1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Debian 12.6 - clamav-deamon does not use a socket

    From christian@21:1/5 to All on Sun Jun 30 16:00:01 2024
    Hello,
    I'm currently struggling with the problem that my clamav daemon creates /var/run/clamav/clamd.ctl as a socket, but I can't connect to Rspamd. At
    first I thought that rspamd wasn't sending anything, but clamav isn't addressing any socket.

    When I check this using sockstat, no active socket is displayed. So
    clamav doesn't seem to be addressing the socket.

    I uninstalled everything from clamav again and deleted the directories
    by hand. Then I downloaded everything again from the Debian 12
    repository. Everything is created and a new socket is created, but the
    same thing happens again: the socket doesn't work.

    Do I have to tell it beforehand via a setting that it should be active?

    Of course, the clamav.conf states:

    LocalSocket /var/run/clamav/clamd.ctl
    The logs show that the signatures are loaded and the function is checked
    every 3600 seconds. But the socket is not working.

    What could be the reason for this?

    Christian

    clamconf
    Checking configuration files in /etc/clamav

    Config file: clamd.conf
    -----------------------
    AlertExceedsMax disabled
    PreludeEnable disabled
    PreludeAnalyzerName = "ClamAV"
    LogFile = "/var/log/clamav/clamav.log"
    LogFileUnlock disabled
    LogFileMaxSize = "4294967295"
    LogTime = "yes"
    LogClean disabled
    LogSyslog = "yes"
    LogFacility = "LOG_LOCAL6"
    LogVerbose = "yes"
    LogRotate = "yes"
    ExtendedDetectionInfo = "yes"
    PidFile disabled
    TemporaryDirectory disabled
    DatabaseDirectory = "/var/lib/clamav"
    OfficialDatabaseOnly disabled
    LocalSocket = "/var/run/clamav/clamd.ctl"
    LocalSocketGroup = "clamav"
    LocalSocketMode = "666"
    FixStaleSocket = "yes"
    TCPSocket disabled
    TCPAddr disabled
    MaxConnectionQueueLength = "15"
    StreamMaxLength = "104857600"
    StreamMinPort = "1024"
    StreamMaxPort = "2048"
    MaxThreads = "12"
    ReadTimeout = "180"
    CommandReadTimeout = "30"
    SendBufTimeout = "200"
    MaxQueue = "100"
    IdleTimeout = "30"
    ExcludePath disabled
    MaxDirectoryRecursion = "15"
    FollowDirectorySymlinks disabled
    FollowFileSymlinks disabled
    CrossFilesystems = "yes"
    SelfCheck = "3600"
    ConcurrentDatabaseReload = "yes"
    DisableCache disabled
    VirusEvent disabled
    ExitOnOOM disabled
    AllowAllMatchScan = "yes"
    Foreground disabled
    Debug = "yes"
    LeaveTemporaryFiles disabled
    GenerateMetadataJson disabled
    User = "clamav"
    Bytecode disabled
    BytecodeSecurity = "TrustSigned"
    BytecodeTimeout = "10000"
    BytecodeUnsigned disabled
    BytecodeMode = "Auto"
    DetectPUA disabled
    ExcludePUA disabled
    IncludePUA disabled
    ScanPE = "yes"
    ScanELF = "yes"
    ScanMail = "yes"
    ScanPartialMessages disabled
    PhishingSignatures = "yes"
    PhishingScanURLs = "yes"
    HeuristicAlerts = "yes"
    HeuristicScanPrecedence disabled
    StructuredDataDetection disabled
    StructuredMinCreditCardCount = "3"
    StructuredMinSSNCount = "3"
    StructuredSSNFormatNormal = "yes"
    StructuredSSNFormatStripped disabled
    ScanHTML = "yes"
    ScanOLE2 = "yes"
    AlertBrokenExecutables disabled
    AlertBrokenMedia disabled
    AlertEncrypted disabled
    StructuredCCOnly disabled
    AlertEncryptedArchive disabled
    AlertEncryptedDoc disabled
    AlertOLE2Macros disabled
    AlertPhishingSSLMismatch disabled
    AlertPhishingCloak disabled
    AlertPartitionIntersection disabled
    ScanPDF = "yes"
    ScanSWF = "yes"
    ScanXMLDOCS = "yes"
    ScanHWP3 = "yes"
    ScanArchive = "yes"
    ForceToDisk disabled
    MaxScanTime = "120000"
    MaxScanSize = "52428800"
    MaxFileSize = "26214400"
    MaxRecursion = "16"
    MaxFiles = "10000"
    MaxEmbeddedPE = "10485760"
    MaxHTMLNormalize = "10485760"
    MaxHTMLNoTags = "2097152"
    MaxScriptNormalize = "5242880"
    MaxZipTypeRcg = "1048576"
    MaxPartitions = "50"
    MaxIconsPE = "100"
    MaxRecHWP3 = "16"
    PCREMatchLimit = "10000"
    PCRERecMatchLimit = "5000"
    PCREMaxFileSize = "104857600"
    OnAccessMountPath disabled
    OnAccessIncludePath disabled
    OnAccessExcludePath disabled
    OnAccessExcludeRootUID disabled
    OnAccessExcludeUID disabled
    OnAccessExcludeUname disabled
    OnAccessMaxFileSize = "52428800"
    OnAccessDisableDDD disabled
    OnAccessPrevention disabled
    OnAccessExtraScanning disabled
    OnAccessCurlTimeout = "5000"
    OnAccessMaxThreads = "5"
    OnAccessRetryAttempts disabled
    OnAccessDenyOnError disabled
    DevACOnly disabled
    DevACDepth disabled
    DevPerformance disabled
    DevLiblog disabled
    DisableCertCheck disabled
    AlgorithmicDetection = "yes"
    BlockMax disabled
    PhishingAlwaysBlockSSLMismatch disabled
    PhishingAlwaysBlockCloak disabled
    PartitionIntersection disabled
    OLE2BlockMacros disabled
    ArchiveBlockEncrypted disabled

