Hi Reindl Harald I am not sure what is wrong with this upgrade/installation. But, here's the configuration I was using previously and is being used currently.
$ date Wed May 17 10:14:47 CDT 2017 $ cat /usr/local/etc/clamd.conf | grep -v "#" LogFile /var/log/clamav/clamd.log LogTime yes LogSyslog yes PidFile /var/run/clamav/clamd.pid LocalSocket /var/run/clamav/clamd.socket FixStaleSocket yes MaxThreads 40 MaxQueue 200 VirusEvent echo "ClamAV has detected %v" | /bin/mailx -s "[ClamAV] Detected %v" root User clamav PhishingScanURLs no $ cat /usr/local/etc/clamav-milter.conf | grep -v "#" MilterSocket /var/run/clamav/clamav-milter.socket User clamav PidFile /var/run/clamav/clamav-milter.pid ClamdSocket unix:/var/run/clamav/clamd.socket Whitelist /usr/local/etc/clamav-milter.whitelisted_addresses LogFile /var/log/clamav/clamav-milter.log LogTime yes LogSyslog yes $ cat /usr/local/etc/freshclam.conf | grep -v "#" UpdateLogFile /var/log/clamav/freshclam.log LogTime yes LogSyslog yes PidFile /var/run/clamav/freshclam.pid DatabaseOwner clamav DatabaseMirror db.us.clamav.net DatabaseMirror database.clamav.net Checks 48 OnUpdateExecute echo "ClamAV has succeeded at downloading a DB update" | /bin/mailx -s "[FreshClam] Succeeded" root OnErrorExecute echo "ClamAV has failed at downloading a DB update" | /bin/mailx -s "[FreshClam] Failed" root Thanks Kishore On Tue, May 16, 2017 at 10:07 PM, Kishore Pawar <mkpa...@gmail.com> wrote: > Thanks Carlos > > I see what you saying. I checked my previous sessions and I found the > below one from the 'Oct 2016' session where I see that the > clam-miller.socket is owned by clamav:clamav, where as my latest one is > owned by clamav:root. Is it causing the below error? If so how can I make > sure the socket gets proper permissions? > > ERROR: LOCAL: Socket file /var/run/clamav/clamd.socket is in use by > another process. > > # lsof | grep clamd.socket > clamd 22795 clamav 5u unix 0xc0000000712f4880 0t0 > 335900 /var/run/clamav/clamd.socket > > > Oct2016 > # ls -lrt /var/run/clamav > total 8 > srw-r--r--. 1 clamav clamav 0 Oct 24 2016 clamav-milter.socket > -rw-rw-r--. 1 clamav clamav 5 Oct 24 2016 clamav-milter.pid > -rw-rw----. 1 clamav clamav 5 Oct 24 2016 freshclam.pid > > > Latest > # ls -lrt /var/run/clamav > total 12 > srw-rw-rw-. 1 clamav clamav 0 May 16 21:40 clamd.socket > -rw-rw-r--. 1 clamav clamav 6 May 16 21:40 clamd.pid > srw-r--r--. 1 clamav root 0 May 16 21:40 clamav-milter.socket # > Not sure why it's not owned by clamav:clamav here > -rw-rw----. 1 clamav clamav 6 May 16 21:40 freshclam.pid > -rw-rw-r--. 1 clamav clamav 6 May 16 21:40 clamav-milter.pid > > > Thanks > ----------- > > IMHO rc.local is not the best place to put this at all... > > >* # clamd status *>* ERROR: LOCAL: Socket file > /var/run/clamav/clamd.socket is in use by another *>* process. * > You are calling clamd *daemon* with a "status" argument that it doesn't > recognize. > As you are using an init system you should use a init.d/rc.d script (like > "/etc/rc.d/clamav"). That script usually accepts a "status" argument, but > clamd (daemon) does not. > > Regards, > Carlos Velasco > > On Tue, May 16, 2017 at 9:55 AM, Kishore Pawar <mkpa...@gmail.com> wrote: > >> Hi Carlos Velasco >> >> Our RHEL 6.8 runs on an IBM Power 8 server(ppc64), for which we dont' >> have a ClamAV package. So I had to compile it from source. I have >> uninstalled the old version and installed the *ClamAV 0.99.2. * >> >> So I can confirm that I have only one instance running. Here's the >> detailed info. >> >> # which clamd >> /usr/local/sbin/clamd >> >> # whereis clamd >> clamd: /usr/local/sbin/clamd /usr/local/etc/clamd.conf >> >> # cat /etc/rc.d/rc.local >> #!/bin/sh >> # >> # This script will be executed *after* all the other init scripts. >> # You can put your own initialization stuff in here if you don't >> # want to do the full Sys V style init stuff. >> touch /var/lock/subsys/local >> /usr/local/sbin/clamd >> /usr/local/sbin/clamav-milter >> /usr/local/bin/freshclam -d >> >> # ps -ef | grep clamd >> clamav 6776 1 0 May15 ? 00:00:01 clamd >> root 10956 10925 0 09:40 pts/0 00:00:00 grep clamd >> >> # clamd status >> ERROR: LOCAL: Socket file /var/run/clamav/clamd.socket is in use by >> another process. >> >> # lsof | grep clamd.socket >> clamd 6776 clamav 5u unix 0xc000000003692480 >> 0t0 72993 /var/run/clamav/clamd.socket >> >> Thanks >> Kishore >> >> >> ----------- >> >> >* Yes, I usually verify after running any command. So yes verified the * >> >* process is properly killed. I even rebooted it couple time. Even >> after a *>* clean reboot, the output of clamd status gives the same >> error. What is the *>* output of your clamd status? Can you share it >> please? * >> Kishore, I think you have 2 clamav installations in your machine. Maybe >> one packaged and another one compiled. >> I haven't a RHEL at hand right now, but check with any of this: >> which clamd >> whereis clamd >> >> If you see two different clamd (maybe one on /usr/local/...) that's >> because you are seeing your problems, and you should fix it changing your >> status script (init.d?) probably. >> >> Regards, >> Carlos Velasco >> >> On Tue, May 16, 2017 at 8:08 AM, Kishore Pawar <mkpa...