[Pkg-clamav-devel] Bug#822444: Bug#822444: clamav-daemon does not start with same options using sysinit and systemd

Xavier Quost xquost2000 at yahoo.fr
Sun Apr 24 21:54:36 UTC 2016 

Dear Sebastian

Thanks for your quick answer. 


Le dimanche 24 avril 2016 21:07:16, vous avez écrit :
> On 2016-04-24 17:39:37 [+0200], xavier quost wrote:
> > It seems that clamav-daemon does not start with thes sames options when
> > using systemd or sysvinit. This leads to problem with clamsmtp / clamd
> > communication breaking mail checking systeme.
> From browsing through the logs here I can't spot the difference / error.


You are right except clamstmp error coming from postfix nothing give a clear  
error message.

I checked the /var/log/clamav.log (I should have started there, sorry)

some lines bothers me :

Sun Apr 24 21:36:52 2016 -> Received 0 file descriptor(s) from systemd.
vs
Sun Apr 24 17:11:21 2016 -> Received 1 file descriptor(s) from systemd.

nothing
vs
Sun Apr 24 17:11:21 2016 -> Running as user clamav (UID 126, GID 134)



Sun Apr 24 21:36:59 2016 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Sun Apr 24 21:36:59 2016 -> LOCAL: Setting connection queue length to 15
vs
Sun Apr 24 17:11:28 2016 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket 
received from systemd.
Sun Apr 24 17:11:28 2016 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from 
systemd.

then the error corresponding to mail.info logs 

no error
vs
Sun Apr 24 17:14:02 2016 -> WARNING: lstat() failed on:  
/var/spool/clamsmtp/clamsmtpd.9g7gF4


This is the content when sysv start clamav-daemon

Sun Apr 24 21:36:52 2016 -> +++ Started at Sun Apr 24 21:36:52 2016
Sun Apr 24 21:36:52 2016 -> Received 0 file descriptor(s) from systemd.
Sun Apr 24 21:36:52 2016 -> clamd daemon 0.99 (OS: linux-gnu, ARCH: x86_64, 
CPU: x86_64)
Sun Apr 24 21:36:52 2016 -> Log file size limited to 4294967295bytes.
Sun Apr 24 21:36:52 2016 -> Reading databases from /var/lib/clamav
Sun Apr 24 21:36:52 2016 -> Not loading PUA signatures.
Sun Apr 24 21:36:52 2016 -> Bytecode: Security mode set to "TrustSigned".
Sun Apr 24 21:36:58 2016 -> Loaded 4300057 signatures.
Sun Apr 24 21:36:59 2016 -> LOCAL: Unix socket file /var/run/clamav/clamd.ctl
Sun Apr 24 21:36:59 2016 -> LOCAL: Setting connection queue length to 15
Sun Apr 24 21:36:59 2016 -> Limits: Global size limit set to 104857600 bytes.
Sun Apr 24 21:36:59 2016 -> Limits: File size limit set to 26214400 bytes.
Sun Apr 24 21:36:59 2016 -> Limits: Recursion level limit set to 16.
Sun Apr 24 21:36:59 2016 -> Limits: Files limit set to 10000.
Sun Apr 24 21:36:59 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun Apr 24 21:36:59 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 
bytes.
Sun Apr 24 21:36:59 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sun Apr 24 21:36:59 2016 -> Limits: MaxScriptNormalize limit set to 5242880 
bytes.
Sun Apr 24 21:36:59 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sun Apr 24 21:36:59 2016 -> Limits: MaxPartitions limit set to 50.
Sun Apr 24 21:36:59 2016 -> Limits: MaxIconsPE limit set to 100.
Sun Apr 24 21:36:59 2016 -> Limits: PCREMatchLimit limit set to 10000.
Sun Apr 24 21:36:59 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
Sun Apr 24 21:36:59 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
Sun Apr 24 21:36:59 2016 -> Archive support enabled.
Sun Apr 24 21:36:59 2016 -> Algorithmic detection enabled.
Sun Apr 24 21:36:59 2016 -> Portable Executable support enabled.
Sun Apr 24 21:36:59 2016 -> ELF support enabled.
Sun Apr 24 21:36:59 2016 -> Mail files support enabled.
Sun Apr 24 21:36:59 2016 -> OLE2 support enabled.
Sun Apr 24 21:36:59 2016 -> PDF support enabled.
Sun Apr 24 21:36:59 2016 -> SWF support enabled.
Sun Apr 24 21:36:59 2016 -> HTML support enabled.
Sun Apr 24 21:36:59 2016 -> Self checking every 3600 seconds.



