Discussion:
systemctl and clamd
(too old to reply)
Vincent Coen
2020-04-17 17:22:54 UTC
Permalink
Hello All!

I have as set up by mga clamd-daemon running

Trouble is it is not using the /etc/cland.conf as the socket is not set up.

I need this because I run clamscan etc instream via the socket 3310.

So as an experiment I stopped it via systemctl stop clamav-daemon

Then just did cland &

using clamdtop I can now see it and when running scan clam against a
reasonable block of file it runs quick which is more than I could say
before.

So I need to change the auto settings for systemd and clamav-daemon to just
run clamd but I cannot see for the life of me how.

All this started moving to v7 as in v7 it worked correctly by picking up
the clamav.conf and fully acting on it v7 does NOT do that but as I say I
cannot see how to change it.

Can any one help,

Vincent
Bit Twister
2020-04-17 17:59:35 UTC
Permalink
Post by Vincent Coen
Hello All!
I have as set up by mga clamd-daemon running
Trouble is it is not using the /etc/cland.conf as the socket is not set up.
I need this because I run clamscan etc instream via the socket 3310.
So as an experiment I stopped it via systemctl stop clamav-daemon
Then just did cland &
using clamdtop I can now see it and when running scan clam against a
reasonable block of file it runs quick which is more than I could say
before.
So I need to change the auto settings for systemd and clamav-daemon to just
run clamd but I cannot see for the life of me how.
All this started moving to v7 as in v7 it worked correctly by picking up
the clamav.conf and fully acting on it v7 does NOT do that but as I say I
cannot see how to change it.
Can any one help,
I will give you some pointers and whatnot. I can not load maga7 clamd.
mcc software manager is not telling my why not.

I would like to see the clamd service file. Run
systemctl status clamav-daemon

Then paste the service file so I can look at it. File name is the file
name given on the Loaded: line.
Vincent Coen
2020-04-17 21:32:53 UTC
Permalink
Hello Bit!
Post by Bit Twister
Post by Vincent Coen
I have as set up by mga clamd-daemon running
Trouble is it is not using the /etc/cland.conf as the socket is not set up.
I need this because I run clamscan etc instream via the socket 3310.
So as an experiment I stopped it via systemctl stop clamav-daemon
Then just did cland &
using clamdtop I can now see it and when running scan clam against a
reasonable block of file it runs quick which is more than I could
say before.
So I need to change the auto settings for systemd and clamav-daemon
to just run clamd but I cannot see for the life of me how.
All this started moving to v7 as in v7 it worked correctly by
picking up the clamav.conf and fully acting on it v7 does NOT do
that but as I say I cannot see how to change it.
Can any one help,
I will give you some pointers and whatnot. I can not load maga7 clamd.
mcc software manager is not telling my why not.
I would like to see the clamd service file. Run
systemctl status clamav-daemon
Then paste the service file so I can look at it. File name is the file
name given on the Loaded: line.
Hope this does it:

clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; enabled;
vendor preset: disabled)
Active: inactive (dead) since Fri 2020-04-17 18:09:46 BST; 4h 22min ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Process: 16914 ExecStart=/usr/sbin/clamd --foreground=true (code=exited,
status=0/SUCCESS)
Main PID: 16914 (code=exited, status=0/SUCCESS)

Apr 17 17:34:36 applewood.server clamd[16914]: Fri Apr 17 17:34:36 2020 ->
SelfCheck: Database status OK.
Apr 17 17:44:36 applewood.server clamd[16914]: Fri Apr 17 17:44:36 2020 ->
SelfCheck: Database status OK.
Apr 17 17:54:36 applewood.server clamd[16914]: Fri Apr 17 17:54:36 2020 ->
SelfCheck: Database status OK.
Apr 17 18:04:36 applewood.server clamd[16914]: Fri Apr 17 18:04:36 2020 ->
SelfCheck: Database status OK.
Apr 17 18:09:45 applewood.server clamd[16914]: Fri Apr 17 18:09:45 2020 ->
*Waiting for all threads to finish
Apr 17 18:09:45 applewood.server systemd[1]: Stopping Clam AntiVirus
userspace daemon...
Apr 17 18:09:45 applewood.server clamd[16914]: Fri Apr 17 18:09:45 2020 ->
Pid file removed.
Apr 17 18:09:45 applewood.server clamd[16914]: Fri Apr 17 18:09:45 2020 ->
-!- Stopped at Fri Apr 17 18:09:45 2020
Apr 17 18:09:46 applewood.server systemd[1]: clamav-daemon.service:
Succeeded.
Apr 17 18:09:46 applewood.server systemd[1]: Stopped Clam AntiVirus
userspace daemon.


and I can access the file pointed to at the top, not that it tells me a
lot!