    Config file: freshclam.conf
    ---------------------------
    LogFileMaxSize = "4294967295"
    LogTime = "yes"
    LogSyslog disabled
    LogFacility = "LOG_LOCAL6"
    LogVerbose disabled
    LogRotate = "yes"
    PidFile disabled
    DatabaseDirectory = "/var/lib/clamav"
    Foreground disabled
    Debug = "yes"
    UpdateLogFile = "/var/log/clamav/freshclam.log"
    DatabaseOwner = "clamav"
    Checks = "24"
    DNSDatabaseInfo = "current.cvd.clamav.net"
    DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
    PrivateMirror disabled
    MaxAttempts = "5"
    ScriptedUpdates = "yes"
    TestDatabases = "yes"
    CompressLocalDatabase disabled
    ExtraDatabase disabled
    ExcludeDatabase disabled
    DatabaseCustomURL disabled
    HTTPProxyServer disabled
    HTTPProxyPort disabled
    HTTPProxyUsername disabled
    HTTPProxyPassword disabled
    HTTPUserAgent disabled
    NotifyClamd = "/etc/clamav/clamd.conf"
    OnUpdateExecute disabled
    OnErrorExecute disabled
    OnOutdatedExecute disabled
    LocalIPAddress disabled
    ConnectTimeout = "30"
    ReceiveTimeout disabled
    Bytecode = "yes"

    clamav-milter.conf not found

    Software settings
    -----------------
    Version: 1.0.5
    Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2
    ICONV JSON

