Am 27.08.2016 um 18:30 schrieb G.W. Haywood:
Hi there, On Sat, 27 Aug 2016, Jeff Dyke wrote:... if i start clamd with sudo -u clamav /usr/sbin/clamd --config-file=/etc/clamav/clamd.conf it *will* bind to that address and port. ... When starting via /etc/init.d/clamav-daemon start or sudo service clamav-daemon start it does not bind to the port. ... No ... socket received from systemd. ...Are the other servers also Ubuntu 16.04? What are they all doing? Anything more from the clamd.conf debug options? I use ClamAV only on mail servers. I tend not to use distro packages for things mail, and anyway I have yet to use ClamAV on a systemd box (and with luck I never will) - but in your shoes I'd be inclined e.g. to chmod a-x the ClamAV scripts in /etc/init.d then put something to start clamd in /etc/rc.local to see if it works there after the network stack is all up and running
to start with a proper environment don't contain anything in /etc/init.d if we talk about systemd
so what tells "systemctl list-units | grep clam" and what tells "systemctl status" for each listed uint - to get a minimum overview how the system is wired togehter (not that good when using compat startscripts)
in the best case you disable/mask all that distro-crap and create your own clamd.service and adapt it to your needs (that one below only needs unix-sockets and hence can start with a restirced use - it could do the same in a high port in case of a tcp socket)
[root@mail-gw:~]$ cat /etc/systemd/system/clamd.service [Unit] Description=ClamAV Scanner Daemon [Service] Type=forking Environment="TMPDIR=/tmp" Environment="LANG=en_GB.UTF-8" ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf ExecReload=/usr/bin/kill -SIGUSR2 $MAINPID Restart=always RestartSec=1 Nice=5 User=clamscan Group=clamilt PrivateTmp=yes PrivateDevices=yes PrivateNetwork=no NoNewPrivileges=yes CapabilityBoundingSet=CAP_KILL RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 SystemCallArchitectures=x86-64SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime delete_module fanotify_init finit_module get_mempolicy init_module io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages open_by_handle_at perf_event_open pivot_root process_vm_readv process_vm_writev ptrace remap_file_pages request_key set_mempolicy swapoff swapon umount2 uselib vmsplice
ReadOnlyDirectories=/ ReadWriteDirectories=/run/clamd.scan ReadWriteDirectories=/run/clamd ReadWriteDirectories=/var/log ReadWriteDirectories=/tmp InaccessibleDirectories=-/boot InaccessibleDirectories=-/etc/dbus-1 InaccessibleDirectories=-/etc/modprobe.d InaccessibleDirectories=-/etc/modules-load.d InaccessibleDirectories=-/etc/postfix InaccessibleDirectories=-/etc/ssh InaccessibleDirectories=-/etc/sysctl.d InaccessibleDirectories=-/home InaccessibleDirectories=-/media InaccessibleDirectories=-/root InaccessibleDirectories=-/run/blkid InaccessibleDirectories=-/run/console InaccessibleDirectories=-/run/dbus InaccessibleDirectories=-/run/lock InaccessibleDirectories=-/run/log InaccessibleDirectories=-/run/mount InaccessibleDirectories=-/run/screen InaccessibleDirectories=-/run/sepermit InaccessibleDirectories=-/run/setrans InaccessibleDirectories=-/run/spamassassin InaccessibleDirectories=-/run/spamassassin-submission InaccessibleDirectories=-/run/spamass-milter InaccessibleDirectories=-/run/spamd-debug InaccessibleDirectories=-/run/systemd/generator InaccessibleDirectories=-/run/systemd/system InaccessibleDirectories=-/run/systemd/users InaccessibleDirectories=-/run/udev InaccessibleDirectories=-/run/user InaccessibleDirectories=-/run/vnstat InaccessibleDirectories=-/usr/lib64/dbus-1 InaccessibleDirectories=-/usr/lib64/xtables InaccessibleDirectories=-/usr/lib/dracut InaccessibleDirectories=-/usr/libexec/iptables InaccessibleDirectories=-/usr/libexec/openssh InaccessibleDirectories=-/usr/libexec/postfix InaccessibleDirectories=-/usr/lib/grub InaccessibleDirectories=-/usr/lib/kernel InaccessibleDirectories=-/usr/lib/modprobe.d InaccessibleDirectories=-/usr/lib/modules InaccessibleDirectories=-/usr/lib/modules-load.d InaccessibleDirectories=-/usr/lib/rpm InaccessibleDirectories=-/usr/lib/sysctl.d InaccessibleDirectories=-/usr/lib/udev InaccessibleDirectories=-/usr/local InaccessibleDirectories=-/var/db InaccessibleDirectories=-/var/lib/alternatives InaccessibleDirectories=-/var/lib/bayes-persistent InaccessibleDirectories=-/var/lib/dbus InaccessibleDirectories=-/var/lib/dnf InaccessibleDirectories=-/var/lib/initramfs InaccessibleDirectories=-/var/lib/logrotate InaccessibleDirectories=-/var/lib/mailgraph InaccessibleDirectories=-/var/lib/misc InaccessibleDirectories=-/var/lib/mlocate InaccessibleDirectories=-/var/lib/ntp InaccessibleDirectories=-/var/lib/os-prober InaccessibleDirectories=-/var/lib/postfix InaccessibleDirectories=-/var/lib/rbldnsd InaccessibleDirectories=-/var/lib/rkhunter InaccessibleDirectories=-/var/lib/rpm InaccessibleDirectories=-/var/lib/rsyslog InaccessibleDirectories=-/var/lib/smokeping InaccessibleDirectories=-/var/lib/spamassassin InaccessibleDirectories=-/var/lib/spamass-milter InaccessibleDirectories=-/var/lib/spamfilter InaccessibleDirectories=-/var/lib/systemd InaccessibleDirectories=-/var/lib/unbound InaccessibleDirectories=-/var/lib/vnstat InaccessibleDirectories=-/var/lib/yum InaccessibleDirectories=-/var/log/rkhunter InaccessibleDirectories=-/var/spool [Install] WantedBy=multi-user.target
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
