[BlueOnyx:26517] Re: No clamd server appears to be available

Mon Sep 25 12:08:17 -05 2023

Hi Darren,

> I believe I am having a problem caused by the change you've made 
 > here - the clamd process is constantly running at 100% cpu all
 > the time. The maillog shows this repeated continuously:>
> clamd[232355]: TCP: Cannot bind to [127.0.0.1]:7358: Address already in use
> clamd[232355]: Not listening on any interfaces
> 
> Netstat shows this:
> tcp6     436      0 :::7358   :::*   LISTEN  0   25723      1/system
> 
> even if I disable the clam av av-spam service, it continues.

Yeah, I'm not entirely happy with the latest change either, as the 
attempts to bind Clam AV to the TCP port produces some weird results 
without rhyme or reason.

First of all: Make sure you have the latest AV-SPAM installed. This 
should be 7.2.7-1 (5209R/5211R) or 7.2.7-2 (5210R).

If that's already the case and/or the problem persists, open this file 
in an editor (as root):

/usr/lib/systemd/system/clamav-daemon.socket

There should be a section like this in it:

--------------------------------------------------------------------
[Socket]
ListenStream=/run/clamav/clamd.ctl
# Default:
ListenStream=127.0.0.1:7358
# Use this instead if 'No clamd server appears to be available' persists:
# ListenStream=127.0.0.1:1024
--------------------------------------------------------------------

As you can see: It tries to bind to 127.0.0.1:7358, which works for most 
installs where I tested this. But it doesn't for some, like in your case.

Comment out the line ...

ListenStream=127.0.0.1:7358

... and removed the leading "#" (and the space) from the other line:

# ListenStream=127.0.0.1:1024

So it should look like this when done:

ListenStream=127.0.0.1:1024

Save the changes and then run the following:

systemctl daemon-reload
systemctl stop clamav-daemon clamav-daemon.socket
systemctl restart clamav

Then give it a minute, as clamav-daemon.socket will only be able to 
finalize its task once Clam AV is fully started up.

At first it will bind to 127.0.0.1:1024 and the process list (as well as 
netstat) will show that Systemd is holding that port open. Then after 
Clam AV has fully started up it will bind to 127.0.0.1:7358 as well and 
will show that Clam AV is holding that port open.

I'm still looking into fixing this for good, but I haven't yet managed 
to identify why I don't get fully reproducible and consistent behavior 
for this across several different virtualization platforms and physical 
server installs. It's a pretty weird issue between Systemd and this 
current Clam AV release.

-- 
With best regards

Michael Stauber