unable to connect to sophie UNIX socket

trich

Member
Aug 8, 2006
15
0
151
Hello,

This morning when I came in I had a number of complaints from clients that they could not send email and are not receiving email. I did tail -f /var/log/exim_mainlog and I see a number of these:

2007-09-25 09:34:05 1IaAXR-0005yB-D5 H=mail5.webindia.com [216.129.98.212]
Warning: "SpamAssassin as a3dmdcom detected message as NOT spam"
2007-09-25 09:34:05 1IaAXR-0005yB-D5 malware acl condition: unable to connect
to sophie UNIX socket (/var/run/sophie). errno=2
2007-09-25 09:34:05 1IaAXR-0005yB-D5 H=mail5.webindia.com [216.129.98.212]
F=<[email protected]> temporarily rejected after DATA
2007-09-25 09:34:06 1IaAY6-00062Y-V6 malware acl condition: unable to connect
to sophie UNIX socket (/var/run/sophie). errno=2

This looks to be an issue with clamd, so I tried to reinstall the clamavconnector plugin with no luck. Also tried upcp --force with no luck either.

Has anyone else seen this? Any ideas?

P.S. - I have a ticket in with cPanel as well.
 

nxds

Well-Known Member
Jan 6, 2006
53
0
156
Yep, same thing on 2 of our servers since last night. Mail being temporarily rejected. The fix for me was to restore default exim config in exim configurator then re-install my acl customisations.
 

trich

Member
Aug 8, 2006
15
0
151
cPanel just got back to me (pretty quick actually) and they did the same thing to fix it. I'm asking them what broke it in the first place, and I'll put their response here.
 

trich

Member
Aug 8, 2006
15
0
151
Their response:

Unfortunately I can't say exactly why this happened. Clamd tends to choke when
it gets overloaded, and this is most likely what caused the socket to die. The
amount of email on the server may cause clamav to fail from time to time.
Rebuilding exim config resets all the connectors for clamav to work properly
which is why it resolves the problem, however you may need to reinstall clamav
after the conifg is rebuilt.
The mail load on our servers is not any higher today than it has been for the last 2 years. I'm not sure this is the right answer to my question, it's very funny that others had the same issue.
 

nxds

Well-Known Member
Jan 6, 2006
53
0
156
I think its too much of a coincidence that we all get this problem on the same day. I compared the time of the first occurrence of the error with the cpup cronjob, and on both servers the error occurred around 3 minutes after the cpup job starts. It's my believe that something broke due to the update.
 

trich

Member
Aug 8, 2006
15
0
151
After doing the reset exim configs to default my clamav was broken. The tech did mention that clamav needed to be re-installed. So I tried that through WHM->Plugins and it did not work. The tech verified that it's a small bug with a recent update that wasn't installing clamavconnector correctly. He also gave me a fix:

Uninstall Clamav using WHM
Reinstall clamav using WHM
Using ssh, edit
'/usr/local/cpanel/modules-install/clamavconnector-Linux-i686/install'
Edit line 7. Change AVV=0.91.1 to AVV=0.91.2
Save
run ./install

This will install the correct version.

You can monitor
http://bugzilla.cpanel.net/show_bug.cgi?id=5937
if you would like updates when it gets resolved.

It's a very small fix, so I imagine they'll fix the clamavconnector installer within a few days.
 

kokoman

Active Member
Nov 28, 2002
27
0
151
BA, Argentina
unable to connect
to sophie UNIX socket (/var/run/sophie). errno=2
To solve this problem, you should find the clamav socket (called clamav) and then, edit the exim.conf file (from the tool provided within cPanel) to add the following line:

av_scanner = $PATH+$CLAMD_SOCKET.