Starting clamav-server, no socket for clamd?

Gerben Wierda gerben.wierda at rna.nl
Wed Oct 9 21:08:00 UTC 2019


Log directory exists.
albus:log sysbh$ ls -l /opt/local/var/log
total 19160
drwxr-xr-x  5 _clamav  _clamav      160 Oct  9 16:48 clamav

There is also a log written there.
+++ Started at Wed Oct  9 16:39:00 2019
Received 0 file descriptor(s) from systemd.
clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
Log file size limited to 2097152 bytes.
Reading databases from /opt/local/share/clamav
Included PUA categories: RAT Spy Server Script
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't open file or directory
Closing the main socket.

clams.conf:
LocalSocket /opt/local/var/run/clamav/clamd.socket

It is unclear what file “Can’t be opened” (clamd.log doesn’t say, I was guessing the socket because it wasn’t there)

albus:etc sysbh$ ls -al /opt/local/var/run/clamav
total 8
drwxr-xr-x   4 _clamav  _clamav  128 Oct  9 16:22 .
drwxr-xr-x  16 root     wheel    512 Oct  6 22:10 ..
-rw-r--r--   1 root     _clamav    0 Jun 26 00:20 .turd_clamav-server
-rw-r--r--   1 root     _clamav    6 Oct  9 16:38 ClamavScanOnAccess.pid

Directory for the socket is owned by _clamav so that should not be a problem.

albus:etc sysbh$ sudo port load clamav-server
--->  Loading startupitem 'ClamavScanOnAccess' for clamav-server
--->  Loading startupitem 'freshclam' for clamav-server
--->  Loading startupitem 'clamd' for clamav-server
--->  Loading startupitem 'ClamavScanSchedule' for clamav-server
albus:etc sysbh$ ls -al /opt/local/var/run/clamav
total 8
drwxr-xr-x   4 _clamav  _clamav  128 Oct  9 16:22 .
drwxr-xr-x  16 root     wheel    512 Oct  6 22:10 ..
-rw-r--r--   1 root     _clamav    0 Jun 26 00:20 .turd_clamav-server
-rw-r--r--   1 root     _clamav    6 Oct  9 23:02 ClamavScanOnAccess.pid
albus:etc sysbh$ ps laxww|grep clam
    0 41114     1   0  20  0  4305956   5736 -      Ss     ??    0:00.01 /opt/local/bin/daemondo --label=clamd --start-cmd /opt/local/sbin/clamd ; --pid=exec
    0 41126 41114   0  20  0  4759056 398320 -      R      ??    0:14.83 /opt/local/sbin/clamd
  501 41160 41068   0  31  0  4268080    824 -      S+   s000    0:00.00 grep clam

So, clamd is running.

Hmm, suddenly the socket is there now (after a second launch attempt)

+++ Started at Wed Oct  9 16:39:00 2019
Received 0 file descriptor(s) from systemd.
clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
Log file size limited to 2097152 bytes.
Reading databases from /opt/local/share/clamav
Included PUA categories: RAT Spy Server Script
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't open file or directory
Closing the main socket.
+++ Started at Wed Oct  9 23:02:49 2019
Received 0 file descriptor(s) from systemd.
clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
Log file size limited to 2097152 bytes.
Reading databases from /opt/local/share/clamav
Included PUA categories: RAT Spy Server Script
Bytecode: Security mode set to "TrustSigned".
Loaded 6446353 signatures.
LOCAL: Unix socket file /opt/local/var/run/clamav/clamd.socket
LOCAL: Setting connection queue length to 200
Limits: Global time limit set to 120000 milliseconds.
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Limits: Core-dump limit is 0.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 100000.
Limits: PCRERecMatchLimit limit set to 2000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
AlertExceedsMax heuristic detection disabled.
Heuristic alerts enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
Listening daemon: PID: 41126
MaxQueue set to: 100
Set stacksize to 1048576
fds_poll_recv: timeout after 600 seconds

My guess is this: clamd did not want to start untill I had at least once ran freshclam. AFter that, there was a database and it could start. Does that make sense?

Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ

> On 9 Oct 2019, at 19:45, Steven Smith <steve.t.smith at gmail.com> wrote:
> 
> It should just start and create a Unix socket in the location specified in clamd.conf.
> 
> When I have to debug launch items like this, I look at the .wrapper script (/opt/local/etc/LaunchDaemons/org.macports.clamd/clams.wrapper—this is from memory but should be close), then run the Start() function by hand and try to isolate the error.
> 
> Log directory doesn’t exist for some reason? Socket directory? Misspecification in the .conf file? Something else? 
> 
>> On Oct 9, 2019, at 13:00, Gerben Wierda <gerben.wierda at rna.nl> wrote:
>> 
>> 
>> After installing the clamav-server clamd doesn’t start. It seems I need to create the socket for clamd, but I’m unable to find instructions on how to do that.
>> 
>> Can anybody help. Is it like the sockets for postfix?
>> 
>> Gerben Wierda
>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20191009/3d64842a/attachment.html>


More information about the macports-users mailing list