Just installed clamav (0.68) on FC1 system. Freshclam works OK but system does not read clamd.ctl at bootup. There is a file named clamd.ctl in /var/run/clamav (which is the dir specified for LocalSocket in /etc/clamav.conf). The bootlog reports that clamav-milter failed to load. My clamav.conf is as follows:
.conf file starts=========== # Uncomment this option to enable logging. # LogFile must be writable for the user running the daemon. # Full path is required. LogFile /var/log/clamav/clamd.log # By default the log file is locked for writing - the lock protects against # running clamd multiple times (if want to run another clamd, please # copy the configuration file, change the LogFile variable, and run # the daemon with --config-file option). That's why you shouldn't uncomment # this option. #LogFileUnlock # Maximal size of the log file. Default is 1 Mb. # Value of 0 disables the limit. # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes) # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size # in bytes just don't use modifiers. LogFileMaxSize 2M # Log time with an each message. LogTime # Log also clean files. May be useful in debugging but will drastically # increase the log size. #LogClean # Use system logger (can work together with LogFile). LogSyslog # Enable verbose logging. LogVerbose # This option allows you to save the process identifier of the listening # daemon (main thread). PidFile /var/run/clamav/clamd.pid # Optional path to the global temporary directory. # Default is system specific - usually /var/tmp or /tmp. TemporaryDirectory /var/tmp # Path to the database directory. # Default is the hardcoded directory (mostly /usr/local/share/clamav, # but it depends on installation options). DatabaseDirectory /var/clamav # The daemon works in local or network mode. Currently the local mode is # recommended for security reasons. # Path to the local socket. The daemon doesn't change the mode of the # created file (portability reasons). You may want to create it in a directory # which is only accessible for a user running daemon. LocalSocket /var/run/clamav/clamd.ctl # Remove stale socket after unclean shutdown. FixStaleSocket # TCP port address. #TCPSocket 3310 # TCP address. # By default we bind to INADDR_ANY, probably not wise. # Enable the following to provide some degree of protection # from the outside world. TCPAddr 127.0.0.1 # Maximum length the queue of pending connections may grow to. # Default is 15. #MaxConnectionQueueLength 30 # When activated, input stream (see STREAM command) will be saved to disk before # scanning - this allows scanning within archives. StreamSaveToDisk # Close the connection if this limit is exceeded. StreamMaxLength 10M # Maximal number of a threads running at the same time. # Default is 5, and it should be sufficient for a typical workstation. # You may need to increase threads number for a server machine. #MaxThreads 10 # Thread (scanner - single task) will be stopped after this time (seconds). # Default is 180. Value of 0 disables the timeout. SECURITY HINT: Increase the # timeout instead of disabling it. #ThreadTimeout 500 # Maximal depth the directories are scanned at. MaxDirectoryRecursion 15 # Follow a directory symlinks. # SECURITY HINT: You should have enabled directory recursion limit to # avoid potential problems. FollowDirectorySymlinks # Follow regular file symlinks. FollowFileSymlinks # Do internal checks (eg. check the integrity of the database structures) # By default clamd checks itself every 3600 seconds (1 hour). SelfCheck 600 # Execute a command when virus is found. In the command string %v and %f will # be replaced by the virus name and the infected file name respectively. # # SECURITY WARNING: Make sure the virus event command cannot be exploited, # eg. by using some special file name when %f is used. # Always use a full path to the command. # Never delete/move files with this directive ! VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %f: %v" # Run as selected user (clamd must be started by root). # By default it doesn't drop privileges. User clamav # Initialize the supplementary group access (for all groups in /etc/group # user is added in. clamd must be started by root). #AllowSupplementaryGroups # Don't fork into background. Useful in debugging. #Foreground # Enable debug messages in libclamav. #Debug ## ## Mail support ## # Uncomment this option if you are planning to scan mail files. ScanMail ## ## Archive support ## # Comment this line to disable scanning of the archives. ScanArchive # By default the built-in RAR unpacker is disabled by default because the code # terribly leaks, however it's probably a good idea to enable it. ScanRAR # Options below protect your system against Denial of Service attacks # with archive bombs. # Files in archives larger than this limit won't be scanned. # Value of 0 disables the limit. # WARNING: Due to the unrarlib implementation, whole files (one by one) in RAR # archives are decompressed to the memory. That's why never disable # this limit (but you may increase it of course!) ArchiveMaxFileSize 