and this when systemd start clamav-daemon

Sun Apr 24 17:11:21 2016 -> +++ Started at Sun Apr 24 17:11:21 2016
Sun Apr 24 17:11:21 2016 -> Received 1 file descriptor(s) from systemd.
Sun Apr 24 17:11:21 2016 -> clamd daemon 0.99 (OS: linux-gnu, ARCH: x86_64, 
CPU: x86_64)
Sun Apr 24 17:11:21 2016 -> Running as user clamav (UID 126, GID 134)
Sun Apr 24 17:11:21 2016 -> Log file size limited to 4294967295bytes.
Sun Apr 24 17:11:21 2016 -> Reading databases from /var/lib/clamav
Sun Apr 24 17:11:21 2016 -> Not loading PUA signatures.
Sun Apr 24 17:11:21 2016 -> Bytecode: Security mode set to "TrustSigned".
Sun Apr 24 17:11:27 2016 -> Loaded 4300057 signatures.
Sun Apr 24 17:11:28 2016 -> TCP: No tcp AF_INET/AF_INET6 SOCK_STREAM socket 
received from systemd.
Sun Apr 24 17:11:28 2016 -> LOCAL: Received AF_UNIX SOCK_STREAM socket from 
systemd.
Sun Apr 24 17:11:28 2016 -> Limits: Global size limit set to 104857600 bytes.
Sun Apr 24 17:11:28 2016 -> Limits: File size limit set to 26214400 bytes.
Sun Apr 24 17:11:28 2016 -> Limits: Recursion level limit set to 16.
Sun Apr 24 17:11:28 2016 -> Limits: Files limit set to 10000.
Sun Apr 24 17:11:28 2016 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun Apr 24 17:11:28 2016 -> Limits: MaxHTMLNormalize limit set to 10485760 
bytes.
Sun Apr 24 17:11:28 2016 -> Limits: MaxHTMLNoTags limit set to 2097152 bytes.
Sun Apr 24 17:11:28 2016 -> Limits: MaxScriptNormalize limit set to 5242880 
bytes.
Sun Apr 24 17:11:28 2016 -> Limits: MaxZipTypeRcg limit set to 1048576 bytes.
Sun Apr 24 17:11:28 2016 -> Limits: MaxPartitions limit set to 50.
Sun Apr 24 17:11:28 2016 -> Limits: MaxIconsPE limit set to 100.
Sun Apr 24 17:11:28 2016 -> Limits: PCREMatchLimit limit set to 10000.
Sun Apr 24 17:11:28 2016 -> Limits: PCRERecMatchLimit limit set to 5000.
Sun Apr 24 17:11:28 2016 -> Limits: PCREMaxFileSize limit set to 26214400.
Sun Apr 24 17:11:28 2016 -> Archive support enabled.
Sun Apr 24 17:11:28 2016 -> Algorithmic detection enabled.
Sun Apr 24 17:11:28 2016 -> Portable Executable support enabled.
Sun Apr 24 17:11:28 2016 -> ELF support enabled.
Sun Apr 24 17:11:28 2016 -> Mail files support enabled.
Sun Apr 24 17:11:28 2016 -> OLE2 support enabled.
Sun Apr 24 17:11:28 2016 -> PDF support enabled.
Sun Apr 24 17:11:28 2016 -> SWF support enabled.
Sun Apr 24 17:11:28 2016 -> HTML support enabled.
Sun Apr 24 17:11:28 2016 -> Self checking every 3600 seconds.
Sun Apr 24 17:14:02 2016 -> WARNING: lstat() failed on:  
/var/spool/clamsmtp/clamsmtpd.9g7gF4
Sun Apr 24 17:21:21 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.EfRJY5
Sun Apr 24 17:31:21 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.fjdSfo
Sun Apr 24 17:51:21 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.W1v5Ui
Sun Apr 24 18:31:21 2016 -> SelfCheck: Database status OK.
Sun Apr 24 18:31:21 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.Zb3uen
Sun Apr 24 19:00:23 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.A1I6IS
Sun Apr 24 19:00:23 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.5zlXpo
Sun Apr 24 20:00:23 2016 -> SelfCheck: Database status OK.
Sun Apr 24 20:11:21 2016 -> WARNING: lstat() failed on: 
/var/spool/clamsmtp/clamsmtpd.gQI8Go
Sun Apr 24 20:59:28 2016 -> --- Stopped at Sun Apr 24 20:59:28 2016
 


 
> > when using sysv
> > clamd process is started with those default options :
> > clamav    8357     1  0 16:57 ?        00:00:00 /usr/sbin/clamd -c
> > /etc/clamav/clamd.conf --pid=/run/clamav/clamd.pid clamsmtp  8409     1 
> > 0 16:58 ?        00:00:00 /usr/sbin/clamsmtpd
> default config + pid file
> 
> > ## check systemd
> > ## it seems that clamav-daemon is no more start with good options
> > clamsmtp   747     1  0 17:11 ?        00:00:00 /usr/sbin/clamsmtpd
> > clamav     791     1  7 17:11 ?        00:00:07 /usr/sbin/clamd
> > --foreground=true
> depends on what you mean by good. It runs in foreground mode and reads the
> same config file.
> 
> > Communication beetween clamsmtp and clamd is now failing
> > Apr 24 17:14:02 pc251270 clamsmtpd: 100000: clamav error:
> > /var/spool/clamsmtp/clamsmtpd.9g7gF4: lstat() failed: Permission denied.
> > ERROR Apr 24 17:14:02 pc251270 clamsmtpd: 100000:
> > from=xquost at pc251270.valfontenay.ratp, to=xquost at localhost,
> > status=CLAMAV-ERROR
> Can you find out what the difference here is? My guess is that for $reason
> the /var/spool/clamsmtp/ folder has different owner/permissions set.
> Unless you find something I would have to install it as you have and
> reproduce it.

 /var/spool/clamsmtp have always the following permissions :

# ls -alh /var/spool/clamsmtp 
total 8,0K
drwxrwx---  2 clamsmtp clamsmtp 4,0K avril 24 21:40 ./
drwxr-xr-x 10 root     root     4,0K avril 13 10:57 ../


and clamav is in clamsmtp group :


# id -a clamav
uid=126(clamav) gid=134(clamav) groupes=134(clamav),135(clamsmtp)
# id -a clamsmtp 
uid=127(clamsmtp) gid=135(clamsmtp) groupes=135(clamsmtp)

> > Thanks, best regards
> > 
> > XQ
> 
> Sebastian


Hope that will help !

Thanks, best regards

XQ

More information about the Pkg-clamav-devel mailing list