Yes, freshclam must be run first. Otherwise there's no database. Sent from my Apple Watch
On Oct 9, 2019, at 17:08, Gerben Wierda <gerben.wie...@rna.nl> wrote: > Log directory exists. > albus:log sysbh$ ls -l /opt/local/var/log > total 19160 > drwxr-xr-x 5 _clamav _clamav 160 Oct 9 16:48 clamav > > There is also a log written there. > +++ Started at Wed Oct 9 16:39:00 2019 > Received 0 file descriptor(s) from systemd. > clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64) > Log file size limited to 2097152 bytes. > Reading databases from /opt/local/share/clamav > Included PUA categories: RAT Spy Server Script > Bytecode: Security mode set to "TrustSigned". > ERROR: Can't open file or directory > Closing the main socket. > > clams.conf: > LocalSocket /opt/local/var/run/clamav/clamd.socket > > It is unclear what file “Can’t be opened” (clamd.log doesn’t say, I was > guessing the socket because it wasn’t there) > > albus:etc sysbh$ ls -al /opt/local/var/run/clamav > total 8 > drwxr-xr-x 4 _clamav _clamav 128 Oct 9 16:22 . > drwxr-xr-x 16 root wheel 512 Oct 6 22:10 .. > -rw-r--r-- 1 root _clamav 0 Jun 26 00:20 .turd_clamav-server > -rw-r--r-- 1 root _clamav 6 Oct 9 16:38 ClamavScanOnAccess.pid > > Directory for the socket is owned by _clamav so that should not be a problem. > > albus:etc sysbh$ sudo port load clamav-server > ---> Loading startupitem 'ClamavScanOnAccess' for clamav-server > ---> Loading startupitem 'freshclam' for clamav-server > ---> Loading startupitem 'clamd' for clamav-server > ---> Loading startupitem 'ClamavScanSchedule' for clamav-server > albus:etc sysbh$ ls -al /opt/local/var/run/clamav > total 8 > drwxr-xr-x 4 _clamav _clamav 128 Oct 9 16:22 . > drwxr-xr-x 16 root wheel 512 Oct 6 22:10 .. > -rw-r--r-- 1 root _clamav 0 Jun 26 00:20 .turd_clamav-server > -rw-r--r-- 1 root _clamav 6 Oct 9 23:02 ClamavScanOnAccess.pid > albus:etc sysbh$ ps laxww|grep clam > 0 41114 1 0 20 0 4305956 5736 - Ss ?? 0:00.01 > /opt/local/bin/daemondo --label=clamd --start-cmd /opt/local/sbin/clamd ; > --pid=exec > 0 41126 41114 0 20 0 4759056 398320 - R ?? 0:14.83 > /opt/local/sbin/clamd > 501 41160 41068 0 31 0 4268080 824 - S+ s000 0:00.00 grep > clam > > So, clamd is running. > > Hmm, suddenly the socket is there now (after a second launch attempt) > > +++ Started at Wed Oct 9 16:39:00 2019 > Received 0 file descriptor(s) from systemd. > clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64) > Log file size limited to 2097152 bytes. > Reading databases from /opt/local/share/clamav > Included PUA categories: RAT Spy Server Script > Bytecode: Security mode set to "TrustSigned". > ERROR: Can't open file or directory > Closing the main socket. > +++ Started at Wed Oct 9 23:02:49 2019 > Received 0 file descriptor(s) from systemd. > clamd daemon 0.101.4 (OS: darwin18.7.0, ARCH: x86_64, CPU: x86_64) > Log file size limited to 2097152 bytes. > Reading databases from /opt/local/share/clamav > Included PUA categories: RAT Spy Server Script > Bytecode: Security mode set to "TrustSigned". > Loaded 6446353 signatures. > LOCAL: Unix socket file /opt/local/var/run/clamav/clamd.socket > LOCAL: Setting connection queue length to 200 > Limits: Global time limit set to 120000 milliseconds. > Limits: Global size limit set to 104857600 bytes. > Limits: File size limit set to 26214400 bytes. > Limits: Recursion level limit set to 16. > Limits: Files limit set to 10000. > Limits: Core-dump limit is 0. > Limits: MaxEmbeddedPE limit set to 10485760 bytes. > Limits: MaxHTMLNormalize limit set to 10485760 bytes. > Limits: MaxHTMLNoTags limit set to 2097152 bytes. > Limits: MaxScriptNormalize limit set to 5242880 bytes. > Limits: MaxZipTypeRcg limit set to 1048576 bytes. > Limits: MaxPartitions limit set to 50. > Limits: MaxIconsPE limit set to 100. > Limits: MaxRecHWP3 limit set to 16. > Limits: PCREMatchLimit limit set to 100000. > Limits: PCRERecMatchLimit limit set to 2000. > Limits: PCREMaxFileSize limit set to 26214400. > Archive support enabled. > AlertExceedsMax heuristic detection disabled. > Heuristic alerts enabled. > Portable Executable support enabled. > ELF support enabled. > Mail files support enabled. > OLE2 support enabled. > PDF support enabled. > SWF support enabled. > HTML support enabled. > XMLDOCS support enabled. > HWP3 support enabled. > Self checking every 600 seconds. > Listening daemon: PID: 41126 > MaxQueue set to: 100 > Set stacksize to 1048576 > fds_poll_recv: timeout after 600 seconds > > My guess is this: clamd did not want to start untill I had at least once ran > freshclam. AFter that, there was a database and it could start. Does that > make sense? > > Gerben Wierda > Chess and the Art of Enterprise Architecture > Mastering ArchiMate > Architecture for Real Enterprises at InfoWorld > On Slippery Ice at EAPJ > >> On 9 Oct 2019, at 19:45, Steven Smith <steve.t.sm...@gmail.com> wrote: >> >> It should just start and create a Unix socket in the location specified in >> clamd.conf. >> >> When I have to debug launch items like this, I look at the .wrapper script >> (/opt/local/etc/LaunchDaemons/org.macports.clamd/clams.wrapper—this is from >> memory but should be close), then run the Start() function by hand and try >> to isolate the error. >> >> Log directory doesn’t exist for some reason? Socket directory? >> Misspecification in the .conf file? Something else? >> >>> On Oct 9, 2019, at 13:00, Gerben Wierda <gerben.wie...@rna.nl> wrote: >>> >>> >>> After installing the clamav-server clamd doesn’t start. It seems I need to >>> create the socket for clamd, but I’m unable to find instructions on how to >>> do that. >>> >>> Can anybody help. Is it like the sockets for postfix? >>> >>> Gerben Wierda >>> Chess and the Art of Enterprise Architecture >>> Mastering ArchiMate >>> Architecture for Real Enterprises at InfoWorld >>> On Slippery Ice at EAPJ >>> >