Vincent
Bit Twister
2020-04-17 22:59:25 UTC
Permalink
Post by Vincent Coen
Hello Bit!
Post by Bit Twister
I would like to see the clamd service file. Run
systemctl status clamav-daemon
Then paste the service file so I can look at it. File name is the file
name given on the Loaded: line.
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; enabled;
vendor preset: disabled)
and I can access the file pointed to at the top, not that it tells me a
lot!
And that is exactly the file I was asking you to post. :)
Bit Twister
2020-04-18 00:19:56 UTC
Permalink
Post by Bit Twister
Post by Vincent Coen
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; enabled;
vendor preset: disabled)
and I can access the file pointed to at the top, not that it tells me a
lot!
And that is exactly the file I was asking you to post. :)
Ok, finally have the clamav package installed. Had to use the command line.

Looking in /usr/lib/systemd/system/clamav-daemon.service shows you
what systemd has to do to get a service to run. If it needs other
services/sockets/... and when the service needs to run/start.

Requires=clamav-daemon.socket indicates that socket needs to be enabled
and working.

And this section
[Install]
WantedBy=multi-user.target
Also=clamav-daemon.socket

indicates that clamav-daemon service is to be started after the
network is up and clamav-daemon.socket is active.

After pkg install I did a
# systemctl --system daemon-reload

get the list of clamav units
$ systemctl list-unit-files | grep clamav
clamav-daemon.service disabled
clamav-freshclam.service disabled
clamav-daemon.socket disabled

Enabled each
systemctl enable clamav-daemon.service
systemctl enable clamav-freshclam.service
systemctl enable clamav-daemon.socket

started each
systemctl start clamav-daemon.socket
systemctl start clamav-freshclam.service
systemctl start clamav-daemon.service

systemctl status on each shows all active and no problems.

systemctl status clamav-daemon.service
shows man:clamd.conf so I located clamd.conf, saw the log file location,
and cat /var/log/clamav/clamd.log had no problems.

What that tells me is that clamd.conf was read by the clamav-daemon.

What would be nice is for you to provide a diff result of
your /etc/clamd.conf and the original to see what you changed.
Vincent Coen
2020-04-18 14:31:08 UTC
Permalink
Hello Bit!
Post by Bit Twister
Post by Bit Twister
Post by Vincent Coen
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service;
enabled; vendor preset: disabled)
and I can access the file pointed to at the top, not that it tells
me a lot!
And that is exactly the file I was asking you to post. :)
Ok, finally have the clamav package installed. Had to use the command line.
Looking in /usr/lib/systemd/system/clamav-daemon.service shows you
what systemd has to do to get a service to run. If it needs other
services/sockets/... and when the service needs to run/start.
Requires=clamav-daemon.socket indicates that socket needs to be
enabled and working.
And this section
[Install]
WantedBy=multi-user.target
Also=clamav-daemon.socket
indicates that clamav-daemon service is to be started after the
network is up and clamav-daemon.socket is active.
After pkg install I did a
# systemctl --system daemon-reload
get the list of clamav units
$ systemctl list-unit-files | grep clamav
clamav-daemon.service disabled
clamav-freshclam.service disabled
clamav-daemon.socket disabled
Enabled each
systemctl enable clamav-daemon.service
systemctl enable clamav-freshclam.service
systemctl enable clamav-daemon.socket
started each
systemctl start clamav-daemon.socket
systemctl start clamav-freshclam.service
systemctl start clamav-daemon.service
systemctl status on each shows all active and no problems.
systemctl status clamav-daemon.service
shows man:clamd.conf so I located clamd.conf, saw the log file
location, and cat /var/log/clamav/clamd.log had no problems.
What that tells me is that clamd.conf was read by the clamav-daemon.
What would be nice is for you to provide a diff result of
your /etc/clamd.conf and the original to see what you changed.
Just tried that but it is long as mine version goes back some time and the
other is cland.conf.rpmsave

But the main differences are more than likely :

LogFileMaxSize 32M
LogTime yes
ExtendedDetectionInfo yes
TemporaryDirectory /home/system-jobs/tmp
LocalSocket /var/lib/clamav/clamd.socket
This one Was pointing to /va/run/clamav but when I got these issue I
moved it back to default.

TCPSocket 3310
TCPAddr 127.0.0.1
StreamMaxLength 100M
#MaxThreads 64
#MaxQueue 200
ExcludePath ^/mnt/
ExcludePath ^/dev/
MaxDirectoryRecursion 25
#FollowDirectorySymlinks yes
#FollowFileSymlinks yes
ScanPDF yes
ScanSWF no
ScanXMLDOCS yes
ScanHWP3 yes
MaxScanSize 500M
MaxFileSize 300M

OnAccessMaxFileSize 32M




Vincent
Bit Twister
2020-04-18 16:38:47 UTC
Permalink
Post by Vincent Coen
Post by Bit Twister
What would be nice is for you to provide a diff result of
your /etc/clamd.conf and the original to see what you changed.
Just tried that but it is long as mine version goes back some time and the
other is cland.conf.rpmsave
FYI: The only constant with Linux is change.

Rather than copying configuration files from old release to new release
or doing an update and using the old release config file, I create
a change script to save the installed file, then make my changes.
That way I pickup any new configuration changes and am notified if
any of my changes were not made.

Seen lots of posts caused by old configuration file not compatible with
new release.
Post by Vincent Coen
TCPSocket 3310
TCPAddr 127.0.0.1
StreamMaxLength 100M
#MaxThreads 64
#MaxQueue 200
ExcludePath ^/mnt/
ExcludePath ^/dev/
MaxDirectoryRecursion 25
#FollowDirectorySymlinks yes
#FollowFileSymlinks yes
ScanPDF yes
ScanSWF no
ScanXMLDOCS yes
ScanHWP3 yes
MaxScanSize 500M
MaxFileSize 300M
Those directive names looking pretty much the same.
]# grep -E "^LocalSocket|^#LocalSocket|^#TCP|^#Scan|TCP|^Scan" /etc/clamd.conf
LocalSocket /var/lib/clamav/clamd.socket
#LocalSocketGroup virusgroup
#LocalSocketMode 660
# TCP port address.
#TCPSocket 3310
# TCP address.
#TCPAddr 127.0.0.1
ScanPE yes
#ScanELF yes
ScanOLE2 yes
#ScanPDF yes
#ScanSWF yes
#ScanXMLDOCS yes
#ScanHWP3 yes
ScanMail yes
#ScanPartialMessages yes
ScanHTML yes
ScanArchive yes

Not sure but I show a few more than yours.
Vincent Coen
2020-04-18 21:17:02 UTC
Permalink
Hello Bit!
Post by Bit Twister
Post by Vincent Coen
Post by Bit Twister
What would be nice is for you to provide a diff result of
your /etc/clamd.conf and the original to see what you changed.
Just tried that but it is long as mine version goes back some time
and the other is cland.conf.rpmsave
FYI: The only constant with Linux is change.
Rather than copying configuration files from old release to new release
or doing an update and using the old release config file, I create
a change script to save the installed file, then make my changes.
That way I pickup any new configuration changes and am notified if
any of my changes were not made.
Seen lots of posts caused by old configuration file not compatible
with new release.
Post by Vincent Coen
TCPSocket 3310
TCPAddr 127.0.0.1
StreamMaxLength 100M
#MaxThreads 64
#MaxQueue 200
ExcludePath ^/mnt/
ExcludePath ^/dev/
MaxDirectoryRecursion 25
#FollowDirectorySymlinks yes
#FollowFileSymlinks yes
ScanPDF yes
ScanSWF no
ScanXMLDOCS yes
ScanHWP3 yes
MaxScanSize 500M
MaxFileSize 300M
Those directive names looking pretty much the same.
]# grep -E "^LocalSocket|^#LocalSocket|^#TCP|^#Scan|TCP|^Scan"
/etc/clamd.conf LocalSocket
/var/lib/clamav/clamd.socket #LocalSocketGroup
virusgroup #LocalSocketMode 660 # TCP port address. #TCPSocket 3310 #
TCP address. #TCPAddr 127.0.0.1 ScanPE yes #ScanELF yes ScanOLE2
yes #ScanPDF yes #ScanSWF yes #ScanXMLDOCS yes #ScanHWP3 yes ScanMail
yes #ScanPartialMessages yes ScanHTML yes ScanArchive yes
Not sure but I show a few more than yours.
Yes, the TcpAddr and Tcpsocket are the immportant one's for insteam
operations.


Vincent
Vincent Coen
2020-04-18 15:10:24 UTC
Permalink
Hello Bit!
Post by Bit Twister
Ok, finally have the clamav package installed. Had to use the command line.
Looking in /usr/lib/systemd/system/clamav-daemon.service shows you
what systemd has to do to get a service to run. If it needs other
services/sockets/... and when the service needs to run/start.
Requires=clamav-daemon.socket indicates that socket needs to be
enabled and working.
And this section
[Install]
WantedBy=multi-user.target
Also=clamav-daemon.socket
indicates that clamav-daemon service is to be started after the
network is up and clamav-daemon.socket is active.
After pkg install I did a
# systemctl --system daemon-reload
get the list of clamav units
$ systemctl list-unit-files | grep clamav
clamav-daemon.service disabled
clamav-freshclam.service disabled
clamav-daemon.socket disabled
Just down this (but with the clamav-daemon stopped) :

ystemctl list-unit-files | grep clam
clamav-daemon.service disabled
clamav-freshclam.service enabled
clamav-daemon.socket disabled

It looks like to problem was always the fact that socket was not enabled ?

Also it is not on the list of daemon services shown in the MCC, system,
manage services.

Where is the list from which this facility takes its data (services) as
clearly not using your systemctl list-unit-files

Could this be a bug in the Mga v7 build ?

When I do a systemctl list-unit-files | grep disabled I get :

proc-sys-fs-binfmt_misc.mount disabled
accounts-daemon.service disabled
acpid.service disabled
arp-ethers.service disabled
atop.service disabled
atopacct.service disabled
blk-availability.service disabled
bluetooth.service disabled
canberra-system-bootup.service disabled
canberra-system-shutdown-reboot.service disabled
canberra-system-shutdown.service disabled
chrony-wait.service disabled

clamav-daemon.service disabled

console-getty.service disabled
cpupower.service disabled
cups-browsed.service disabled
debug-shell.service disabled
fedora-domainname.service disabled
firebird-superserver.service disabled
ip6tables.service disabled
ipset.service disabled
iptables.service disabled
multipathd.service disabled
nmb.service disabled
ntp-wait.service disabled
ntpdate.service disabled
powerline.service disabled
serial-***@.service disabled
shorewall.service disabled
shorewall6.service disabled
smb.service disabled
systemd-boot-check-no-failures.service disabled
systemd-journal-upload.service disabled
systemd-networkd-wait-online.service disabled
systemd-networkd.service disabled
systemd-***@.service disabled
systemd-resolved.service disabled
systemd-time-wait-sync.service disabled
vnstat.service disabled
winbind.service disabled
xdm.service disabled

clamav-daemon.socket disabled

cups-lpd.socket disabled
dm-event.socket disabled
multipathd.socket disabled
rsyncd.socket disabled
systemd-journal-gatewayd.socket disabled
systemd-journal-remote.socket disabled
systemd-networkd.socket disabled
ctrl-alt-del.target disabled
exit.target disabled
halt.target disabled
kexec.target disabled
machines.target disabled
poweroff.target disabled
reboot.target disabled
remote-cryptsetup.target disabled
runlevel0.target disabled
runlevel6.target disabled
atop-rotate.timer disabled
chrony-***@.timer disabled
fstrim.timer disabled
man-db.timer disabled
xfs_scrub_all.timer disabled


So the socket is not enabled but I would be assuming that is the fix to my
problem - or is it ?
Post by Bit Twister
Enabled each
systemctl enable clamav-daemon.service
systemctl enable clamav-freshclam.service
systemctl enable clamav-daemon.socket
started each
systemctl start clamav-daemon.socket
systemctl start clamav-freshclam.service
systemctl start clamav-daemon.service
systemctl status on each shows all active and no problems.
systemctl status clamav-daemon.service
shows man:clamd.conf so I located clamd.conf, saw the log file
location, and cat /var/log/clamav/clamd.log had no problems.
What that tells me is that clamd.conf was read by the clamav-daemon.
What would be nice is for you to provide a diff result of
your /etc/clamd.conf and the original to see what you changed.
Vincent
Bit Twister
2020-04-18 17:09:25 UTC
Permalink
Post by Vincent Coen
Hello Bit!
Post by Bit Twister
get the list of clamav units
$ systemctl list-unit-files | grep clamav
clamav-daemon.service disabled
clamav-freshclam.service disabled
clamav-daemon.socket disabled
ystemctl list-unit-files | grep clam
clamav-daemon.service disabled
clamav-freshclam.service enabled
clamav-daemon.socket disabled
It looks like to problem was always the fact that socket was not enabled ?
Well, do not keep us in suspense, did you enable the socket and now
everything works?
Post by Vincent Coen
Also it is not on the list of daemon services shown in the MCC, system,
manage services.
Where is the list from which this facility takes its data (services) as
clearly not using your systemctl list-unit-files
I could not say without looking at the code.
My guess the code just asked systemctl for services and daemons and added
buttons/status for each found.
Post by Vincent Coen
Could this be a bug in the Mga v7 build ?
Nope. works as designed.

If you are not wanting to use systemd cli commands, and want a more
comprehensible gui tool I suggest installing systemd-ui rpm
and see if running systemadm meets your requirements.
Post by Vincent Coen
So the socket is not enabled but I would be assuming that is the fix to my
problem - or is it ?
How hard can it be to enable it, and stop/start your clamav services:
Vincent Coen
2020-04-18 21:47:36 UTC
Permalink
Hello Bit!
Post by Bit Twister
Post by Vincent Coen
Could this be a bug in the Mga v7 build ?
Nope. works as designed.
If you are not wanting to use systemd cli commands, and want a more
comprehensible gui tool I suggest installing systemd-ui rpm
and see if running systemadm meets your requirements.
Post by Vincent Coen
So the socket is not enabled but I would be assuming that is the fix
to my problem - or is it ?
I have killed the manually started clamd.
Change the clamav-daemon.socket to use port 3310 instead of 1024
run systemctl reload-daemon

enabled and started -socket
started clamav-daemon

Then tested it by running
telnet localhost 3310

It appears to be working but when some files come it will be the real test
:)

How do I make sure that the clamav-daemon.socket starts at boot along with
the other clam daemons ?

and yes I did install and run systemadm ( which is not in the menu system )
but what ever. It is in /usr/share/applications/ so may be it neads a
restart which can wait a few days.


Vincent
Bit Twister
2020-04-18 22:33:43 UTC
Permalink
Post by Vincent Coen
How do I make sure that the clamav-daemon.socket starts at boot along with
the other clam daemons ?
If you have enabled any systemd service/socket, they should become active
when directives in the unit file are met.

Numerous methods come to mind. I woud think using systemctl and journalctl
would be basic tools to start with
I suggest first step would be man systemctl then man journalctl.

If you have not already done so, I suggest adding systemd-journal
to your user login id, log out/in to pick up the new group.

That allows you to use journalctl to look at system messages without
having to get to a root prompt.

I have a DE autostart script to launch a xterm to have the journal scrolling
24 lines, and another xterm scrolling 5 lines which I pin to the desktop.
to keep an eye on what is going on in the journal.

I also have a script that checks journal since the last time it ran
to pop up a xmessage with list of any problems found.
Post by Vincent Coen
and yes I did install and run systemadm ( which is not in the menu system )
but what ever. It is in /usr/share/applications/ so may be it neads a
restart which can wait a few days.
I would guess all you need to do is log out/in to get the menu rebuilt.

Then again you did not provide any basic system information about your
setup.

I have a script to generate a .signature file upon login. Here is a
snippet of the output

Running Mageia release 7 (Official) for x86_64
5.5.15-desktop-3.mga7 on x86_64 DM=lightdm DE=xfce

Vincent Coen
2020-04-18 14:43:32 UTC
Permalink
Hello Bit!
Post by Bit Twister
Post by Vincent Coen
Hello Bit!
Post by Bit Twister
I would like to see the clamd service file. Run
systemctl status clamav-daemon
Then paste the service file so I can look at it. File name is the
file
Post by Bit Twister
name given on the Loaded: line.
clamav-daemon.service - Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service;
enabled; vendor preset: disabled)
and I can access the file pointed to at the top, not that it tells
me a lot!
And that is exactly the file I was asking you to post. :)
[Unit]
Description=Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5)
https://www.clamav.net/documents/
Requires=clamav-daemon.socket
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Service]
ExecStart=/usr/sbin/clamd --foreground=true
# Reload the database
ExecReload=/bin/kill -USR2 $MAINPID
StandardOutput=syslog
TimeoutStartSec=420

[Install]
WantedBy=multi-user.target
Also=clamav-daemon.socket
/usr/lib/systemd/system/clamav-daemon.service (END)



[Unit]
Description=Socket for Clam AntiVirus userspace daemon
Documentation=man:clamd(8) man:clamd.conf(5)
https://www.clamav.net/documents/
# Check for database existence
ConditionPathExistsGlob=/var/lib/clamav/main.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/daily.{c[vl]d,inc}

[Socket]
ListenStream=/var/lib/clamav/clamd.socket
#ListenStream=127.0.0.1:1024
SocketUser=clamav
SocketGroup=clamav
RemoveOnStop=True

[Install]
WantedBy=sockets.target
/usr/lib/systemd/system/clamav-daemon.socket (END)

I see no evedence that this is running and it is not listed in MCC system
under system and daemons only clamav and freshclam


Vincent
David W. Hodgins
2020-04-17 18:11:02 UTC
Permalink
Post by Vincent Coen
Hello All!
I have as set up by mga clamd-daemon running
Trouble is it is not using the /etc/cland.conf as the socket is not set up.
I need this because I run clamscan etc instream via the socket 3310.
So as an experiment I stopped it via systemctl stop clamav-daemon
Then just did cland &
using clamdtop I can now see it and when running scan clam against a
reasonable block of file it runs quick which is more than I could say
before.
So I need to change the auto settings for systemd and clamav-daemon to just
run clamd but I cannot see for the life of me how.
Just installed it to see what's needed. As installed, clamav-daemon.service
and clamav-daemon.socket and clamav-freshclam.service are all disabled.

Enabled and started all three with ...
[***@x3 ~]# systemctl enable clamav-daemon.socket
Created symlink /etc/systemd/system/sockets.target.wants/clamav-daemon.socket → /usr/lib/systemd/system/clamav-daemon.socket.
[***@x3 ~]# systemctl start clamav-daemon.socket
[***@x3 ~]# systemctl enable clamav-daemon.service
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-daemon.service → /usr/lib/systemd/system/clamav-daemon.service.
[***@x3 ~]# systemctl start clamav-daemon.service
[***@x3 ~]# systemctl enable clamav-freshclam.service
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-freshclam.service → /usr/lib/systemd/system/clamav-freshclam.service.
[***@x3 ~]# systemctl start clamav-freshclam.service

After the clamav-freshclam.service had updated the anti virus db, running
clamdscan /home/dave/Downloads/
shows it's working properly. Everything looks ok under clamdtop to me.

Did you enable and start all three parts and wait for the freshclam to finish
updating the db?
Post by Vincent Coen
All this started moving to v7 as in v7 it worked correctly by picking up
the clamav.conf and fully acting on it v7 does NOT do that but as I say I
cannot see how to change it.
Not sure what the above means.

