Starting clamav-server, no socket for clamd?
Steven Smith
steve.t.smith at gmail.com
Wed Oct 9 21:36:34 UTC 2019
Yes, freshclam must be run first. Otherwise there's no database.
Sent from my Apple Watch
On Oct 9, 2019, at 17:08, Gerben Wierda <gerben.wierda at rna.nl> wrote:
> Log directory exists.
> albus:log sysbh$ ls -l /opt/local/var/log
> total 19160
> drwxr-xr-x 5 _clamav _clamav 160 Oct 9 16:48 clamav
>
> There is also a log written there.
> +++ Started at Wed Oct 9 16:39:00 2019
> Received 0 file descriptor(s) from systemd.
> clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
> Log file size limited to 2097152 bytes.
> Reading databases from /opt/local/share/clamav
> Included PUA categories: RAT Spy Server Script
> Bytecode: Security mode set to "TrustSigned".
> ERROR: Can't open file or directory
> Closing the main socket.
>
> clams.conf:
> LocalSocket /opt/local/var/run/clamav/clamd.socket
>
> It is unclear what file “Can’t be opened” (clamd.log doesn’t say, I was guessing the socket because it wasn’t there)
>
> albus:etc sysbh$ ls -al /opt/local/var/run/clamav
> total 8
> drwxr-xr-x 4 _clamav _clamav 128 Oct 9 16:22 .
> drwxr-xr-x 16 root wheel 512 Oct 6 22:10 ..
> -rw-r--r-- 1 root _clamav 0 Jun 26 00:20 .turd_clamav-server
> -rw-r--r-- 1 root _clamav 6 Oct 9 16:38 ClamavScanOnAccess.pid
>
> Directory for the socket is owned by _clamav so that should not be a problem.
>
> albus:etc sysbh$ sudo port load clamav-server
> ---> Loading startupitem 'ClamavScanOnAccess' for clamav-server
> ---> Loading startupitem 'freshclam' for clamav-server
> ---> Loading startupitem 'clamd' for clamav-server
> ---> Loading startupitem 'ClamavScanSchedule' for clamav-server
> albus:etc sysbh$ ls -al /opt/local/var/run/clamav
> total 8
> drwxr-xr-x 4 _clamav _clamav 128 Oct 9 16:22 .
> drwxr-xr-x 16 root wheel 512 Oct 6 22:10 ..
> -rw-r--r-- 1 root _clamav 0 Jun 26 00:20 .turd_clamav-server
> -rw-r--r-- 1 root _clamav 6 Oct 9 23:02 ClamavScanOnAccess.pid
> albus:etc sysbh$ ps laxww|grep clam
> 0 41114 1 0 20 0 4305956 5736 - Ss ?? 0:00.01 /opt/local/bin/daemondo --label=clamd --start-cmd /opt/local/sbin/clamd ; --pid=exec
> 0 41126 41114 0 20 0 4759056 398320 - R ?? 0:14.83 /opt/local/sbin/clamd
> 501 41160 41068 0 31 0 4268080 824 - S+ s000 0:00.00 grep clam
>
> So, clamd is running.
>
> Hmm, suddenly the socket is there now (after a second launch attempt)
>
> +++ Started at Wed Oct 9 16:39:00 2019
> Received 0 file descriptor(s) from systemd.
> clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
> Log file size limited to 2097152 bytes.
> Reading databases from /opt/local/share/clamav
> Included PUA categories: RAT Spy Server Script
> Bytecode: Security mode set to "TrustSigned".
> ERROR: Can't open file or directory
> Closing the main socket.
> +++ Started at Wed Oct 9 23:02:49 2019
> Received 0 file descriptor(s) from systemd.
> clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
> Log file size limited to 2097152 bytes.
> Reading databases from /opt/local/share/clamav
> Included PUA categories: RAT Spy Server Script
> Bytecode: Security mode set to "TrustSigned".
> Loaded 6446353 signatures.
> LOCAL: Unix socket file /opt/local/var/run/clamav/clamd.socket
> LOCAL: Setting connection queue length to 200
> Limits: Global time limit set to 120000 milliseconds.
> Limits: Global size limit set to 104857600 bytes.
> Limits: File size limit set to 26214400 bytes.
> Limits: Recursion level limit set to 16.
> Limits: Files limit set to 10000.
> Limits: Core-dump limit is 0.
> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
> Limits: MaxHTMLNormalize limit set to 10485760 bytes.
> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
> Limits: MaxScriptNormalize limit set to 5242880 bytes.
> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
> Limits: MaxPartitions limit set to 50.
> Limits: MaxIconsPE limit set to 100.
> Limits: MaxRecHWP3 limit set to 16.
> Limits: PCREMatchLimit limit set to 100000.
> Limits: PCRERecMatchLimit limit set to 2000.
> Limits: PCREMaxFileSize limit set to 26214400.
> Archive support enabled.
> AlertExceedsMax heuristic detection disabled.
> Heuristic alerts enabled.
> Portable Executable support enabled.
> ELF support enabled.
> Mail files support enabled.
> OLE2 support enabled.
> PDF support enabled.
> SWF support enabled.
> HTML support enabled.
> XMLDOCS support enabled.
> HWP3 support enabled.
> Self checking every 600 seconds.
> Listening daemon: PID: 41126
> MaxQueue set to: 100
> Set stacksize to 1048576
> fds_poll_recv: timeout after 600 seconds
>
> My guess is this: clamd did not want to start untill I had at least once ran freshclam. AFter that, there was a database and it could start. Does that make sense?
>
> Gerben Wierda
> Chess and the Art of Enterprise Architecture
> Mastering ArchiMate
> Architecture for Real Enterprises at InfoWorld
> On Slippery Ice at EAPJ
>
>> On 9 Oct 2019, at 19:45, Steven Smith <steve.t.smith at gmail.com> wrote:
>>
>> It should just start and create a Unix socket in the location specified in clamd.conf.
>>
>> When I have to debug launch items like this, I look at the .wrapper script (/opt/local/etc/LaunchDaemons/org.macports.clamd/clams.wrapper—this is from memory but should be close), then run the Start() function by hand and try to isolate the error.
>>
>> Log directory doesn’t exist for some reason? Socket directory? Misspecification in the .conf file? Something else?
>>
>>> On Oct 9, 2019, at 13:00, Gerben Wierda <gerben.wierda at rna.nl> wrote:
>>>
>>>
>>> After installing the clamav-server clamd doesn’t start. It seems I need to create the socket for clamd, but I’m unable to find instructions on how to do that.
>>>
>>> Can anybody help. Is it like the sockets for postfix?
>>>
>>> Gerben Wierda
>>> Chess and the Art of Enterprise Architecture
>>> Mastering ArchiMate
>>> Architecture for Real Enterprises at InfoWorld
>>> On Slippery Ice at EAPJ
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20191009/7d62cf0d/attachment.html>
More information about the macports-users
mailing list