Starting clamav-server, no socket for clamd?

Steven Smith steve.t.smith at gmail.com
Wed Oct 9 21:36:34 UTC 2019 

Yes, freshclam must be run first. Otherwise there's no database.

Sent from my Apple Watch


On Oct 9, 2019, at 17:08, Gerben Wierda <gerben.wierda at rna.nl> wrote:

> Log directory exists.
> albus:log sysbh$ ls -l /opt/local/var/log
> total 19160
> drwxr-xr-x  5 _clamav  _clamav      160 Oct  9 16:48 clamav
> 
> There is also a log written there.
> +++ Started at Wed Oct  9 16:39:00 2019
> Received 0 file descriptor(s) from systemd.
> clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
> Log file size limited to 2097152 bytes.
> Reading databases from /opt/local/share/clamav
> Included PUA categories: RAT Spy Server Script
> Bytecode: Security mode set to "TrustSigned".
> ERROR: Can't open file or directory
> Closing the main socket.
> 
> clams.conf:
> LocalSocket /opt/local/var/run/clamav/clamd.socket
> 
> It is unclear what file “Can’t be opened” (clamd.log doesn’t say, I was guessing the socket because it wasn’t there)
> 
> albus:etc sysbh$ ls -al /opt/local/var/run/clamav
> total 8
> drwxr-xr-x   4 _clamav  _clamav  128 Oct  9 16:22 .
> drwxr-xr-x  16 root     wheel    512 Oct  6 22:10 ..
> -rw-r--r--   1 root     _clamav    0 Jun 26 00:20 .turd_clamav-server
> -rw-r--r--   1 root     _clamav    6 Oct  9 16:38 ClamavScanOnAccess.pid
> 
> Directory for the socket is owned by _clamav so that should not be a problem.
> 
> albus:etc sysbh$ sudo port load clamav-server
> --->  Loading startupitem 'ClamavScanOnAccess' for clamav-server
> --->  Loading startupitem 'freshclam' for clamav-server
> --->  Loading startupitem 'clamd' for clamav-server
> --->  Loading startupitem 'ClamavScanSchedule' for clamav-server
> albus:etc sysbh$ ls -al /opt/local/var/run/clamav
> total 8
> drwxr-xr-x   4 _clamav  _clamav  128 Oct  9 16:22 .
> drwxr-xr-x  16 root     wheel    512 Oct  6 22:10 ..
> -rw-r--r--   1 root     _clamav    0 Jun 26 00:20 .turd_clamav-server
> -rw-r--r--   1 root     _clamav    6 Oct  9 23:02 ClamavScanOnAccess.pid
> albus:etc sysbh$ ps laxww|grep clam
>     0 41114     1   0  20  0  4305956   5736 -      Ss     ??    0:00.01 /opt/local/bin/daemondo --label=clamd --start-cmd /opt/local/sbin/clamd ; --pid=exec
>     0 41126 41114   0  20  0  4759056 398320 -      R      ??    0:14.83 /opt/local/sbin/clamd
>   501 41160 41068   0  31  0  4268080    824 -      S+   s000    0:00.00 grep clam
> 
> So, clamd is running.
> 
> Hmm, suddenly the socket is there now (after a second launch attempt)
> 
> +++ Started at Wed Oct  9 16:39:00 2019
> Received 0 file descriptor(s) from systemd.
> clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
> Log file size limited to 2097152 bytes.
> Reading databases from /opt/local/share/clamav
> Included PUA categories: RAT Spy Server Script
> Bytecode: Security mode set to "TrustSigned".
> ERROR: Can't open file or directory
> Closing the main socket.
> +++ Started at Wed Oct  9 23:02:49 2019
> Received 0 file descriptor(s) from systemd.
> clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
> Log file size limited to 2097152 bytes.
> Reading databases from /opt/local/share/clamav
> Included PUA categories: RAT Spy Server Script
> Bytecode: Security mode set to "TrustSigned".
> Loaded 6446353 signatures.
> LOCAL: Unix socket file /opt/local/var/run/clamav/clamd.socket
> LOCAL: Setting connection queue length to 200
> Limits: Global time limit set to 120000 milliseconds.
> Limits: Global size limit set to 104857600 bytes.
> Limits: File size limit set to 26214400 bytes.
> Limits: Recursion level limit set to 16.
> Limits: Files limit set to 10000.
> Limits: Core-dump limit is 0.
> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
> Limits: MaxScriptNormalize limit set to 5242880 bytes.
> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
> Limits: MaxPartitions limit set to 50.
> Limits: MaxIconsPE limit set to 100.
> Limits: MaxRecHWP3 limit set to 16.
> Limits: PCREMatchLimit limit set to 100000.
> Limits: PCRERecMatchLimit limit set to 2000.
> Limits: PCREMaxFileSize limit set to 26214400.
> Archive support enabled.
> AlertExceedsMax heuristic detection disabled.
> Heuristic alerts enabled.
> Portable Executable support enabled.
> ELF support enabled.
> Mail files support enabled.
> OLE2 support enabled.
> PDF support enabled.
> SWF support enabled.
> HTML support enabled.
> XMLDOCS support enabled.
> HWP3 support enabled.
> Self checking every 600 seconds.
> Listening daemon: PID: 41126
> MaxQueue set to: 100
> Set stacksize to 1048576
> fds_poll_recv: timeout after 600 seconds
> 
> My guess is this: clamd did not want to start untill I had at least once ran freshclam. AFter that, there was a database and it could start. Does that make sense?
> 
> Gerben Wierda
> Chess and the Art of Enterprise Architecture
> Mastering ArchiMate
> Architecture for Real Enterprises at InfoWorld
> On Slippery Ice at EAPJ
> 
>> On 9 Oct 2019, at 19:45, Steven Smith <steve.t.smith at gmail.com> wrote:
>> 
>> It should just start and create a Unix socket in the location specified in clamd.conf.
>> 
>> When I have to debug launch items like this, I look at the .wrapper script (/opt/local/etc/LaunchDaemons/org.macports.clamd/clams.wrapper—this is from memory but should be close), then run the Start() function by hand and try to isolate the error.
>> 
>> Log directory doesn’t exist for some reason? Socket directory? Misspecification in the .conf file? Something else? 
>> 
>>> On Oct 9, 2019, at 13:00, Gerben Wierda <gerben.wierda at rna.nl> wrote:
>>> 
>>> 
>>> After installing the clamav-server clamd doesn’t start. It seems I need to create the socket for clamd, but I’m unable to find instructions on how to do that.
>>> 
>>> Can anybody help. Is it like the sockets for postfix?
>>> 
>>> Gerben Wierda
>>> Chess and the Art of Enterprise Architecture
>>> Mastering ArchiMate
>>> Architecture for Real Enterprises at InfoWorld
>>> On Slippery Ice at EAPJ
>>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20191009/7d62cf0d/attachment.html>

More information about the macports-users mailing list