Yes my first posts were not close to the problem, as there was an evolution in my thinking through the thread. It was only in the last couple posts that I'd narrowed down the cause.
Well that's a pretty impressive setup. I've gone through line-by-like and made my system very similar. Now I am getting logging, but in the log over and over: ERROR: LOCAL: Socket file /run/clamd/clamd.sock could not be bound: No such file or directory Same problem, even though my .service file is -forking- now and other settings are like yours. -------- Original Message -------- > Subject: Re: [clamav-users] clamav-milter Can't Find Clamd > Local Time: November 7, 2017 4:26 PM > UTC Time: November 8, 2017 12:26 AM > From: h.rei...@thelounge.net > To: clamav-users@lists.clamav.net > > Am 08.11.2017 um 00:06 schrieb Colony.three: > >> Am 07.11.2017 um 22:46 schrieb Colony.three: >> >>>> So much for that theory. There are about a million of these in the >>>> logfile. It's not making its own socket for unknown reasons which may be >>>> New To Science. >>>> well, that looks like clamd is restarted again and again because it's >>>> failing, most likely /run/clamd.scan/ don't exist or has the wrong >>>> permissions >> >> Correct, /run/clamd.scan/ does -not- exist. Why? Because the clamd@ service >> destroys it on restart. (along with its socket) I could merrily re-create >> the directory and socket all day long, but on restart it would only be wiped >> out again. Of course the permissions are correct, as per above; it couldn't >> have been destroyed by the service otherwise. >> >>>> "systemctl status" as well as the syslogs should tell you that the >>>> service is failing if you just look at it >>>> are you aware that /run is a tmpfs and hence anything below does not >>>> survive a reboot? >> >> Why yes, I am. As I say, clamd destroys its socket directory on stop, but >> then does not re-create it on start, like it's supposed to. >> This is the problem which I have been trying to explain >> >> you explained it very bad when you initial post conatins all sort of >> config snippets, even milter related ones instead focus on the problem >> clamd itself don't start properly - simply becaus ein that case anything >> else don't matter until clad is up and running fine and to make it >> harder you don#t post your complete systemd-unit, at least not at the >> thread start >> >> http://www.catb.org/esr/faqs/smart-questions.html >> >> well, i disabled all the services and made my own units years ago as i >> do for any production stuff below /etc/systemd/system/ and be it only to >> ensure Type=simple, automatic restart and not start any process as root >> when it's not needed to begin with > > --------------------------------------------------------------- > > [root@localhost:~]$ cat /etc/systemd/system/clamd.service > [Unit] > Description=ClamAV Scanner Daemon > > [Service] > Type=forking > Environment="TMPDIR=/tmp" > Environment="LANG=en_GB.UTF-8" > ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf > ExecReload=/usr/bin/kill -SIGUSR2 $MAINPID > Restart=always > RestartSec=1 > Nice=5 > User=clamscan > Group=clamilt > PrivateTmp=yes > PrivateDevices=yes > PrivateNetwork=no > NoNewPrivileges=yes > CapabilityBoundingSet=CAP_KILL > RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 > SystemCallArchitectures=x86-64 > ReadOnlyDirectories=/ > ReadWriteDirectories=/run/clamd.scan > ReadWriteDirectories=/run/clamd > ReadWriteDirectories=/var/log > ReadWriteDirectories=/tmp > --------------------------------------------------------------- > > [root@localhost:~]$ cat /etc/clamd.d/scan.conf > User clamscan > AllowSupplementaryGroups yes > PidFile /run/clamd.scan/clamd.pid > TemporaryDirectory /tmp > DatabaseDirectory /var/lib/clamav > OfficialDatabaseOnly no > LocalSocket /run/clamd/clamd.sock > LocalSocketMode 0666 > MaxConnectionQueueLength 100 > StreamMaxLength 35M > StreamMinPort 31000 > StreamMaxPort 32000 > MaxThreads 10 > MaxQueue 50 > ReadTimeout 120 > CommandReadTimeout 5 > SendBufTimeout 200 > IdleTimeout 30 > ExcludePath ^/proc/ > ExcludePath ^/sys/ > MaxDirectoryRecursion 20 > FollowDirectorySymlinks no > FollowFileSymlinks no > CrossFilesystems yes > SelfCheck 86400 > ExitOnOOM yes > Foreground no > Debug no > LeaveTemporaryFiles no > AllowAllMatchScan no > DetectPUA no > AlgorithmicDetection yes > DisableCache no > ScanPE yes > DisableCertCheck yes > ScanELF yes > DetectBrokenExecutables yes > ScanOLE2 yes > OLE2BlockMacros no > ScanPDF yes > ScanSWF yes > ScanMail yes > ScanPartialMessages no > PhishingSignatures yes > PhishingScanURLs no > PhishingAlwaysBlockSSLMismatch no > PhishingAlwaysBlockCloak no > PartitionIntersection no > HeuristicScanPrecedence yes > StructuredDataDetection no > ScanHTML yes > ScanArchive yes > ArchiveBlockEncrypted no > MaxScanSize 50M > MaxFileSize 50M > MaxRecursion 10 > MaxFiles 10000 > MaxEmbeddedPE 10M > MaxHTMLNormalize 10M > MaxHTMLNoTags 2M > MaxScriptNormalize 5M > MaxZipTypeRcg 5M > MaxPartitions 50 > MaxIconsPE 100 > ScanOnAccess no > Bytecode yes > BytecodeSecurity TrustSigned > BytecodeTimeout 2000 > StatsEnabled no > StatsPEDisabled yes > LogFile /var/log/clamscan.log > LogFileMaxSize 32M > LogTime yes > LogClean no > ExtendedDetectionInfo yes > LogFileUnlock yes > --------------------------------------------------------------- > > [root@localhost:~]$ cat /etc/systemd/system/clamav-milter.service > [Unit] > Description=ClamAV Postfix-Milter > Wants=clamd.service > After=clamd.service > Before=postfix.service > > [Service] > Type=simple > Environment="TMPDIR=/tmp" > ExecStart=/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf > User=clamilt > Group=clamilt > Environment="LANG=en_GB.UTF-8" > Restart=always > RestartSec=1 > Nice=5 > PrivateTmp=yes > PrivateDevices=yes > PrivateNetwork=yes > NoNewPrivileges=yes > CapabilityBoundingSet=CAP_KILL > RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 > SystemCallArchitectures=x86-64 > ReadOnlyDirectories=/ > ReadWriteDirectories=-/run/clamav-milter > ReadWriteDirectories=-/run/clamd > ReadWriteDirectories=-/tmp > ReadWriteDirectories=-/var/log > --------------------------------------------------------------- > > [root@localhost:~]$ cat /etc/mail/clamav-milter.conf > > Postfix Milter-Konfiguration > > Pre-Queue Virenscanner > > Postfix muss in die "clamilt"-Usergruppe > > usermod -a -G clamilt postfix > > usermod -a -G sa-milt postfix > > User clamilt > AllowSupplementaryGroups yes > MilterSocket /run/clamav-milter/clamav-milter.socket > MilterSocketMode 0660 > ClamdSocket unix:/run/clamd/clamd.sock > FixStaleSocket yes > ReadTimeout 120 > Foreground yes > TemporaryDirectory /tmp > LocalNet 127.0.0.1 > MaxFileSize 35M > OnClean Accept > OnFail Defer > OnInfected Reject > RejectMsg Virus found or dangerous attachment: "%v" > AddHeader Replace > LogFile /var/log/clamav-milter.log > LogFileUnlock yes > LogFileMaxSize 128M > LogTime yes > LogSyslog yes > LogFacility LOG_MAIL > LogVerbose no > LogRotate yes > LogInfected Off > LogClean Off > SupportMultipleRecipients yes > Whitelist /etc/mail/clamav-milter-whitelist.conf > --------------------------------------------------------------- > > [root@localhost:~]$ cat /etc/tmpfiles.d/clamd.conf > d /run/clamd 0775 clamscan clamilt > --------------------------------------------------------------- > > [root@localhost:~]$ cat /usr/lib/tmpfiles.d/clamd.scan.conf > d /var/run/clamd.scan 0710 clamscan clamscan > --------------------------------------------------------------- > > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
