[hobbit] clamd monitoring

Bill Arlofski waa-hobbitml at revpol.com
Thu Oct 23 00:34:39 CEST 2008


Hanrahan, Kevin wrote:
> Hi all,
>   I am having trouble monitoring clamAV. As in the docs, I put "clamd" in the bb-hosts file for my monitored host but I get the following result:
> 
> Service clamd on server.domain.com is not OK : Service unavailable (No route to host)
> 
> The server is reachable so there really IS a route to the host.
> 
> 
> any ideas?
> 
> 
> kh

Just a guess, but I bet that clamd on the server is either listening on
127.0.0.1:3310/TCP or only on a local socket, either of which would render it
it inaccessible from a remote monitoring server.

Usually this is the desired configuration since then only the mail server
itself can "use" the clamd service. From the /etc/clamd.conf file:

--[snip]--
# TCP port address.
# Default: no
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
--[snip]--

You'll have to find your clamd config file and tell it to bind to all IP
addresses by commenting out that TCPAddr line and then either secure it with
iptables on the local host or recompile it with tcpwrappers support.


Oh and check this option too --> "LocalSocket". It may be enabled on your
installation:

--[snip]--
# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
# LocalSocket /var/run/clamav/clamav.sock
--[snip]--


--
Bill Arlofski
Reverse Polarity, LLC
http://www.revpol.com/
* Stop the NSA from illegally eavesdropping on your personal email *
Learn about PGP and start encrypting your email today
http://gnupg.org or http://www.pgp.com



More information about the Xymon mailing list