10M # Archives are scanned recursively - e.g. if Zip archive contains RAR file, # the RAR file will be decompressed, too (but only if recursion limit is set # at least to 1). With this option you may set the recursion level. # Value of 0 disables the limit. ArchiveMaxRecursion 5 # Number of files to be scanned within archive. # Value of 0 disables the limit. ArchiveMaxFiles 1000 # Mark potential archive bombs as viruses (0 disables the limit) ArchiveMaxCompressionRatio 200 # Use slower decompression algorithm which uses less memory. This option # affects bzip2 decompressor only. #ArchiveLimitMemoryUsage ## ## Clamuko settings ## WARNING: This is experimental software. It is very likely it will hang ## up your system !!! ## # Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running. #ClamukoScanOnLine # Set access mask for Clamuko. ClamukoScanOnOpen ClamukoScanOnClose ClamukoScanOnExec # Set the include paths (all files in them will be scanned). You can have # multiple ClamukoIncludePath options, but each directory must be added # in a seperate option. All subdirectories are scanned, too. ClamukoIncludePath /home #ClamukoIncludePath /students # Set the exclude paths. All subdirectories are also excluded. #ClamukoExcludePath /home/guru # Limit the file size to be scanned (probably you don't want to scan your movie # files ;)) # Value of 0 disables the limit. 1 Mb should be fine. ClamukoMaxFileSize 1M # Enable archive support. It uses the limits from clamd section. # (This option doesn't depend on ScanArchive, you can have archive support # in clamd disabled). ClamukoScanArchive .conf file ends ================================ However, the clamd log file seems to show that all is OK in Kansas: Fri Apr 9 14:48:45 2004 -> Archive: Recursion level limit set to 5. Fri Apr 9 14:48:45 2004 -> Archive: Files limit set to 1000. Fri Apr 9 14:48:45 2004 -> Archive: Compression ratio limit set to 200. Fri Apr 9 14:48:45 2004 -> Archive support enabled. Fri Apr 9 14:48:45 2004 -> RAR support disabled. Fri Apr 9 14:48:45 2004 -> Mail files support enabled. Fri Apr 9 14:48:45 2004 -> ThreadWatcher: Started in process 1809 Fri Apr 9 14:48:45 2004 -> Self checking every 600 seconds. Fri Apr 9 14:48:45 2004 -> Timeout set to 180 seconds. Fri Apr 9 14:48:45 2004 -> SelfCheck: Database status OK. Fri Apr 9 14:48:45 2004 -> SelfCheck: Integrity OK Fri Apr 9 14:54:15 2004 -> Signal 15 caught -> exiting. Fri Apr 9 14:54:15 2004 -> Freeing trie structure. Fri Apr 9 14:54:15 2004 -> Shutting down the main socket. Fri Apr 9 14:54:15 2004 -> Closing the main socket. Fri Apr 9 14:54:15 2004 -> Socket file removed. Fri Apr 9 14:54:15 2004 -> Pid file removed. Fri Apr 9 14:54:15 2004 -> Freeing stat structure. Fri Apr 9 14:54:15 2004 -> Exit level 2, ThreadWatcher termination. Fri Apr 9 14:54:15 2004 -> --- Stopped at Fri Apr 9 14:54:15 2004 Fri Apr 9 14:56:00 2004 -> +++ Started at Fri Apr 9 14:56:00 2004 Fri Apr 9 14:56:00 2004 -> Log file size limited to 2097152 bytes. Fri Apr 9 14:56:00 2004 -> Verbose logging activated. Fri Apr 9 14:56:00 2004 -> Running as user clamav (UID 100, GID 102) Fri Apr 9 14:56:00 2004 -> Setting /var/tmp as global temporary directory Fri Apr 9 14:56:00 2004 -> Reading databases from /var/clamav Fri Apr 9 14:56:02 2004 -> Protecting against 20918 viruses. Fri Apr 9 14:56:04 2004 -> Unix socket file /var/run/clamav/clamd.ctl Fri Apr 9 14:56:04 2004 -> Setting connection queue length to 15 Fri Apr 9 14:56:04 2004 -> Listening daemon: PID: 1808 Fri Apr 9 14:56:04 2004 -> Maximal number of threads: 5 Fri Apr 9 14:56:04 2004 -> Archive: Archived file size limit set to 10485760 bytes. Fri Apr 9 14:56:04 2004 -> Archive: Recursion level limit set to 5. Fri Apr 9 14:56:04 2004 -> Archive: Files limit set to 1000. Fri Apr 9 14:56:04 2004 -> Archive: Compression ratio limit set to 200. Fri Apr 9 14:56:04 2004 -> Archive support enabled. Fri Apr 9 14:56:04 2004 -> RAR support disabled. Fri Apr 9 14:56:04 2004 -> Mail files support enabled. Fri Apr 9 14:56:04 2004 -> ThreadWatcher: Started in process 1808 Fri Apr 9 14:56:04 2004 -> Self checking every 600 seconds. Fri Apr 9 14:56:04 2004 -> Timeout set to 180 seconds. Fri Apr 9 14:56:04 2004 -> SelfCheck: Database status OK. Fri Apr 9 14:56:04 2004 -> SelfCheck: Integrity OK Fri Apr 9 15:06:10 2004 -> SelfCheck: Database modification detected. Forcing reload. Fri Apr 9 15:06:10 2004 -> SelfCheck: Integrity OK Fri Apr 9 15:06:10 2004 -> Reading databases from /var/clamav Fri Apr 9 15:06:14 2004 -> Database correctly reloaded (20966 viruses) Fri Apr 9 15:16:20 2004 -> SelfCheck: Database status OK. Fri Apr 9 15:16:20 2004 -> SelfCheck: Integrity OK [root in /var/log/clamav ===>] I'd sure appreciate some clarification here. Is the clamd.ctl file the problem and, if so, what should I do about it. And, what's in clamd.ctl anyway (permission denied if I try to read it with cat or gedit)`? Thanks -- Karl L Email: [EMAIL PROTECTED] Homepage: http://hakmiller.rootsweb.com ============= Linux Lives! ============ ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
