Hi Ged,
The ClamAV was never upgraded until I found the service couldn't be started yesterday. I executed the command of "clamconf" and got the following results. Thanks for your help.


Checking configuration files in /etc

Config file: clamd.d/scan.conf

------------------------------

AlertExceedsMax disabled

PreludeEnable disabled

PreludeAnalyzerName disabled

LogFile disabled

LogFileUnlock disabled

LogFileMaxSize = "1048576"

LogTime disabled

LogClean disabled

LogSyslog = "yes"

LogFacility = "LOG_LOCAL6"

LogVerbose disabled

LogRotate disabled

ExtendedDetectionInfo disabled

PidFile disabled

TemporaryDirectory disabled

DatabaseDirectory = "/var/lib/clamav"

OfficialDatabaseOnly disabled

LocalSocket disabled

LocalSocketGroup disabled

LocalSocketMode disabled

FixStaleSocket = "yes"

TCPSocket disabled

TCPAddr disabled

MaxConnectionQueueLength = "200"

StreamMaxLength = "26214400"

StreamMinPort = "1024"

StreamMaxPort = "2048"

MaxThreads = "10"

ReadTimeout = "120"

CommandReadTimeout = "30"

SendBufTimeout = "500"

MaxQueue = "100"

IdleTimeout = "30"

ExcludePath disabled

MaxDirectoryRecursion = "15"

FollowDirectorySymlinks disabled

FollowFileSymlinks disabled

CrossFilesystems = "yes"

SelfCheck = "600"

ConcurrentDatabaseReload = "yes"

DisableCache disabled

VirusEvent disabled

ExitOnOOM disabled

AllowAllMatchScan = "yes"

Foreground disabled

Debug disabled

LeaveTemporaryFiles disabled

User = "clamscan"

Bytecode = "yes"

BytecodeSecurity = "TrustSigned"

BytecodeTimeout = "10000"

BytecodeUnsigned disabled

BytecodeMode = "Auto"

DetectPUA disabled

ExcludePUA disabled

IncludePUA disabled

ScanPE = "yes"

ScanELF = "yes"

ScanMail = "yes"

ScanPartialMessages disabled

PhishingSignatures = "yes"

PhishingScanURLs = "yes"

HeuristicAlerts = "yes"

HeuristicScanPrecedence disabled

StructuredDataDetection disabled

StructuredMinCreditCardCount = "3"

StructuredMinSSNCount = "3"

StructuredSSNFormatNormal = "yes"

StructuredSSNFormatStripped disabled

ScanHTML = "yes"

ScanOLE2 = "yes"

AlertBrokenExecutables disabled

AlertBrokenMedia disabled

AlertEncrypted disabled

StructuredCCOnly disabled

AlertEncryptedArchive disabled

AlertEncryptedDoc disabled

AlertOLE2Macros disabled

AlertPhishingSSLMismatch disabled

AlertPhishingCloak disabled

AlertPartitionIntersection disabled

ScanPDF = "yes"

ScanSWF = "yes"

ScanXMLDOCS = "yes"

ScanHWP3 = "yes"

ScanArchive = "yes"

ForceToDisk disabled

MaxScanTime disabled

MaxScanSize = "104857600"

MaxFileSize = "26214400"

MaxRecursion = "16"

MaxFiles = "10000"

MaxEmbeddedPE = "10485760"

MaxHTMLNormalize = "10485760"

MaxHTMLNoTags = "2097152"

MaxScriptNormalize = "5242880"

MaxZipTypeRcg = "1048576"

MaxPartitions = "50"

MaxIconsPE = "100"

MaxRecHWP3 = "16"

PCREMatchLimit = "100000"

PCRERecMatchLimit = "2000"

PCREMaxFileSize = "26214400"

OnAccessMountPath disabled

OnAccessIncludePath disabled

OnAccessExcludePath disabled

OnAccessExcludeRootUID disabled

OnAccessExcludeUID disabled

OnAccessExcludeUname disabled

OnAccessMaxFileSize = "5242880"

OnAccessDisableDDD disabled

OnAccessPrevention disabled

OnAccessExtraScanning disabled

OnAccessCurlTimeout = "5000"

OnAccessMaxThreads = "5"