    Database information
    --------------------
    Database directory: /var/lib/clamav
    [3rd Party] Sanesecurity_spam.yara: 46 sigs
    [3rd Party] foxhole_js.ndb: 4 sigs
    [3rd Party] spearl.ndb: 1 sig
    [3rd Party] miscreantpunch.hdb: 38 sigs
    [3rd Party] jurlbl.ndb: 29411 sigs
    [3rd Party] winnow_malware_links.ndb: 133 sigs
    [3rd Party] doppelstern.hdb: 1 sig
    [3rd Party] winnow.attachments.hdb: 1 sig
    [3rd Party] foxhole_js.cdb: 48 sigs
    [3rd Party] scam.ndb: 13087 sigs
    [3rd Party] interservertopline.db: 1138 sigs
    [3rd Party] phish.ndb: 30681 sigs
    [3rd Party] spear.ndb: 1 sig
    [3rd Party] winnow.complex.patterns.ldb: 3 sigs
    [3rd Party] ditekshen.ldb: 159 sigs
    [3rd Party] Sanesecurity_sigtest.yara: 54 sigs
    main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
    [3rd Party] malware.expert.fp: 1 sig
    bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 16:37:24 2024
    [3rd Party] bofhland_cracked_URL.ndb: 40 sigs
    [3rd Party] spamattach.hdb: 14 sigs
    [3rd Party] twinclams.ldb: 4151 sigs
    [3rd Party] spamimg.hdb: 228 sigs
    daily.cld: version 27322, sigs: 2063662, built on Sun Jun 30 10:36:30 2024
    [3rd Party] porcupine.ndb: 1601 sigs
    [3rd Party] porcupine.hsb: 184 sigs
    [3rd Party] rfxn.yara: 11527 sigs
    [3rd Party] junk.ndb: 57066 sigs
    [3rd Party] rfxn.ndb: 2054 sigs
    [3rd Party] malware.expert.ldb: 1 sig
    [3rd Party] hackingteam.hsb: 435 sigs
    [3rd Party] blurl.ndb: 1472 sigs
    [3rd Party] phishtank.ndb: 1 sig
    [3rd Party] exexor99.ldb: 508 sigs
    [3rd Party] rfxn.hdb: 13030 sigs
    [3rd Party] sanesecurity.ftm: 185 sigs
    [3rd Party] winnow_bad_cw.hdb: 1 sig
    [3rd Party] bofhland_malware_URL.ndb: 4 sigs
    [3rd Party] badmacro.ndb: 705 sigs
    [3rd Party] shell.ldb: 57 sigs
    [3rd Party] rogue.hdb: 7042 sigs
    [3rd Party] malwarehash.hsb: 1031 sigs
    [3rd Party] foxhole_filename.cdb: 3597 sigs
    [3rd Party] whitelist.fp: 3081 sigs
    [3rd Party] twinwave.ign2: 48 sigs
    [3rd Party] bofhland_phishing_URL.ndb: 72 sigs
    [3rd Party] lott.ndb: 2338 sigs
    [3rd Party] malware.expert.ndb: 1 sig
    [3rd Party] bofhland_malware_attach.hdb: 1836 sigs
    [3rd Party] jurlbla.ndb: 685 sigs
    [3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs
    [3rd Party] foxhole_generic.cdb: 214 sigs
    [3rd Party] spam.ldb: 2 sigs
    [3rd Party] winnow_spam_complete.ndb: 26 sigs
    [3rd Party] interserver256.hdb: 28766 sigs
    [3rd Party] sigwhitelist.ign2: 18 sigs
    [3rd Party] shelter.ldb: 61 sigs
    [3rd Party] malware.expert.hdb: 1 sig
    [3rd Party] winnow_extended_malware_links.ndb: 1 sig
    [3rd Party] urlhaus.ndb: 7099 sigs
    [3rd Party] winnow_malware.hdb: 1 sig
    [3rd Party] winnow_phish_complete_url.ndb: 53 sigs
    [3rd Party] crdfam.clamav.hdb: 1 sig
    [3rd Party] winnow_extended_malware.hdb: 1 sig
    Total number of signatures: 8936420

    Platform information
    --------------------
    uname: Linux 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1
    (2024-05-03) x86_64
    OS: Linux, ARCH: x86_64, CPU: x86_64
    Full OS version: No LSB modules are available.
    Debian GNU/Linux 12 (bookworm)
    zlib version: 1.2.13 (1.2.13), compile flags: a9
    platform id: 0x0a21a5a508000000000c0200

    Build information
    -----------------
    GNU C: 12.2.0 (12.2.0)
    sizeof(void*) = 8
    Engine flevel: 165, dconf: 165

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)