@gmail.com> wrote: >> >>> Hi Reindl Harald >>> >>> Yes, I usually verify after running any command. So yes verified the >>> process is properly killed. I even rebooted it couple time. Even after a >>> clean reboot, the output of clamd status gives the same error. What is the >>> output of your clamd status? Can you share it please? >>> >>> Thanks >>> Kishore >>> -------- >>> >>> Am 15.05.2017 um 23:53 schrieb Kishore Pawar: >>> >* Yes, I see the clamd process. I tried to kill and restart it many >>> times, *>* but when I run the 'clamd status' I get the same error about >>> the socket *>* file. Earlier when I was running the older version, I >>> used to see the *>* complete details about the clamd status including >>> the version number I was *>* running and what the latest status of that >>> clamd. Now I just get the error *>* which I am not sure if it is giving >>> me the right output * >>> and did you verify that after kill the process is really gone? >>> >>> maybe it needs a "kill -s SIGKILL" instead a SIGTERM for whatever reason >>> but that's all hard to say since you don't provide much informations >>> without beeing explicit asked >>> >>> >>> On Mon, May 15, 2017 at 5:18 PM, Kishore Pawar <mkpa...@gmail.com> >>> wrote: >>> >>>> Btw, can you please share your output of the command 'clamd status'? >>>> >>>> Thanks >>>> Kishore >>>> >>>> On Mon, May 15, 2017 at 4:53 PM, Kishore Pawar <mkpa...@gmail.com> >>>> wrote: >>>> >>>>> Yes, I see the clamd process. I tried to kill and restart it many >>>>> times, but when I run the 'clamd status' I get the same error about the >>>>> socket file. Earlier when I was running the older version, I used to see >>>>> the complete details about the clamd status including the version number I >>>>> was running and what the latest status of that clamd. Now I just get the >>>>> error which I am not sure if it is giving me the right output. >>>>> >>>>> On Mon, May 15, 2017 at 4:22 PM, Kishore Pawar <mkpa...@gmail.com> >>>>> wrote: >>>>> >>>>>> Thanks Steve. Here's the output of lsof. >>>>>> >>>>>> # clamd status >>>>>> ERROR: LOCAL: Socket file /var/run/clamav/clamd.socket is in use by >>>>>> another process. >>>>>> >>>>>> # lsof | grep clamd.socket >>>>>> clamd 6776 clamav 5u unix 0xc000000003692480 >>>>>> 0t0 72993 /var/run/clamav/clamd.socket >>>>>> >>>>>> # ps -ef | grep 6776 >>>>>> clamav 6776 1 0 15:57 ? 00:00:00 clamd >>>>>> root 6889 2739 0 16:20 pts/1 00:00:00 grep 6776 >>>>>> >>>>>> Thanks >>>>>> Kishore >>>>>> >>>>>> On Mon, May 15, 2017 at 12:29 PM, Kishore Pawar <mkpa...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Thanks Steve. Yes, I tried removing them and kill the running clamd >>>>>>> process and start it again but still the clamd status doesn't show >>>>>>> anything >>>>>>> other than the error. >>>>>>> >>>>>>> # clamd status >>>>>>> ERROR: LOCAL: Socket file /var/run/clamav/clamd.socket is in use by >>>>>>> another process. >>>>>>> >>>>>>> ---- >>>>>>> >>>>>>> There is probably another clamd running. If not, try deleting >>>>>>> /var/run/clamav/clamd.socket. >>>>>>> >>>>>>> Steve >>>>>>> >>>>>>> On Mon, May 15, 2017 at 11:58 AM, Kishore Pawar <mkpa...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Steve >>>>>>>> >>>>>>>> Thank you very much for the reply and your suggestion. I rebuild it >>>>>>>> with the options (--enable-llvm=no) provided by you and it seems to be >>>>>>>> ok >>>>>>>> now. But now I am unable to stop/start the clamd and am not able to >>>>>>>> get the >>>>>>>> status of clamd. >>>>>>>> >>>>>>>> >>>>>>>> # clamd status >>>>>>>> ERROR: LOCAL: Socket file /var/run/clamav/clamd.socket is in use by >>>>>>>> another process. >>>>>>>> >>>>>>>> # ls -lrt /var/run/clamav/ >>>>>>>> total 12 >>>>>>>> srw-rw-rw-. 1 clamav clamav 0 May 15 11:29 clamd.socket >>>>>>>> -rw-rw-r--. 1 clamav clamav 5 May 15 11:29 clamd.pid >>>>>>>> -rw-rw----. 1 clamav clamav 5 May 15 11:29 freshclam.pid >>>>>>>> srw-r--r--. 1 clamav root 0 May 15 11:46 clamav-milter.socket >>>>>>>> -rw-rw-r--. 1 clamav clamav 5 May 15 11:46 clamav-milter.pid >>>>>>>> >>>>>>>> I observed that the 'clamav-milter.socket' is started by root and >>>>>>>> not clamav user. I am not sure if that's how it is supposed to be. If >>>>>>>> it >>>>>>>> needs to be started by clamav, where should I do the changes? >>>>>>>> >>>>>>>> Thanks >>>>>>>> Kishore >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