OnAccessRetryAttempts disabled

OnAccessDenyOnError disabled

DevACOnly disabled

DevACDepth disabled

DevPerformance disabled

DevLiblog disabled

DisableCertCheck disabled

AlgorithmicDetection = "yes"

BlockMax disabled

PhishingAlwaysBlockSSLMismatch disabled

PhishingAlwaysBlockCloak disabled

PartitionIntersection disabled

OLE2BlockMacros disabled

ArchiveBlockEncrypted disabled

 

Config file: freshclam.conf

---------------------------

LogFileMaxSize = "1048576"

LogTime disabled

LogSyslog disabled

LogFacility = "LOG_LOCAL6"

LogVerbose disabled

LogRotate disabled

PidFile disabled

DatabaseDirectory = "/var/lib/clamav"

Foreground disabled

Debug disabled

UpdateLogFile disabled

DatabaseOwner = "clamupdate"

Checks = "12"

DNSDatabaseInfo = "current.cvd.clamav.net"

DatabaseMirror = "database.clamav.net"

PrivateMirror disabled

MaxAttempts = "3"

ScriptedUpdates = "yes"

TestDatabases = "yes"

CompressLocalDatabase disabled

ExtraDatabase disabled

ExcludeDatabase disabled

DatabaseCustomURL disabled

HTTPProxyServer disabled

HTTPProxyPort disabled

HTTPProxyUsername disabled

HTTPProxyPassword disabled

HTTPUserAgent disabled

NotifyClamd = "/etc/clamd.d/scan.conf"

OnUpdateExecute disabled

OnErrorExecute disabled

OnOutdatedExecute disabled

LocalIPAddress disabled

ConnectTimeout = "30"

ReceiveTimeout disabled

Bytecode = "yes"

 

mail/clamav-milter.conf not found

 

Software settings

-----------------

Version: 0.103.2

Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

 

Database information

--------------------

Database directory: /var/lib/clamav

daily.cld: version 26203, sigs: 3989972, built on Wed Jun 16 19:07:58 2021

bytecode.cld: version 333, sigs: 92, built on Mon Mar  8 23:21:51 2021

main.cld: version 59, sigs: 4564902, built on Mon Nov 25 21:56:15 2019

Total number of signatures: 8554966

 

Platform information

--------------------

uname: Linux 4.1.12-124.27.1.el7uek.x86_64 #2 SMP Mon May 13 08:56:17 PDT 2019 x86_64

OS: linux-gnu, ARCH: x86_64, CPU: x86_64

zlib version: 1.2.7 (1.2.7), compile flags: a9

platform id: 0x0a217b7b0800000000040805

 

Build information

-----------------

GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)

CPPFLAGS: -I/usr/include/libprelude

CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic -fno-strict-aliasing   -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64

CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic

LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed  -lprelude

Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1  -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'

sizeof(void*) = 8

Engine flevel: 123, dconf: 123




G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> 於 2021年6月16日 週三 下午6:25寫道:
Hi Eric,

On Wed, 16 Jun 2021, Eric Jin via clamav-users wrote:

> [...] I deleted bytecode.cvd and main.cvd but the service still not
> be started. The output is as below.
> [...]
> [root@tplinuxuhgdb2 clamav]# systemctl start clamd@scan.service
> Job for clamd@scan.service failed [...] "journalctl -xe" for details.
> [root@tplinuxuhgdb2 clamav]# journalctl -xe
> [...]
> Jun 16 16:23:28 tplinuxuhgdb2.localdomain systemd[1]: Starting clamd scanner (scan) daemon...
> [...]
> Jun 16 16:23:28 tplinuxuhgdb2.localdomain clamd[4887]: ERROR: Please define server type (local and/or TCP).
> [...]

In the clamd configuration file there should be a definition for the
socket on which clamd will listen - it is either a Unix socket, or a
TCP socket.  Do you have a line in the file which defines the socket?
If not, since you say that the scanner has been working for two years
it seems that something (possibly an upgrade?) has changed it.  It's
not a bad idea to include configuration files in your backups.  Here
is last night's backup of my clamd server's clamd configuration file;
as it happens it was a 'full' backup (using BackupPC), it is backup
number 483 and its size is 27752 bytes, last modified in May:

clamd_tcp3.conf  file  0644  483  27752  2021-05-15 13:59:48

I often run more than one clamd daemon, which is why I names this
differently from the defaults for upstream and the distributions.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml