[clamav-users] clamd does not bind to port when starting through init.d/service ubuntu 16.04

Jeff Dyke jeff.dyke at gmail.com
Mon Aug 29 09:34:28 EDT 2016


Thanks (like the last email appreciate the response and sorry for the
delay, been away).

on working machines - all installed identically 16.04, via salt the command
returns:
ssh scan01.example.com "systemctl list-units | grep clam"
  clamav-daemon.service                                             loaded
active running   Clam AntiVirus userspace daemon
  clamav-freshclam.service                                          loaded
active running   ClamAV virus database updater
  clamav-daemon.socket                                              loaded
active running   Socket for Clam AntiVirus userspace daemon

on the version i started manually it contains:
systemctl list-units | grep clam
  clamav-freshclam.service                loaded active     running
ClamAV virus database updater
  clamav-daemon.socket                    loaded active     listening
Socket for Clam AntiVirus userspace daemon

On both working machines and the one that is not the second command only
yields the following for clam
├─clamav-freshclam.service
             │ └─29618 /usr/bin/freshclam -d --foreground=true

even though ps -aux | grep clam shows
clamav    4507  3.0  2.3 601100 393872 ?       Ssl  12:59   0:08
/usr/sbin/clamd --foreground=true --config-file=/etc/clamav/clamd.conf

our config locations for the .service files are in slightly different
areas, so do you mind saying what distro you're running, for the moment,
i'm going to keep it running via commands since this is just a staging
machine.  And also how you stop and start the daemons, i see they are built
to restart in your configuration, i need to track down what could possibly
be different in the config files of 3 of 4 machines.  As stated above i
used these for realtime upload scanning that will block until i get a
result and i put them on a port due to the desire to load balance them via
HAProxy, which works great ( i check local first, no need to stream a 25M
file if localhost is listening)

Again thank you for  you time!


On Sat, Aug 27, 2016 at 12:59 PM, Reindl Harald <h.reindl at thelounge.net>
wrote:

>
>
> Am 27.08.2016 um 18:30 schrieb G.W. Haywood:
>
>> Hi there,
>>
>> On Sat, 27 Aug 2016, Jeff Dyke wrote:
>>
>> ... if i start clamd with
>>> sudo -u clamav /usr/sbin/clamd --config-file=/etc/clamav/clamd.conf
>>> it *will* bind to that address and port.
>>> ...
>>> When starting via /etc/init.d/clamav-daemon start or sudo service
>>> clamav-daemon start it does not bind to the port.
>>>
>>> ... No ... socket received from systemd.
>>> ...
>>>
>>
>> Are the other servers also Ubuntu 16.04?
>>
>> What are they all doing?
>>
>> Anything more from the clamd.conf debug options?
>>
>> I use ClamAV only on mail servers.  I tend not to use distro packages
>> for things mail, and anyway I have yet to use ClamAV on a systemd box
>> (and with luck I never will) - but in your shoes I'd be inclined e.g.
>> to chmod a-x the ClamAV scripts in /etc/init.d then put something to
>> start clamd in /etc/rc.local to see if it works there after the
>> network stack is all up and running
>>
>
> to start with a proper environment don't contain anything in /etc/init.d
> if we talk about systemd
>
> so what tells "systemctl list-units | grep clam" and what tells "systemctl
> status" for each listed uint - to get a minimum overview how the system is
> wired togehter (not that good when using compat startscripts)
>
> in the best case you disable/mask all that distro-crap and create your own
> clamd.service and adapt it to your needs (that one below only needs
> unix-sockets and hence can start with a restirced use - it could do the
> same in a high port in case of a tcp socket)
>
> [root at mail-gw:~]$ cat /etc/systemd/system/clamd.service
> [Unit]
> Description=ClamAV Scanner Daemon
>
> [Service]
> Type=forking
> Environment="TMPDIR=/tmp"
> Environment="LANG=en_GB.UTF-8"
> ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf
> ExecReload=/usr/bin/kill -SIGUSR2 $MAINPID
> Restart=always
> RestartSec=1
> Nice=5
>
> User=clamscan
> Group=clamilt
>
> PrivateTmp=yes
> PrivateDevices=yes
> PrivateNetwork=no
> NoNewPrivileges=yes
> CapabilityBoundingSet=CAP_KILL
> RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
> SystemCallArchitectures=x86-64
> SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime
> delete_module fanotify_init finit_module get_mempolicy init_module
> io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp
> kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages
> open_by_handle_at perf_event_open pivot_root process_vm_readv
> process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff
> swapon umount2 uselib vmsplice
>
> ReadOnlyDirectories=/
> ReadWriteDirectories=/run/clamd.scan
> ReadWriteDirectories=/run/clamd
> ReadWriteDirectories=/var/log
> ReadWriteDirectories=/tmp
>
> InaccessibleDirectories=-/boot
> InaccessibleDirectories=-/etc/dbus-1
> InaccessibleDirectories=-/etc/modprobe.d
> InaccessibleDirectories=-/etc/modules-load.d
> InaccessibleDirectories=-/etc/postfix
> InaccessibleDirectories=-/etc/ssh
> InaccessibleDirectories=-/etc/sysctl.d
> InaccessibleDirectories=-/home
> InaccessibleDirectories=-/media
> InaccessibleDirectories=-/root
> InaccessibleDirectories=-/run/blkid
> InaccessibleDirectories=-/run/console
> InaccessibleDirectories=-/run/dbus
> InaccessibleDirectories=-/run/lock
> InaccessibleDirectories=-/run/log
> InaccessibleDirectories=-/run/mount
> InaccessibleDirectories=-/run/screen
> InaccessibleDirectories=-/run/sepermit
> InaccessibleDirectories=-/run/setrans
> InaccessibleDirectories=-/run/spamassassin
> InaccessibleDirectories=-/run/spamassassin-submission
> InaccessibleDirectories=-/run/spamass-milter
> InaccessibleDirectories=-/run/spamd-debug
> InaccessibleDirectories=-/run/systemd/generator
> InaccessibleDirectories=-/run/systemd/system
> InaccessibleDirectories=-/run/systemd/users
> InaccessibleDirectories=-/run/udev
> InaccessibleDirectories=-/run/user
> InaccessibleDirectories=-/run/vnstat
> InaccessibleDirectories=-/usr/lib64/dbus-1
> InaccessibleDirectories=-/usr/lib64/xtables
> InaccessibleDirectories=-/usr/lib/dracut
> InaccessibleDirectories=-/usr/libexec/iptables
> InaccessibleDirectories=-/usr/libexec/openssh
> InaccessibleDirectories=-/usr/libexec/postfix
> InaccessibleDirectories=-/usr/lib/grub
> InaccessibleDirectories=-/usr/lib/kernel
> InaccessibleDirectories=-/usr/lib/modprobe.d
> InaccessibleDirectories=-/usr/lib/modules
> InaccessibleDirectories=-/usr/lib/modules-load.d
> InaccessibleDirectories=-/usr/lib/rpm
> InaccessibleDirectories=-/usr/lib/sysctl.d
> InaccessibleDirectories=-/usr/lib/udev
> InaccessibleDirectories=-/usr/local
> InaccessibleDirectories=-/var/db
> InaccessibleDirectories=-/var/lib/alternatives
> InaccessibleDirectories=-/var/lib/bayes-persistent
> InaccessibleDirectories=-/var/lib/dbus
> InaccessibleDirectories=-/var/lib/dnf
> InaccessibleDirectories=-/var/lib/initramfs
> InaccessibleDirectories=-/var/lib/logrotate
> InaccessibleDirectories=-/var/lib/mailgraph
> InaccessibleDirectories=-/var/lib/misc
> InaccessibleDirectories=-/var/lib/mlocate
> InaccessibleDirectories=-/var/lib/ntp
> InaccessibleDirectories=-/var/lib/os-prober
> InaccessibleDirectories=-/var/lib/postfix
> InaccessibleDirectories=-/var/lib/rbldnsd
> InaccessibleDirectories=-/var/lib/rkhunter
> InaccessibleDirectories=-/var/lib/rpm
> InaccessibleDirectories=-/var/lib/rsyslog
> InaccessibleDirectories=-/var/lib/smokeping
> InaccessibleDirectories=-/var/lib/spamassassin
> InaccessibleDirectories=-/var/lib/spamass-milter
> InaccessibleDirectories=-/var/lib/spamfilter
> InaccessibleDirectories=-/var/lib/systemd
> InaccessibleDirectories=-/var/lib/unbound
> InaccessibleDirectories=-/var/lib/vnstat
> InaccessibleDirectories=-/var/lib/yum
> InaccessibleDirectories=-/var/log/rkhunter
> InaccessibleDirectories=-/var/spool
>
> [Install]
> WantedBy=multi-user.target
>
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list