[Pkg-clamav-devel] Bug#829597: clamav-daemon: LocalSocket not created.

Gordon Dickens gecko at mailhub4u.com
Mon Jul 4 14:37:01 UTC 2016 

Package: clamav-daemon
Version: 0.99.2+dfsg-0+deb8u1
Severity: important

Dear Maintainer,

I just upgraded three Debian exim mail servers from clamav 0.99 to clamav 0.99.2 and now all three mail servers are broken. That is, I have LocalSocket defined in /etc/clamav/clamd.conf as follows:

LocalSocket /var/run/clamav/clamd.ctl

However, the /var/run/clamav/clamd.ctl socket is never created on any of the three systems. Furthermore, the /var/run/clamav directory is never created at boot time either. So, could this be a systemd issue? The bottom line is that clamav is now totally broken which has subsequently broken exim's virus checking as well. freshclam reports the following in /var/log/freshclam.log:

    WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: No such file or directory


This problem breaks my exim servers' mail processing whereby exim issues temporary rejections when any external mail delivery is attempted since the clamav socket cannot be accessed. The exim logs reports the following in /var/log/exim4/mainlog:

    2016-07-02 09:53:12 1bJLM8-0001oO-6m malware acl condition: clamd: unable to connect to UNIX socket (/var/run/clamav/clamd.ctl): No such file or directory
    2016-07-02 09:53:12 1bJLM8-0001oO-6m H=mail-it0-f41.google.com [209.85.214.41] X=TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128 F=<anyuser at gmail.com> temporarily rejected after DATA


Therefore, I had to disable the clamav virus checks by exim in order to get the mail processed but obviously without virus checking.

clamav 0.99 was working perfectly with my configuration prior to this upgrade and I have not changed anything otherwise.

How do I get clamav 0.99.2 to play nicely with exim on Debian? Is this a regression in Debian's clamav 0.99.2 or systemd? I have another server running FreeBSD with clamav 0.99.2 and exim configured almost identically and working perfectly without these problems. So, this is most certainly a Debian Clamav issue (or systemd related) and not an upstream clamav issue.


-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav

Config file: clamd.conf
-----------------------
LogFile = "/var/log/clamav/clamav.log"
StatsHostID = "auto"
StatsEnabled disabled
StatsPEDisabled = "yes"
StatsTimeout = "10"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/lib/clamav/clamd.pid"
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket = "3310"
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "3600"
DisableCache disabled
VirusEvent = "/bin/echo `date +%F_%T`" - clamAV rejection: %v" >> /var/log/clamav/virusrejects_today.log"
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "10"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled

Config file: freshclam.conf
---------------------------
StatsHostID disabled
StatsEnabled disabled
StatsTimeout disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SubmitDetectionStats disabled
DetectionStatsCountry disabled
DetectionStatsHostID disabled
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.99.2
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE ICONV JSON JIT

Database information
--------------------
Database directory: /var/lib/clamav
bytecode.cld: version 283, sigs: 53, built on Thu Jun 23 11:01:37 2016
daily.cld: version 21841, sigs: 382998, built on Mon Jul  4 06:30:17 2016
main.cvd: version 57, sigs: 4218790, built on Wed Mar 16 19:17:06 2016
Total number of signatures: 4601841

Platform information
--------------------
uname: Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt25-2+deb8u3 (2016-07-02) x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: Debian GNU/Linux 8.5 (jessie)
zlib version: 1.2.8 (1.2.8), compile flags: a9
Triple: x86_64-pc-linux-gnu
CPU: core-avx-i, Little-endian
platform id: 0x0a2152520804090201040902

Build information
-----------------
GNU C: 4.9.2 (4.9.2)
GNU C++: 4.9.2 (4.9.2)
CPPFLAGS: -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -fno-strict-aliasing  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
CXXFLAGS: 
LDFLAGS: -fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/usr/lib/clamav' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-gnu-ld' '-with-system-llvm=/usr/bin/llvm-config' '--with-llvm-linking=dynamic' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu'
sizeof(void*) = 8
Engine flevel: 82, dconf: 82

--- data dir ---
total 132332
-rw-r--r-- 1 clamav clamav    446464 Jun 23 11:31 bytecode.cld
-rw-rw-r-- 1 clamav clamav         5 Jul  4 10:21 clamd.pid
-rw-r--r-- 1 clamav clamav  25905152 Jul  4 07:29 daily.cld
-rw-r--r-- 1 clamav clamav 109143933 Mar 17 09:21 main.cvd
-rw------- 1 clamav clamav      1092 Jul  4 10:12 mirrors.dat

-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages clamav-daemon depends on:
ii  adduser                         3.113+nmu3
ii  clamav-base                     0.99.2+dfsg-0+deb8u1
ii  clamav-freshclam [clamav-data]  0.99.2+dfsg-0+deb8u1
ii  debconf [debconf-2.0]           1.5.56
ii  dpkg                            1.17.27
ii  init-system-helpers             1.22
ii  libc6                           2.19-18+deb8u4
ii  libclamav7                      0.99.2+dfsg-0+deb8u1
ii  libncurses5                     5.9+20140913-1+b1
ii  libssl1.0.0                     1.0.1t-1+deb8u2
ii  libsystemd0                     215-17+deb8u4
ii  libtinfo5                       5.9+20140913-1+b1
ii  lsb-base                        4.1+Debian13+nmu1
ii  procps                          2:3.3.9-9
ii  ucf                             3.0030
ii  zlib1g                          1:1.2.8.dfsg-2+b1

Versions of packages clamav-daemon recommends:
ii  clamdscan  0.99.2+dfsg-0+deb8u1

Versions of packages clamav-daemon suggests:
pn  apparmor     <none>
pn  clamav-docs  <none>
pn  daemon       <none>

-- debconf information:
  clamav-daemon/LocalSocketMode: 666
  clamav-daemon/LogRotate: true
  clamav-daemon/BytecodeTimeout: 60000
  clamav-daemon/LogFile: /var/log/clamav/clamav.log
  clamav-daemon/ScanOnAccess: false
  clamav-daemon/BytecodeSecurity: TrustSigned
  clamav-daemon/TCPAddr: any
  clamav-daemon/ScanArchive: true
  clamav-daemon/AddGroups: Debian-exim
  clamav-daemon/StatsTimeout: 10
  clamav-daemon/LogTime: true
  clamav-daemon/DisableCertCheck: false
  clamav-daemon/LocalSocket: unix:/var/run/clamav/clamd.ctl
  clamav-daemon/MaxDirectoryRecursion: 15
  clamav-daemon/AllowAllMatchScan: true
  clamav-daemon/MaxHTMLNoTags: 2M
  clamav-daemon/StatsHostID: auto
  clamav-daemon/StreamMaxLength: 25
  clamav-daemon/ForceToDisk: false
  clamav-daemon/User: clamav
  clamav-daemon/LocalSocketGroup: clamav
  clamav-daemon/ScanMail: true
  clamav-daemon/LogSyslog: false
  clamav-daemon/FollowFileSymlinks: false
  clamav-daemon/MaxConnectionQueueLength: 15
  clamav-daemon/ScanSWF: true
  clamav-daemon/MaxScriptNormalize: 5M
  clamav-daemon/MaxHTMLNormalize: 10M
  clamav-daemon/StatsEnabled: false
  clamav-daemon/SelfCheck: 3600
  clamav-daemon/TCPSocket: 3310
  clamav-daemon/FixStaleSocket: true
  clamav-daemon/ReadTimeout: 180
  clamav-daemon/TcpOrLocal: TCP
  clamav-daemon/FollowDirectorySymlinks: false
  clamav-daemon/OnAccessMaxFileSize: 5M
  clamav-daemon/MaxZipTypeRcg: 1M
  clamav-daemon/MaxEmbeddedPE: 10M
  clamav-daemon/MaxThreads: 12
  clamav-daemon/StatsPEDisabled: true
  clamav-daemon/Bytecode: true
  clamav-daemon/debconf: true

More information about the Pkg-clamav-devel mailing list