Log directory exists.
albus:log sysbh$ ls -l /opt/local/var/log
total 19160
drwxr-xr-x 5 _clamav _clamav 160 Oct 9 16:48 clamav
There is also a log written there.
+++ Started at Wed Oct 9 16:39:00 2019
Received 0 file descriptor(s) from systemd.
clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
Log file size limited to 2097152 bytes.
Reading databases from /opt/local/share/clamav
Included PUA categories: RAT Spy Server Script
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't open file or directory
Closing the main socket.
clams.conf:
LocalSocket /opt/local/var/run/clamav/clamd.socket
It is unclear what file “Can’t be opened” (clamd.log doesn’t say, I was
guessing the socket because it wasn’t there)
albus:etc sysbh$ ls -al /opt/local/var/run/clamav
total 8
drwxr-xr-x 4 _clamav _clamav 128 Oct 9 16:22 .
drwxr-xr-x 16 root wheel 512 Oct 6 22:10 ..
-rw-r--r-- 1 root _clamav 0 Jun 26 00:20 .turd_clamav-server
-rw-r--r-- 1 root _clamav 6 Oct 9 16:38 ClamavScanOnAccess.pid
Directory for the socket is owned by _clamav so that should not be a problem.
albus:etc sysbh$ sudo port load clamav-server
---> Loading startupitem 'ClamavScanOnAccess' for clamav-server
---> Loading startupitem 'freshclam' for clamav-server
---> Loading startupitem 'clamd' for clamav-server
---> Loading startupitem 'ClamavScanSchedule' for clamav-server
albus:etc sysbh$ ls -al /opt/local/var/run/clamav
total 8
drwxr-xr-x 4 _clamav _clamav 128 Oct 9 16:22 .
drwxr-xr-x 16 root wheel 512 Oct 6 22:10 ..
-rw-r--r-- 1 root _clamav 0 Jun 26 00:20 .turd_clamav-server
-rw-r--r-- 1 root _clamav 6 Oct 9 23:02 ClamavScanOnAccess.pid
albus:etc sysbh$ ps laxww|grep clam
0 41114 1 0 20 0 4305956 5736 - Ss ?? 0:00.01
/opt/local/bin/daemondo --label=clamd --start-cmd /opt/local/sbin/clamd ;
--pid=exec
0 41126 41114 0 20 0 4759056 398320 - R ?? 0:14.83
/opt/local/sbin/clamd
501 41160 41068 0 31 0 4268080 824 - S+ s000 0:00.00 grep
clam
So, clamd is running.
Hmm, suddenly the socket is there now (after a second launch attempt)
+++ Started at Wed Oct 9 16:39:00 2019
Received 0 file descriptor(s) from systemd.
clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
Log file size limited to 2097152 bytes.
Reading databases from /opt/local/share/clamav
Included PUA categories: RAT Spy Server Script
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't open file or directory
Closing the main socket.
+++ Started at Wed Oct 9 23:02:49 2019
Received 0 file descriptor(s) from systemd.
clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64)
Log file size limited to 2097152 bytes.
Reading databases from /opt/local/share/clamav
Included PUA categories: RAT Spy Server Script
Bytecode: Security mode set to "TrustSigned".
Loaded 6446353 signatures.
LOCAL: Unix socket file /opt/local/var/run/clamav/clamd.socket
LOCAL: Setting connection queue length to 200
Limits: Global time limit set to 120000 milliseconds.
Limits: Global size limit set to 104857600 bytes.
Limits: File size limit set to 26214400 bytes.
Limits: Recursion level limit set to 16.
Limits: Files limit set to 10000.
Limits: Core-dump limit is 0.
Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Limits: MaxHTMLNormalize limit set to 10485760 bytes.
Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Limits: MaxScriptNormalize limit set to 5242880 bytes.
Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Limits: MaxPartitions limit set to 50.
Limits: MaxIconsPE limit set to 100.
Limits: MaxRecHWP3 limit set to 16.
Limits: PCREMatchLimit limit set to 100000.
Limits: PCRERecMatchLimit limit set to 2000.
Limits: PCREMaxFileSize limit set to 26214400.
Archive support enabled.
AlertExceedsMax heuristic detection disabled.
Heuristic alerts enabled.
Portable Executable support enabled.
ELF support enabled.
Mail files support enabled.
OLE2 support enabled.
PDF support enabled.
SWF support enabled.
HTML support enabled.
XMLDOCS support enabled.
HWP3 support enabled.
Self checking every 600 seconds.
Listening daemon: PID: 41126
MaxQueue set to: 100
Set stacksize to 1048576
fds_poll_recv: timeout after 600 seconds
My guess is this: clamd did not want to start untill I had at least once ran
freshclam. AFter that, there was a database and it could start. Does that make
sense?
Gerben Wierda
Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
Mastering ArchiMate <http://masteringarchimate.com/>
Architecture for Real Enterprises
<https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
> On 9 Oct 2019, at 19:45, Steven Smith <steve.t.sm...@gmail.com> wrote:
>
> It should just start and create a Unix socket in the location specified in
> clamd.conf.
>
> When I have to debug launch items like this, I look at the .wrapper script
> (/opt/local/etc/LaunchDaemons/org.macports.clamd/clams.wrapper—this is from
> memory but should be close), then run the Start() function by hand and try to
> isolate the error.
>
> Log directory doesn’t exist for some reason? Socket directory?
> Misspecification in the .conf file? Something else?
>
>> On Oct 9, 2019, at 13:00, Gerben Wierda <gerben.wie...@rna.nl> wrote:
>>
>>
>> After installing the clamav-server clamd doesn’t start. It seems I need to
>> create the socket for clamd, but I’m unable to find instructions on how to
>> do that.
>>
>> Can anybody help. Is it like the sockets for postfix?
>>
>> Gerben Wierda
>> Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
>> Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
>> Architecture for Real Enterprises
>> <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at
>> InfoWorld
>> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>>
