[Pkg-clamav-devel] Bug#969019: clamav-daemon: How to run clamd under 'daemon' supervision with systemd?
Benoit Panizzon
panizzon at woody.ch
Wed Aug 26 08:32:11 BST 2020
Package: clamav-daemon
Version: 0.102.4+dfsg-0+deb10u1
Severity: normal
Dear Maintainer
clamd occasionaly runs in an out of memory situation and is killed on my system. So it would be nice to have it automatically restarted.
With Bugfix: #250008 the init file has been adapted for clamd to run under 'daemon' supervision.
The README.Debian also describes this fact.
Unfortunately I didn't manage to get clamd started under daemon supervision.
I fear that this is due that since then, debian moved to systemd and the .service file
is starting clamd directly.
Please advise how the systemd config has to be changed to achieve the same result.
I believe systemd can directly supervise a daemon, but I don't know where to find that switch.
-Benoit-
-- Package-specific info:
--- configuration ---
Checking configuration files in /etc/clamav
Config file: clamd.conf
-----------------------
AlertExceedsMax disabled
PreludeEnable disabled
PreludeAnalyzerName = "ClamAV"
LogFile = "/var/log/clamav/clamav.log"
LogFileUnlock disabled
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/var/lib/clamav"
OfficialDatabaseOnly disabled
LocalSocket = "/var/run/clamav/clamd.ctl"
LocalSocketGroup = "clamav"
LocalSocketMode = "666"
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "15"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "12"
ReadTimeout = "180"
CommandReadTimeout = "5"
SendBufTimeout = "200"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground = "yes"
Debug disabled
LeaveTemporaryFiles disabled
User = "clamav"
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "60000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
ScanPE = "yes"
ScanELF = "yes"
ScanMail disabled
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
HeuristicAlerts = "yes"
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
AlertBrokenExecutables disabled
AlertEncrypted disabled
AlertEncryptedArchive disabled
AlertEncryptedDoc disabled
AlertOLE2Macros disabled
AlertPhishingSSLMismatch disabled
AlertPhishingCloak disabled
AlertPartitionIntersection disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ForceToDisk disabled
MaxScanTime = "120000"
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "10000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessExcludeUname disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
OnAccessCurlTimeout = "5000"
OnAccessMaxThreads = "5"
OnAccessRetryAttempts disabled
OnAccessDenyOnError disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
AlgorithmicDetection = "yes"
BlockMax disabled
PhishingAlwaysBlockSSLMismatch disabled
PhishingAlwaysBlockCloak disabled
PartitionIntersection disabled
OLE2BlockMacros disabled
ArchiveBlockEncrypted disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "4294967295"
LogTime = "yes"
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate = "yes"
PidFile disabled
DatabaseDirectory = "/var/lib/clamav/"
Foreground disabled
Debug disabled
UpdateLogFile = "/var/log/clamav/freshclam.log"
DatabaseOwner = "clamav"
Checks = "24"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.local.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "5"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
ExcludeDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/etc/clamav/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.102.4
Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
--------------------
Database directory: /var/lib/clamav/
WARNING: freshclam.conf and clamd.conf point to different database directories
daily.cld: version 25910, sigs: 4051268, built on Tue Aug 25 15:15:49 2020
main.cld: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019
