-daemon before. Doing more Googling I
came across https://serverfault.com/questions/798587/debian-8-cant-get-
clamav-to-listen-on-tcp-3310 which is somewhat like my issue. It
mentions "Comment out all ListenStream= in /lib/systemd/system/clamav-
daemon.socket." 

[Unit]
Description=Socket for Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang
/en/doc/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Socket]
#ListenStream=/run/clamav/clamd.ctl
#ListenStream=/var/lib/clamav/clamd.socket
#ListenStream=127.0.0.1:3310
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True

[Install]
WantedBy=sockets.target

Then Add your own ListenStream= line(s) in /etc/systemd/system/clamav-
daemon.socket.d/extend.conf

[Socket]
ListenStream=/var/lib/clamav/clamd.socket
ListenStream=127.0.0.1:3310
SocketUser=clamav
SocketGroup=clamav

Not sure if this change will work or not as I'm waiting now for either
an update from freshclam or from the unofficial rules site.
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
12:35:34 up 1 day, 19:18, 1 user, load average: 0.89, 0.60, 0.48
Description: Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic
Reindl Harald
2018-02-01 18:55:36 UTC
Permalink
Post by Chris
I'm not sure if that's correct or not since I never had a reason to
monitor the start of the clamav-daemon before. Doing more Googling I
came across https://serverfault.com/questions/798587/debian-8-cant-get-
clamav-to-listen-on-tcp-3310 which is somewhat like my issue. It
mentions "Comment out all ListenStream= in /lib/systemd/system/clamav-
daemon.socket."
why don't you just disable all the socket-activation stuff and just
ordinary enable and start apure clamd-service as it is?

given that clamd needs a lot of time at startup to initialize the
signatures what is the point of socket-activation at all?!
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
Benny Pedersen
2018-02-01 18:34:56 UTC
Permalink
Post by Chris
nc -zv 127.0.0.1 3300-3400
nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused
clamd does not listen by default on inet, its default only unix socket

if you want both, configure it :=)

see clamd.conf

more help ?, clamconf output for clamd.conf
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Dennis Peterson
2018-02-01 18:40:51 UTC
Permalink
If you can successfully run nc -l 3310 then clamd is not using the port. Check
lsof -i |grep clam and examine the clamd.conf file. Something you're sure of is
wrong.

dp
Post by Chris
Post by Dennis Peterson
Use the nc tool to connect to that port. If you get a connection then type PING.
It should return PONG and disconnect. If that doesn't happen you have a config
misunderstanding.
dp
Thanks Dennis, I used nc -zv to try and connect to port 3310 with
nc -zv 127.0.0.1 3300-3400
nc: connect to 127.0.0.1 port 3300 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3301 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3302 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3303 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3304 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3305 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3306 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3307 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3308 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3309 (tcp) failed: Connection refused
nc: connect to 127.0.0.1 port 3310 (tcp) failed: Connection refused
Odd that in all the years I've run ClamAV with the same settings I've
not had this problem.
nc -l 3310
test
this is a test
 nc 127.0.0.1 3310
test
this is a test
So, IIUC I can talk to port 3310 with 127.0.0.1 or am I incorrect?
Post by Dennis Peterson
Post by Chris
First of all regarding my previous post - "Cannot connect to unix
socket '/var/lib/clamav/clamd.socket': connect: No such file or
directory" on Tuesday, I at least have that working. However, now
NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact
Kris Deugau
2018-02-01 18:53:38 UTC
Permalink
Post by Chris
nc -l 3310
test
this is a test
 nc 127.0.0.1 3310
test
this is a test
So, IIUC I can talk to port 3310 with 127.0.0.1 or am I incorrect?
nc -l should have returned an error if clamd was actually listening on
that port.

TCP communication is working, but based on this log line from your
earlier post:

Jan 30 19:12:39 localhost clamd[22830]: TCP: No tcp AF_INET/AF_INET6
SOCK_STREAM socket received from systemd.

you have an issue with how clamd is started from systemd - basically,
systemd needs to be told to set up a TCP socket as well as (instead of?
don't know if it's possible to use both) the local UNIX socket.

-kgd
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrta
Chris
2018-02-01 23:02:33 UTC
Permalink
Post by Dennis Peterson
Use the nc tool to connect to that port. If you get a connection then
type PING. 
It should return PONG and disconnect. If that doesn't happen you have
a config 
misunderstanding.
dp
Dennis, Reindl, Benny, Kris - It's working now. On start of sudo
clamav-daemon start I see in my syslog

TCP: Received AF_INET SOCK_STREAM socket from systemd

I believe the changes I made to /etc/systemd/system/clamav-
daemon.socket.d/extend.conf made the difference which were shown here
- https://serverfault.com/questions/798587/debian-8-cant-get-clamav-to-
listen-on-tcp-3310 fixed it.

[Socket]
ListenStream=/var/lib/clamav/clamd.socket
ListenStream=127.0.0.1:3310
SocketUser=clamav
SocketGroup=clamav

And these changes to /lib/systemd/system/clamav-daemon.socket

[Unit]
Description=Socket for Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang
/en/doc/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Socket]
#ListenStream=/run/clamav/clamd.ctl
#ListenStream=/var/lib/clamav/clamd.socket
#ListenStream=127.0.0.1:3310
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True

[Install]
WantedBy=sockets.target

And when running the check for the SaneSecurity unofficial sigs after
downloading updates it's back to reloading the database.

= Update(s) detected, reloaded ClamAV databases =

I want to thank all of you for chiming in with what to check and
possible fixes. Not sure why this upgrade went south this time it
should have been as all the others, just upgrade, restart and you're
back to running again.
Post by Dennis Peterson
Post by Chris
First of all regarding my previous post - "Cannot connect to unix
socket '/var/lib/clamav/clamd.socket': connect: No such file or
directory" on Tuesday, I at least have that working. However, now
NotifyClamd: Can't connect to clamd on 127.0.0.1:3310: Connection
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
16:47:58 up 21 min, 1 user, load average: 0.96, 0.88, 1.48
Description: Ubuntu 16.04.3 LTS, kernel 4.13.0-32-generic
Loading...