You are not logged in.

#1 2018-01-28 00:39:14

red-lichtie
Member
Registered: 2015-03-08
Posts: 53

[SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

I've added the relevant lines (TCPSocket & TCPAddr) to the configuration:

/etc/clamav/clamd.conf

User root
# Debug yes
LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /var/lib/clamav/clamd.sock
User clamav
TCPSocket 3310
TCPAddr   127.0.0.1

But it won't listen on port 3310 when I enable and start it via systemctl.

If I start it from the command line like this

/usr/sbin/clamd -c /etc/clamav/clamd.conf

it listens to the configured port just fine.

Is the configuration being ignored when it is started by systemd? What do I have to do to get it to listen on port 3310 ?

Last edited by red-lichtie (2018-01-29 06:55:50)


Doing it the Linux way since 1997 and Arch way since 2015 (and loving it!)
Platforms: Intel, ARMv6 (Raspberry Pi), ARMv7 (BeagleBone Black), ARMv8 (Raspberry Pi)
Languages: C, C++, ASM, Pascal & Java

Offline

#2 2018-01-28 04:45:33

x33a
Forum Fellow
Registered: 2009-08-15
Posts: 4,587

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

What does `systemctl status clamd.service` say?

Offline

#3 2018-01-28 08:03:09

red-lichtie
Member
Registered: 2015-03-08
Posts: 53

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

systemctl status clamav-daemon.service

● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2018-01-28 08:47:40 CET; 7s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           http://www.clamav.net/lang/en/doc/
 Main PID: 3473 (clamd)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/clamav-daemon.service
           └─3473 /usr/sbin/clamd --foreground=true

Jan 28 08:47:47 turbine clamd[3473]: Portable Executable support enabled.
Jan 28 08:47:47 turbine clamd[3473]: ELF support enabled.
Jan 28 08:47:47 turbine clamd[3473]: Mail files support enabled.
Jan 28 08:47:47 turbine clamd[3473]: OLE2 support enabled.
Jan 28 08:47:47 turbine clamd[3473]: PDF support enabled.
Jan 28 08:47:47 turbine clamd[3473]: SWF support enabled.
Jan 28 08:47:47 turbine clamd[3473]: HTML support enabled.
Jan 28 08:47:47 turbine clamd[3473]: XMLDOCS support enabled.
Jan 28 08:47:47 turbine clamd[3473]: HWP3 support enabled.
Jan 28 08:47:47 turbine clamd[3473]: Self checking every 600 seconds.

netstat -anp | grep -E "(Active|State|clam)"

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     820242   1/init               /run/clamav/clamd.ctl
unix  3      [ ]         STREAM     CONNECTED     92916    5761/freshclam       
unix  3      [ ]         STREAM     CONNECTED     820429   3473/clamd 

Compared to a manual command line start with conf:

netstat -anp | grep -E "(Active|State|clam)"

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      3981/clamd          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     835674   3981/clamd           /var/lib/clamav/clamd.sock
unix  3      [ ]         STREAM     CONNECTED     92916    5761/freshclam

Obviously I might have to change the UNIX Socket to match the "new" default (for freshclam?)


Doing it the Linux way since 1997 and Arch way since 2015 (and loving it!)
Platforms: Intel, ARMv6 (Raspberry Pi), ARMv7 (BeagleBone Black), ARMv8 (Raspberry Pi)
Languages: C, C++, ASM, Pascal & Java

Offline

#4 2018-01-28 08:08:56

red-lichtie
Member
Registered: 2015-03-08
Posts: 53

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

An additional point that I just noticed, the systemd start has a UNIX socket listening on "/run/clamav/clamd.ctl", What is going on there?

The line "LocalSocket /var/lib/clamav/clamd.sock" is also being ignored.

My feeling that clamd.conf is being completely ignored is getting even stronger.


Doing it the Linux way since 1997 and Arch way since 2015 (and loving it!)
Platforms: Intel, ARMv6 (Raspberry Pi), ARMv7 (BeagleBone Black), ARMv8 (Raspberry Pi)
Languages: C, C++, ASM, Pascal & Java

Offline

#5 2018-01-29 06:55:07

red-lichtie
Member
Registered: 2015-03-08
Posts: 53

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

I managed to get it working, although the configuration file still appears to be getting ignored regarding the socket definition.

I edited the socket definition like this:

$ systemctl edit clamav-daemon.socket

Redefined the listen options:

[Socket]
ListenStream=
ListenStream=/run/clamav/clamd.ctl
ListenStream=127.0.0.1:3310

Then reloaded the defintion and restarted the service, result:

$ systemctl stop clamav-daemon.service
Warning: Stopping clamav-daemon.service, but it can still be activated by:
  clamav-daemon.socket
$ systemctl stop clamav-daemon.socket 
$ systemctl daemon-reload 
$ systemctl start clamav-daemon.service

Now init (systemd) is listening on port 3310

$ netstat -anp | grep -E "(Active|State|clam|3310)"
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      1/init              
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     89606    1/init               /run/clamav/clamd.ctl
unix  3      [ ]         STREAM     CONNECTED     89805    10709/clamd          
unix  3      [ ]         STREAM     CONNECTED     111953   11505/freshclam

And clamdscan is working again:

$ clamdscan tmp.cfg 
/root/tmp.cfg: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.002 sec (0 m 0 s)
$

Doing it the Linux way since 1997 and Arch way since 2015 (and loving it!)
Platforms: Intel, ARMv6 (Raspberry Pi), ARMv7 (BeagleBone Black), ARMv8 (Raspberry Pi)
Languages: C, C++, ASM, Pascal & Java

Offline

Board footer

Powered by FluxBB