[SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

red-lichtie · 2018-01-28 00:39:14

I've added the relevant lines (TCPSocket & TCPAddr) to the configuration:

/etc/clamav/clamd.conf

User root
# Debug yes
LogFile /var/log/clamav/clamd.log
LogTime yes
PidFile /run/clamav/clamd.pid
TemporaryDirectory /tmp
LocalSocket /var/lib/clamav/clamd.sock
User clamav
TCPSocket 3310
TCPAddr   127.0.0.1

But it won't listen on port 3310 when I enable and start it via systemctl.

If I start it from the command line like this

/usr/sbin/clamd -c /etc/clamav/clamd.conf

it listens to the configured port just fine.

Is the configuration being ignored when it is started by systemd? What do I have to do to get it to listen on port 3310 ?

Last edited by red-lichtie (2018-01-29 06:55:50)

x33a · 2018-01-28 04:45:33

What does `systemctl status clamd.service` say?

red-lichtie · 2018-01-28 08:03:09

systemctl status clamav-daemon.service

● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/usr/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2018-01-28 08:47:40 CET; 7s ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           http://www.clamav.net/lang/en/doc/
 Main PID: 3473 (clamd)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/clamav-daemon.service
           └─3473 /usr/sbin/clamd --foreground=true

Jan 28 08:47:47 turbine clamd[3473]: Portable Executable support enabled.
Jan 28 08:47:47 turbine clamd[3473]: ELF support enabled.
Jan 28 08:47:47 turbine clamd[3473]: Mail files support enabled.
Jan 28 08:47:47 turbine clamd[3473]: OLE2 support enabled.
Jan 28 08:47:47 turbine clamd[3473]: PDF support enabled.
Jan 28 08:47:47 turbine clamd[3473]: SWF support enabled.
Jan 28 08:47:47 turbine clamd[3473]: HTML support enabled.
Jan 28 08:47:47 turbine clamd[3473]: XMLDOCS support enabled.
Jan 28 08:47:47 turbine clamd[3473]: HWP3 support enabled.
Jan 28 08:47:47 turbine clamd[3473]: Self checking every 600 seconds.

netstat -anp | grep -E "(Active|State|clam)"

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     820242   1/init               /run/clamav/clamd.ctl
unix  3      [ ]         STREAM     CONNECTED     92916    5761/freshclam       
unix  3      [ ]         STREAM     CONNECTED     820429   3473/clamd

Compared to a manual command line start with conf:

netstat -anp | grep -E "(Active|State|clam)"

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      3981/clamd          
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     835674   3981/clamd           /var/lib/clamav/clamd.sock
unix  3      [ ]         STREAM     CONNECTED     92916    5761/freshclam

Obviously I might have to change the UNIX Socket to match the "new" default (for freshclam?)

red-lichtie · 2018-01-28 08:08:56

An additional point that I just noticed, the systemd start has a UNIX socket listening on "/run/clamav/clamd.ctl", What is going on there?

The line "LocalSocket /var/lib/clamav/clamd.sock" is also being ignored.

My feeling that clamd.conf is being completely ignored is getting even stronger.

red-lichtie · 2018-01-29 06:55:07

I managed to get it working, although the configuration file still appears to be getting ignored regarding the socket definition.

I edited the socket definition like this:

$ systemctl edit clamav-daemon.socket

Redefined the listen options:

[Socket]
ListenStream=
ListenStream=/run/clamav/clamd.ctl
ListenStream=127.0.0.1:3310

Then reloaded the defintion and restarted the service, result:

$ systemctl stop clamav-daemon.service
Warning: Stopping clamav-daemon.service, but it can still be activated by:
  clamav-daemon.socket
$ systemctl stop clamav-daemon.socket 
$ systemctl daemon-reload 
$ systemctl start clamav-daemon.service

Now init (systemd) is listening on port 3310

$ netstat -anp | grep -E "(Active|State|clam|3310)"
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:3310          0.0.0.0:*               LISTEN      1/init              
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     89606    1/init               /run/clamav/clamd.ctl
unix  3      [ ]         STREAM     CONNECTED     89805    10709/clamd          
unix  3      [ ]         STREAM     CONNECTED     111953   11505/freshclam

And clamdscan is working again:

$ clamdscan tmp.cfg 
/root/tmp.cfg: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.002 sec (0 m 0 s)
$

Arch Linux

#1 2018-01-28 00:39:14

[SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

#2 2018-01-28 04:45:33

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

#3 2018-01-28 08:03:09

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

#4 2018-01-28 08:08:56

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

#5 2018-01-29 06:55:07

Re: [SOLVED] How do I get clamav-daemon.service to listen on 3310 ?

Board footer