[clamav-users] Question regarding freshclam log entry

J Doe general at nativemethods.com
Fri Feb 23 04:52:55 UTC 2018 

Hi Noel,

> On Feb 22, 2018, at 10:23 AM, Noel Jones <njones at megan.vbhcs.org> wrote:
> 
>> On 2/22/2018 8:29 AM, J Doe wrote:
>> 
>>> Hello,
>>> 
>>> I recently installed ClamAV 0.99.3 on a Ubuntu 16.04.03 LTS server and utilize it as a milter for Postfix v. 3.1.0.
>>> 
>>> When freshclam runs according to its’ cron job and successfully downloads an update, it leaves the following note in the freshclam log:
>>> 
>>> WARNING: clamd was NOT notified:  Can’t connect to clamd through /var/spool/postfix/var/run/clamav/clamd.sock
>>> 
>>> My initial thought was a simple permissions error, so I checked the permissions to the clamd.sock socket:
>>> 
>>> drwxr-xr-x    clamav clamav    /var/spool/postfix/var/run/clamav
>>> srw-rw-rw    clamav clamav    /var/spool/postfix/var/run/clamd.sock 
> 
> This path doesn't match the error message above.
> 
>>> 
>>> $ sudo -u clamav namei -m /var/spool/postfix/var/run/clamav/clamd.sock
> 
> Yet this path does.
> 
>>> I’m pretty sure this is a minor mistake on my part; can anyone suggest a solution ?
> 
> Check your paths in clamd.conf and freshclam.conf carefully. It's
> likely they don't match.
> 
>  -- Noel Jones

Oops.  You’re right - those paths did not match.

/etc/clamav/freshclam.conf is set to read clamd’s configuration file when a update is successfully downloaded for the signature database.

When I check the path in /etc/clamav/clamd.conf it points to the correct path to the socket:

/var/spool/postfix/var/run/clamav/clamd.sock

I verified that freshclam runs as clamav via ps aux, so performing the namei test again works:

$ sudo -u clamav namei -m /var/spool/postfix/var/run/clamav/clamd.sock

The file permissions on the socket are:

drwxr-xr-x    clamav clamav /var/spool/postfix/var/run/clamav/
srw-rw-rw    clamav clamav /var/spool/postfix/var/run/clamav/clamd.sock

I note though that man 5 freshclam.conf states that clamd is *NOT* set to update by default, however when I installed the package on Ubuntu 16.04.03 LTS, it has put in 3600 for an update frequency.

That said, if freshclam does not notify clamd by default, does that mean if I don’t get the socket problem sorted out that clamd (and more importantly clamav-milter), will still use the most recently downloaded signatures when scanning ?  Or does clamd and clamav-milter have to receive an update message via the socket to use the most recent signatures ?

Thanks,

- J

More information about the clamav-users mailing list