[clamav-users] SOLVED Re: clamav-daemon start stuck in a loop

Chris cpollock at embarqmail.com
Thu Mar 8 23:00:34 UTC 2018 

On Thu, 2018-03-08 at 11:46 -0600, Chris wrote:
> This is clamav 0.99.4+addedllvm-0ubuntu0.16.04.1 amd64 on Ubuntu
> 16.04.4 LTS. 
> 
> This morning I updated via system updates to the above version. After
> the update I stopped the clamav-daemon and restarted via 
> 
> sudo /etc/init.d/clamav-daemon start
> [ ok ] Starting clamav-daemon (via systemctl): clamav-daemon.service
> 
> Running 
> 
> /etc/init.d/clamav-daemon status
> ● clamav-daemon.service - Clam AntiVirus userspace daemon
>    Loaded: loaded (/lib/systemd/system/clamav-daemon.service;
> enabled;
> vendor preset: enabled)
>    Active: active (running) since Thu 2018-03-08 10:21:52 CST; 16s
> ago
>      Docs: man:clamd(8)
>            man:clamd.conf(5)
>            http://www.clamav.net/lang/en/doc/
>  Main PID: 25488 (clamd)
>    CGroup: /system.slice/clamav-daemon.service
>            └─25488 /usr/sbin/clamd --foreground=true
> 
> Mar 08 10:21:52 localhost systemd[1]: clamav-daemon.service: Unit
> entered failed state.
> Mar 08 10:21:52 localhost systemd[1]: clamav-daemon.service: Failed
> with result 'exit-code'.
> Mar 08 10:21:52 localhost systemd[1]: Started Clam AntiVirus
> userspace
> daemon.
> Mar 08 10:21:52 localhost clamd[25488]: Received 3 file descriptor(s)
> from systemd.
> Mar 08 10:21:52 localhost clamd[25488]: clamd daemon 0.99.4 (OS:
> linux-
> gnu, ARCH: x86_64, CPU: x86_64)
> Mar 08 10:21:52 localhost clamd[25488]: Running as user clamav (UID
> 121, GID 130)
> Mar 08 10:21:52 localhost clamd[25488]: Log file size limited to
> 4294967295 bytes.
> Mar 08 10:21:52 localhost clamd[25488]: Reading databases from
> /var/lib/clamav
> Mar 08 10:21:52 localhost clamd[25488]: Bytecode: Security mode set
> to
> "TrustSigned".
> Mar 08 10:22:08 localhost clamd[25488]: Loaded 6671039 signatures.
> 
> My syslog shows this when starting via sudo /etc/init.d/clamav-daemon
> start or via sudo service clamav-daemon start
> 
> https://pastebin.com/n36icbsD
> 
> When starting with sudo service clamav-daemon start and running
> /etc/init.d/clamav-daemon status:
> 
> /etc/init.d/clamav-daemon status -l
> ● clamav-daemon.service - Clam AntiVirus userspace daemon
>    Loaded: loaded (/lib/systemd/system/clamav-daemon.service;
> enabled;
> vendor preset: enabled)
>    Active: failed (Result: exit-code) since Thu 2018-03-08 11:39:06
> CST; 3min 29s ago
>      Docs: man:clamd(8)
>            man:clamd.conf(5)
>            http://www.clamav.net/lang/en/doc/
>   Process: 3250 ExecStart=/usr/sbin/clamd --foreground=true
> (code=exited, status=1/FAILURE)
>  Main PID: 3250 (code=exited, status=1/FAILURE)
> 
> Mar 08 11:38:48 localhost clamd[3250]: Running as user clamav (UID
> 121,
> GID 130)
> Mar 08 11:38:48 localhost clamd[3250]: Log file size limited to
> 4294967295 bytes.
> Mar 08 11:38:48 localhost clamd[3250]: Reading databases from
> /var/lib/clamav
> Mar 08 11:38:48 localhost clamd[3250]: Bytecode: Security mode set to
> "TrustSigned".
> Mar 08 11:39:04 localhost clamd[3250]: Loaded 6671039 signatures.
> Mar 08 11:39:06 localhost clamd[3250]: ERROR: TCP: Received more than
> two file descriptors from systemd.
> Mar 08 11:39:06 localhost clamd[3250]: TCP: Received more than two
> file
> descriptors from systemd.
> Mar 08 11:39:06 localhost systemd[1]: clamav-daemon.service: Main
> process exited, code=exited, status=1/FAILURE
> Mar 08 11:39:06 localhost systemd[1]: clamav-daemon.service: Unit
> entered failed state.
> Mar 08 11:39:06 localhost systemd[1]: clamav-daemon.service: Failed
> with result 'exit-code'.
> 
> I hope this makes enough sense to not cause me to get yelled at.
> 

I have found the problem. My original /lib/systemd/system/clamav-daemon.socket file was:

/lib/systemd/system/clamav-daemon.socket
[Unit]
Description=Socket for Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Socket]
#ListenStream=/run/clamav/clamd.ctl
ListenStream=/var/lib/clamav/clamd.socket
ListenStream=127.0.0.1:3310
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True
[Install]
WantedBy=sockets.target

After the update it had been changed to:

[Socket]
ListenStream=/run/clamav/clamd.ctl
#ListenStream=127.0.0.1:1024
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True

also my /etc/system.d/system/clamav-daemon.socket.d file had been 
altered. The original was:

[Socket]
ListenStream=
SocketUser=clamav
ListenStream=/var/lib/clamav/clamd.socket

and the update changed it to: (the # are mine)

[Socket]
#ListenStream=/var/lib/clamav/clamd.socket
#ListenStream=127.0.0.1:3310
#SocketUser=clamav
#SocketGroup=clamav
#ListenStream=/var/lib/clamav/clamd.socket

Luckily I finally remembered when clamav 0.99.3+addedllvm-
0ubuntu0.16.04.1 was released and I had asked this https://askubuntu.co
m/questions/1001915/clamav-0-99-3addedllvm-0ubuntu0-16-04-1-reports-
cannot-connect-to-unix-socket?noredirect=1#comment1620420_1001915 which
led me to taking a look at the above files.

-- 
Chris
KeyID 0xE372A7DA98E6705C
31.11972; -97.90167 (Elev. 1092 ft)
16:52:31 up 23:58, 1 user, load average: 0.81, 0.55, 0.74
Description:	Ubuntu 16.04.4 LTS, kernel 4.13.0-36-generic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20180308/2c257c35/attachment.sig>

More information about the clamav-users mailing list