09 Sep 2010 
Support Center » Knowledgebase » ClamD Integration
 ClamD Integration
Solution

Tips for configuring clamd with MPP; 'Failed to start clamd. No such file or directory.' or 'Access denied.' errors

Applies to MPP Standard (1.x) and Enterprise Editions (2.x)

If you see errors like the following when trying to configure clamd with MPP:

12:32:56 8 [41452] [ClamdScannerJob?] Connecting to clamd...

12:32:56 8 [41452] clamd::connect trying to set up connection

12:32:56 8 [41452] clamd::connect making attempt

12:32:56 8 [41452] clamd::connect this attempt result==-1, err=36 Operation now in progress

12:32:56 8 [41452] clamd::connect waiting for connection

12:32:56 8 [41452] clamd::connect not connected

12:32:56 5 [41452] [ClamdScannerJob?] Failed to connect to clamd. Starting clamd...

12:32:56 2 [41452] [Daemon] Failed to start clamd. No such file or directory.

This probably means that clamd installed in a place like '/usr/local/sbin' and MPP is looking for it in '/usr/sbin'.

MPP 2 takes a different approach by using only program name instead of absolute path. Thus, the only change necessary is to properly set up a PATH variable, e.g. 

PATH=/usr/local/sbin:$PATH

First, make a soft link, e.g., 

'ln -s /usr/local/sbin/clamd /usr/sbin/clamd'

Then if you set 'daemon_autostart=yes' (in the mppd.conf file) clamd will be started by MPP.

In your clamd.conf (for version 0.80>) or clamav.conf (0.80<), confirm that the 'MaxThreads?' parameter is greater than MPP's processing_threads parameter . You should also set the following parameters in clamd.conf/clamav.conf: 

TCPAddr 127.0.0.1 
TCPSocket 3310

MPP is taking the 'on_scanning_error' directive (from the MPP's conf file) for Oversized.zip and Encrypted.zip which are detected by clamd as viruses.

Regarding the 'Encrypted.zip' "virus", note that clamav does not just scan attachments. It also examines the raw email for certain patterns to mark archive-encrypted viruses; something like "password" and then followed by an attachment.

If you only feed clamav with an attachment (e.g. an encrypted zip), it won't be able to find it either. Clamd.conf/clamav.conf has an option: 'ArchiveDetectEncrypted?'. If you turn this option on, clamav will reject all encrypted zips as 'Encrypted.Zip' virus. This also works on encrypted rars. Even with that option off (which is the default case), you still catch most archive-encrypted viruses.

Also, if you get permission related errors in the MPP log such as:

17:38:54 8 [31664] [ClamdScannerJob?] {20041126_173854_28297bb0.13837} Clamd response: /usr/local/MPP/working/20041126_173854_28297bb0.13839: Access denied. ERROR

17:38:54 2 [31664] [ClamdScannerJob?] {20041126_173854_28297bb0.13837} Error occured during scanning.

17:38:54 2 [31664] [ClamdScannerJob?] {20041126_173854_28297bb0.13837} Clamd response: Access denied. ERROR

Add a comment tag (#) to the clamd.conf in front of the 'User clamav' directive, e.g., 

#User clamav

Also add a comment to, i.e., comment out: 

#LocalSocket /tmp/clamd

MPP runs as root by default so it will require clamd to run as root as well.



Article Details
Article ID: 2
Created On: 11 Jan 2008 05:57 AM

 This answer was helpful  This answer was not helpful

 User Comments Add a Comment
 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Article Options
 Add Comment
 Print Article
 PDF Version
 Email Article
 Add to Favorites
Home | Register | Submit a Ticket | Knowledgebase | Downloads
Language: