[clamav-users] Debian 12.6 - clamav-deamon does not use a socket

Sun, 30 Jun 2024 06:55:36 -0700 

Hello,
I'm currently struggling with the problem that my clamav daemon creates /var/run/clamav/clamd.ctl as a socket, but I can't connect to Rspamd. At first I thought that rspamd wasn't sending anything, but clamav isn't addressing any socket. 


When I check this using sockstat, no active socket is displayed. So 
clamav doesn't seem to be addressing the socket.



I uninstalled everything from clamav again and deleted the directories 
by hand. Then I downloaded everything again from the Debian 12 
repository. Everything is created and a new socket is created, but the 
same thing happens again: the socket doesn't work.


Do I have to tell it beforehand via a setting that it should be active?

Of course, the clamav.conf states:

LocalSocket /var/run/clamav/clamd.ctl

The logs show that the signatures are loaded and the function is checked 
every 3600 seconds. But the socket is not working.


What could be the reason for this?

Christian

clamconf
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog = "yes"
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "104857600"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "30"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
ConcurrentDatabaseReload = "yes"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug = "yes"
LeaveTemporaryFiles disabled
GenerateMetadataJson disabled
User = "clamav"
Bytecode disabled
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "10000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertBrokenMedia disabled
AlertEncrypted disabled
StructuredCCOnly disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "52428800"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "104857600"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "52428800"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug = "yes"
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 1.0.5

Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 
ICONV JSON


Database information
--------------------
Database directory: /var/lib/clamav
[3rd Party] Sanesecurity_spam.yara: 46 sigs
[3rd Party] foxhole_js.ndb: 4 sigs
[3rd Party] spearl.ndb: 1 sig
[3rd Party] miscreantpunch.hdb: 38 sigs
[3rd Party] jurlbl.ndb: 29411 sigs
[3rd Party] winnow_malware_links.ndb: 133 sigs
[3rd Party] doppelstern.hdb: 1 sig
[3rd Party] winnow.attachments.hdb: 1 sig
[3rd Party] foxhole_js.cdb: 48 sigs
[3rd Party] scam.ndb: 13087 sigs
[3rd Party] interservertopline.db: 1138 sigs
[3rd Party] phish.ndb: 30681 sigs
[3rd Party] spear.ndb: 1 sig
[3rd Party] winnow.complex.patterns.ldb: 3 sigs
[3rd Party] ditekshen.ldb: 159 sigs
[3rd Party] Sanesecurity_sigtest.yara: 54 sigs
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
[3rd Party] malware.expert.fp: 1 sig
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 16:37:24 2024
[3rd Party] bofhland_cracked_URL.ndb: 40 sigs
[3rd Party] spamattach.hdb: 14 sigs
[3rd Party] twinclams.ldb: 4151 sigs
[3rd Party] spamimg.hdb: 228 sigs
daily.cld: version 27322, sigs: 2063662, built on Sun Jun 30 10:36:30 2024
[3rd Party] porcupine.ndb: 1601 sigs
[3rd Party] porcupine.hsb: 184 sigs
[3rd Party] rfxn.yara: 11527 sigs
[3rd Party] junk.ndb: 57066 sigs
[3rd Party] rfxn.ndb: 2054 sigs
[3rd Party] malware.expert.ldb: 1 sig
[3rd Party] hackingteam.hsb: 435 sigs
[3rd Party] blurl.ndb: 1472 sigs
[3rd Party] phishtank.ndb: 1 sig
[3rd Party] exexor99.ldb: 508 sigs
[3rd Party] rfxn.hdb: 13030 sigs
[3rd Party] sanesecurity.ftm: 185 sigs
[3rd Party] winnow_bad_cw.hdb: 1 sig
[3rd Party] bofhland_malware_URL.ndb: 4 sigs
[3rd Party] badmacro.ndb: 705 sigs
[3rd Party] shell.ldb: 57 sigs
[3rd Party] rogue.hdb: 7042 sigs
[3rd Party] malwarehash.hsb: 1031 sigs
[3rd Party] foxhole_filename.cdb: 3597 sigs
[3rd Party] whitelist.fp: 3081 sigs
[3rd Party] twinwave.ign2: 48 sigs
[3rd Party] bofhland_phishing_URL.ndb: 72 sigs
[3rd Party] lott.ndb: 2338 sigs
[3rd Party] malware.expert.ndb: 1 sig
[3rd Party] bofhland_malware_attach.hdb: 1836 sigs
[3rd Party] jurlbla.ndb: 685 sigs
[3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs
[3rd Party] foxhole_generic.cdb: 214 sigs
[3rd Party] spam.ldb: 2 sigs
[3rd Party] winnow_spam_complete.ndb: 26 sigs
[3rd Party] interserver256.hdb: 28766 sigs
[3rd Party] sigwhitelist.ign2: 18 sigs
[3rd Party] shelter.ldb: 61 sigs
[3rd Party] malware.expert.hdb: 1 sig
[3rd Party] winnow_extended_malware_links.ndb: 1 sig
[3rd Party] urlhaus.ndb: 7099 sigs
[3rd Party] winnow_malware.hdb: 1 sig
[3rd Party] winnow_phish_complete_url.ndb: 53 sigs
[3rd Party] crdfam.clamav.hdb: 1 sig
[3rd Party] winnow_extended_malware.hdb: 1 sig
Total number of signatures: 8936420

Platform information
--------------------

uname: Linux 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 
(2024-05-03) x86_64

OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: No LSB modules are available.
Debian GNU/Linux 12 (bookworm)
zlib version: 1.2.13 (1.2.13), compile flags: a9
platform id: 0x0a21a5a508000000000c0200

Build information
-----------------
GNU C: 12.2.0 (12.2.0)
sizeof(void*) = 8
Engine flevel: 165, dconf: 165
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat






















					Reply via email to