Regards, Dave Hodgins
--
Change ***@nomail.afraid.org to ***@teksavvy.com for
email replies.
Vincent Coen
2020-04-17 21:37:30 UTC
Permalink
Hello David!
Post by David W. Hodgins
Just installed it to see what's needed. As installed,
clamav-daemon.service and clamav-daemon.socket and
clamav-freshclam.service are all disabled.
Enabled and started all three with ...
Created symlink
/etc/systemd/system/sockets.target.wants/clamav-daemon.socket →
clamav-daemon.service Created symlink
/etc/systemd/system/multi-user.target.wants/clamav-daemon.service →
clamav-freshclam.service Created symlink
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service
systemctl start clamav-freshclam.service
After the clamav-freshclam.service had updated the anti virus db,
running clamdscan /home/dave/Downloads/ shows it's working properly.
Everything looks ok under clamdtop to me.
Did you enable and start all three parts and wait for the freshclam to
finish updating the db?
Post by Vincent Coen
All this started moving to v7 as in v7 it worked correctly by
picking up the clamav.conf and fully acting on it v7 does NOT do
that but as I say I cannot see how to change it.
Should have been v6 to v7.

OK, just run

[***@applewood ~]$ systemctl status clamav-daemon.socket
● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.socket; disabled;
vendor preset: disabled)
Active: active (listening) since Tue 2020-04-07 22:54:30 BST; 1 weeks 2
days ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Listen: /var/lib/clamav/clamd.socket (Stream)
Memory: 0B
CGroup: /system.slice/clamav-daemon.socket

Apr 07 22:54:30 applewood.server systemd[1]: Starting Socket for Clam
AntiVirus userspace daemon.
Apr 07 22:54:30 applewood.server systemd[1]: Listening on Socket for Clam
AntiVirus userspace daemon.


Seem to 'imply' that instream is working but any request and even a telnet
localhost 3310 is refused and also I could not locate the clamav.socket
file despite declaring it in clamav.conf

This process ie streaming is around 10+ times fater than just doing a basic
service and then running clamscan *.* and as I run a BBS I get a lot of
files in per day so need to use clamav at full speed.


Vincent
David W. Hodgins
2020-04-17 22:41:37 UTC
Permalink
Post by Vincent Coen
Hello David!
Post by David W. Hodgins
Just installed it to see what's needed. As installed,
clamav-daemon.service and clamav-daemon.socket and
clamav-freshclam.service are all disabled.
Enabled and started all three with ...
Created symlink
/etc/systemd/system/sockets.target.wants/clamav-daemon.socket →
clamav-daemon.service Created symlink
/etc/systemd/system/multi-user.target.wants/clamav-daemon.service →
clamav-freshclam.service Created symlink
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service
systemctl start clamav-freshclam.service
After the clamav-freshclam.service had updated the anti virus db,
running clamdscan /home/dave/Downloads/ shows it's working properly.
Everything looks ok under clamdtop to me.
Did you enable and start all three parts and wait for the freshclam to
finish updating the db?
Post by Vincent Coen
All this started moving to v7 as in v7 it worked correctly by
picking up the clamav.conf and fully acting on it v7 does NOT do
that but as I say I cannot see how to change it.
Should have been v6 to v7.
OK, just run
● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.socket; disabled;
As shown above, it's disabled, so won't be created when booting.
Post by Vincent Coen
vendor preset: disabled)
Active: active (listening) since Tue 2020-04-07 22:54:30 BST; 1 weeks 2
days ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Listen: /var/lib/clamav/clamd.socket (Stream)
The above line shows the socket is there. On my system ...
# ll /var/lib/clamav/clamd.socket
srw-rw-rw- 1 clamav clamav 0 Apr 17 13:56 /var/lib/clamav/clamd.socket=
Post by Vincent Coen
Apr 07 22:54:30 applewood.server systemd[1]: Starting Socket for Clam
AntiVirus userspace daemon.
Apr 07 22:54:30 applewood.server systemd[1]: Listening on Socket for Clam
AntiVirus userspace daemon.
Seem to 'imply' that instream is working but any request and even a telnet
localhost 3310 is refused and also I could not locate the clamav.socket
file despite declaring it in clamav.conf
It's set up to use a socket, not a tcp port with the default configuration.
For example ...
$ cat ~/.bash_history | clamscan -
stdin: OK
Post by Vincent Coen
This process ie streaming is around 10+ times fater than just doing a basic
service and then running clamscan *.* and as I run a BBS I get a lot of
files in per day so need to use clamav at full speed.
The default config is for scanning files on localhost. Are you trying to submit
files for scanning from other computers on your lan?