bytecode.cld: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019
Total number of signatures: 8616264
Platform information
--------------------
uname: Linux 4.19.0-9-686-pae #1 SMP Debian 4.19.118-2 (2020-04-29) i686
OS: linux-gnu, ARCH: i386, CPU: i686
Full OS version: Debian GNU/Linux 10 (buster)
zlib version: 1.2.11 (1.2.11), compile flags: 55
platform id: 0x0a1173730400000000080300
Build information
-----------------
GNU C: 8.3.0 (8.3.0)
CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2
CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64
LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed
Configure: '--build=i686-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/i386-linux-gnu' '--libexecdir=/usr/lib/i386-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=i686-linux-gnu' 'OBJCFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-ZvgPzg/clamav-0.102.4+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security'
sizeof(void*) = 4
Engine flevel: 115, dconf: 115
--- data dir ---
total 615628
-rw-r--r-- 1 clamav clamav 1458176 Sep 19 2019 bytecode.cld
-rw-r--r-- 1 clamav clamav 321527808 Aug 25 16:00 daily.cld
-rw-r--r-- 1 clamav clamav 307403264 Nov 25 2019 main.cld
-rw------- 1 clamav clamav 1300 Feb 9 2020 mirrors.dat
-- System Information:
Debian Release: 10.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.19.0-9-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=de_CH:de_DE:de:en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-daemon depends on:
ii adduser 3.118
ii clamav-base 0.102.4+dfsg-0+deb10u1
ii clamav-freshclam [clamav-data] 0.102.4+dfsg-0+deb10u1
ii debconf [debconf-2.0] 1.5.71
ii dpkg 1.19.7
ii libc6 2.28-10
ii libclamav9 0.102.4+dfsg-0+deb10u1
ii libcurl4 7.64.0-4+deb10u1
ii libncurses6 6.1+20181013-2+deb10u2
ii libssl1.1 1.1.1d-0+deb10u3
ii libsystemd0 241-7~deb10u4
ii libtinfo6 6.1+20181013-2+deb10u2
ii lsb-base 10.2019051400
ii procps 2:3.3.15-2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
Versions of packages clamav-daemon recommends:
ii clamdscan 0.102.4+dfsg-0+deb10u1
Versions of packages clamav-daemon suggests:
ii apparmor 2.13.2-10
pn clamav-docs <none>
ii daemon 0.6.4-1+b2
pn libclamunrar <none>
-- debconf information:
* clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
clamav-daemon/MaxHTMLNoTags: 2M
clamav-daemon/StatsHostID: auto
clamav-daemon/ScanOnAccess: false
clamav-daemon/FollowDirectorySymlinks: false
* clamav-daemon/MaxThreads: 12
* clamav-daemon/FollowFileSymlinks: false
clamav-daemon/OnAccessMaxFileSize: 5M
* clamav-daemon/BytecodeSecurity: TrustSigned
* clamav-daemon/MaxDirectoryRecursion: 15
* clamav-daemon/MaxConnectionQueueLength: 15
* clamav-daemon/ScanArchive: true
* clamav-daemon/BytecodeTimeout: 60000
clamav-daemon/MaxScriptNormalize: 5M
clamav-daemon/StatsTimeout: 10
* clamav-daemon/LogSyslog: false
* clamav-daemon/LocalSocketGroup: clamav
* clamav-daemon/FixStaleSocket: true
* clamav-daemon/LogRotate: true
clamav-daemon/MaxZipTypeRcg: 1M
* clamav-daemon/SelfCheck: 600
clamav-daemon/ForceToDisk: false
* clamav-daemon/ReadTimeout: 180
* clamav-daemon/TcpOrLocal: UNIX
clamav-daemon/TCPSocket: 3310
clamav-daemon/StatsEnabled: false
* clamav-daemon/LogFile: /var/log/clamav/clamav.log
* clamav-daemon/LocalSocketMode: 666
* clamav-daemon/AddGroups:
clamav-daemon/DisableCertCheck: false
clamav-daemon/ScanSWF: true
* clamav-daemon/User: clamav
clamav-daemon/StatsPEDisabled: true
* clamav-daemon/ScanMail: false
* clamav-daemon/debconf: true
* clamav-daemon/Bytecode: true
clamav-daemon/AllowAllMatchScan: true
* clamav-daemon/LogTime: true
clamav-daemon/TCPAddr: any
* clamav-daemon/StreamMaxLength: 25
clamav-daemon/MaxEmbeddedPE: 10M
clamav-daemon/MaxHTMLNormalize: 10M
More information about the Pkg-clamav-devel
mailing list