If the clamd daemon is local to the mailscanner machine I would recommend
switching to a unix socket instead of tcp. Set it in your clamd.conf and
then mirror the path and filename in the MailScanner.config such as
Clamd Socket = /tmp/clamd

Also I attached a small perl script that will check clamd and make sure it's
both up and running and capable of responding (the PING/PONG)
anything you can use to monitor program result codes can use this as it
returns 0 for OK and 1 for any issues, you can also have it log to mail|info
if you want to use a log file analizer and just call it from cron ever min
or so, there is very, very little overhead

Rick Cooper

_____

From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Paul Welsh
Sent: Tuesday, August 26, 2014 4:57 PM
To: MailScanner discussion
Subject: Clamd error messages since last week


Running MailScanner 4.84.5 on CentOS 6.5 with ClamAV 0.98.3/19312/Tue Aug 26
15:54:25 2014.

Starting Aug 22 15:30 I started getting these type of messages in maillog:
MailScanner[6035]: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND
RESTARTING DAEMON :: .


Seeing this kind of thing in maillog:
Aug 26 18:59:18 mail MailScanner[16465]: New Batch: Scanning 1 messages,
15192 bytes
Aug 26 18:59:19 mail MailScanner[16465]: Virus and Content Scanning:
Starting
Aug 26 18:59:19 mail MailScanner[16465]: Clamd::ERROR:: COULD NOT CONNECT TO
CLAMD, RECOMMEND RESTARTING DAEMON :: .
Aug 26 18:59:19 mail MailScanner[16465]: Virus Scanning: Clamd found 1
infections
Aug 26 18:59:20 mail MailScanner[16465]: Virus Scanning: Found 1 viruses
Aug 26 18:59:20 mail MailScanner[16465]: Spam Checks: Starting

The "found 1 infections" is a false alarm.

Not happening all the time but when the server is busier, eg, few or no
errors over the weekend.

I'm checking the maillog hourly and restarting it with:
/etc/init.d/clamd start


Anyone else come across this problem?

Some settings from clamd.conf:
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
MaxThreads 50

Likewise from MailScanner.conf:
Clamd Port = 3310
Clamd Socket = /var/run/clamav/clamd.sock
Clamd Lock File = # /var/lock/subsys/clamd
Clamd Use Threads = yes

Might the Use Threads setting be worth changing?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140826/4015a38a/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PingClamd.pl
Type: application/octet-stream
Size: 5693 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140826/4015a38a/attachment.obj

One update. Installed ClamAV 0.98.4 so will see if that changes anything...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140827/b3cef79b/attachment.html

Thanks for responding, Rick. Seems to be setup that way already though:

# grep 'Clamd Socket' /etc/MailScanner/MailScanner.conf
Clamd Socket = /var/run/clamav/clamd.sock

# grep LocalSocket /etc/clamd.conf
LocalSocket /var/run/clamav/clamd.sock

Suppose a reboot is the next step. Upgrading to ClamAV 0.98.4 made no
difference.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140829/9db082f9/attachment.html