If so, I'll have to do some research to see what needs to be done for that.

Regards, Dave Hodgins
--
Change ***@nomail.afraid.org to ***@teksavvy.com for
email replies.
Vincent Coen
2020-04-18 14:14:27 UTC
Permalink
Hello David!
Post by David W. Hodgins
Post by Vincent Coen
Hello David!
Post by David W. Hodgins
Just installed it to see what's needed. As installed,
clamav-daemon.service and clamav-daemon.socket and
clamav-freshclam.service are all disabled.
Enabled and started all three with ...
Created symlink
/etc/systemd/system/sockets.target.wants/clamav-daemon.socket →
systemctl
Post by David W. Hodgins
clamav-daemon.service Created symlink
/etc/systemd/system/multi-user.target.wants/clamav-daemon.service

systemctl
Post by David W. Hodgins
clamav-freshclam.service Created symlink
/etc/systemd/system/multi-user.target.wants/clamav-freshclam.service
~]#
Post by David W. Hodgins
systemctl start clamav-freshclam.service
After the clamav-freshclam.service had updated the anti virus db,
running clamdscan /home/dave/Downloads/ shows it's working
properly.
Post by David W. Hodgins
Everything looks ok under clamdtop to me.
Did you enable and start all three parts and wait for the
freshclam to
Post by David W. Hodgins
finish updating the db?
Post by Vincent Coen
All this started moving to v7 as in v7 it worked correctly by
picking up the clamav.conf and fully acting on it v7 does NOT do
that but as I say I cannot see how to change it.
Should have been v6 to v7.
OK, just run
● clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.socket; disabled;
As shown above, it's disabled, so won't be created when booting.
Post by Vincent Coen
vendor preset: disabled)
Active: active (listening) since Tue 2020-04-07 22:54:30 BST; 1
weeks 2 days ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Listen: /var/lib/clamav/clamd.socket (Stream)
The above line shows the socket is there. On my system ...
# ll /var/lib/clamav/clamd.socket
srw-rw-rw- 1 clamav clamav 0 Apr 17 13:56
/var/lib/clamav/clamd.socket=
Post by Vincent Coen
Apr 07 22:54:30 applewood.server systemd[1]: Starting Socket for
Clam AntiVirus userspace daemon. Apr 07 22:54:30 applewood.server
systemd[1]: Listening on Socket for Clam AntiVirus userspace daemon.
Seem to 'imply' that instream is working but any request and even a
telnet localhost 3310 is refused and also I could not locate the
clamav.socket file despite declaring it in clamav.conf
It's set up to use a socket, not a tcp port with the default
configuration. For example ... $ cat ~/.bash_history | clamscan -
stdin: OK
Post by Vincent Coen
This process ie streaming is around 10+ times fater than just doing
a basic service and then running clamscan *.* and as I run a BBS I
get a lot of files in per day so need to use clamav at full speed.
The default config is for scanning files on localhost. Are you trying
to submit files for scanning from other computers on your lan?
If so, I'll have to do some research to see what needs to be done for that.
It was stopped by me prior to running clamd & by hand.

When it was in control of systemctl it was NOT using a socket as doing a
sudo find / -iname clamd.socket did NOT locate any thing.

Now it find it in /var/lib/clamav/clamd.socket

So the predefined process for running the default set up is wrong and I
have no idea what the extra systemctl process for clamav-daemon-socket is
doing ( and that name might be incorrect ).

I am only submitting files for processing at localhost but by more than one
user, the BBS user and myself.

The bbs user issues the scan internally so there will not be any results in
history - and there isn't.

Bye the bye going in to MCC , system and Services and daemons there is only
two services for clam :

clamav-daemon
clamav-freshclam

Nothing for socket.

How ever running /usr/lib/systemd/system/clamav** shows :

-rw-r--r-- 1 root root 527 Feb 21 17:24
/usr/lib/systemd/system/clamav-daemon.service
-rw-r--r-- 1 root root 460 Feb 21 17:24
/usr/lib/systemd/system/clamav-daemon.socket
-rw-r--r-- 1 root root 420 Feb 21 17:24
/usr/lib/systemd/system/clamav-freshclam.service

Cannot see how the socket service get fired up, started.

Vincent
Loading...